BI analysis authorisations direct assign to user in RSECADMIN

Similar Messages

• Analysis authorisation tables

  Hi, is there any table I can use to determine the content of analysis authorisations assigned to users rather than look individually in each user via RSECADMIN?                                                                                Thanks,  Mark.

  Hi Mark,
  I hope you have posted the question in multiple areas. Please post all the BI related questions in BI forums. However, you can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
  RSECHIE - Status of hierarchy authorizations
  RSECTXT - Authorization text
  RSECVAL - Authorization Value Status
  RSECBIAU - Changes to Authorization (Last Changed By]
  RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
  Change log tables:
  RSECUSERAUTH_CL   - Assignment of users
  RSECHIE_CL - Change log of hierarchy authorizations
  RSECTXT_CL - Authorization texts
  RSECVAL_CL - Authorization Value Status
  Hope this helps!!
  Rgds,
  Raghu

• BI7 Analysis Authorisations - relationship between value & hierarchy auths

  Hi all
  Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?

  SDN is the place to discuss technical problems..
  Please avoid such weird post.
  G@urav.

• Deleting Automatic Generated Analysis Authorisation

  Dear All,
  We are generating Value and Hierarchy analysis authorisation automatically with the help of DSOs 0TCA_DS01 and 0TCA_DS02.( through RSECADMIN )
  Upon generation everytime, it first deletes all the previously generated analysis authorisation ( for the users that are available in these DSOs ) and creates new ones with the name starting as RSR_*.
  If the username for a particular user is not present in these DSOs, system will not delete / create anything for those users.System deletes / creates analysis authorisations only for those users that are available in these DSOs.
  Suppose a user a going out from the organisation, in that case we need to manually find out all the analysis authorisations ( RSR_* ) that were previously generated for that user and delete the analysis authorisations manually.
  This is time consuming process.
  Could you please advise any automatic / simpler way for deleting previously generated analysis authorisations for such users.
  Assume that these users are not available in the new data loaded in these DSOs.
  Thanking You,
  Tarun Brijwani.

  Hi Tarun,
  If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are completely deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.
  Please refer the following link for more information.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/55/46eb411a7f6324e10000000a1550b0/frameset.htm
  Thanks,
  Krishnan

• How find whether the User has inherited or excluded or directly assigned .

  Hi Every one,
  I am building a report where in which I require for a given position and catalog who are the users and these users are Directly assigned or  Excluded or Inherited.
  If Inherited from which position it has been inherited.
  Now that I got the list of user for a Catalog id , and I can get the attributes for each users through FM BBP_READ_ATTRIBUTES
  But this FM fetches the attributes Inherited excluded or directly feild too, but it is not correct.
  I want to know whether is there any way where we can find the given user has inherited this catalog and from this , so same as this user has direct assignement to this catalog or this user has been exclude for this catalog.
  Regards,
  Raj

  Hi,
  The table ET_ATTR of the function module  BBP_READ_ATTRIBUTES will provide information about the Inherited, Default or Excluded status.
  The following are the appropiate Indicators.
  INH_STATUS - Inherited
  DFT_FLAG - Default
  EXCLUDED - Excluded
  Regards
  Kathirvel

• BI7 Analysis Authorisations?

  With the introduction of analysis authorisations in BI7, am I correct in thinking the old roles such as S_RS_COMP are no longer used and we, instead, create a role which contains 0TCAACTVT, 0TCAIPROV and 0TCAVALID?

  Hi,
  If we want field level security then in 3.5 is called Reporting Authoizations in 7.0 is called Analysis Authorizations.....
  Prerequisite for AA is infoobject should be authorization relevent.
  one AA can contain multiple characteristics.We can add AA directly to the user...
  If we want assign to a role then use S_RS_AUTH then assign this role to the user.....
  WE HAVE TO INCLUDE ATLEAST ONE OF THESE (0TCAACTVT, 0TCAIPROV and 0TCAVALID) IN ANALYSISAUTHORIZATION
  HOPES THIS HELPS
  GTR

• Doubt in Analysis authorisations

  i have implemented analysis authorisations in BW 7.0 System
  After that when i login to the query using a user id where analsysis authorisation is implemented,
  I could not see the Report directly. I have to apply filter and then only i was able to view the report.
  My question is, when u implement analysis authorisations , you will be able to view the report direcly or you will be able to view the report only after applying filters

  > You need a authorization-variable in your filter for
  > the infoobject IO_DEPT.
  Be aware that there is no need to use authorization variables in SAP BI 7.0!!!
  This is one of the great GREAT advantadges of using analysis of authorizations.
  What you need is to define the adequate authorizations to access query/workbook and funcionality. Analysis authorizations does not relate with funcionality access, only with providers and data access.
  Q: "When ever u implement Analyis Auth, you will be able to see filtered data directly or you have to do that Filter changes and only view the data. "
  A: You only view the data, no need to filter. Once again, use the log from the analysis authorization to see the information the system provides.
  I defined the following technical objects in a
  separate "technical authorization":
  0TCAACTVT Activity in Analysis Authorizations
  0TCAIPROV Authorizations for InfoProvider
  0TCAKYFNM Key Figure in Analysis Authorizations
  0TCAVALID Validity of an Authorization
  Message was edited by:
          Miguel Costa

• Two analysis authorisation

  Dear Gurus,
  I have the turned two navigation attributes as auth. relevant,
  global cost center: this is based on hierarchy authorisation
  local cost center: this is based on value authorisation.
  There is one-to-one mapping between glocal cost center and local center. Users would request authorisation on either of them but they can ask for authorisation for more than one role with different combination.
  I have created three analysis authorisation for the below scenarios:
  1: Role_1 has Auth_1 with the below values
  global cost center: X (node)
  local cost center: * (as users have no knowledge about the mapping)
  This works fine.
  2: Role_2 has Auth_2 with the below values
  global cost center: * (as users don't know the mapping)
  local cost center: A
  This works fine as well.
  3: Role_3 has auth_1 and auth_2.
  This doesn't work. It throws authrisation error.
  Can you please suggest how can scenario 3 work.
  Thanks in advance
  Regards

  Hi Max,
  Unlike ECC Auth Objects, Analysis Auths always work on the concept of Intersection. Which means when you run query for a particular input selection and you have multiple analysis auth assigned, then queries will only be executed if input selection falls within the intersected region for the characteristics in two analysis auths.
  Therefore effectively when you assign auth_1 and auth_2 to an user, user gets the following access:
  global cost center: Node
  local cost center: A
  Can you confirm if the user is selecting the above values while executing queries and still getting authorization error?
  I didn't understand the requirement of Role_3 = Auth_1+Auth_2 though, but if you can explain the requirement, I can try to suggest some solution.
  Thanks,
  Deb

• Analysis Authorisation

  Dear all,
  i have the following question:
  I would like to restrict a user for the following settings:
  1. The user is allowed to access the following infoobjects:
  Version 100 on Infocube 1 and Posting level 00 -10
  2. The same user is allowed to access
  Version 101 on Infocube 2 and Posting level 00 - 30
  For both requirements i created 2 analysis authorisations:
  But after assigning both authorisations the following happens:
  The user has access on each infocube  to all versions and all Posting level.
  How i have to handle this problem???

  Hi Christina,
  The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
  0TCAIPROV
  0TCAACTVT
  0TCAVALID
  And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
  So for your issue you have to define these three characteristics first
  0TCAIPROV: Name of your infoprovider
  0TCAACTVT: Activity for which you want to authorize the user
                      such as 1 - Create
                                   2 - Change
                                   3 - Display
  - For all Activity
  So as per the need you can give the authorization to the user (1,2,3 or *)
  0TCAVALID: If you want to give a validity then specify here or
                     give * value
  So as per these guidelines you have to define both the analysis authorization.
  Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
  Hope I could help you in this regard.
  Kindly Asign points if useful...
  Regards,
  Abhi

• Analysis Authorisation Table

  Hi all,
  I've just started working on a new project and am familiarising myself with the build. Part of this is the BI analysis authorisations, of which there are over a hundred. Rather than attempt to view these inividually is there a table that can give me this info, rather like AGR_1251 but for analysis auths?
  Thanks,
  Nick.

  Hi,
  tables of analysis authorization for RSECADMIN are
  RSECHIE_CL Change log of hierarchy authorizations
  RSECUSERAUTH BI Analysis authorization  assignment to users
  RSECUSERAUTH_CL BI Analysis authorization assignment to users
  RSECTXT_CL Change log of authorization texts
  RSECVAL_CL Change log of Authorization Value Status
  RSECBIAU Changes to Authorization (Last Changed By]
  You can  find more table start with  RSEC*  just check with F4 in SE16.
  Hope this helps
  Edited by: connecpk on Feb 1, 2010 4:49 PM

• EYE 007 Aggregated Value for Analysis Authorisations

  Hi there,
  I'm attempting to unit test a new report in our development environment via RSECADMIN. Having created the role and assigned to the test user I get the error that aggregated values for particular characteristics are empty. However I've already added these to an analysis authorisation and used this for another report where it finds the characteristics.
  I'm stumped as to why this report doesn't find the same values. I've generated the role and run a user master compare, but this still fails. Any help is appreciated.
  Thanks.

  1. Please take the InfoProvider on which you have created your query and find which characteristics are Authorization Relavant for that MultiProvider/InfoProvider.
  2. Make sure all these characteristics are added to the analysis authorizations assigned to the user: Detailed feild values for the one your report is about and aggregated value for the other one and all the relevant 0TCA* content as well
  The report should work, however in your case it seems like you are assigning the characteristics using separate analysis authorizations, in that case make sure the concerned InfoProvider is mentioned in each analysis authorization under 0TCAIPROVfor the analysis authorizations to combine.

• How to render web items based on the authorisation profile of the user

  Hello,
  Is there any way to render web items based on the authorisation profile of the user. The only way i can think of is:
  - Write ABAP to look up into the security mapping tables.
  - Convert the ABAP report into RFC-Enabled FM. The selection variables will be part of the import/export parameters of FM and table can be used to display the result.
  - Create HTML template using WAD, write Java Script to call the FM and map the import/export parameter. Display the result in Table.
  But i don't know How to use the Java Script to call Function Module (FM) and get back the authorization through parameter.
  Is anyone know about it or is there any other method to do it? I can't find any solution and it is very critical for me.
  Any help is highly appreciated.
  Rajat

  Hi Rajat,
  Do you mean that you want certain users to be able to use only certain web items? I think you can use the libraries for that and assign them to roles:
  http://help.sap.com/saphelp_nw04/helpdata/en/4e/0f813b420ce60ee10000000a114084/content.htm
  Hope this helps...

• BW authorizations based on assigned PPM users/roles + inherited roles

  Dear experts,
  We using PPM 5.0 SP7, and we are having trouble defining authorizations for BW reports.
  We would like to use the same authorizations as in PPM business client, so that BI would use/check the authorization from business client.
  This check would include:
  - users or roles gain access from direct assignment to an item
  - users or roles gain access that is inherited in the bucket structure, both structure and classification buckets.
  Users would have access to BW reports, but they could see data only from the same structures/classifications or direct assignments that are given to them in PPM business client.
  Can we utilize the same authorization methods, or do we need to create and maintain this in another place (BW)?
  If needed, how to create similar authorization model to BW?
  Kind regards,
  Antti Forsell

  Hello,
  Please see these docs,
  [Field Based Authorizations in BW BEx Queries|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4753ed83-0e01-0010-e186-f98413f868cb]
  [An Expert Guide to new SAP BI Security Features|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea]
  [Advanced Features of SAP BW Reporting Authorizations|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06]
  Thanks
  Chandran

• Remove directly assigned ressource in a java class

  Hello,
  One resource is assigned twice to an account: directly and with a role. So it appears twice: in the "Current Resource" and in the "Available Exclusions" of the "Resource Exclusions" part.
  I am trying to remove in a java class the direct assignment using the removeResourceInfo method but it doesn't work.
         ResourceInfo ri = (ResourceInfo) i.next();
         wsu.removeResourceInfo(ri.getResourceName());I also tried with ResourceAssignment and normalizeAssignments method.
  Any idea what should be changed?
  Thanks,

  I do that in a workflow, like this:
                  <Action>
                      <block>
                          <removeAll name='user.waveset.resourceAssignments'>
                              <ref>user.accountInfo.assignmentsFromRole</ref>
                          </removeAll>
                          <set name='user.viewOptions.NoReprovision'>
                              <s>true</s>
                          </set>
                      </block>
                  </Action>I haven't tried it from Java.

• Wrong assignment of user

  Hi Folks,
  Initially we assigned the user to the purchase organization and purchase orders created by him.Later business raised an issue saying that Assign me tab is not working for that particular user in Sourcing cockpit.As we analysed the Assign me and action tab in the sourcing cockpit is highlighted when  the user is assigned to the purchase group only in org structure.
  So now we thought of assigning that user to the purchasing group.Will we get any inconsistencies if we assign the user to the purchasing group now.Because already some of the documents already created with that Porg  assignment.Please share your views in order to solve our issue
  Thank you,
  chakradhar.

  Hi Chakri,
  Gud to see you at SDN,
  No inconsistency will be find for existing documents for that buyer, if you only assign that buyer to P.group which is beneath of same P.org.
  Use drag and drop functionality via PPOMA_BBP
  Many Thanks,
  Venkat