Specifying Conflicting Roles in Authorization

Similar Messages

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.

• Conflicting Roles

  Hi Guys,
  I have two roles and and two queries both working from the same cube. My problem is for example Role A should work with Query A giving the user access to call cost centres and Role B should work with Query B giving risticted access to cost centres as specied in the authorizations.
  My problem is when I attach both roles to a user it is giving access to all cost centres even when i run query b which should be restricted.
  Is there anyway i can specify a role to only work with a specific query?
  Thanks
  Forhad

  Hi there,
  That's how the Analysis authorization works.
  It combines (unifies) in this case the cost center of both roles if they are assigned to the user.
  You can't separate them by query.
  If both queries were on different InfoProviders, you could separate them by the object 0TCAIPROV, otherwise (in the same InfoProvider) there's no chance to do that.
  You'll always have the union of the roles objects assigned to the same InfoProvider.
  Diogo.

• RFC Sender - Logon User - What Roles and Authorizations?

  Hi,
  Scenario: RFC Sender --> XI --> JDBC
  What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
  It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
  With Regards,
  Manikandan R

  Hi ,
  U need to give ECC Authorisation
  Application server : ECC Server
  Sytsem no : ECC system number
  Logoon User : ECC any username
  password : password for above user
  clientr : ECC client ( From which client u are sending to RFC adapter)
  Regards,
  Jayasimha jangam

• Business Explorer Roles and Authorizations

  Hi,
  I am using Business Explorer Query Designer and Analyzer ( Excel Work book add on) with BI 7.0.
  I need to create roles and authorizations for the end users to create queries and view queries in excel by using Business Explorer Query Analyzer.
  Kindly suggest me what are the standard transactions, roles and authorizations to be given to the end users.
  Thanks and regards
  Murugesan

  I dont have idea about Bi 7.0 ..
  If its bw 3.X i jusz used rrmx --->>excel ->addins-->>queries --->pop up window --->here we need rfs object S_RFC
  Finally rrmx tcode and general roles which has S_RFC  autorisation object and the query .
  Regards,
  Naveen

• BI Content Roles and Authorizations

  Hi All,
  We just installed a BW system and trying to activate the Business Content. But its giving some authorization issues.
  Can anyone please give the list of transactions/roles/profiles/authorizations that needs to be added to my user id so as to install all the Business Contents available.
  PS: Basis is not giving me SAP_ALL and SAP_NEW because of internal issues.
  Thanks & Regards,
  Vikas Sharma

  Hi
  Vikas you need to have S_RS_ADMWB Authorization Object in Ur profile
  that will help U.
  and See the TCode SU53 for the required authorization objects and their activity
  Hope this Helps U
  Regards
  Ajay
  PS : Assign points if helpful

• What Roles and Authorization Req

  Hi All,
  I am getting the Error in SOAP to RFC Sync secnario.
  User using one URL through that URL he is trying the send the data to before sending the req user have the USER ID and Password. what are the Roles and Authorization req for that user id and password. Are they service user id ?
  Regards

  This user ID have roles similar to Service user PIAPPLUSER or XIAPPLUSER. However, it is recommended not to provide this user detail directly to sender system. Instead create a new user and provide that to your partner.
  Regards,
  Prateek

• Roles and authorizations in BI content

  Hi experts,
  I'm trying to define a very simple scheme of roles and authorizations for my queries.
  So, i'm trying to limit the acess by infocube and DSO, but I'm missing the authorizations objects for Cube and DSO.
  I know that authorization object for queries it's S_RS_COMP.
  So my roles would be something like
  BI_ROLE_FI
  Authorization Object                                  Autorization Object Value
  Acess query (S_RS_COMP)                         NA                              
  Infoobject (whats the object???)                   0FIGL_C01
  DSO (whats the object???)                            0FIGL_O14
  BI_ROLE_PUR
  Authorization Object                                  Autorization Object Value
  Acess query (S_RS_COMP)                         NA                              
  Infoobject (whats the object???)                   0PUR_C01
  Can you help me find out whats the missing information
  Thanks and regards
  Joana

  Hi,
  Iu2019ve gave authorization to the object youu2019ve mentioned, but itu2019s still not working.
  Basically what I have is the following:
  One role that allows me to execute queries, workbooks, etc.
  A second role, dependent on the area of work, that should allow me only to have access to queries  from cubes/MP/DSO that are specific to users area.
  I will then give each user role 1 + the adequate role 2, depending on their work area.
  For role 1 I have got:
  S_RFC     
  Activity: 16
  Name of RFC to be protected: *
  Name of RFC object to be protected: *
  S_TCODE     
  Transaction code: RRMX
  S_GUI     
  Activity: 16
  S_USER_AGR     
  Activity: 01, 02, 03
  Role Name: ANLG_BI_01
  S_USER_TCD     
  Transaction code: RRMX
  S_RS_AUTH     
  BI Analysis Authorization: BI_ALL
  S_RS_COMP     
  Activity: 03, 16
  InfoArea:*
  InfoCube: *
  Name (ID) of a reporting component: *
  Type of a reporting component: *
  S_RS_COMP1
  Activity: 03, 16, 22
  Name (ID) of a reporting component: *
  Type of a reporting component: *
  Owner (Person Responsible) for a reporting Component: *
  S_RS_TOOLS
  Logical Command Name: THEMES
  Iu2019ve tested this role, and it works u2013 they can access queries, create workbooks, create permanent model workbooks
  For role 2 u2013 Finance I have     
  S_USER_AGR     
  Activity: 01, 02, 03
  Role Name: ROLE2
  S_RS_ADMWB
  Activity: 03,66
  Data warehousing workbench Object: INFOAREA
  S_RS_ODSO
  Activity: 03
  Infoarea: 0FIGL_ERP
  DataStore Object: 0FIGL_014
  SubObject for ODS Object: *
  S_RS_ICUBE
  Activity: 03, 66
  Infocube SubObject: *
  Infoarea: 0FIAP
  InfoCube: 0FIAP_C02
  S_RS_MPRO     
  Activity: 03
  Infoarea: 0FIN_REP_SIMPL_1_ERP
  MultiProvider: 0FIAP_M20, 0FIAP_M30
  MultiProvider SubObject: *
  I then gave to my test user this 2 roles, and with that user I can still see every infoarea, and access all reports.
  I will have more specific roles u2013 to other areas (SCM, TV, etc), but I chose this one has an example.
  First question I have: can I manage my requirement in 2 different roles: one for action that can be performed (role 1) and other for areas that they can access data from (role 2)?
  What objects/restrictions am I missing in role 2?
  Many thanks
  Joana

• How to set role based Authorization in JAAS

  how to set role based Authorization in JAAS
  i had user name , password and role in FileLogin
  thanks
  arun .v.

  http://dev2dev.bea.com/pub/a/2003/04/Kemp_Helton.html?page=last

• Deleting FICO Roles and Authorizations

  Hi Guys,
  i want to Delete some roles and authorizations from a user profile.I have the user id and I want to know what roles are assigned to the user.
  Which tcode can be used for the same and how to delete the fico roles assigned to that sap user id.
  thanks,
  Srikanth.

  Hi,
  I got the solution. It is SUIM.
  Anyways thanks for the help
  srikanth

• List roles/profiles/authorizations for end user

  HI All
  Can anyone please give the list roles/profiles/authorizations
  that needs to be added to our end user id so as to view
  (Only Display) all the BEx Reports.
  Points assured
  Thanks
  Vijaya

  Hi Vijaya,
  Go through this link:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a07122ae-8216-2a10-c9a5-996717a0648b
  Thanks,
  Ajay

• About roles and authorizations

  hai friends,
  who will create roles and authorizations plz
  thanks in advance
  suitable answer will be given suitabel points
  kumari

  Roles and authorizations have to be done with Basis team and HR team together, because they are not the usual roles that other modules use. For instance, HR authorizations have different objects for PA, PY, Clusters, BM and CM. For OM and PD, you use transaction OOSP for authorization profiles.
  For my personal experience, when the consulting team ask the basis team to deal with authorizations for HR, they become paralized when they find Structural Authorizations Profiles, Period of responsibility, etc., because they don't know (and it is not their responsibility) about HR objects and concepts handled in txn OOSP.
  In order to avoid this problems, take an extra time for this in your implementation project. Roles and authorizations in HR, when done correctly, takes more time than other modules.

• As XI developer what are the roles and authorization i shoul have in realti

  Hi Experts,
                  As XI developer what are the roles and authorization i shoul have in realtime, as a dveloper is it possible for me to crate namespace and business system, can any one please exaplain me abt business system  in real time scenario.
  thanks
  dhanush

  Hi Dhanush,
  your authorizations will be decided depends on your role in your team.
  yes you will have authorization for creating name space ,but your bussiness system will be created by Basis pesron and assign it to your scenario.
  Business System is a logical entity which represents logical view of your technical system. (eg a client in R3 system can be respresented as business system in SLD) For one technical system you can have multiple business systems.
  Look in to these links for detalis of bussiness systems.
  http://help.sap.com/saphelp_nw04/helpdata/de/31/f0ff69551e4f259fdad799a229363e/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/de/87/7277e8fba34421a45d97a41ec27381/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/7b/d4653fd1d3b81ae10000000a114084/content.htm
  Reward points if found usefull......

• Portal roles and Authorization in NW2004s

  Hi Gurus,
  In earlier Portal implementation of ESS/MSS which was ITS based we used to maintain roles in EP by doing a role upload and maintaining authorizations in the backend R/3 system and if any new changes being made in the role is being distributed to the r/3 system using system administrator -> Permissions -> sap authorization and role distributions are sent to R/3. where we can go to W3PR transaction can create authorization profile for that role there.
  Now my question is in ESS/MSS implementation based on Web dynpro how are portal roles and authorization maintained?
  please do tell me as to how they are maintained in the NW2004s implementations.
  Regards,
  Ramesh

  plz take a break for few minutes and start.... u will get it..

• OAM manage roles and Authorization in WebLogic integration

  Hi
  Had anyone done weblogic integration where OAM manages roles and Authorization?
  I could read in Oracle WebLogic integration document that,
  "The Security Provider only supports authentication for portals."
  I wanted to figure out if anyone has done this before or Is it possible to delegate role management and Authorization responsibility to OAM?
  Thanks
  Kiran Thakkar

  Thanks for the quick response.
  Thanks
  Kiran Thakkar