User authorisation matrix

Dear all,
We are using BI7.00. We now require one report to get the details of user authorisation, i.e., for example one user U1 may be authorised for 10 Transactions in R/3, we want to get the list of such authorisation in the following way. Is there any standard data source or any method of adopting the same.
Requirement
Company --->Plant ->  Module>T.Code->User----
> Authorisation
4000----->    4100>   QM> QA32>4100QMC01->u221A
If authorisation is available then a TICK mark should be shown. In the above the user 4100QMC01 is authorised for transaction QA32 and hence in the column authroisation a TICK mark is shown.
Can experts provide ideas of obtaining the same.
Regards,
M.M

Dear Asish,
Thank you for your input. I tried to achieve my requirement using a FLFL data source, but the output is not as desired by me.
I have the fields company,plant, user name, t.codes, authorisation. I have loaded the data through excel and when the display is seen in the report the value is shown as below.
SAP users -
> user1---->user2--
>user3
SAP transaction code sap user authorisation-> ?>?--
>?
QA32
QP01
QM01
I have maintained all the infoobjects as character as for me i do not have any key figure. In the column i have SAP users and SAP Authorisation and in the rows in have SAP transaction code.
What should i do to get the output as shown below.
SAP Users -
User1-->users2--
>user3
Sap t.codes
QA32----
>?
QM01----
>?
QP01----
>?
"?" is nothing but the value which indicates that the specified user has authorisation for the respective t.code.
Hope you will help me solve the problem.
Regards,
M.M

Similar Messages

  • Authorisation Matrix for Payment Posting

    Hi Friends,
    Any one pl. write the configuration of making payment to Vendors with an authorisation Matrix. e.g. one user can make payment upto Rs. 50,000/- and another user can make payment upto 1,00,000/-.etc.
    I have explored on this and found the configuration as IMG - Fin. A/C - A/C Receivable & Payble - Business Transaction - Release for Payment - -
    By this I could congigure till end but i was unable to configure at "Define Users with Authorisation to Payment Release". Because I am not getting any option or field to provide USER ID there.
    Pl. help.
    Regards
    Deb

    Hi Mallikarjun,
    The authorisation Object given is related to Excise invoice ? So, please let me know how this would help in restricting modification of payment block filed in FB02?
    regards
    jaya

  • User Authorisations in Dialog Programming.

    Hi Friends,
    I have a small requirement, I want to create user authorisations in dialog programming.
    Actually client requirement is he want to enter absence details of each and every branch.
    For that i have created a cusom table and i  also i have developed a dialog program inorder to update the details
    and to retrive all the data i have created a report program also.
    Now the client requirement is he want user authorisations while updating the data through dialog programming, that means if a user loging in that particular branch he want to enter the absence details pertaining to that branch only, when he tries to enter the details of other employee pertaining to another branch an error should be raised.
    Actually in the client place they are using authrisation object as 'Z_WERKS'.  The basis person has created this and provided for me.
    Actually i have created an Authority check in module pool program.Here iam attaching my prog,
    Pls provide me the sample code if at all available.
    *& Include ZEMPTOP                                           Module pool
    PROGRAM  ZEMP.
    TABLES : ZABS,PA0001.
    DATA : WA_PA0001 LIKE PA0001,
           V_ANS.
    DATA: BEGIN OF Z_WERKS OCCURS 0,
            PERSA LIKE T500P-PERSA,
            NAME1 LIKE T500P-NAME1,
          END OF Z_WERKS.
    *&  Include           ZEMPI01
    *&      Module  USER_COMMAND_0100  INPUT
          text
    MODULE USER_COMMAND_0100 INPUT.
    CASE SY-UCOMM.
    WHEN 'DISP'.
    SELECT SINGLE * FROM ZABS WHERE PERNR = ZABS-PERNR.
    IF SY-DBCNT <> 0.
    *MESSAGE I000(Z00) WITH 'Details of' ZABS-PERNR .
    else.
    MESSAGE I000(Z00) WITH 'No Details Available to Display'.
    ENDIF.
    WHEN 'EXIT'.
    LEAVE PROGRAM.
    WHEN 'BACK' OR 'EXIT' OR 'CANCEL'.
    LEAVE TO SCREEN 0.
    WHEN 'CLS'.
    CLEAR ZABS.
    WHEN 'INS'.
    INSERT ZABS .
    ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
    IF SY-DBCNT <> 0.
    MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
    'inserted successfully'.
    ENDIF.
    CLEAR ZABS.
    WHEN 'MOD'.
    UPDATE ZABS.
    ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
    IF SY-DBCNT <> 0.
    MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
    'Modified Successfully'.
    ENDIF.
    CLEAR ZABS.
    *WHEN 'DEL'.
    *CALL FUNCTION 'POPUP_TO_CONFIRM_LOSS_OF_DATA'
    EXPORTING
       TEXTLINE1           = 'ARE YOU SURE'
       TEXTLINE2           = 'YOU WANT TO DELETE'
       TITEL               = 'CONFIRMATION'
       START_COLUMN        = 25
       START_ROW           = 6
       DEFAULTOPTION       = 'N'
    IMPORTING
       ANSWER              = V_ANS.
    *IF V_ANS = 'J'.
    *DELETE ZABS.
    *IF SY-DBCNT <> 0.
    *MESSAGE I000(Z00) WITH 'Personnel No' ZABS-PERNR
    *'Deleted Successuflly'.
    *ELSE.
    *MESSAGE I000(Z00) with 'No Record to Delete'.
    ENDIF.
    *ENDIF.
    ENDCASE.
    ENDMODULE.                 " USER_COMMAND_0100  INPUT
    *&      Module  GET_REC  INPUT
          text
    MODULE GET_REC INPUT.
    SELECT SINGLE * FROM PA0001 INTO WA_PA0001
             WHERE PERNR = ZABS-PERNR.
    MOVE: WA_PA0001-PERNR TO ZABS-PERNR,
          WA_PA0001-ENAME TO ZABS-ENAME,
          WA_PA0001-GSBER TO ZABS-GSBER,
          WA_PA0001-WERKS TO ZABS-WERKS.
    ZABS-ABWTG = ZABS-ENDDA - ZABS-BEGDA + 1.
    ENDMODULE.                 " GET_REC  INPUT
    *&      Module  CHECK_AUTH_WERKS  INPUT
          text
    MODULE CHECK_AUTH_WERKS INPUT.
    *SELECT PERSA INTO TABLE _WERKS FROM T500P
            WHERE  PERSA = ZABS-WERKS.
    AUTHORITY-CHECK OBJECT 'Z_WERKS'
    ID 'PERSA' FIELD Z_WERKS-PERSA.

    You need to test the sy-subrc after the authority check - that will indicate whether the user has the authorisation or not.. you also often include the activity being tested e.g. generally 03 = Display, 02 = Update etc
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
      ID 'ACTVT'    FIELD '03'
      ID 'CUSTTYPE' FIELD 'B'.
    IF not SY-SUBRC is initial.
      MESSAGE E...   "put your exception here...
    ENDIF.
    see [Programming Authorization Checks  |http://help.sap.com/saphelp_nw04/helpdata/en/52/6712ac439b11d1896f0000e8322d00/content.htm] for more info.
    Jonathan

  • How to build in user authorisation in sender soap adapter

    HI ,
    how can i built the user authorisation in sender soap adapter. either in a url or somewhere on the server .
    if anyone has an idea do let me knwo
    Thanks
    Nikhil

    Nikhil,
    <b>sender soap adapter</b> is used for ex in the case, u need some data from the DB say of a vendor. U give the name of the vendor in the site, suppose u get the contact address of the vendor from the DB.
    Sender soap adapter sends the soap request from the client to XI and from XI the request is passed to DB.
    With XI, WSDL file is generated and SOAP request is generated for the WSDL file. When the WSDL is deployed on the client application, the authorization is handled.
    For receiver SOAP adapter, it is the otherway round u r getting the data from the DB first and so the authorizations are held in XI.
    -Naveen.

  • User authorisation check in ABAP-HR program

    Hi,
    Can anyone please help me on the following query ?
    I need to check user authorisation in an ABAP report at Object level, filter only relevant records based on the user's authorisation and display appropriate messages.
    The above mentioned report is purely developed by us and is not a copy of any standard report. Hence, kindly help me with your suggestions and opinions.
    Thanks and Regards,
    Manas Menon

    Create an authorisation object (SU21)
    Put an authorisation check for this object in your report (AUTHORITY-CHECK)
    Create a role that contains this object (PFCG)
    Assign this role to all the users who require access to the report (SU01).
    <REMOVED BY MODERATOR>
    Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

  • Suddenly unable to update User Authorisation in 8.8 PL11

    This has been posted previously, but it was marked as solved... But the "solution" is not working for us.
    (original thread: Unable to update User Authorisation after Upgrade to 8.8 PL13)
    We did not have any problems after upgrading our db's to pl11.  It was just recently that this function stopped working.
    Here are the steps and failure outlined:
    Steps :
    1. Update the one of the user authorisation of the upgraded company. Eg. Set Drag & Relate from Various Authorisation to Full Authorisation.
    2. Click on "Update" (nothing happened).
    3. Click on "Update" (2nd time, system indicated that Update is successful.
    4. Exit from General Authorisation.
    5. Re-enter General Authorisation.
    6. Found that the authorisation for that user is updated. it is still Various Authorisation for Drag & Relate.
    I have tried other users and found to be the same. authorisations are not updated. Furthermore, the Update button is clicked twice.
    Our other 5 company databases do not have this issue.
    Please advise. What needs to be done.

    Gordon, I think you're on to something, but I am already looking down this path too...
    I ran the following query,
    select distinct permid from usr3 where permid not in (select absid from oupt)
    This query showed results, therefore there is definitely inconsistencies in the database.
    I guess, this means that there's no solution?  Only a "hotfix" from SAP?

  • Regarding Making user authorization matrix

    Hwello Friends,
       Can anybody tell me the user authorization matrix for sap system ? How can we make and how to make profiles and roles. i know the transaction. but does sap or other documents for this ? plz send me or guide me. waiting for ur reply.send me some link if any or material links. or send me material on my id. [email protected]
    Thanks
    Deepak

    Hi, Deepak!
    As your question is quite general - which kind of SAP system? ECC? Portal? PI? - I' m doing a little hard with concrete answers. Probably you' ll find some infos under <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm">Identity Management</a>. If that' s not what you' re looking for, let me know!
    Regards,
    Thomas

  • Activating sort menu on user defined matrix.

    Hi all,
    How to activate the sort menu on user matrix? I filtered user matrix but not able to sort the user defiend matrix.
    any help will be most appreciated..
    Regards,
    Mahendra.

    I dont think, that user matrix should by sorted with sort menu. Im doing it so, that after dbl click on header of matrix I rerun the query with proper ORDER BY statement.
    If is it complicated query, the normal result I have in user table and the matrix is bounded to this table - then the order by is quick.

  • Custom Table & User authorisations

    Hi,
    We've just made a transaction, pointing to a view of a custom table.
    We would like to "grey" out all of the columns, except one, to limit the modifications. Is it possible with user authorisations ?
    Regards,

    Please go through the link below:
    https://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=93454609
    It helps you to identify the steps along with the screenshots which you need to follow.
    In short you can do it by on the table maintenance screen by following this path:
    Environment -> Modification ->  Maintenance Screens
    and then goto the element list tab and uncheck input checkbox for the fields which you want.
    Regards,
    Raman.

  • User Authorisations in SRM 7.0

    Dear Experts,
    We are Configuring Extended Classic Scenario in SRM 7.0.
    We have two Purchasing groups each responsible for one Product category.
    We have one purchaser assigned to each Purchasing group and the we have given the Product category responsible for the Purchasing grioup in Extended attribut of the Purchaser Position.
    After creating SC by the user when we try to process PO by loging in as Purchaser we can able to see the PO from both the Purchaser log in.
    Can any one help in restricting the user to process the PO belonging to the assigned Purchasing Group.
    Is it possible to restrict by attributes or through Authorisation objects assigned for the user.
    Regards,
    B.N.Karthikeyan.

    Hello,
    To check correspondance between PO puchasing group and user purchasing group, you could:
    1 - get PO detais using function modul BBP_PD_PO_GETDETAIL. At header level you can find Purch. Org and Purch. Group
    2 - get user Organizational Unit ID (which is purchasing group ID) using BBP_OM_STRUC_GET_ORG_FROM_USER, then run FM BBP_OM_DETERMINE_RESP_PGRP to get purchasing group code linked to user Organizational Unit ID.
    For FM BBP_OM_DETERMINE_RESP_PGRP, i don't remember if you can get directly purchasing group value using importing parameter is_object-objid = purch. group ID (and is_object-otype = 'O').
    If not, run this FM without any importing parameter: you will get all purchasing groups.
    Then, look for purch. group of you purchaser among them.
    As you are in SRM 7.0, I dont know if all indicated FM are available: if not, look for their equivalent.
    Regards.
    Laurent.

  • User Authorisation - storage location

    Hi,
    we have three storeage location under one plant, can we restrict user to access only on UM1 storage location not to access balance two storage location.
    Plant :    X70
    Storage Location  :  UM1
                                    UN1
                                    UN2
    Is it possibile to create a role only on storage location, please advice.
    Regards,
    Muthu

    You will need to activate " Authorization Check for Storage Locations "
    Storage location authorization means that a user has to have authorization for authorization object M_MSEG_LGO in order to enter a goods movement in the storage location, using a particular movement type. In the list of material documents, only the document items for which the user has a display authorization are displayed
    Go to  SPRO->Materials management ->Inventory management ->Authorisation management->Authorisation check for storage locations,

  • Many different user authorisation while query runtime

    Hello experts,
    I've got a request for a query authorization where about 100 people needs to have a different view of a query result and I'm not sure what way I have to go.
    There is Bex Query (SAP BW3.5) which contains the IO 0bp_respper and a key figure which gives you the number of activities back.
    The requirement is that about 100 users can have access but they are not allowed to see all 0bp_respper.
    One user can see the details of 0bp_respper (1,2,3), the next user is allowed see the details of 0bp_respper (30,76,55,60) and so on. And some are allowed to see all 0bp_respper.
    You see that I actually would need in worst case 100 roles. Within the query I would use the authorisation variable to read the athorisation at runtime from each user profile.
    It seems, and pls correct me if I'm wrong,  that the authorisation variable is only feasible as long as the different combinations behind the authorisation check is manageable. (less than 10)
    There is also the option to use exit variable at runtime. Should I rather use that one and do some coding. But in this case I would need a seperate table to define each users rights for 0bp_respper, or not?!
    Or do u have another idea to implement the requirement?
    thanks for ur help
    Michael

    A good way to check this out would be to do a 10053 trace.
    Try this:
    connect user1/pwd@whateverdb
    alter session set events '10053 trace name context forever, level 1';
    <run query here>
    connect user1/pwd@whateverdb
    alter session set events '10053 trace name context forever, level 1';
    <run query here>
    exit;
    Now compare the trace files to see what the CBO is doing differently. Pay particular attention to the optimizer parameters at the beginning of the trace file. Are all the values the same?
    -Mark

  • BW User Authorisation in Portal

    Hi Experts
    I am a BW Consultant creating iviews for the queries and assing them to the corresponding portal roles
    Could you please update me on how can i restrict data access in portal  with analysis authorisations in BW
    Thanks in advance

    Hi,
    all you have to do is configure a System Object for your BW Backend to be used with the BW iViews. The URL iView works fine without additional configuration.
    Are you using your portal in intranet or extranet/internet?
    What do you mean with central user management?
    When I read your thread I thought you had a portal with its own default usermanagement (e.g. Portal Database)
    and your BW Backend with its own userstore. So all you have to do is make sure that the usernames used in both systems are equal to use SSO and then configure your backend to accept sso tickets.
    As described above the data restriction is handled by BW. So if you have access restrictions assigned on reports or queries the user will not be able to execute these queries from portal.
    All you have to do is make sure that the iView used to execute a query or call a report is not visible for these users in portal.
    To achieve this procceed as described by Yogesh Varma.
    Create roles for your reports and queries and group them somehow so you can assign these roles to all users who should be able to call a particular report. If you already have report or query based permissions in BW you can also upload these roles to portal. The PFCG Roles from your Backend will appear as groups in your portal and you can link these groups to particular Portal Roles as desired.
    The following link might be useful:
    http://help.sap.com/saphelp_nw70/helpdata/EN/4c/6c0f40763f1e07e10000000a1550b0/frameset.htm
    Hope this helps
    Cheers

  • Slow performance whith user form matrix using UserDataSources

    Hello,
    I have a matrix with ~5 columns for weeks OR ~30 columns for days. I´m using UserDataSources and it is very slow to fill the matrix, it takes ~0.8 seconds per line with 5 columns and ~1.7 seconds per line with 30 columns (with no over head of values calculation).
    I tried using a auxiliary User Table to be able to use DBDataSources but improves only 4 seconds (with 5 columns, from 12 seconds of the userdatasources) to 10 seconds (with 30 columns, from 50 seconds of the userdatasources) in my small test of only a dozen lines.
    With the over head of the calculation (using RecordSets to read values from other tables) it is very slow.
    I have read other answers in the forum and they say to use datasources but that is wath i am doing!
    Any suggestions, PLEASE?
    Jorge Lopes

    Edward,
    Had already seen it, but thank you for the answer anyway.
    I would like to know if the times i gave are normal or to slow (anyone from SAP?).
    I saw a post where they said they filled 1000 lines with 8 columns in 7 seconds, must be only DBDataSource not with UserDataSources!!!
    Jorge Lopes

  • User-Authorisation

    Hi there!
    I am trying to make a site with authorisation. I developed it, and it's working fine, but I do not really know, if I created it the most optimal way.
    I explain the way I did it, please give me some advice if I could improve it.
    After the user has typed his name and password and submitted them, I connect to the DB and get all records(name&passw), check if he is registered, and close the connection afterwards.
    - Would it be better to get the information from the DB before the page is shown??
    If he is not registered I let him fill out a registration form, and save his data in the DB. So I have to open and close a connection once more.
    Is better to leave the connection open, or to open it every time I need something from the DB?
    - What happens, if many users connect at the same time? -
    After all this stuff, I enter the users data into a bean with scope=session to personalize the application.
    Do you experts do it like this?
    Thanks in advance,
    Best regards
    Gabor

    You should consider using connection pooling. Also use value objects to reduce the traffic to your DB.

Maybe you are looking for

  • Applet hangs web server when upgrading from 1.6 to 1.7

    I've got a client-side printing application which works fine on 1.6 and fails on 1.7 where it essentially hang the server on the connect option to the server and loading the jar file. Specifics: PC Client running windows 7 x64 Browser versions IE9, I

  • Multi value refiners -- Remove Other Value

    While using Multi value refiners (using check boxes)  is there any way we can remove Other Value refiner. Thanks in advance.

  • Can this be done in java? i think so  but how?

    Hello, I just wanted to know how to add icons to a JDesktopPane like the appear on your desktop, that's whatever OS you use, I've looked everywhere and cant find the answer, posted this question here several times still no answer. Is it that nobody k

  • CR Report Designer Control ActiveX

    If I remember well, 10 years ago, I saw somewhere a Crystal Reports Designer Component (Active X Control), which could be put on a VB6-Form to design new reports from a 3rd-party-application. Special End-User-Licenses were required... I can't remembe

  • Ford sync my itunes download

    I have a problem using my iPod Classic with Ford Sync in a 2011 Fusion.  When playing any type of group of songs (e.g., "All Tracks" a Playlist with multiple artists, or a single artist with multiple albums) if I shut off the system and turn it back