cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorizations not working

Affan_alavi
Explorer

on ‎09-26-2012 5:00 PM

0 Kudos

Hi,

I have been trying to configure Authorizations for the WCL users, but it doesn't seem to work. These are the steps that i followed:

  1. Define an Authorization Parameter set.

  2. Define Auth Para inside the Parameter set. (i assigned just one control para SOLD_TO as auth para)

  3. Assign the Auth Para set to an Auth Profile
  4. Assign the Auth Profile to EH type

  5. In the role under the Authorization tab i went to maintain the Auth Data

  6. under the Event Handler Authorization I added an activity 03 (display) with Parameter=SOLD_TO,Parameter Value=valid sold to code

  7. Assigned the role to the user

But i am unable to limit order visiblitiy. the user who is assigned to the role is still able to view orders for SOLD_TO codes outside the Paramter values defined in the role.

Am I missing some step here?

Regards,

Affan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

MarcoFreischlag
Advisor
Advisor
‎09-27-2012 2:45 PM
0 Kudos

hi affan,

you also have to adjust your role in TA "pfcg". here you have to select the parameter to be checked as well and the parameter value.

e.g. Event Handler Authorization --> authorization object "X_EM_EH" here you have to specify your SOLD_TO parameter + parameter value.

Regards Marco

Show replies
Show replies
Affan_alavi
Explorer
‎10-03-2012 12:08 PM
0 Kudos

The Authorization issue got sorted. I was using an Auth para which was not part of the Intial set of control para.

Thanks Steffen

@Marco: I was already defining the Auth Para and value including the activity03 via pfgc.

Former Member
‎03-12-2014 12:19 PM
0 Kudos

Dear Steffen/Marco,

                              I have followed exactly the same steps as followed by Affan above

  1. Define an Authorization Parameter set.
  2. Define Auth Para inside the Parameter set. (i assigned just one info para Z_CHA as auth para)
  3. Define an Auth Profile.
  4. Assign the Auth Para set to an Auth Profile
  5. Assign the Auth Profile to EH type
  6. My role is the copy of /saptrx/sap_em_user.
  7. To the Event Handler Authorization --> authorization object "X_EM_EH" I have to specified my Z_CHA parameter + parameter value.
  8. Assigned the role to the user

   9.  I have created new EH with the parameter Z_CHA which is initial set of Info parameter. But still i am able to see all the EH without any filtering.

  

       In the link below that you have shared before it is mentioned to assign Auth Profile  to role .

            Is it like the auth profile that we create can be assigned to role ? Or

            The auth profile that is created while role creation should be inserted into EM customizing where we Define Auth Profile ?

Authorizations and Filters - SAP Event Management Infrastructure - SAP Library 

Thanks,

Shubh.

former_member190756
Active Contributor
‎03-12-2014 1:56 PM
0 Kudos

Hello Shubh,

please check if note 1935720 is in your system.

Check also in table /SAPTRX/EH_AUTHR with your EH_GUID if there is one entry for your parameter Z_CHA.

Not the auth profile is assigned to a role. This is only valid for Filter Profiles.

Authorizations work as normal in SAP System. You use just PFCG and create roles and later assign them to users.

Best regards,

Steffen

Former Member
‎03-13-2014 9:29 AM
0 Kudos

Dear Steffen,

                     Thanks for your reply. I am getting the note 1935720 implemented in my system.

In the meanwhile i want to ask how do i make the values dynamic for the user who has signed in , my parameter Z_CHA gets filled with parameter value which is the code for that user ?

      

As mentioned below i am maintaining the value against X_EM_EH object as hard coded value.

7) The Event Handler Authorization --> authorization object "X_EM_EH" I have specified my Z_CHA parameter + parameter value.

Thanks,

Shubh.

former_member190756
Active Contributor
‎03-13-2014 10:00 AM
0 Kudos

Hi Shubh,

you have to create roles in PFCG for all your users.

i.e. for all possible values your parameter Z_CHA can have.

Its the same logic as for all roles in SAP.

Best regards,

Steffen

Former Member
‎03-13-2014 10:46 AM
0 Kudos

Dear Steffen,

                     Thanks again , but  i have the scenario where the user logs on to the EP Portal and we have the EM link provided to the user.

                      When the user access the EM portal ,  there is a background user which hits the EM system . This is because there are thousands of vendor and client does not wants to create there entry in SU01 for systems like ECC , APO and CRM. All the access is done via background user.

                        This background user should have dynamic authorization based on user who has logged in.

Thanks,

Shubh.

former_member190756
Active Contributor
‎03-13-2014 11:02 AM
0 Kudos

Ok,

in this case you need to write an own logic for that.

You could create a Z-Table with the users and the allowed  parameter value. That is something i have already seen in other projects. The check could be done in BADI /SAPTRX/BADI_EH_S

Method AFTER_GET_DATA_DISP

There you have all EM data available before displaying them in the Web Ui.

Best regards,

Steffen

former_member190756
Active Contributor
‎09-26-2012 7:29 PM
0 Kudos

Hi Affan,

was the EH created before you made the authorization customizing? It works only for EH created after you made the settings and assign it to the EH Type.

Show replies
Show replies
Affan_alavi
Explorer
‎09-27-2012 7:52 AM
0 Kudos

Hi Steffen,

its not working even for the new event handlers being created. can you clarify the following:

1. The auth para that i not a part of the initial set of control parameters that are added when the EH is created. i.e.  it is being added at some later stage. but even after this para is added, the authorizations are not working. Does the Auth parameter have to be present when the EH is created?

2.Is is necessary to for the Auth para to be control para, or can info/system para also be used?

former_member190756
Active Contributor
‎09-27-2012 1:59 PM
0 Kudos

Yes the parameter must be present when you create the EH and it cannot be changed later. At the moment is unfortunately also no standard activity available to change the authorization data.

Info and System parameter can also be used with the same restrictions. You should be able to choose them in the customizing for the Auth. Profile.

Best regards,

Steffen

Ask a Question