Authorizations Bw migration

Similar Messages

• Repeated requests for authorization after migration to 10.6

  Recently migrated from my old eMac to a new Mini running OS10.6.
  Itunes repeatedly asks for authorization on certain songs - those bought with an old AOL ID back in the day. I enter the ID and PW, then itunes tells me this ID has been changed to an Apple ID. I enter the Apple ID and PW and itunes tells me the computer is authorized. But the old songs still wont play - just repeats the problem over and over again.
  I've deauthorized all the IDs' and reauthorized - no luck.
  I've deleted the SC folder and reauthorized - no luck.
  Thanks for any ideas!

  I did contact support and got the same advice. However - I found the answer!
  When I would attempt to authorize by using my old AOL ID i would get an answer telling me that Apple had created an Apple ID for this old account and asking me to log in using this converted Apple ID account. I would do so, but would leave off the "@aol" ending in the Apple ID field (thinking that it wasn't neccessary since I wasn't logging into AOL). Turns out this is the key - the ID needs to have the complete ending.
  Once I authorized using an Apple ID of "[email protected]" with the correct password everything worked.
  Whew! Three days of screwing around on that one.
  Thanks for everyones suggestions!

• Planning changes to Authorizations for migration to V7

  Hello Experts,
  I researched the new authorization concept but I have 2 basic questions:
  1) Do Bex reports need to have authorization variables defined on Authorization Relevant Infoobjects to force a selection within the set of authorized rows. From the PPTs I downloaded from SDN, it seems that this is no longer necessary and that the security engine will prevent the display of non authorized rows?
  2) We intend to ugrade to v7 but continue to deploy V3.5 Infocubes under V7. Assuming we do not change the default and work with the new authorization concept, will the old, non upgraded  infocubes be subject to the old concept authorization objects or will the new authorization concept apply to these cubes?

  David,
     The answer to your first question is : If you need to restrict the value for the relevant Infoobject then you need to create a Authorization variable in the BEX Queries . If you have defined your Info object as Authorization relevant and if that object is a part of the query ( Not used to restirct by any values), then in your analysis authorization object you have to have that Infoobject with "*" otherwise it will give authorization error. 
  When you upgrade to 3.5 to BI 7 and still used the old transfer rules, update rules and old authorization functionality will still work. But it is recommended that you migrate it BI 7.
  Hope it helps,
  Cheers,
  Balaji

• Computer constantly asks for authorization after migration to new mac when trying to sync ipod?

  I've recently migrated to a new MacbookPro running Lion, from a Macbook running Leopard. My iTunes account and computer, though authorized, will not sync to my ipod, saying it will delete 15 or more files purchased through itunes as the computer is not authorized.
  I de-authorized both computers and authorized the one I am currently using - to no avail, it still throws up the error. The account keeps reverting back to an old .mac address that I never used and have changed this to my new ID within the Mobileme website. Again this has not helped!
  Am I going to have to find the original music files and copy them in to my itunes again rather than trying to do it through this authorizing thing? Is there any thing I can do to get this error to go?
  I have recently got some new music that I put on itunes, but due to the error am unable to sync my ipod to get the tracks on there now!
  Help! Getting very frustrated!

  Okay...fixed it. It was to do with my old @mac.com ID, which after searching on here have found you also cannot merge the identities.
  Bit of a pain,  but got it working now...

• Authorization Migration BW 3.5 BI 7.0

  HI all,
  I notice, there are a lot of documents about the authorization's migration;
  In spite of this fact some aspect  for me  is not still  too clear.
  I have BW 7.01 with a very simple authorization scenario.
  In fact all the roles are used just to allow the users to access to informations of a specified Cube (Ex. ZUSER1 can access just  all the cubes which the technical name start by ZPC*).
  I tried to migrate this scenario with the program  RSEC_MIGRATION .
  Now, the authorizations that before the migration were in the authorization object S_RS_CUBE seem to be in the object 0TCAIPROV (I understood well?), but when I try to open that interval with RSECADMIN  transaction, the system warning me that "0TCAIPROV is not a relevant auth object."
  I have to change the configuration of the infoobject in business Explorer and  to flag auth Relevant?.
  If anyone have an "how to" that can help me I'll be grateful to him if he'll send it to me.
  Best regards.
  Rino

  Check the link below.
  http://wiki.scn.sap.com/wiki/display/BI/Authorization+in+SAP+NW+BI
  Check the differences and it gives the whole insight.
  Cheers!
  Suyash

• BW upgrade an migration tool

  HI ,
  We have upgraded from bw3.5 to bi7.3.
  There are abt 500 customized roles in our system. authorization concept migration tool had been used.
  However, we notice that there are some inconsistencies whereby some gets migrated while some needs manual action.
  I would like to ask for opinion. If we have heavily customized roles, is it better to do revamp the entire authorization concept design from BW3.5 to BI7.3 or is it wise to use the standard authorization concept migration tool(BW3.5---> BI7.3)?
  Your experience and thoughts on this is very much appreciated.
  Thank you.
  Regards
  Maili

  Hi,
  Migration tool generally works fine when there are standard authorization. But in our case we had many customized authorization we had to revamp all of them after upgrade as most of the customized authorization were not migrated correctly.
  Hence I would suggest that when there are many customized aurthorizations like in your case you should revamp all of them after upgrade rather than using migration tool for them.
  Navesh

• Migration S_RS_ICUBE

  Hi developers,
  I have migrated the object S_RS_ICUBE and the system have created corrispondent authorizations contained in the roles.
  For example I have an Authorization S_RS_ICUBE on the cube ZFI1and a authorization on the cube CO ZCO1. After migration the users are Ok, if I create an user for copy by another is OK, while if I create a new user inserting the same roles where I have insert the authorization BI migrate and equal to others users,  I do not succeed to execute the query for an error of authorizations on InfoCube:ZCO_1       
  Type of a component: REP             
  Component: ZCCO_MIGR       
  Activity: 16   
  Have you an idea of the problem for resolve the problem!!!
  Thanks in advance
  Domenico

  You should look in to the profiles. It is possible that the migration created a profile and added this to the user. When you copy an user the profile is copied as well, but when you create the user and add the roles you will miss the profile that could be added during the migration. Kind regards Jan

• Migration steps needed from Security side for BW3.5 to BI 7.0

  Hi All,
  In our company they have installed BI 7.0 and now we need to do migration from BW 3.5.
  So from the Security side what all the steps we have to perform for migrating the users and authorizations to BI7.0.
  Please help me out with some solutions <removed_by_moderator>
  Thanks in advance
  Padmaja.
  Edited by: Julius Bussche on Jul 25, 2008 8:05 AM

  Some one please tell me where we need to run the program " RSEC_MIGRATION" whether in BW system or in the BI system.
  Also before that do we need make a client copy of the BW production system.
  After the users and the respective authorizations are migrated does they get migrated into  new authorizations or we need modify any.
  Some one Please give me some inputs.
  Thanks
  Padmaja.

• Query on the Assiging the analysis obj to user

  Hi,
  Once After creating the analysis auth obj ,we have to assign  that obj to user . At the time of assiging i have few doubts...
  1) We can assign auth obj in the following way
    user tab--> Assignement > give the user name>click on change--> give the auth obj name and click insert.upto this every thing is fine...Now my question is
  There one more tab is avaliable  that one is :" Role -Based"
  In that tab all analysis auth obj and" 0bi_all " are avaliable.
  Iam created one analysis auth obj on profir center. iam maintained only two pfrofit centers in the auth obj .and iam assigned to the user.
  But in role-based-->0BI_ALL  iam find out the profit center object (.this  one is included in my auth obj).it have the all profit center authorizations(*).
  What it mean  ?  system give the total profit center authorization to user..!
  What i do now?.I have to remove the 0BI_ALL role for this user ?  or  ihave to main tain the same profit center again in the 0bi_all ..?
  2)user tab--> Assignement > give the user name>click on change--> give the auth obj name and click on "Node" option.
  Sytem gives the message like "No hierarchy present".But hierarchys are avaliable for my char profit center.
  I am not able understand this lines"You can group authorizations into a hierarchy. Use InfoObject 0TCTAUTH for this hierarchy (youu2019ll have to activate the content objects for this InfoObject)."
  Where i have to group hte authorization..?
  How can i maintain the 0TCTAUTH  object..?
  B.K

  Hello B.K ,
  What it mean ? system give the total profit center authorization to user..!
  What i do now?.I have to remove the 0BI_ALL role for this user ? or ihave to main tain the same profit center again in the 0bi_all ..?
  0BI_ALL should only be assigned to users that have SAP_ALL. 0BI_ALL is the new authorization object (migrated) that corresponds to SAP_ALL. So if you want to restrict your user to only certain values, in your case, profit center, you should remove the 0BI_ALL role assignment.
  2)user tab--> Assignement > give the user name>click on change--> give the auth obj name and click on "Node" option.
  Sytem gives the message like "No hierarchy present".But hierarchys are avaliable for my char profit center.
  This is not where you give hierarchy authorizations!
  Go to the maintaining of your authorization created for the profit center with the two values in RSECADMIN and you'll see inside your characteristic called 0PROFIT_CTR. There in Interval you'll see this symbol: []. Click there. Inside you'll see the values that you assigned for your profit center characteristic. In the second tab Hierarchy authorization is where you assign authorizations to hierarchy of your characteristic, in your case profit center. Just choose create and you'll be asked to choose the hierarchy you want and the nodes you want to give authorization. Now, wherever this authorization is assigned to users, not only values of profit center are restricted but also hierarchies that you defined there
  Where i have to group hte authorization..?
  How can i maintain the 0TCTAUTH object..?
  You already have 0TCTAUTH object. If you go to transaction rsd1 and change that characteristic you'll see that it already exist. You don't need it to give authorization to hierarchies and neither you don't need that button
  Test it like the information I provided here and you'll see that it works.
  Please assign points,
  Diogo.

• Can you download the Aperture 2 upgrade?

  I haven't been able find where you can download the upgrade although I have found the trial version as well as the version for new buyers.
  Thanks, John

  Yes, I downloaded the trial while I'm waiting for my boxed version to arrive to authorize and migrate my full library of photos. The trial version IS the upgrade for those of us already using Aperture.
  http://www.apple.com/aperture/trial/
  Be sure to read the panel on the lower right for existing Aperture owners. I also took a look at this thread on the forum for further confidence in the upgrading process:
  http://discussions.apple.com/thread.jspa?messageID=6591706&#6591706
  Message was edited by: MacLoyal for clarification

• Analysis Authorization Migration Question

  Analysis Authorization Migration Question
  This is detail Question
  1)     I am testing Analysis Authorization Migration in NW2004s SP9 and have applied all OSS notes that are relevant to SP09 and are coming in SP10.
  2)     We have 2 Info object flagged as Authorization relevant 0COMP_CODE and 0COSTCENTER
  3)     We have Object level security set-up in BW 3.x system and for a role we have specified values like 0COMP_CODE has value 1000, 1800. “:”. In the same role we have specified 0COSTCENTER value 130001 to 180001, “:”  and hierarchy node.
  4)     When we migrate to Analysis Authorizations, using RSEC_MIGRATION, this program creates 2 Authorizations ZCOCODE00 & ZCOSTCTRH00. Both of them have 0COMP_CODE and 0COST_CENTER Objects.
  5)     ZCOCODE00 authorization gets value 0COMP_CODE values 1000, 1800. “:” and 0COSTCENTER Value “:”.
  6)     On the same line ZCOSTCTRH00 gets value 130001 to 180001, “:”  and 0COMP_CODE “:”.
  1st Question:
  1)     Why does it create 2 Authorizations?
  2)     During Checking it does not pass the authorizations, because it seems to me that it fails in Optimization process.
  3)     I manually merge the authorizations in “ONE” object then authorization check passes.  In other word if I combine ZCOSTCTRH00 & ZCOCODE00 then Query authorization check passes.
  Any one is struggling on this.
  Please note, I am doing Migration so that it updates existing Profiles (Roles now from SP9).
  Any comments will be very help full.
  Pankaj Gupta

  Hello Pankaj
  There are some basic misunderstandings on your side.
  Let me try to clarify:
  First we should distinguish between migration of authorizations and of what a query does with them.
  You had 2 auth objects before migration (in 3.x).
  Of course, they must be migrated to 2 new analysis auths.
  There is no general possibility to combine authorizations to a single one as the may appear in different roles and users. Moreover this would kill performance and finally, nobody would recognize the origin.
  Only in very restricted cases one could think of a combination of auths which come out of migration. But, then people loose overview about what goes on.
  Before the corrections in note "Migration IV" the : had not been inserted but now it is for good reasons.
  Now, accept for the moment that you receive 2 auths.
  Then, you cannnot (must not) combine the 2 resulting authorizations!
  <b>Authorization 1</b>
  COMP_CODE : 1000, 1300, “:”
  Cost Center : “:”
  <b>Authorizations 2</b>
  Comp_Code “:”
  Cost Center : 3100001-31999999; “:” plus a Hierarchy Node.
  This means that e.g. combination
  COMP_CODE 1000
  COST_CENTER 3100001-31999999
  <u>is not allowed!!!</u> Therefore, they must not be combined!
  Also, the query and its optimization is comepletely independent of the migration. And here, during query run time the auths cannot be combined. It is no failure!
  Moreover, the merging optimization is just a performance optimizaiton and has nothing to do with whether the query result is authorized or not.
  If you combine them manually you have authorized different combinations.
  Well, now you may wonder why you get 2 auths at all which leads to a "no auth" result in the query execution.
  The reason is, that in 3.x where you got a result with your 2 auth objects the modeling was wrong.
  If you want to authorize any combination of characteristic values, you should combine these characteritics together in one auth object, not in 2!
  (In BI7.0 it works like that but not in 3.x)
  But you defined 2 which may be valid even in several other InfoProviders independently and not even at the same time. Moreover, the auth objects may come from different roles and may be assigend to different users which then have completely different auth content. In general it is not possible to combine different auth objects or to find out those special situations which nevertheless allow for such optimizations. If you re-do a migration with more objects and users you could even receive different results which is also not satisfying.
  Therefore, instead, the mechanism was introduced to insert a : auth to those characteristics that are auth relevant (and checked now with 7.0) but not in the currently processed auth object.
  In you special case it may have made sense to combine them but not in general. And a migration can only try to work as general as possible.
  For your application you may combine the 2 auths manually if you want to allow also the crossover combinations
  COMP_CODE 1000
  COST_CENTER 3100001-31999999
  Best regards
  Peter John
  BI Development

• Migration from BW 3.x to BI v7.0 Analysis Authorizations

  Hi All!
  We are converting our security from BW 3.x Reporting Authorizations to BI v7.0 Analysis Authorizations. My questions are as follows:
  We you make the IMG change in BI v7.0 in IMG transaction RSCUSTV23, does your old BW Reporting security disappear from roles or is it still there?
  Are there any other IMG settings, etc that need to be done in order for the new BI v7.0 Analysis Authotizations to work?
  If I ran a test query on a role that only had the old reporting authorizations after I switch the IMG transaction RSCUSTV23 to the new Analysis Authorizations, will it still run or should it just error out?
  thanks in advance for your help!

  Hi,
  Here are the answeres for your questions
  1) We you make the IMG change in BI v7.0 in IMG transaction RSCUSTV23, does your old BW Reporting security disappear from roles or is it still there?
  The old Reporting security disappears but the objects are still exists. If need you can switch back to the old concept
  2) Are there any other IMG settings, etc that need to be done in order for the new BI v7.0 Analysis Authotizations to work?
  RSCUSTV23 is the only setting need to be set to choose the authorization method
  3) If I ran a test query on a role that only had the old reporting authorizations after I switch the IMG transaction RSCUSTV23 to the new Analysis Authorizations, will it still run or should it just error out?
  Unless you create the Analysys authorizations (or do migrate) the authorizations are not affective.

• Authorization issues after migrating user

  Hi Folks,
  I recently had a call with Apple about some permission problems when tryng to sync files between my iMac and MacBook.  They suggested I use the Migration Assitant to solve the matter, which I did, and I migrated my iMac admin to my MacBook.
  Most everything worked fine, however today when I synced my iPhone I had to authorize the MacBook again to catch a few apps, and now I have three of five computers authorized, yet I only have two macs as illustrated above.
  How do I get my "wasted" authorization back?
  Thanks for assistance.
  Inoshi

  I think you are not understanding - Deauthorize All. You are allowed to do ALL once a year - you can authorize/deauthorize single computers as many times as you want.
  By doing this you remove the authorizations of all computers to your account. You then reauthorize the computers that you want to have on the account. The next time you migrate to a new computer - simply deauthorize the old computer and authorize the new one.
  More info from Apple here - http://support.apple.com/kb/ht1420
  This is a viable solution.
  MJ

• Report Authorization issues after Authorization Migration in BI 7.0

  Hi SAPians,
  we are facing report access for the customers after migration of authorizations (3.x to 7.0). All these are Customer reports and need to restrict their customer codes only. In two ways, i have tried to resolved this.
  1. Roles - Maintained Customer Number in the authorized object CUSTOMER - Not working.
  2. Created new authorization object through RSECADMIN and maintained the Customer Number with proper activity, validity etc.. - Not Working
  (For Ex. Customer Number is "11500" and length of Char is 10)
  While executing the report, i am getting below error:
  Value "0000011500" for variable "Customer Authorization(Multiple Optional)" is invalid
  Message no. BRAIN643
  Diagnosis
  Characteristic value "0000011500" is not valid for variable Customer Authorization(Multiple Optional).
  Thanks and Regards,
  Venkat

  Hi,
  It depends of the way your authorizations has been setup. If you did it role based or profiles direct to the customer. You should also look into the fact that the migration tool can create direct a profile (not a role with a profile). My way of working in a role based application was that I looked for the roles with objects s_rs_mpro, s_rs_icub, s_rs_odso, s_rs_iset(these are the objects that needs to be replaced with RSECADMIN) and the own build objects with rssm. I added the authorization object s_rs_auth to the role and the new objects made with RSECADMIN. If you transport then the roles and objects made in RSECADMIN it works good. Bottom line beaware of profiles that are not created by the profile generator.
  Have fun
  Jan van Roest

• Authorizations migrations....

  Hi all,
    Now our project in the upgrade position.i have to taken care about the migration work for authorization..please respond any one for my questions...
  1) Total we have 28 authorization objects.In these 5 authorization obj are based on the hierarchy obj's.how can i migrate the these obj's.
  2) At the time of migration i have to instal any sap defiend roles or obj's.?
  3)IN the migration   i want to elemenate the some roles and users.how can i elemenate.For example...we have two users with haveing two aauth obj's a1 & a2.user one haveing both obj's and the second user haveing only a2 auth obj. i dont want to incude the second user in migration(i want to delete) ,how can i do this one...?
  4) If any one have a step by step approach to do the migration manually... please forward it to me.
  <removed-by_moderator>
  Thanks
  Bharath

  Cross-posting is not allowed, as in [this thread|Authorizations; where you wrote:
  > after your response i will assign the points and close the thread.
  Thread locked => and read the rules of engagement of this site.