01-21-2008 5:51 PM
Hi Gurus,
I am facing problem with BI authorizations
i have created a role in PFCG for query authoriztion
and i have created authoriztaion in RSECADMIN
with required characterists
like
0PLANT
0COMPANY
0PUR_GROUP
and assigned to role in object S_RS_AUTH
i assigned the role to user
now my problem is
when user executes that report giving the Purchasing Group its give "You are not authorized"
when i checked the Purchasing group it is related with two diffrent plants
but user having access to one of the plants still it is not giving out put it is checking both the plants
can any body please help me how should i resolve this issue
thanks
kishore
01-21-2008 6:10 PM
Users that are allowed to this report MUST have authjorisation for both Plants, the check in this needs to find an OKAY for every field value of the fields in the provider.
So plant with value * in the role is okay or both values.
01-21-2008 6:10 PM
Users that are allowed to this report MUST have authjorisation for both Plants, the check in this needs to find an OKAY for every field value of the fields in the provider.
So plant with value * in the role is okay or both values.
01-22-2008 4:54 AM
Hi Visser,
Thanks for your reply
but in my case it should check only for that plant he is authorized for
he/she should not be authroized for the other plants values
and also i cannot give * in plant field
like this i am having couple of reports
Example:
when ever user gives the Purchasing Group value in the variable field and execute it should chekc what he is authorized for and give the results
please let me know is there any way i can restrict them
thanks
kishore
01-22-2008 6:19 AM
In that case there is only one option create a new purch org ( one for each plant ) and create data a like.
Edited by: Auke Visser on Jan 22, 2008 7:19 AM
01-27-2008 6:06 AM
Hi Visser and sachin,
thanks for your replys
the user having authorization to other queries also
but if i give * value for a plant
it will effect other queries also
is there any way we can restrict
thanks
kishore
01-27-2008 9:08 AM
NO you can not.
This is simply the way things work, if a field is in a infoprovider the user must have access to all values.
It might be that you remove the field plant fom the infoprovider that it might work, but that is the only thing you can try ( no success garanteed!)
Else the other options provided before.
01-29-2008 3:34 AM
Hi there,
if not already in your RSECADMIN object add the 'special charactistics' from the menu icons
it will add 3 areas . activity,infoprovider and validity date(?) . set the activity
at the typical 03 display.
01-29-2008 4:59 AM
If you are using BI7 with analysis authorisations - Within the query you should set the Plant (or other characteristics) varibale as authorisation variable.
So when executing the query and if Plant is a character in the Query the user will be presented with ONLY the Plant data he has authorisation for.
Hope this helps.
Sam
01-29-2008 6:12 AM
The last remark is how to do this in the query, but it will not solve the probelm of having to have access to all values in the query!
01-29-2008 10:20 AM
Hi,
Correction Visser your suggestion of creating a new purchasing org will just increase complexity and admin overhead.
We had a similar issue at my last client where user A required access to Plant 1 & 2 Purch org 1 and User B required access to Plant 1 & 3 Purch org1, whilst executing the same query.
To create this model you would need to set the analysis authorisation for the plants in Rsecadmin, then assign to users either through PFCG or directly in RSECADMIN. Then make sure that the queries that are you require this restriction use the authorisation variable in the query which needs to be created, and for this example would be for Plant & Purch Org. This is a common mistake that alot of consultants make when using BI7.
If this is not done the user will see more than they are authorised to see. Basically the Auth variable needs to be in the query for your model to work.
Thanks,
sam
02-03-2008 10:55 AM
Hi Parmar,
Thanks for your reply,
i tried it with authorization variables also but still i am getting the same issue you are not authorized
in BI if we restrict authorization for eg.comany code, plant it should give result in the query he/she is authorized for
but still searching for the dependent values
eg:compay 1000
is authorized to the plant related to 10* and should give the out put for only that
in my query i dont have a plant selection variable
if i give CC 1000 and execute the query it searcing for all the plants related to the 1000 and trying to give the output
there i am getting the problem till i give the * value for the plant it dotn give me the result
is any thing missing at authorization level plz. let me know
thanks
kishore
01-22-2008 6:58 AM
Hi Kishore,
If the purchasing group has been associated with both the plants, then it is logical for the query to check both the plants. There is nothing more that you can do.
You should perhaps discuss the issue with the creator and tell him the issue of giving extra authorization for a plant. Maybe it is required for this particular query. Or else what Auke suggested sounds good to me.
Regards
Sachin
02-03-2008 11:11 AM
Hi
Please maintain the value of the 0pur_group as you have maintained for the plant to restrict the user to see the report of the authroized plant and 0pur_group.
REgards
Anwer Waseem
SAP BASIS
02-03-2008 11:16 AM
Also, my suggestion is that set the athorization trace by the st01 for the specific time to analyze the problem where authorization are failed, then you can determine easily, what authorization data required to complete the authorization process successfully.
Regards
Anwer Waseem
02-11-2008 6:25 AM
Hi,
can any body please help me on this
i have created an authorization variable for 0plant, 0plant is authorization relevant
authorization variable : if there is no input from the user it will automatically pick the values for which the user is authorized and will show data in the report based on those values
but it is not working for me i have created variable and selected processing by authorization
if user is not giving any input and executing it says no sufficient authorization
that means authorization variable is not working
is anything i am missing or any exit code i needs to right please suggest
Thanks and Regards,
Kishore
02-18-2008 6:24 AM
Hi ALL,
Thanks you very much for your valuable inputs
issue is resolved
regards,
kishore