Solved: BCS Authorization

Former Member · ‎08-20-2007

Hi gurus,

We are implementing BCS. I created a role with the following authorization:

Role = Z_BCS_MONITORING

Auth Obj = S_TCODE = UCMON

R_UC_TASK = Activity = 03

ConsArea = TS

Task = DC001

ConsGroup = "STATCO"

Cons Unit = "*"

When I assign that role to a test user and runs the UCMON it does not restrict the task authorization i.e. I can view all the hierarchy for company codes and I can also see all the task available as well as the activity. For short, the restriction did not work.

Any help is very much appreciated. Thanks in advance.

Regards,

Ted

Former Member · ‎08-20-2007

Hi,

BCS 4.0 or 6.0?

Try to use Authorization/Validity check tab of data basis.

Hope this helps.

Former Member · ‎08-20-2007

Hi,

BCS 4.0 or 6.0?

Try to use Authorization/Validity check tab of data basis.

Hope this helps.

Former Member · ‎08-21-2007

Hi Eugene,

We have BCS 4.0

We already had gone to that in UCWB.

I think the restriction works when you go and test each activity, task and cons unit. Like when I run UCMON, What i have in my screen is all th activty, tasks & the complete company hierarchy on the left pane. However, when I test the security like do a particular task that I am not authorised it does not allow me, so that is fine. But the business requires me to further secure the display on task and on hierarchy, i.e. when a user runs the UCMON he/she can only have the particular cons group (company group) and task that only assigned to her/him.

Any idea?

Former Member · ‎08-22-2007

can anyone help?

Former Member · ‎08-22-2007

Follow the help:

http://help.sap.com/saphelp_sem40bw/helpdata/en/fb/c2d094897f734db04775e9dffd954a/frameset.htm

http://help.sap.com/saphelp_sem40bw/helpdata/en/a7/ee0d3dbd82fe2fe10000000a114084/frameset.htm

Former Member · ‎08-23-2007

Is there a way where you could restrict the view of CG/CU company hierarchy in the monitor? Though you specify which node in the hierarchy you want to restrict to the user in the auth object R_UC_TASK, in the monitor it still gives you the whole hierarchy view.

Thanks in advance.

Eugene, thanks for sending me the link. I have read through that already.

Former Member · ‎10-04-2007

Hi ,

I have the same problem.

Have you get the solution ??

If you did it, please help me.

Regards,

Former Member · ‎10-05-2007

I just learned that in order for you to limit the display of company hierarchy node in the UCMON is to have several nos. of cons. area say for example CGA is the top node and below that it has two sub nodes CGB & CGC. You need to create another cons. area for CGB & CGC and assign to user. So if userB only needs to see subnode for CGB assign the cons. area CGB to his/her authorization.

Hope this helps.

Regards,

Teng

Former Member · ‎10-05-2007

Thanks a lot Teng,

but i need to do it without create more consolidation area. Do you think it's possible??

I'll try to do it creating authorization object.

Regards and thanks,

Albert

Former Member · ‎10-05-2007

no worries..

I dont think you can work that out using auth object but if you're good enough to make that happen, share it to me as well.

Cheers,

Teng

Former Member · ‎10-05-2007

last question

how do you assign to a user a consolidation area ?? What object do you use ??

i'm working in it...

do you have documentation ?? (not the sap help)

Thanks a lot

Albert

Former Member · ‎10-05-2007

In the R_UC_TASK, when you click whichever auth field you will be asked to select cons area. Go figure. R_UC_TASK has several auth fields:

Activity

Cons Area

Task

Characteristic 1-8:

Regards,

Teng

Former Member · ‎10-08-2007

ok, i use it.

but anyway your user can cange the consolidation area when he wants trought the toolbar (environment) and see the others organization areas, am i right ??

thanks

albert