Aggregation authorization within analysis authorizations
Hello,
The BW developers have created several queries that use aggregated data. When testing the queries with the end user ID (assigned to an end user role and analysis authorization), it is failing due to missing authorizations, particularly b/c of the following:
Supplementation of Selection for Aggregated
Characteristics
Check Added for Aggregation Authorization: 0COMP_CODE
Check Added for Aggregation Authorization: 0PLANT
All Authorizations Tested
Message EYE007: You Do Not Have Sufficient Authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
142 ( 0COMP_CODE )
189 ( 0PLANT )
192 ( 0SALESORG )
In the BI documentation, it specifies that : (colon): allows only aggregated access to data (e.g. allows information on all sales areas only on aggregated level not on particular countries). Is this ( specified as a value within the particular characteristics? I also tried to select the "aggregation authorization" icon within txn code RSECADMIN and this did not help.
Any help would be GREATLY appreciated.
Updated: For the analysis authorization, for these characteristics, in addition to the specific values, there is an entry for ":" and this did not resolve the issue.
Authorization Check
Detail Check for InfoProvider ZBL_13IT
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0COMP_CODE
Check Added for Aggregation Authorization: 0PLANT
Following Set Is Checked Comparison with Following Authorized Set Result Restmenge
Characteristic Contents
0PLANT
0SALESORG
0TCAACTVT
0COMP_CODE
SQL Format:
COMP_CODE = ':'
AND PLANT = ':'
AND SALES
ORG = '0403'
AND TCAACTVT = '03'
Characteristic Contents
0PLANT I EQ IC01
I EQ IC02
I EQ IC03
I EQ IE02
I EQ IE04
I EQ IZ01
I EQ MC01
I EQ ME01
I EQ :
0SALESORG I EQ 0301
I EQ 0341
I EQ :
0TCAACTVT I EQ 03
I EQ :
0COMP_CODE I EQ 0327
I EQ 0341
I EQ :
Not Authorized
All Authorizations Tested
Message EYE007: You Do Not Have Sufficient Authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
142 ( 0COMP_CODE )
189 ( 0PLANT )
192 ( 0SALESORG )
Authorization Check Complete
Similar Messages
-
Dynamic Authorization in Analysis Authorization
Hi All,
We are planning to migrate 3.x Authorization Migration to Analsysis Authorization. We have implemeneted Dynamic Authorization
concept which is using Customer Exit Variable. Now Kindly Guide me how I can retain the the same Dynamic Authorization Concept in New Analysis Authorization.
Regards,
AmitHi Amit,
Below article will helpful:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f0f9f33c-0f17-2d10-d3a2-ae52ccd00780?QuickLink=index&overridelayout=true
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90f762d1-538b-2d10-1695-899a8bb165df?QuickLink=index&overridelayout=true
Hope this helps!
Amandeep Sharma -
Analysis Authorization with SEM-BPS
Hi,
We have performed technical upgrade from BW 3.5 to BI 7.0. We want to migrate to BI 7.0 functionality phase wise.
We have SEM-BPS and now we want to migrate to Analysis Authorization of BI 7.0.
Once we have igrated to Analysis Authorization, will there be any impact on SEM-BPS? Can we still use SEM-BPS with New Analysis Authorizations? We do not want to move to BI-IP in near future?.
Please advise.
Best Regards,
URDear UR,
Iu2019m going to try helping you,
In difference of reporting functionality, in planning, the data of an InfoCube is not just read; it is also changed or created.
There are two planning tools in BI: BW-BPS (Business Planning and Simulation), and BI Integrated Planning.
There are two main tcode: BPS0 and RSPLAN
There are three authorization objects to manage Integrated Planning:
S_RS_PL_ADMIN - Planning Administrator
S_RS_PL_PLANNER u2013 Planner
S_RS_PL_PLANMOD_D u2013 Planning Modeler (Development System)
The main object in the planning scenario is InfoCube real-time, where can available writing in small package that arrive in parallel. In some cases the security requirements for reporting and planning can be merging. In this case you need authorization object for checking planning, as authorization object above, and you need authorization object for using a query for planning requires as S_RS_COMP.
In addition to authorization for displaying data, the authorizations for changing data you need analysis authorization (the analysis authorization focus in the InfoProvider, no in Aggregation Level).
In your analysis authorization design for reporting stuff, you should use in 0TCAACTVT characteristic 03 value. In the planning stuff, you should use in 0TCAACTVT characteristic 03 and 02 values. As explain following:
Using the characteristics 0TCAACTVT (activity), you can restrict the authorization to different activities. Read (03) is set as the default activity; you must also assign the activity Change (02) for integrated planning.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/b1/0c9441b8972e7be10000000a1550b0/frameset.htm
I hope this suggestion can help you answer question,
Luis -
Problem with analysis authorization- 0BI_ALL always needed
Dear all:
we have a serious issue on so-called "analysis authorization" now. We have auth-restricted user who only have authorization to access data on one company code. We also create a BI-authorization in analysis authorization and assign the following auth-relevant object to this authorization-
0TCAACTVT = 01-03
0TCAIPROV = ALL
0TCAVALID = ALL
0TCAKYFNM = ALL
0COMP_CODE = A001
And we create one query with only company code and number of employee in the row and column. But everytime we execute this query, there s always message" No Authorization". We used ST01 to trace and the result shows we need to have "0BI_ALL" in auth object S_RS_AUTH. If we added 0BI_ALL, all company code data will display, which definitely no auth restriction at all. Is there any specific authorization setting we need to do?
We are stuck here pretty bad. Thank you all in advance if any input.
BR
SFHi,
I guess the Authorization profile is active , and in the Tcode PFCG -> Role name -> User tab page ( user comparision is done ).
Check if any of the tab page shows red light .
And assignment of 0BI_ALL is not a solution , as any user can do anything in the system.
Also do not forget to log - off and log-in into system after changing into any of the authorization profile to see changes that had happened.
Hope that helps.
Regards
Mr Kapadia
Assigning points is the way to say thanks in SDN. -
Analysis Authorizations - Aggregation Level ( ':' )
Dear BW Gurus,
Greetings!!!
I have a scenario of migrating the Authorizations from BW 3.5 to BI 7.0 Analysis Authorizations.
There is a report based on InfoSet. There are about 8 authorization relevant objects among which the user is authorized for 3 Authorization relevant characteristic fields. In the previous version, It was working fine when tested.
In BI 7.0 Analysis Authorization Concept, I have created the Authorization Object with these 3 Auth relevant fields and assigned to the Role using S_RS_AUTH and then assigned it to a user. When I test the query with that particular user ID, the result was NO SUFFICIENT AUTHORIZATION.
When I checked the log, there it displayed the other authorization relevant fields for Aggregation level. So, my question is whether I must include the other Authorization relevant fields and restrict them for aggregation level (Value ':') and is it mandatory?
please guide me in this regard as early as possible.
Best Regards,
PriyaHello,
Check st01 and su53 for missing objects then assign objects accordingly in the role or in analyse authorisation .
Thanks.
With regards,
Anand Kumar -
Standard authorization concept versus analysis authorizations
Hi
I am bit confused about the necessity of maintaining both.
Example:
I have designed an analysis authorizations for CO (Controlling), named CO_001:
InfoProvider: 0COOM_C02
Thereafter I have put the authorization object S_RS_AUTH into a role (standard authorization object) with CO_001 as value in BIAUTH.
Is there still a need to maintain authorization objects for Business Explorer or Business Planning, like:
S_RS_COMP (limiting to the InfoProvider mentioned in the analysis authorization)
S_RS_PLSE (limiting to a special aggregation level of the appropriate InfoProvider mentioned in the analysis authorization)
What happens when there is no limitations maintained in the role for these auth objects, "*"?
Which concepts dominates the other one?
Thanks
BEOHi BEOplanet,
S_RS_COMP will give you access to the Infoprovidor in BEx so this will be access level security.
Then Analysis authorization will give you the data level security within the infoprovidor (like what data you can see within the infoprovidor)
There fore you need to maintain both S_RS_COMP and Analysis Authorizations.
To your question ,if you have maintained the cube 0COOM_C02 in Analysis Authorization and S_RS_COMP has only 0PA_01 then the Query will fail since you dont have access to the cube 0COOM_C02 in S_RS_COMP.
Regards,
Karthik. -
Web Intelligence Report + BI 7.0 Analysis Authorizations
Hello Experts,
I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
I have tried several settings on the universe (like filter working on LoV as well) but none helped.
If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
Any ideas?
Best regards
GiorgosHi,
has the Universe been created on the cube level or on the query level ?
In case it is on the cube level it will fail because :
Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
You can then assign this authorization to one or more users.
All characteristics flagged as authorization-relevant are checked when a query is executed.
*A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
Ingo -
[BO over SAP BW] Web Intelligence Report + BI 7.0 Analysis Authorizations
Hello Experts,
I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
I have tried several settings on the universe (like filter working on LoV as well) but none helped.
If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
Any ideas?
Best regards
GiorgosHi,
has the Universe been created on the cube level or on the query level ?
In case it is on the cube level it will fail because :
Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
You can then assign this authorization to one or more users.
All characteristics flagged as authorization-relevant are checked when a query is executed.
*A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
Ingo -
How to get Query Results based on Analysis Authorization Ranges????
Hi Experts,
I have gone through the lot of SDN Links, however not able to find the answer to my question.
I have an Authorization Issue, NO Authorization
Error : EYE 007 ( Insufficient Authorizations )
<b>Here is the issue:</b>
Need to see the complete query result when I gave the range in Analysis Authorization for Controlling Area 001-005. Controlling Area is auth relevant and right now a variable is inserted in the query for it. If I select Controlling Area 001, the result for Controlling Area 001 is displayed in query. If 002 then also displayed. If I do not enter anything, then I get the <b>Eye 007 error message</b>.
I am not sure how do I display/authorize the entire result in the query for all the Controlling Areas, I have authorized user to see??
<b>Its really urgent, please help..!</b>
Here are the logs:
Authorization Check Log
Date and Execution Time (Local Server)
Execution Date: 06.09.2007
Execution Time: 14:48:41
Executed Query: 0CCA_C11/GBCCA_MP01_Q0002_AP
Executed by User ZBI_TEST_001
Executed with Analysis Authorizations of Another User ZBI_TEST_001
InfoProvider Check
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider 0CCA_C11 with activity 03?
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
InfoProvider Check
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider 0CCA_C11:
0CO_AREA
0TCAACTVT
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider :
List Is Empty:
There Are No Characteristics That Have to Be Checked in Detail
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
CO_AREA = '0003'
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Authorized
Subselection (SUBNR) Is Authorized
Authorization Check Complete
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Partially or Fully Authorized (Intersection) Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
184 ( 0CO_AREA )
Authorization Check CompleteHi,
Have you defined the vaule for 0CO_AREA as BT 001-005 in you Authorization for 0CO_AREA.Also how have you defined your Authorization Variable on the query? Have you define as select options or interval? I thing you need to define it as interval or select options.
Hope it helps,
Cheers,
Balaji -
BW Analysis Authorization gut check.
Hello all,
Just a gut check about how the AA strategy works. Take this scenario when executing a query:
The following InfoObjects are auth relevant:
0PLANT: Aggregated Data so only : is needed.
0WHSE_NUM: Needs specific value
0TCAACTVT: Default 03 given.
And then the following special characteristics:
0TCAIPROV: Infocube Z123
0TCAVALID: Default * given.
Now..if I were to put these 5 Characteristics in 5 seperate Analysis Authorizations and assign those 5 to a role with S_RS_COMP, the query can be executed. Not our design...testing purposes only.
I THOUGHT that some of these characteristics needed to exist together in 1 AA, like 0TCAACTVT and 0TCAIPROV in order to work properly. But apparently when the system is checking authorizations, it only treats each characteristic seperately and on it's own when checking the values.
Thoughts or insight?
Thanks,
TomHi Tom,
To be precise, you'd assign your analysis auths to a role with S_RS_AUTH. S_RS_COMP is to give access to BEx.
Check out the online documentation from SAP on analysis auths. I did a really quick look in there and found this gem that should help answer your question:
In addition to these generic dimensions, an authorization includes special dimensions. These consists of the characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validity). These special characteristics must be included in at least one authorization for a user; otherwise the user is not authorized to execute a query.We recommend that you include these special characteristics in every authorization. You do not have to include them in every authorization, but for reasons of clarity and analysis security, we recommend that you do this.
So it seems that you need those special dimensions in at least one analysis auth to be able to execute queries, but SAP recommends including them in all of them.
Krysta -
Table for Analysis authorization along with values for authorization fields
Hi,
I am looking for table that contains the Analysis Authorization name along with values for all the authorization fields within this Analysis Authorization. Individually i can go to PFCG or Rsecadmin but since i need all the Analysis auth objects, i need to get this info into excel, so need a table.Hi Prashanth
You can check RSECVAL that is appropriate for your requirement please let us know if any further help is needed.
Thanks & Regards
Santosh Varada -
BW BEX Queries and Analysis Authorizations
Hello....
Have an opportunity with BW BEX queries and Analysis Authorization...would like to see if anyone has had the same experience and if so is there a answer....
1) given a query....
2) given a analysis authorization with a info-object that has intervals defined to be both single values and ranged values
the following happens...
after the query is fired the starter screen appears...the info-object in question appears with the defined single values only....if....the window is opened....again only the single values appear...the range values do not appear...once the query is executed the only results given are those for the single values...
also if you re-fire the query and manually enter a valid value for the info-object that falls with-in any of the range values no result is given...even if there is data for it....the reponse given is no data found....
NOW...if the single values, for the given info-object, are removed from the Analysis Authoriization then the range values appear and work....
Is this a problem within in the query...or...is this a "feature" of the query...and thus must be "lived" with...
Terry
PS...this problem currently only happens if the window for the info-object allows for multi-selection....this problem does not occurr when the window only allows for one selection...Hi,
This is a known problem with analysis authorization and multi selection IO selection criteria.
When you define the analysis authorization with ranges and when you try to enter single values on the selection critera of the query, then the system shows zero data.
You can run the query without entering any selection values for the IO in question only.
I have tried several combinations and still encountering the same issue.
Ravi -
Hello All,
We have a scenario where the value will be ex: ABC*D for analysis authorization.
This value will be populated to a variable through costomer exit.
But when the value is populated as A* or AB* or ABC* or ABCD* it is working fine.
If I use multiple * in a single value like ex: ABC* it is not working and giving the below error.
When the query is executed it is displaying No Authorization.
Please provide your inputs if somebody had already faced this issue.
Thanks for inputs.Hi,
This is the design of the system.
It is described in OSS note :
1053989 Intervals and Patterns [(*),(+)] in Analysis Authorizations
The required format for normal characteristics is the following:
- Single value: I EQ A (characteristic value =A),
- Interval : I BT A B (A <= characteristic value<= B)
- Pattern : I CP A* and I CP A+ (pattern with exactly one
wildcard (*) or exactly one plus character after A).
- Aggregation authorization :
Colon character (:). Permits an aggregation on the characteristic.
Written as single value I EQ :
Patterns
Only patterns with exactly one ending + (wild card for a single
character) or * (pattern for arbitrarily many charactersy) are allowed.
For example : entering A*A is not possible.
Regards,
Patricia -
Analysis Authorization in BO 4.0 Webi report
Hi All,
I am using BO 4.0 and creating connection from Information Design tool to a BW query using BICS client. This connection is then published to CMC.
We are using SAP authentication and importing the roles from BW system. We have added profiles to this role and these profiles have Analysis Authorization set on Company Code. So one user can access data to one company code and vice versa. Now this works well in Bex Analyzer, but if I try to create a report in Webi, the analysis authorization fails. I went through the forum before posting this question and I found that is in 3.1 version and in most cases using SSO in universe connection solved the problem.
However in 4.0 I am using BICS client and followed the same processes to create a connection but for some reason it doesn't work ? Is this suppose to work differently in 4.0 ?
I have tried:
1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
3. Publish the connection to CMC with my Enterprise and SAP ID and in both cases it doesn't work.
Please let me know if anyone encountered a similar issue and what is the best method to resolve this.
(BO 4.0 no service pack or fix pack installed on the system yet)
Thanks - Appreciate your help !
Prasad RasamIngo,
1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
>> Correct you need to setup you OLAP Connection with SSO.
>>> What I meant was I created the connections using both the methods, Using SSO it allows me to create a connection. The ID which I am using to create a connection has Admin access to BOBJ system. When I login as a regular user to create a Webi report and select this new connection, it throws an error message 'The DSL Service returned an error: com.businessobjects.dsl.services.workspace.impl.QueryViewAnalyzer$CannotGetCubeFromConnectionException: Cannot get the cube from the connection'
Using the other method to create a connection with User ID and password, I can create a connection and with the normal user login I can connect to the BW query but Analysis Authorization doesn't work.
Ingo : Could you be more specific what you mean here with the different users ? When you say "regular" user are you referring to an SAP credentials or SAP BusinessObjects Enteprrise credentials ?
2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
>> The variable in the BEx query needs to be an authorization variable.
>>> This has already been set as Authorization variable. There is still a question here. If I select the variable as Authorization variable, I cannot set the other parameters in the query properties such as Mandatory variable (as this is greyed out).
Ingo : What other parameters would you like to configure ? Could you perhaps describe the scenario with more details ?
regards
Ingo Hilgefort -
Analysis Authorization Issue 7.3
Hello Friends,
System BW 7.3, Currently there are 80 odd analysis authorization objects
We want to introduce a new info object (GL Account) to be authorization relevant, ( there are few objects in the system which are already authorization relevant in the system with proper analysis authorization objects and they are working fine)
Things done, made the GL Account object authorization relevant in RSA1, Created 2 analysis authorization objects with GL Account and TCT objects and one with hierarchy restrictions and one open access.
Added this object to the user in addition to its already existing authorization objects. Created authorization variable in BEx.
Some how the authorization is not picked up and it gives us all the values in the report. But if I add the GL Account info object to the existing analysis authorization objects then it works fine.
I do not want to change all the existing analysis authorization objects to add GL Account.
Your inputs are most welcome.
Thanks
Ed.Gajesh- I have added the new analysis authorization object to the user in RSECadmin.
Subhendu- Problem statement: What are the steps involved in making a new info object(GL Account) authorization relevant. Authorizations are given at hierarchy level. Can we create a new analysis authorization with GL Account only or do we have to add it to every existing analysis authorization
I have done the following steps
1. Made the GL Account object authorization relevant in RSA1,
2. Created 2 new analysis authorization objects with GL Account ( with hierarchy restrictions) and TCT objects and one with GL Account open access.
3. Added this object ( which has restrictions) to the user in RSECADMIN, in addition to its already existing authorization objects.
4. Created authorization variable in BEx.
5. No existing analysis authorization objects have been changed.
When I test the report, It does not restrict based on the hierarchy that I have given, it gives open access.
But If I add GL Account with restrictions to the existing analysis authorization object, it works good.
Guess I am missing some thing here.
Do you need any other screen shots.
Thanks
Ed.
Maybe you are looking for
-
Can you please help me. I purchased the new Apple I 4s phone from AT&T. I bought it out right. NO CONTRACT!! I paid almost $1000.00 for it. I then, had it enrolled it in my company's ATT service plan. They paid the bill for my service. Since, I have
-
Client unable to get the javax.activation.DataHandler object from Server
Hi All, I am trying to download the file from the server to the client using Javax.Activation.Data Handler object with IBM web services. But server always returning the Data Handler object is null. I am wondering why it is behaving like this. My requ
-
Safari logs me out very often since IOS5
Since i have installed IOS 5 it's just impossible to write a message on a phpbb site because of the bug of safari that keeps logging me out. I tried to delete all cookies and history, i shutted down the ipad but it's still there... I found a very sim
-
AppV 5 SP2 publish\unpublish issues.
Citrix PVS 7.1 - Read Only Image Appv 5 SP2 (excluding hotfix patch 1 -5) running on Windows 2012 R2. Microsoft Redirected Profiles Citrix Profile Manager 5.0 Package Installation Root set to a static disk accessible by all users. Issue: We control a
-
Since the beginning of June, I have been waiting to see if there will be a fix for the disaster that was named Kitkat 4.4.2 There are many postings (never answered) from people listing their problems since the update. I have gone from loving this pho