Authorizations in BEX

Similar Messages

• Creating variable with the user Authorization in BEx

  Hi gurus,
  i want to create a variable with user authorization in BEx. Can any one please tell me the steps to create the variable for authorization.
  Thanks in advance
  sandy

  Hi,
  Please take a look and refer the section Use of Variable filled Authorizations(User Exit)
  Advanced Features of SAP BW Reporting Authorizations
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
  Hope this helps.
  Cheers,
  Gimmo

• Authorization fu00FCr BEx Variants

  Hello,
  does anyone have an idea if the Variants für BEx Querys can be authorized?
  A user creats a BEx Variant ans every user who is autorized for this Query / WB can see this variant and use it.
  Can this be authorized that everybody can only see his own variants?
  We have BI 7.0, but we still use BEx 3.5 for Reporting.
  Thanks a lot.
  Regards,
  Joe

  Hello Joe,
  There is Authorization variable where you can restrict the user based on the characteristics value and characteristics level, but its not possible to hide the variable according to users.
  For example, if you want to hide the sales region from Emp A, then you can set the user profile to see only the sales region he is authorized to, provided the Sales Region is Authorization enabled.
  You can set the Authorization using Tcode RSSM (BI3.5)
  You can also Personalize the variable values according to the users.
  Thanks
  Chandran

• Authorization in BEx Query Designer: "read only" for definitions of variables

  Hello,
  I`m developing a concept of authorizations for key user who should be able to maintain certain
  objects in the query designer. For other objects they should have access “read only”.
  The users have authorizations  to  design new queries.  They should be able to use existing variables
  (SAP Business Content ( 0*) and customer variables (z*). On this point, I have a problem: in the selection window of the query designer there are only buttons to create, to delete and to edit a variable.
  The user must have authorizations for changing, although he just wants to look for the definition
  of a variable (if he wants to see their basic or global settings before using the variable).
  I can´t find a possibility to switch from “edit” to “read only”.
  The users should only see and apply variables from others (SAP, collegues), but he mustn´t be able to
  change them.
  The user needs the following authorization objects:  S_RS_COMP , activity =02 (change), also
  authorization object S_RS_COMP1. If I give the users only activity 03 (display),
  the user get the message: “display not allowed”.
  Is there any possibility to give a key user the authorization to display all variables with
  their definitions?
  Best regards
  Ricarda Seyb

  Hi raghukan,
  This is may be due to the authorization but still you can check the consistency check for these queries using RSRV.
  Regards,
  Amit

• Authorization for BEX Query

  Hi all,
        I badly need your help.i need to give authorization for a particular query.As of now when i execute that query it gives me "No Authorization" message. what authorization object i need to include in that role? Am sure that there should be some business content authorization object for the current situation.
  Thanks in Advance

  Hi Nanda,
  you need:
  s_rs_comp    -- for querries
  s_rs_comp1   -- for querries including the username, this is usefull if you would like to allow a user to change and create only his/her querries
  s_rs_hier    -- if hierarchies used in the querrie
  s_rs_icube   -- if autorization is switched on for the Cube
  s_tcode for rrmx of course
  s_gui and s_rfc for workbooks
  you can check the authorization process for a user with su53 and rssm
  Regards
  Pierre

• Creation of variable in BEx from user authorization

  Hi gurus,
     i want to create a variable with user authorization in BEx. Can any one please tell me the steps to create the variable for authorization.
  Thanks in advance
  sandy

  Hi,
  You will get a better and quicker answer if you post this in the BI forums.
  Eddy
  PS.
  Put yourself on the SDN world map (http://sdn.idizaai.be/sdn_world/sdn_world.html) and earn 25 points.
  Spread the wor(l)d!

• Variable filled Authorizations

  Business Requirement:
      There are 50 sales organizations in a company. And BW team does not want me to create 51 roles ie 50 one for each one and one for all. They want me to create 1 role with variable and this variable should be filled in EXIT routine.
  Procedure:
  1.      Authorization relevant
  2.      Created custom authorization using RSSM
  3.      Applied custom authorization to CUBE using RSSM
  4.      Created a role for custom authorization using PFCG
  5.      Created a Global variable ‘processing type authorization’ using BEx
  6.      Dragged authorization variable in report.
  It works if I put a value in a role directly (Fixed value)
  But looking for a flexible and better solution
  Avenues tried:
     CMOD -> Project -> EXIT_SAPLRRS0_001 -> source code (Tab) -> INCLUDE ZXRSRU01 and coded.
  Need to use I_STEP = 0. Yes I can use if it visits in the customer exit, but it is not visiting to customer exit.
  I have changed processing type to customer exit and used I_STEP = 1 and 2, it visits the customer exit and applies the value then it fails with Authorization error.
  Question: Is any one has done it, if so how? If not any thoughts?
  If use processing type = customer exit then I do not need to create authorization object and role etc. Create a global variable on infoobject and fill that variable in customer exit.
  Is there any other way?
  Sam / Raman

  Hi,
  you did already
  - Authorization relevant
  - Created custom authorization using RSSM
  - Applied custom authorization to CUBE using RSSM
  Please try the following steps
  1. Create in BEx a variable, e.g. "E", processing by
     "Customer exit", not ready for input
  2. Created a role for custom authorization using PFCG,
     in the custom authorization use "$E" instead of a
     fixed value.
  3. Fill the variable in ZXRSRU01
      when 'E'.
        l_temp = ... "value corresponding to sy-uname
        l_s_range-low  = l_temp.
        l_s_range-sign = 'I'.
        l_s_range-opt  = 'EQ'.
        APPEND l_s_range TO e_t_range.
  Best regards
  LL

• Wrong message while running report in bex analyzer

  Hi Experts,
  I have created an authorization object based on compnay code. I use the option RSECADMIN => Analysis => Execute As, to test this authorization object. When I give incorrect company code value, it displays correct message that is 'No authorization'.
  But when I test in bex analyzer for same report, with same incorrect company code value instead of showing 'No authorization' message, it shows 'No applicable data found' message. Is there anything wrong here?
  How can I show the correct authorization message 'No authorization' in bex analyzer, when incorrect company code is supplied?
  Thanks,
  Purvang

  Hi Pratap,
  thanks for reply.
  I also thought that way initially but then was skeptical of different message received while testing in RSECADMIN. If SAP is going to show 'No applicable data found' message then how will a user have any idea that actually he is not authorized for the supplied value of company code.
  does anyone know if this is bug or is there any workaround to show right message i.e. no authorization.
  Thanks,
  Purvang
  Edited by: Purvang on Oct 19, 2011 3:18 AM

• SAP HR Dashboard/Reporting in BW / BO?

  I need you suggestion in our BW HR implementation, like Payroll, Time Mgt, Employee Relations, Learning & Dev etc..
  All our reports are currently in SAP BO XI3.1, since we dont have any reports in BW, i am trying to avaluate the PROS and CONS of HR Dashboard Reporting in BO. Is BO tool XCelcius Capable for HR Dashboarding or what is the best Dashbording option for HR,
  1) I would like to know how are HR BW Reports handled in BO tools(XCelcius/WebI) in view of HR Time Dependant data.
  2) How is BW HR Authorizations handled for Payroll and Training moduled etc.
  3) How will BO Dashboard Inherit the Authorization

  Hi,
  Here are the answer to your queries.
  1) I would like to know how are HR BW Reports handled in BO tools(XCelcius/WebI) in view of HR Time Dependant data.Ans:- Time dependent data are handled in BO tools(XCelcius/WebI) in the same way as in BW reports. For, example if Pay Scale Group of an employee changes then same is reflected in the BW report, same in Webi and Xcelcius.
  2) How is BW HR Authorizations handled for Payroll and Training moduled etc.Ans:- User should have the authorization for BEx report then only he can access the Webi report based on these BEx reports.
  If, you want to see the reaport in Enterprise Portal(EP) then you need to create an iView and include ID of Webi reports in that portal, then add the users who can access these reports.
  3) How will BO Dashboard Inherit the AuthorizationAns:- All the Authorizations are inherited automatically.
  Regards,
  Prakash

• SAP HR Dashboard/Reports using BO or BW ?

  I need you suggestion in our BW HR implementation, like Payroll, Time Mgt, Employee Relations, Learning & Dev etc..
  All our reports are currently in SAP BO XI3.1, since we dont have any reports in BW, i am trying to avaluate the PROS and CONS of HR Dashboard Reporting in BO. Is BO tool XCelcius Capable for HR Dashboarding or what is the best Dashbording option for HR,
  1) I would like to know how are HR BW Reports handled in BO tools(XCelcius/WebI) in view of HR Time Dependant data.
  2) How is BW HR Authorizations handled for Payroll and Training moduled etc.
  3) How will BO Dashboard Inherit the Authorization

  Hi,
  Here are the answer to your queries.
  1) I would like to know how are HR BW Reports handled in BO tools(XCelcius/WebI) in view of HR Time Dependant data.Ans:- Time dependent data are handled in BO tools(XCelcius/WebI) in the same way as in BW reports. For, example if Pay Scale Group of an employee changes then same is reflected in the BW report, same in Webi and Xcelcius.
  2) How is BW HR Authorizations handled for Payroll and Training moduled etc.Ans:- User should have the authorization for BEx report then only he can access the Webi report based on these BEx reports.
  If, you want to see the reaport in Enterprise Portal(EP) then you need to create an iView and include ID of Webi reports in that portal, then add the users who can access these reports.
  3) How will BO Dashboard Inherit the AuthorizationAns:- All the Authorizations are inherited automatically.
  Regards,
  Prakash

• BW Username Variable in query available for  Row Level basedAuthorization ?

  Hi Authorization- and Bexs-Profs,
  I have an Row Level Authorization Model:
  The acces to the InfoCube data is based on Row Level and on access control definition
  data hold in an ODS ( Table/Data).
  The access control definition data hold in the  ODS descibes per BW User which
  selection citeria can be read.
  I want  to build up a MultiProvider with the access control definition ODS and the InfoCube and
  restrict in the Query the access control definition with the BW Username.
  How can I have access to the BW Username in a BEX Query ?
  Thank You a lot !
  Martin Sautter

  Thanks user10615659     ,
  - Yes the variable ROLES available in OBIEE 11.1.1.7.1
  - Tested the init block and variables in offline rpd its working as expected.
  - In online rpd, except ROLES and GROUP variable remaining variables working fine.
  - Verified log file in both online and offline init block testing - the init block execution is successful.
  Thanks

• How to prevent end user to create a Query View and save back to BW Server?

  Dear All :
  Do Someone know that how to setup authorization for Bex Query View Creation? We want to prevent end user to create a Query View to save back to BW Server his favorite folder. when our user run Bex Query, he can base on this query and use Bex Analyzer's save function to save a Query View and save into his favorite folder.
  My question is :
  1. Can we set up a Authorization to prevent end user to save Bex Query View?
  2. Or can I remove Save function from Bex Analyzer to prevent end user use save function, But Developer should not to be prevent .
  Thanks for all of your kindly response.
  Best Regard
  Lawrence Kuo

  Hi.
  Yes, you can do it like you outline in your point 1):
  You need to use the authorization object S_RS_COMP for this. This object let's you control what parts/components of a query the user can do stuff to. So, in your case, you need to have a role for the users, where you do not grant create-access to the component QVW, and then you need another role for developers, where you grant full access or whatever you need for your developers.
  See [this post|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a6c54319-0e01-0010-20a4-fb81ad32f330?QuickLink=events&overridelayout=true&5003637661135] and the [SAP Help entry|http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm].
  You will also need to use the authorization object S_RS_COMP1. If you already have a productive system with users doing reporting, both objects will be maintained in one of the roles already.
  You also want to consider using the object S_RS_PARAM to allow users to create variants for the variabel screen.
  Good luck.
  Jacob

• SAP BO WebI Report on top of BI Bex Query with Authorization Variable

  Hi,
       We are trying to restrict row level data using BI 7.0 analysis authorization concept. We have an authorization variable in the Bex query and is working perfect in Bex Analyzer as well as in RSRT.
  Now we are trying to achieve the same thing in BO webI. We created an Universe using Authentication Mode SSO. We are on BOXI 3.1 and implemented SSO. When we try to run the query in WebI we get the error
     "A database error occured. The database error text is: Error in MDDataSetBW.GetCellData..(WS 10901)"
  Just for testing purpose, when we use query filter in WebI and use Values from List, it is showing only the authorized value it supposed to show and runs well with that value selected. But we have to achieve this without the query filter in WebI.
  So are we missing some thing here or any patch issue? Please share if you have done this type of reports in BO.
  Thanks in advance for your help.
  Moorthy.

  Yes I did run MDXTEST and it gives error as 'you do not have sufficient authorization'. The reason it is giving, I guess and we are debugging that to confirm, is first it looks for 0BI_ALL and throws error which is not the case in Bex. See the following trace in RSRT trace.
  InfoObject Properties Defined
  Reading of Directly Assigned Authorizations
  Direct Assignment Does Not Include Universal Authorization 0BI_ALL
  Reading the Indirect Assignments with Authorization Object S_RS_AUTH
  Does user have OBI_ALL?
  No, the User Does Not Have Universal Authorizion 0BI_ALL
  Negative Entry in SU53 Result of Failed Check for 0BI_ALL
  Indirect assignments found; no universal authorization
  Reduction of Authorization Dimensions on Characteristics in InfoProvider
  Reduction Successful
  Thanks!
  Moorthy

• Error in BO Webi using Authorization analysis in Bex with hierarchy display

  Hi Experts ,
  When we run the WEBI report created on bex query which has 0comp_code restricted with characteristic variable  of processing type Authorization and Not ready for input.
  The hierarchy display is active in Bex (as we want to see L01, L02.... in webi)
  The authorization analysis is working perfectly when I test in Bex analyser (at any drill down level).
  But in BO webi, I get below error
  The database error text is: The supplied XML is not valid. [char name & Level].
  I dont get this error when I deactivate hierarchy display in Bex.
  Also I dont get this error for user ids having 0BI_ALL
  Please help me to resolve this.
  Thanks
  Savio

  Hi Atul,
  You can achieve this by dragging these two fields in the filter bar section of the webi. then apply variables on these fields.
  hope it helps
  Regards,
  Rathy

• Need your help !!! -- Authorization error for Real-Time Bex query

  Dear experts:
  I have a Bex query built on a multiprovider, this multiprovider is consist of one standard cube and one real-time cube(virtual provider). When I run this query, I can retrive the data and no error occured, but when others execute this query, they will get the error message below:
  Operation Generate a Request could not be carried out for DTP DTP_D7JVT8DGBQWPWL13VIUITNODG
  You do not have authorization for the data transfer process
  Errors occurred during parallel processing of query 2, RC: 3
  Error while reading data; navigation is possible
  Row: 54 Inc: WRITE_MESSAGES Prog: CL_RSDR_AT_QUERY
  I used tcode rsecadmin to track the authorization, when I execute as user XXX, I can get the same error above, but when I go to "Display Log", no error showed there.
  Did anybody meet the same error before? How to resolve that?
  Any post would be appreciated and thank you all in advance!
  Tim

  I think there is some missing authorization,here
  the user has no access to execute the DTP.
  You can analyse it in rsecadmin or also see
  which object you are getting in su53.
  Thanks,
  Saveen