Analysis Authorization on Navigational attribute

Hi All,
We are using RSECADMIN (BW 7.0), I want to know whether its possible to make a navigational attribute - ZPAYE_SA__0SALES_OFF - to authorization relevent. The object (ZPAYE_SA) with this is associated is not an authorization relevent.
Even if I am able to make it authorization relevent is there any other setting changes to be done for it to work properly.
Regards
Deepesh

Hi Deepesh
First need to check Authorization relavent check box for navigational info object "ZPAYE_SA__0SALES_OFF"
Tcode RSA1 --> Info Object --> Find "ZPAYE_SA" ---> Attributes tab ---> Detail/Naviogation Attibute --> Authorization Check box in front of "0SALES_OFF".
Goto to RSCEADMIN
Create a Authorization object and maintain this navigation attribute "ZPAYE_SA__0SALES_OFF"
Pls let me know incase of further details
Best Regards
Rohit

Similar Messages

  • Authorization for navigational attribute

    Hi Gurus,
    I am facing an authorization issue with respect to infoobject hierarchy. I have created authorizations as below.
    There one infoobject 'A' and a navigational attribute 'B' in infoobject 'A'. This navigational atribure A_B is used in an infocube.  And hierarchy is uploaded to Infoobject 'B'. Now I want to give authorization for this hierarchy in infoobject 'B'.
    Now coming to authorization.
    1. I have made Infoobject 'B' as authorization relevant in Business explorer tab.
    2. Created authorization object say ABC in RSSM and inculded infoobject 'B' & 0TCTAUTHH (since I want to authorize the hierarchy and we are using 3.5 authorization concepts in BI 7.0).
    3. Activate this authorization object for the infocube.
    4. Included this authorization object in the role included for my user. In the field 'B' of authorization object I have given ' ' (space) and in the field 0TCTAUTHH I have given the technical name of the hierarchy.
    4. In 3.5 query designer I have put this navigational attribute A_B in the filter area and activated the hierarchy in the properties tab for the same hierarchy that I inculded in previous step.
    5. Created a variable with processing type authorization.
    Now when I run this report I get an error as no authorization for object ABC.
    Can someone help me if I have done anything wrong.
    Thanks,
    Sandeep

    Hi,
    In the infoobject A maintenance screen check the chekc box for field "AuthorizRelevant" for B to make it authorization relevant navigational attribute.
    Then go to RSECADMIN and ope your relevant authorization.
    In the menu bar just above the "Authorization Structure" you will find the button with icon of infoobject.
    Chick on this icon this will give you a screen to enter characteristic name of which attributes are to be added to authorization.
    Enter the infoobject A name here and click on continue.
    This will give you list of all authorization relevant navigational attributes present for A.
    Add B from this list to the authorization.
    Hope this helps.
    - Geetanjali

  • Need help on Authorization on Navigational Attribute.

    Hi All,
    I am working on Authorizations.
    I am using the info Object "Material group" which is the Navigational Attribute of 0MATERIAL.
    In Reporting, I have created the Authorization Variable for Material group.
    And after this, i have created the Authorization Object in RSECADMIN and added the info Object "Material group" and harded coded the value as "1000". After this, i have created the Authorization Role in PFCG and added this authorization Object over there.And this role is assigned specific User.
    While Running the report on specific User, for Material group, filteration is not happening over there (Material group = 1000). It is showing all values for this user.
    Can you please help on this issue.
    Thanks,
    Shahina A

    Thanks for your reply. I was on leave for the past 2 days. I have checked as you suggested.
    In 0MATERIAL, 0MATL_GROUP is the attribute and i have made Authorization Relvent for this Attribute.
    And i activated the Info object 0MATERIAL.
    Then i have run the query in RSRT and found an error while running the Report.
    Can u pls help on this issue.
    Diagnosis
    The system determined the authorized characteristic values for the characteristic 0MATERIAL__0MATL_GROUP. It determined that you do not have the (analysis) authorization to view transaction data for any characteristic values or range.
    System Response
    If this situation occurs when a variable is being filled, the query cannot be executed.
    Procedure
    You must have authorization for at least one characteristic value for the characteristic 0MATERIAL__0MATL_GROUP.
    Create the appropriate analysis authorizations for the user.
    If you are only authorized for evaluations that aggregate using the characteristic 0MATERIAL__0MATL_GROUP (for ":" authorizations), use a query without this characteristic. If the characteristic is not used as a filter or in the drilldown, variables should not be used.
    Procedure for System Administration
    Notification Number EYE 018 
    Thanks,
    Shahina A

  • Authorization on Navigation Attribute

    Hi experts,
    i'm faced with a problem. I have a navigation attribute in my data model which is authorization relevant. The problem is that the basic characteristic is not authorization relevant. I am not able to make my setting in the analyse authorization as the basic characteristic is not authorization relevant. The basic characteristic is used in some other projects so that i am not allowed to make this characteristic an an authorization relevant one.
    Has anyone an idea how to solve this problem?
    Thanks all in advance.
    Best Regards,
    Ali

    You did not mention what BW version you are on.  This scenario is allowed in 7.0 Analysis Authorizations, but is not allowed in 3.x 
    In 7.x you can make any navigational attribute authorization relevant on the Attributes tab in RSD1, and the base characteristic does not have to be authorization relevant.
    What problems are you having?

  • Reporting Authorization - InfoObject/Navigational Attributes

    We have a custom infoobject for Vendor to which access needs to be controlled. Certain users are not supposed to have access to a number of the navigational attributes on the object however we want these users to have access to all other navigational attributes (meaning we don't want these 'fields' to be visible but everything else). We have other reporting authorization objects that prevent access to the entire 'record' if the user is not authorized for a certain value (cost center, etc.).
    Thanks.

    Hi Joerg,
    navigational attributes are treated like characteristics. You can make them authorization relevant and restrict access, e.g. by granting ":", which allows to see overall results without details on this attribute.
    Regards, Klaus

  • Analysis Authorizations on Infosets

    Hi,
    I just wonder if analaysis authorizations work on infosets in SAP BW(701) SP8.
    I have got Infoobject A, which is authorization relevant. When I use this object in DSO/Cubes/Multiproviders then data level authorizations(analysis) are work fine.
    But when I use this infoobject into an infoset then it has become F35_XXX. When I create authorization variable on F35 and restrict value of A to certain values in RSECADMIN(analysis Auth). then it is simply allowing user to all values of A instead of restricting access to values specific in RSECADMIN.
    At the moment my analysis auth is restricted as follow:
    0TCAACTVT = 03
    0TCAIPROV = Infoset name
    0TCAVALID = *
    A = 100
    Am I missing anything?
    Regards,
    Ramesh

    Hi Ramesh,
    Infoset authorization should also work for authorization relevant navigational attributes.
    Navigation attribute has it's own setting for authorization relevant. It is set in RSD1 attribute tab.
    Can you check whether it's set to authorization relevant there?
    In addition, if a use has full authorization(*) for a certain characteristic (or navigation attribute), it might not be listed in the authorization log as detailed check does not need to be done for it.
    Best regards,
    Patricia

  • Navigational Attribute Authorization

    Hello,
    We have a requirement to turn on the authorizatiorelevant flag for number of navigational attributes in a master data. 
    After turning on the flags we have created an analysis authorization object and included the navigational attributes with :.
    We were expecting the report to return with no data. 
    Security tracing did not show any authorizty check against the navigation attributes which were turned on as the athorizatiorelevant on the master data.
    The Master data is authorization relevant however the individual navigation attributes are not authorization relevant objects.
    Do I need to turn the authorization relevant flag for individual nav attributes on their own maintenance screen?

    Hi,
    Check whether this doc helps
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7052dee3-bce5-2d10-5299-cd5d00ebeb72?QuickLink=index&overridelayout=true
    The Authorization at the Navigational attribute will restict the data for that attribule at the report level.
    You can restrict that Nav Attr specific to  InfoProvider, Roles etc.
    Thanks & Regards,
    Vishnu

  • WAD - Navigation Attribute authorization

    Hello Expert,
    I have created a WAD report containing analysis and two dropdown items.
    One filters a characteristics (profit centrum) and the other one filters navigation attribute of the same characteristics (resp. person of PC). Both the caracteristics and the attiribute are marked as authorization relevant.
    If I run the report under my account having profile SAP_ALL and analytical authorizaction 0VI_ALL the reports works as it should. But if I run it under a test account that has a role ZBI_BEX_ENDUSER that should contain all sufficient authorizations to run any report and analytical authorization 0BI_ALL then the report runs also OK,  just the dropdown with the navigation attribute (responsible person) is disabled (greyed out) with a text "no data". The other dropdown (PC) works fine.
    The navigation attribute is even included in the analysis and all the values are displayed there and I can even filter on it and then the filtered value is populated into the previously disabled dropdown list.
    Since I do not see any difference between the two users beside the authorisation I reckon that the issue must be somehow authorization related but I cannot find how.
    Can anyone help?
    Regards
    Jiri

    Hi Haran,
    You have to consider in ABAP code of user exit variable this:
    In a DSO you alreay have the user name and vaules, which he is allowed to see. Just go into this DSO and read the entries from DSO with user ID as selection criteria. Example:
    USERID     PLANT
    XY     1000
    XY     2000
    YZ     3000
    DSO name: ZOPLANT
    iKey fields in DSO: UserID & Plant
    Abap code would look like: select plant from /bic/azoplant00 where userID = sy-uname.
    I hope this helps.
    Aban

  • Authorization check on navigation attribute

    Is there anything special I need to do to make a navigational attribute authorization relevant for a cube.
    On 0sales_off I have checked it as authorization relevant, and this is assigned to 0cust_sales as a nav attribute.  I created an authorization object on 0sales_off.  I have turned on the nav attribute in the cube.  But when I go to turn on the check for the infoprovidor (RSSM), the authorization object is not displayed.

    Michael, Troy:
    Hi, I´ve already verified that the characteristic and the infocube have the navi attr marked, but now when I try to include it in an Authorization Object on RSSM transaction, the list of "Authorization relevant IObjects" doesn't show the nav attr that I'm trying to restrict (in this case the 0COSTCENTER__0BUS_AREA), seems that I can only authorize the 0COSTCENTER or 0BUS_AREA separately.
    What actions should I take in order to make this nav attr relevant for authorization so I could create different roles using the 0COSTCENTER__0BUS_AREA restricted by business areas..?
    Thanks in advance for your help.
    Miguel Campos

  • Hierarchy Authorization not working on Navigational Attribute

    Hello,
    We have 0ORGUNIT as nav attribute in 0EMPLOYEE and 0ORGUNIT has enterprise hierarchy set.
    Now we have analysis authorization based on both 0ORGUNIT and 0EMPLOYEE__0ORGUNIT (nav attr).
    When an user tries to run a web report which has normal 0ORGUNIT in it, in the variable screen he is able to see the entire hierarchy tree structure as per his authorizations. On the other hand when the same user tries to run another report which has nav attr 0EMPLOYEE__0ORGUNIT in it, in the variable screen he can see only the top nodes of the hierarchy to which he is authorized. He cant see the tree structure.
    Please note we are on BI 7 SPS 21 and in both the queries we are using hierarchy variable set on correct hierarchy. Also the attributes in the query have hierarchy activated on them.
    Please suggest any ideas/views for the same.
    Thanks!!
    Regards,
    Shashank

    Neo - We need current info on 0ORGUNIT and hence cant go with concept of historic truth as per what you mentioned.
    Bhawani - We have set it to level 1 which is perfectly fine as it works for other hierarchy's perfectly.
    Regards,
    SHahsank

  • Authorization Relevant BI Navigational Attribute

    Hello All,
       I have one quick question on auth relevant navigational attributes.
    Say I have characteristics A and B.  B is a nav attribute of A i.e. A__B and is marked auth relevant. 
    Does this means that A will also have to marked as auth relevant and be placed in the RSECADMIN profile along with A__B?
    Thanks

    >    I have one quick question
    I have one quick answer...
    > Total Questions:  6 (6 unresolved) 
    Read the forum rules!
    Thread locked and duplicate deleted.

  • Navigation attributes authorization

    Hi,all
    In NW2004s new auth concept allows to create auth for nav attributes as for chars. But! We have situation when one char is used as nav attribute in several chars. I.e. Char A, used in B__A, C__A and D__A. Is that nesesary to create auth for every nav attr use, or maybe there is a setting not to use nav attrs separately.
    I'm afraid, it can be difficult to administer such situations.

    Hi Emerald,
    maybe an approach to resolve some irritations.
    Let consider your scenario, one char is used as nav attribute in several chars. i.e. Char A, used in B__A, C__A and D__A.
    If you want to protect the usage of the characteristic A as navigational attribute in the characteristics B, C or D, you have to set the flag 'Authorisation relevant' in the attribute section of the respective characteristics B, C or D (which means up to 3 flags and corresponding 3 authorisations).
    If you want to use the characteristic A in its on right in an InfoProvider, you have to set the flag 'Authorisation relevant' in the InfoObject maintenance of characteristic A.
    If I have stated something different in my previous replies, please neglect them.
      Cheers
        SAP NetWeaver BI Organisation

  • Analysis Authorization based on Hier node with multiple display hierarchies

    Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
    Requirement:
    Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
    Preferred solution:
    The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
    u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
    u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
    u2022     The display level will be specified as required (here: Level 7)
    u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
    Reporting Scenario and technical impact:
    As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
    My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
    Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
    Thanks everyone for your input...
    Claus
    Edited by: Claus64 on Jul 13, 2009 4:10 AM

    HI CLause,
    On Jul 14 2009, you wrote in SDN and said:
    FYI: Found a solution...
    The hierarchy analysis authorization will be based on a navigational attribute of cost center.
    With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
    The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
    Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
    As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
    If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
    Claus
    See this thread:
    Analysis Authorization based on Hier node with multiple display hierarchies
    I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
    I appreciate if you can share your solution from the past in more details.
    many thanks

  • Web Intelligence Report + BI 7.0 Analysis Authorizations

    Hello Experts,
    I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
    BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
    It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
    For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
    When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
    I have tried several settings on the universe (like filter working on LoV as well) but none helped.
    If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
    Any ideas?
    Best regards
    Giorgos

    Hi,
    has the Universe been created on the cube level or on the query level ?
    In case it is on the cube level it will fail because :
    Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
    The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
    You can then assign this authorization to one or more users.
    All characteristics flagged as authorization-relevant are checked when a query is executed.
    *A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
    Ingo

  • [BO over SAP BW] Web Intelligence Report + BI 7.0 Analysis Authorizations

    Hello Experts,
    I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
    BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
    It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
    For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
    When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
    I have tried several settings on the universe (like filter working on LoV as well) but none helped.
    If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
    Any ideas?
    Best regards
    Giorgos

    Hi,
    has the Universe been created on the cube level or on the query level ?
    In case it is on the cube level it will fail because :
    Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
    The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
    You can then assign this authorization to one or more users.
    All characteristics flagged as authorization-relevant are checked when a query is executed.
    *A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
    Ingo

Maybe you are looking for

  • Hi: What is Active Vendor List

    Hi, What is Active Vendor List. What type of report it is , and what type of tables and feilds are include inthis. plz send the responce

  • HI performance issue.. getting time out error

    hi all. in below code..commented is my original one n i changed it to up to 1 rows. so is it rite this coding..? TABLES: DD03L. DATA: BEGIN OF WDD03M,           FIELDNAME LIKE DD03M-FIELDNAME,           TABNAME LIKE DD03M-TABNAME,           CHECKTABL

  • Can a single clip be rendered/exported into a movie?

    Hi Folks, I'd appreciate knowing if from event clips or a project clip, can I just take one clip and share/render/export it to a quick time movie, that I could e-mail to someone? Thanks for any help given. Jim

  • ORA-1653 (unable to extend table) and ORA-1654  (unable to extend index)

    Hi, We recently installed 12c.r1 and have it running now form some three weeks. About 100 assets currently in it. When trying to add a new discovery profile a received an error message from the BUI, in the cacao log from the EC i found a lot java exc

  • Subroutine IN VTFL

    Dear Gurus, I am using a freight condition type as a header condition, The user has added freight in the price initially at the time of sales order creation, later on suppose the user wants to subtract the freight value at the time of invoice creatio