cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

0TCTAUTHH - generating 1KYFNM, can we stop this?

Former Member

on ‎04-10-2006 10:51 PM

0 Kudos

Hi!

We have implemented the BW/HR Structural Authorization. When run program rrsb_generate_authorizations to generate the authorizations. It's generating security for everyone, those that were defined on the R/3 side & those that are not being passed in from R/3 also. For those that are NOT being passed from R/3 the 0TCTAUTHH is generating a 1KYFNM with '*' as the value & 0TCTAUTHH for the 'Root_H'. Is there anyway to NOT generate the 1KYFNM?

If we have limited their security with other authorization objects, this is overriding that security & allowing them to see information they should not.

I have also noticed, even when this 0ORGUNITS authorization object is NOT turned on for a cube, it's being checked. Is there a way to turn that off?

Many thanks!

Jackie Zugg

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-02-2006 8:01 PM
0 Kudos

Thank you Lauri for your response. Unfortunately, we could not eliminate them, they were suppose to have security for '' all Org units, just not all the key figures. In solving this, I did code in the start routine a process that checks the HR object type and if it's blank & the HR Object is also blank, change it to 'O' for the org unit. That way, we get the '' generated for the Org Unit but not the '*' for 1KYFNM.

LOOP AT DATA_PACKAGE.

IF DATA_PACKAGE-HR_OTYOBJ IS INITIAL.

IF DATA_PACKAGE-HR_OBJTYPE = ' '.

DATA_PACKAGE-HR_OBJTYPE = 'O'.

MODIFY DATA_PACKAGE.

CONTINUE.

ENDIF.

ENDIF.

ENDLOOP.

Thanks again for your response!

Show replies
Show replies
Former Member
‎04-11-2006 2:22 PM
0 Kudos

Just some additional information.

The authorization object I created is ZORGUNITS, it contains: 0ORGUNITS & 0TCTAUTHH.

We are filling both ODS's with data: 0PA_DS02 & 0PA_DS03.

When the Authorization object is generated it looks like the following:

ZORGUNITS

RSR_00009999

0ORGUNIT

From *

To ___

0TCTAUTHH

1KYFNM

From *

To ___

0TCTAUTHH

From ROOT_H ORGEH/99991231/000/0ORGUNIT

When the user has a profile associated to them on the R/3 side & it's brought over, it looks like the following:

ZORGUNITS

RSR_00009999

0ORGUNIT

From 10026650

To ___

0TCTAUTHH

0TCTAUTHH

From 10026650

Is there any place I can look for documentation on how object 0TCTAUTHH is generated differently?

Thanks again!

Jackie Zugg

Show replies
Show replies
Former Member
‎04-26-2006 10:43 AM
0 Kudos

Hi Jackie,

We ran into the same problem in our implementation: All the user-id's from R/3 were extracted to BW if there was the same use-id in bw and they got * authorisations unless there were existing structural authorisations in R/3.

Those user-id's, which don't have any structural authorisations in R/3 will get * authorisations, because in the standard bc update rules system checks, if the are no values, then * is substituted.

Example: (Update for 0TCTLOW)

if COMM_STRUCTURE-HR_OTYOBJ is initial.

RESULT = '*'. " authorizations for all objects of this type

else.

RESULT = COMM_STRUCTURE-HR_OTYOBJ.

endif.

What we did, we created a start routine, which eliminated all the user-id's that did not have a value for HR_OTYOBJ with the following code:

delete DATA_PACKAGE where HR_OTYOBJ is initial.

For us this worked well for both ODS extractions.

Regards,

Lauri

Ask a Question