Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to perform BW related Transactions.

Former Member

‎07-30-2009 2:16 PM

0 Kudos

Hello Experts,

I have the following BW roles available in my SAP ECC6.0 IDES.

I have clubbed them into a single composite role and have

assigned to one user.

IDESBW_ADMIN_R3

SAP_BW_ALL

SAP_BW_ANZEIGER

SAP_BW_AWTEST

SAP_BW_DEVELOPER

SAP_BW_PATTERN_OBJECTS

SAP_BW_SEM_BPS_APPLICATIONS

SAP_BW_SEM_LP

SAP_BWC_0ROLE_0054

SAP_BWC_BBP_PURCHASING

SAP_BWC_BUSINESS_UNIT_ANALYST

SAP_BWC_CO_INVENTORY_ACCOUNTIN

SAP_BWC_CO_PA_REPORT_DEMO

SAP_BWC_CO_PROD_COST_PLANNING

SAP_BWC_MRP_CONTROLLING

SAP_BWC_PATTERN_OBJECTS

SAP_BWC_PUR_ORDER_ANALYSIS

Z_HR_BW

ZSAP_BW_0ROLE_0162

But the user is not able to run any transaction(like rsa3,rsa5 etc.).He is getting

error that "You are not authorized to this transaction".

As a DDIC user I am able to run all those transactions but I am

not able to change the authorization of the roles and getting error

"The role is not in customer namespace".

can anyone help in this regard? i.e. without DDIC priviledge, how

to run these BW related transactions in ECC6.0 IDES with the help

of above roles only?

Please Help..

Anupam..

5 REPLIES 5

former_member187565
Active Contributor

‎07-30-2009 3:08 PM

0 Kudos

Hi Anupam,

Its not a good practice to give SAP standard role to a new composite role.It is advisable that first create the z* role from the required role(copy)& then put it to a composite role.

Run transaction SU53 after you got the error "You are not authorized to this transaction".It gives you the exact missing authorization.

For more details

http://help.sap.com/saphelp_nw70/helpdata/EN/52/6714a9439b11d1896f0000e8322d00/frameset.htm

SAP Note 910010

Regards

Rafikul

Former Member

‎07-30-2009 4:40 PM

0 Kudos

Hi,

Check whether the transaction is already included in the role..

If it is already there, then check whether the role is properly generated...

also as suggested, SAP roles should not be used.. you should create new Z* role with help of the SAP standard role, then you can change the roles accordingly.

SAP standard roles should not be changed..

Regards,

Sandip.

sdipanjan
Active Contributor

‎07-30-2009 4:56 PM

0 Kudos

> But the user is not able to run any transaction(like rsa3,rsa5 etc.).He is getting

> error that "You are not authorized to this transaction".

>

SAP Standard roles doesn't come up with generated profiles for them. For your information: Roles doesn't provide any authorization rather it is done by the Profile and generated Profile means the All the Authorization Instances are Active and current. So, the standard SAP roles you are assigining will not give access to any TCodes.

> As a DDIC user I am able to run all those transactions

DDIC is a Super user and contains SAP_ALL & SAP_NEW profiles which provides Unrestricted access.

> but I am not able to change the authorization of the roles and getting error

> "The role is not in customer namespace".

SAP doesn't allow to make changes to any SAP standard objects, not only roles... so, if you want to use the roles you mentioned, first copy them into a New role which do not start with "SAP_" and generate their profile and then assign those roles to the user ids.

Besides of all, I found the requirement of SAP Security trainings to get the overview of all these. Please try to attend SAP Security course.

Regards,

Dipanjan

Former Member

‎07-31-2009 4:29 PM

0 Kudos

this is because I guess none of the standard roles listed by you have RSA3 or RSA5 in them.

you can create your own role for these missing transactions and assign it to the users.

and when it comes to generating SAP standard(delivered) roles,who really want to spend

time on following the standards for an IDES system. if it was me I will generate and use SAP

standard roles.

Former Member

‎08-01-2009 12:23 PM

0 Kudos

Dear Anupam,

You should create Z* roles for the end users access. you can copy of SAP standard roles and make it as Z* and club it as composite roles.

Once you enter with the userid DDIC , please create BASIS userid with SAP_ALL and SAP_NEW access.

You should not use DDIC, since it is standard SAP user. One more thing, if they are authoirzed to access any of the transactions, please request them to exeucte SU53 and send to BASIS team.

if you want to run BW transactions in ECC 6.0, BI related support packages should be installed. please ensure that.

Note : please ensure that what ever the roles that you are copying from standard SAP roles, they should have access to all BW t-codes. if not plz add in menu -> transactions. Developer should need access to these kind of BASIC t-codes of BI.

hope this would help you.