cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization using Contain Pattern

Former Member
0 Kudos

Dear all,

We are defining Authorization Data in tcode RSECADMIN (SAP Netweaver 2004s).

We'd like to define access for 0COSTCENTER for wich the second and third characters are equals to 01.

We've created the following Authorization in RSECADMIN:

0TCAACTVT --> I EQ 03

0TCAIPROV --> I CP *

0TCAVALID --> I CP *

0COSTCENTER -


> I CP 01++++++

This is NOT working, wherease if we define 0COSTCENTER as I EQ 1010000000, 2010000000, 2010000001 the authorization is working as expected.

Thanks in advance

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Only patterns that end with <b>a single pattern symbol</b>, that is, with an asterisk (*) for any character string or with a plus sign for exactly one character, are permitted. The only exception to this is the characteristic 0TCAVALID for the validity period.

See <a href="http://help.sap.com/saphelp_nw70/helpdata/en/b1/0c9441b8972e7be10000000a1550b0/frameset.htm">help.sap.com</a>

/Christian Frier

Former Member
0 Kudos

Hi Christian,

we also have tried to give authorization for all cost centers that beguin with 1 (CP 1*) and we have the same problem.

Former Member
0 Kudos

What exactly do you mean when you say it does not work?

Does the user get full auth. or no auth?

What do you see in a trace where the specific check for cost center is?

/Christian Frier

Former Member
0 Kudos

The message is:

00000005 WSystem error in program CL_RSR_REQUEST and form APPEND_FAC_TO_SLICER:WRON

00000005 WInvalid filter on ZSUBBU: Filter changed

00000005 WYou do not have sufficient authorization

'No Authorization

===============================================

And in the log we see

Subselection (Technical SUBNR) 1

Supplementation of Selection for Aggregated Characteristics

No Check for Aggregation Authorization Required

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Contents

0TCAACTVT

ZSUBBU

SQL Format:

TCAACTVT = '03'

Characteristic Contents

0TCAACTVT I CP *

ZSUBBU I CP 3*

Partially or Fully Authorized (Intersection) Characteristic Contents

0TCAACTVT

ZSUBBU

SQL Format:

NOT /BIC/ZSUBBU LIKE '3%'

AND TCAACTVT = '03'

Value selection partially authorized. Check of remainder at end

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Contents

0TCAACTVT

ZSUBBU

SQL Format:

NOT /BIC/ZSUBBU LIKE '3%'

AND TCAACTVT = '03'

Characteristic Contents

0TCAACTVT I CP *

ZSUBBU I CP 3*

Not Authorized

All Authorizations Tested

Message EYE007: You do not have sufficient authorization

Former Member
0 Kudos

First, I think that <i>Invalid filter on ZSUBBU: Filter changed

</i> should be investigated...

Are you sure that it is not ZSUBBU that is giving you trouble...?

/Christian Frier

Former Member
0 Kudos

Sorry Christian,

I've not specified that problem is also in other authorizations.

The example that I've sent is for the object SUBBU.

We try to give authorization for all SUBBU that begin with 3 (I CP 3*) and we have previous message.

Thanks

Former Member
0 Kudos

I read the


SQL Format: 
NOT /BIC/ZSUBBU LIKE '3%' 

as if you have excluded 3* in the query. The user is only allowed to see 3*

/Christian

Former Member
0 Kudos

This is our problem Christian,

in the query we just have the authorization variable that should give us authorization to all subbu that begin with 3.

In fact we have tested to change the authorization from I CP 3* (that doesn't run) to I EQ 3001, I EQ 3002 and then this works properly.

Do you have any idea more?

Former Member
0 Kudos

The auth.-variable just reads the valid values from your analysis auth.

As I understand you, you try to specify the valid values for SUBBU in the variable...?

/Christian

Former Member
0 Kudos

Hi Christian,

Sorry for the misunderstanding. Let me start again with the explanation:

I have an authorization for SubBU defined in RSECADMIN (ZSUBBU_TEST)

0TCAACTVT --> I EQ 03

0TCAIPROV --> I CP *

0TCAVALID --> I CP *

ZSUBBU -


> I CP 3*

With that definition I haven't authorization to display values in my query (where I have defined an authorization variable -define as usual authorization variable)

In order to identify the issue, I changed ZSUBBU_TEST to the following definition:

0TCAACTVT --> I EQ 03

0TCAIPROV --> I CP *

0TCAVALID --> I CP *

ZSUBBU -


> I EQ 3001

That was the only changed I made and after that change, the query is displaying the value 3001 as I expected.

My problem is that I'd like to have authorization for all the SubBU that starts with value 3. So, I assume the issue is in the definition of the pattern.

Have you ever faced a similar issue?

Thanks once more,

Lluis

Former Member
0 Kudos

Hi again,

now that you mention it, I have actual seen a similar issue, but luckily for me, I could just as well use an interval just as easy as the pattern.

Perhaps the following SAP Note can help:

<a href="https://service.sap.com/sap/support/notes/1047978">Note 1047978 - Hierarchy auth. and intervals: "No authorization", EYE 007</a>

/Christian

Former Member
0 Kudos

Hello,

A pattern(X*) can be interpeted as a character string, if there zeroes in front it will fail. When you uses figures it is seen as a one number and compaired that way. The note mentioned has also our attention, as we have a simular problem.

Kind regards

Jan

Answers (0)