Key word: REPORTWRITER, CO reports
When outputting a CO report, message GR850 appears: 'You do not have authorization to display the selected data'.
Possibly the authorization for authorization object K_REPO_CCA 'CO: Reporting on cost centers / cost elements' is too restrictive.
In the Report Writer, an authorization check is run at two different times:
- The first check is made with activity 27 (display totals record)
or 28 (display line item) during database selection for records.
Each database record for which the user does not have authorizations
for the activities above is not processed. Here the system validates
the characteristics of the fields Cost element, Controlling area,
and Cost center.
- The second check is made with activity 29 (display stored data)
before the edited list is displayed.
At this time an authorization check for records and therefore for
single values is not possible. The system validates the sets
used in the report for cost element, controlling area, and cost
center:
If a set only contains a single value or if a representative value
has been maintained for the set, the user must have authorization
for this value. In all other cases the user must have authorization
for all values.
If separate authorizations have not been assigned to activities 27
and 29, the error message outlined above can occur.
Also see Note 15211.
The following alternatives are available when setting up authorizations for the authorization object K_REPO_CCA
1. The user displaying the report also selects the data:
The authorization check can be made at the time of selection.
The user's authorization should be limited to activity 27 (display
totals records) and 28 (display line items). As far as activity 29
(display stored data) is concerned, the user should be authorized
for all cost centers and cost elements.
Example:
The cost center report 1SIP (actual/plan/variance) is run for a
single cost center. The user selects the data and displays the
report onscreen.
The user should only have authorization to display data for cost
center 1000 in controlling area 0001.
The user has limited authorization for selection:
Activity: 27, 28 totals recs + line items
Cost element * all
Controlling area : 0001
Cost center : 1000 only cost center 1000
The user has all authorizations to display the stored data:
Activity : 29 Display stored data
Cost element: * all
Controlling area: * all
Cost center: * all
Here all authorizations are checked at the time of selection so
restricting the authorization for report display is not necessary.
2. The user only accesses the stored data selected by a super user.
This can be useful if a selection has been run in the background
for all cost centers in a hierarchy and the selected data is stored
in a data extract.
The user only has access to the data extract and should only be
allowed to display reports on certain cost centers.
Here the authorization check cannot be made at the time of
selection.
Example:
A super user runs cost center report 1SIP (actual/plan/variance)
for the entire standard hierarchy of controlling area 0001.
The cost center hierarchy is varied over the entire hierarchy
area and the result is stored in a data extract. A report is
generated for each cost center and each cost center group in the
data extract.
A user is only to be permitted to access the data extract and only
be authorized to display the report for cost center 1000.
The super user has all authorizations for selection:
Activity: 27, 28 tot.records + line items
Cost element: * all
Controlling area: * all
Cost center: * all
The user is only authorized to display the stored data:
Activity: 29 display stored data
Cost element: * all
Controlling area: 0001 all
Cost center: 1000 only cost center 1000
If the user is to be authorized to display a report for a cost center
group, a representative cost center must be assigned to the cost
center group (hierarchy maintenance: report info, representative
value) and the user must have authorization for this representative
cost center.
When the report is output, it is not possible to determine which
database records were actually used in the report. An authorization
check is therefore run for the cost center group/cost element group
used in the report. If the group contains more than one cost center/
cost element and if no representative value is assigned to the group,
the user must have authorization for all cost centers/cost elements.
If a group is used to define the row structure and the user is
authorized to display the group, the group total and all report
rows in the group total are shown.
You can find further information on authorization checks in Note 15211 'Standard reports: authorization concept' and the release note 'Report Writer: Authorization check for stored data' for release 2.1A
Additional key words
----- SUPPORTGUIDE 20010208103353 -----
REPORTWRITER, SGRW_AUTHORITY, SGRW_DOCU_CONS_NOTE
SGRW_OM
No comments:
Post a Comment