Authorization in BI7.0 - Estimation

Similar Messages

• Authorization Concept - BI7

  Hi ,
  I'm working on authorization concept for BI7 which seems to be having a conflicting statement.
  User : Mary
  InfoObject : ZORDER
  Set 1 : Queries built on multiproviders within infoArea ZSALES should display ONLY order number 123.
  Set 2 : Queries built on multiproviders within infoArea ZPROJECT should display ALL order numbers.
  Its a conflicting scenario.
  Its giving an output for ALL orders for both set 1 and set 2 queries.
  Appreciate if anyone could provide some ideas if this is feasible to achieve within RSECADMIN.
  Thank you.
  Regards
  Maili
  Edited by: Maili06 on Jan 12, 2012 1:19 PM

  hi,
  plz try creating the analysis auth objects for the mentioned scenarios can be:
  1)1st auth object can have  infoarea=ZSALES and order number=123
  2)2nd auth object can have infoarea=ZPROJECT and order number=*
  Both these analysis authorization objects can be assigned to the user via RSECADMIN.
  In the auth profile, S_RS_AUTH = Inactive, read analysis auth from RSECADMIN and manual assignement.
  regards
  laksh

• User Authorization in BI7 Problem ListCube

  Hi there,
  In NW2004s BI7, under Win-server 2003, Oracle 10g
  I created one custom role for User, to display DSO data only
  Data displayed perfect through Transcation code: LISTCUBE but user can't export data into excel,
  option is disabled or grayed out...
  Here is Screenshot:
  1. Goto ListCube
  http://www.flickr.com/photos/25470985@N07/4171781095/sizes/o/
  2. Display data any DSO and export to excel
  http://www.flickr.com/photos/25470985@N07/4172536260/sizes/o/
  3. User Custom's Authorization
  http://www.flickr.com/photos/25470985@N07/4171781047/sizes/o/in/photostream/
  Where I am getting wrong?
  please advised me
  Thank in Advance
  Angeline

  Hi,
  This article shows to create authorization and making it not visible or Grey (reade this and reverse to unblock the authorization)
  http://ecohub.sdn.sap.com/irj/scn/index?rid=/library/uuid/101fb4f5-eb7c-2c10-5daa-b479c47f0a14&overridelayout=true
  follow the notes procedure it will solve your problem
  Check this note 1145885
  Check note 1222905. You have some settings to be able to export excel file. http://doa.louisiana.gov/ois/Service/Bulletin_Boards/HR/How%20to%20export%20data%20from%20SAP%20to%20Excel.pdf
  hope this will help you
  Thanks & Regards,
  Ravi.

• Hierarhy Authorizations in BI7

  Hi there experts. Am pretty new with the analysis authorization consept and I seem to have problems with it.
  Am trying to create a costcenter hierarchy authorization for users and the result I get is either all or nothing, depending on what is maintained for S_RS_AUTH object. If it is * (biall) all hierarchies are displayed and if an authorization is added what I have made -> You don't have sufficient authorization.
  For the role I have used the S_RS_RREPU template and added S_RSEC. For the Z -authorization I have used 0COSTCENTER (node 10000000107810 and type 0 tried 1 as well)
  0TCAACTVT (01-03), 0TCAIPROV (), 0TCAKYFNM (), 0TCAVALID (*). The authorization is then assigned to user.
  Now what could be wrong in here?
  Thank you in advance!
  Mikko

  Hi,
  Settings for Hierarchy Authorizations
  Type of Authorization
  You can define the authorization starting from a node of the hierarchy in different ways:
  ●      0 for the node
  ●      1 for a subtree below the node
  ●      2 for a subtree below the node up to and including a level (absolute)
  You must define a level for this type. A typical example of an absolute level is data protection with regard to the degree of detail of the data (works council ruling: no reports at employee level only at more summarized levels).
  ●      3 for the entire hierarchy
  ●      4 for a subtree below the node up to and including a level (relative)
  You must specify a level that is defined relative to the node for this type. It makes sense to specify a relative distance if an employee may only expand the hierarchy to a certain depth below his or her initial node, but this node moves to another level when the hierarchy is restructured.
  Hierarchy Levels
  For types 2 and 4 you can specify, in Hierarchy Level, the level to which the user can expand the hierarchy.
  ●      With authorization type 2 (up to and including a level, absolute), the level refers to the absolute number of the level in the hierarchy where the top-most node of the hierarchy is level 1.
  ●      With authorization type 4 (up to and including a level, relative) the level number refers to the number of levels starting from the selected node itself which is level 1.
  Validity Area
  In the Validity Area you specify in exactly which ways a hierarchy authorization has to match a selected display hierarchy for it to be included in the authorization check.
  ●      Type 0 (very strict check): Name and version of the hierarchy upon which the hierarchy authorization is based have to agree with the selected display hierarchy. Your key date (the upper validity limit) has to be greater than or equal to the key date (the upper validity limit) of the selected display hierarchy.
  ●      Type 1: The name and version of the hierarchy upon which the hierarchy authorization is based have to agree with the selected display hierarchy.
  ●      Type 2: The name of the hierarchy on which the hierarchy authorization is based has to agree with the display hierarchy.
  ●      Type 3 (least strict check): None of the three properties have to match.
  Note that in some circumstances, setting a check level that is too low may lead to more nodes being selected using hierarchy node variables that are filled from authorizations, than actually exist in the display hierarchy for the query. This can cause an error message.
  Note that hierarchy authorizations can calculate single values that are the end nodes (leaves) of non-displayed hierarchy, but that in this case, the strictest check type, which is 0, is valid.
  As a general rule, make the check as strict as possible. The default is type 0.
  GTR

• Authorization in BI7

  Hello,
  how can I restrict the users to execute querries in just one single Infoarea in BI 7.0 (on all infocubes independet of any infoobject) by using the new Analysis Authorizations in transaction: RSECADMIN
  or do I still need to maintain Standard Authorizations rs_comp ->rsinfoarea
  thanx.

  Hi,
  Pls chk this links;
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
  Hope this helps,
  regards
  CSM Reddy

• Authorization in bi7.0

  Hi,
  How to create authorization,so that each user is restricted to see only particular reports..
  For example if there is three users, User1,User2 and User3..User1 is able to see three reports..like this for user2 and user3.
  Also if two users having authorization to see same report, in report dropdown box should display values based on user..Dropdown box should not dispaly all values to two users..How to create authorization for above scenario.
  Can anybody give step by step procedure..
  I also studied in help link but cant understand,so if possible send documents with screen shots to [email protected]
  Regards
  Prakash

  You should try by first creating an authorization object in RSECADMIN .
  In this authorization object try to assingn your restriction for values of characteristics and hierarchy nodes etc.
  Then assign it to a reporting user..directly or through a role
  Now..In the query create a variable with processing type as authorization .
  I think this much won't take much of your time..If you find difficulty in any step ..put it as ur query..
  <b>This very very useful documentvery</b> this is very detailed and illustrative...
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  Go through these links
  http://help.sap.com/saphelp_nw04s/helpdata/en/26/fd8b41b5b3b45fe10000000a1550b0/content.htm
  http://help.sap.com/saphelp_bw33/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm
  Authorization Error
  Message was edited by:
          rocks
  Message was edited by:
          rocks

• Authorization Check in BI7 using ABAP

  Dear Experts,
  i've got a question regarding how to check authorizations in BI7 using ABAP.
  How do i check authorizations?
  In Detail: I want to check, whether a user has the appropriate authorization to access an company code. For that i created an authorization in resecadmin restricted to one single company code. My user has this single authirization assigned.
  In my coding i tried using 'RSEC_GET_AUTH_FOR_USER_MDATA' but it returns an empty table.
  Any ideas how to check the authorizations?
  Thanks & best regards,
  Daniel

  Hi,
  I am using RSEC_GET_AUTH_FOR_USER and it works fine as long as I test with rsudo testuser. 
  E_T_RANGESID gives back the authorized characteristic values.
  But I have a problem with users with *-authorization. ET_RAGESID is empty and an exception is thrown "not authorized".
  So, the coding doesn't work properly if I test with my own user, but yes, works in case that user has explicitly limited values. (btw, fetch the user via FM RSEC_GET_USERNAME beforehand).
  I think I'll overcome this problem (maybe in connection with param I_NO_WARNINGS).
  I'll keep you informed, though it's pretty late for Daniel or even you I guess...
  (But maybe somebody else is interested...)

• Authorizations for Variables

  Hi,
  how can I control which variable is displayed for a characteristic in the BEx Query designer. I tried to use S_RS_COMP for this purpose and exspected that variables that are not in the name range of the authorization would not be diplayed in the BEx InfoCube Area.
  I traced the access in ST01 and it looks like there is not authorization checked for the display of variables in BEx. Is there a different solution anybody knows?
  We are using 3.0B with SP 22.
  Regards,
  Michael

  Hi Nuno,
  you might want to use the Analysis tool to assist you in finding the issue. Please search the forum or refer to thread [Hierarhy Authorizations in BI7|Hierarhy Authorizations in BI7]
    Cheers
       SAP NetWeaver BI Organisation

• BI 7 authorization - Colon Sign

  Hi ,
  We are working on redesigning our BW3.5 authorization into BI7 authorization concept.
  Previously , in BW3.5 via PFCG & RSSM we had controlled 0COSTCENTER by Hierarchy Level definition.
  In PFCG , cost center had been assigned as ' ' blank sign.
  But in BW7.3 , in RSECADMIN the authorization works only if i change the ' ' blank sign to : colon sign.
  I have read up note 1140831 abt colon authorization.
  Would like to know from the experienced ones if i could just replace ' ' with : sign instead.
  I dont see any implication but just would like to know from anyone familiar with this incase i have missed out an important implication.
  1. BW3.5
  ZFW_GLOBAL Single Role Global
               Manually   SAP Business Information Warehouse - Reporting               RSR
                      Manually   Cost Center v. Hierarchy                                     ZFWCOST
                       Manually   Cost Center v. Hierarchy                                     ZWFCOST_S00
                         Cost Center                    ''                                                                          COSTCENTER
                         Unique ID for Authorization De ZFW_0COST_NGLOBAL                                                        TCTAUTHH
  Regards
  Maili

  hi,
    well as far as i know authorization relevant for say queries on one multiprovider will be impacted and in case you do not want to add costcenter in all the queries, then you might have to create a role with : (colon) access and assign it to the users and in case of different multiproviders : (colon) can be used for data access role.
  so you can say that : is used where minimal access is required and "" for full access(which is not used generally)
  SAP note 1337102 might be helpful in this
  Also refer the below thread it explain it litlle better with example and sceanrio
  regards
  laksh

• S_TABU_LIN from multiple roles to single user

  Hi everybody
  There is such situation:
  We are restricting the values of infoobject using S_TABU_LIN
  Everything is working fine if the user has authorization assigned only
  by one role.
  If the user has more then one role assigned then user has only values
  authorized that are included in the first role. All authorizations from
  other roles are not available
  For example:
  We have authorizations in 3 roles
  Role1
  Activity 03 ACTVT
  Organization criterion for key /BIC/ZMINISTRY ORG_CRIT
  Org. crit. attribute 1 * ORG_FIELD1
  Org. crit. attribute 2 04 ORG_FIELD2
  Org. crit. attribute 3 * ORG_FIELD3
  Org. crit. attribute 4 * ORG_FIELD4
  Org. crit. attribute 5 * ORG_FIELD5
  Org. crit. attribute 6 * ORG_FIELD6
  Org. crit. attribute 7 * ORG_FIELD7
  Org. crit. attribute 8 * ORG_FIELD8
  Role2
  Activity 03 ACTVT
  Organization criterion for key /BIC/ZMINISTRY ORG_CRIT
  Org. crit. attribute 1 * ORG_FIELD1
  Org. crit. attribute 2 06 ORG_FIELD2
  Org. crit. attribute 3 * ORG_FIELD3
  Org. crit. attribute 4 * ORG_FIELD4
  Org. crit. attribute 5 * ORG_FIELD5
  Org. crit. attribute 6 * ORG_FIELD6
  Org. crit. attribute 7 * ORG_FIELD7
  Org. crit. attribute 8 * ORG_FIELD8
  Role3
  Activity 03 ACTVT
  Organization criterion for key /BIC/ZMINISTRY ORG_CRIT
  Org. crit. attribute 1 * ORG_FIELD1
  Org. crit. attribute 2 08 ORG_FIELD2
  Org. crit. attribute 3 * ORG_FIELD3
  Org. crit. attribute 4 * ORG_FIELD4
  Org. crit. attribute 5 * ORG_FIELD5
  Org. crit. attribute 6 * ORG_FIELD6
  Org. crit. attribute 7 * ORG_FIELD7
  Org. crit. attribute 8 * ORG_FIELD8
  All of the roles are assigned to single user
  The problem is that user can get only that values from /BIC/ZMINISTRY
  that are authorized in role1
  Values authorized in role2 and role3 are not available.
  What could be a problem???

  Are you using BI7 as authorization?
  please check the link below regarding combining authorizations for BI7
  http://help.sap.com/saphelp_nw04s/helpdata/en/46/98cd87f37d19ace10000000a11466f/content.htm

• Migration steps needed from Security side for BW3.5 to BI 7.0

  Hi All,
  In our company they have installed BI 7.0 and now we need to do migration from BW 3.5.
  So from the Security side what all the steps we have to perform for migrating the users and authorizations to BI7.0.
  Please help me out with some solutions <removed_by_moderator>
  Thanks in advance
  Padmaja.
  Edited by: Julius Bussche on Jul 25, 2008 8:05 AM

  Some one please tell me where we need to run the program " RSEC_MIGRATION" whether in BW system or in the BI system.
  Also before that do we need make a client copy of the BW production system.
  After the users and the respective authorizations are migrated does they get migrated into  new authorizations or we need modify any.
  Some one Please give me some inputs.
  Thanks
  Padmaja.

• Hierarchy authorization pbm in BI7.0 with Front end of BW3.5

  Hello All,
  We have a problem regarding authorizations for the hierarchies in BW7.0
  We have migrated from BW3.1 to BW7.0. Authorization are OK in our BW3.1 server, the authorization on hierrachy work well.
  Current Issue (in BI7.0) :
  An authorization object for XCOMPROD for a hierarchy 'ZMAT_HIER'.
  There are 2 queries which have variables of XCOMPROD & ZCOMPROD in selection criteria, ZCOMPROD has variable of type 'Hierarchy node'
  I've a test_user which has authorization on Product Group 5 (one of the nodes in the hierarchy-ZMAT_HIER).
  When i run the queries independently with this test_user, the user has access to Group 5 only, which is correct. 
  When i run a web template report with any one query (from the 2 queries), the user has access to Group 5 (as in first case) - correct.
  However when i run a web template report having above 2 queries together, the authorization fails, as user gets access to root node (instead of only Group 5).
  FYI, we're using BW3.5 front end (no PORTALS)  with the OLD authorization concept (of BW3.1).  Not 'Analysis Authorization' as in BI7.0.
  Looking forward to an explanation/solution to the above.
  Regards,
  Nagendra.

  Hi,
  Check out the customization of SPRO to select the authorization concept. I suspect that it's set on the new authorization concept.
  Tomer.

• No authorization error in BI7

  Hi
    Recently we had migrated to the new authorization concept in BI7 after that, when the business users open an query or workbook they get the selection screen and when they press F4 on company code info object  (Authorization relevant object) to select values they get an message" you don’t have sufficient authorization" and the out put does not get displayed. but as an BW developer i am able to open the same report without any error
  I checked in for authorizations in Su01 and su53 every thing looks fine for the business user.
  Note: This error occurs only to queries having infoobject company code
  Can someone help me out in this issue?
  Thanks a lot
  Sheetal

  Hi sheetal,
  I am facing the same problem what you have faced regarding authorization error in BI queries.
  when users try to open the workbook, select their options in selection screen and run it, they get warning 'you do not have sufficient authorizations'. when i try to run the same, i am able to open it. this is happening in prod.
  how are you able to solve this problem.

• Authorizations for Work books in BI7

  Hi BW Experts,
  I have created a work book by using BI7,and the requirement is to give authorizations to diffrent users to access that work book.I have tried a lot by using diffrent methods.
  Could any body can suggest me how to proceed.
  Thanks & Regards
  Debasish

  Hi,
  Assigning workbook to the user role:
  Goto User Role > select Menu tab(Change mode)>Seelct +Report icon -->Select Radio button BW Report --> Enter your workbook technical name here(Ex:4E9QCMIXFMRS71K9Z0TP7F4T7). Finally check it in user role.
  Or else check this thread
  Save Workbook in end User Favorites
  Regards
  Pcrao.

• Authorizations Issue in BI7

  Dear Gurus,
  I am having an issue with regard to Authorizations.  In BW3.x  with respect to query designer an end user can just change the local view of a query.  How about the same thing in BI7?  What are the procedures i need to follow to give an user authorizations to only the edit query local view.  Is there any BC role or Profile that i can just add to get the desired result.  Kindly give the inputs in a detailed manner as I am new to BASIS part.
  Your Kind Inputs will be definitely rewarded with a great honour.
  Regards
  Mohan Kumar
  Message was edited by:
          mohan kumar

  Did you tried defining authorization objects using transaction code RSECADMIN, as this is working of me for Profit Centers.
  Thanks.
  Sachin