BI analysis authorizations/ RSECADMIN/  Tables

Hello,
Does anybody know which tables are used with RSECADMIN.
In which tables are the values of the authorizations created in the RSECADMIN stored ?
Thanks in advance.
Kind Regards,
Vincent

Vincent,
The tables are:
RSECAUTHTRUSER - Shows the users that will be log
RSECVAL - shows analysis authorizations values
RSECUSERAUTH - Shows analysis authorizations added to users manually.
You can also check the following page for more information
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorization%2bin%2bsap%2bnw%2bbi
Regards, Jose

Similar Messages

  • [CUA] Compatibility with Analysis Authorizations (RSECADMIN)

    Hello,
    I have two questions for you, BI experts :
    1) Could someone please confirm that it is not possible to centrally maintain Analysis Authorizations (trx RSECADMIN) from the CUA ?
    2) Does it make sense to start a CUA project now with the Identity Management solution coming soon ? What are the pros & cons of each ?
    Thanks in advance.
    Best regards,
    Guillaume

    Hi,
    I had a look at the Roles and Profiles tables used by CUA.
    I found that it uses special tables such as :
    USRSYSACT     CUA: Roles in Distributed Systems
    USRSYSACTT     CUA: Roles in Distributed Systems
    USRSYSPRF     CUA: Profiles in Distributed Systems
    USRSYSPRFT     CUA: Profile Text in Distributed Systems
    USLA04          CUA: Assignment of Users to Local  Roles
    USL04          CUA: Assignment of Users to Local Profiles
    There is no analogous table for RSECADMIN tables such as :
    RSECAUTHGENERATD     BI AS Authorization Reporting: Generated Authorizations
    RSECLOG               Storage for Authorizations Logs xml
    RSECTXT               Authorization Texts
    RSECUSERAUTH          BI AS Authorizations: Assignment of User Auth
    RSECVAL               Authorization Value Status
    This, I conclude that it is not possible to maintain BI analysis authorizations from the CUA central system.
    This kind of authorizations has to be performed in the child system directly.
    Unless, SAP has something to draw out of its pocket soon... 
    I indeed read that some development was done on the CUA, parallel to the SAP NW Identity Management solution.
    Best regards,
    Guillaume

  • Analysis Authorization - RSECADMIN

    Hello everybody,
    I have created an auth object (in RSECADMIN) and added appropriate values to 0PROFIT_CTR and 0TCAACTVT. I have assigned this auth object to a user, everything works fine so far.
    Question: We have about 100+ profit centers and hundreds of users, I need to give access to all these users to different set of profit centers, what would be the best way to accomplish this ?
    Any help would be highly appreciated.
    Thanks,
    Anil

    You may wish to check with LSMW tcode.
    Steps -
    1)Maintain excel file with the mapping of user ID's and authorization object values in the proper format/structure you gonna upload via LSMW.
    2)LSMW
    Here you can record the script or the activity you want to do ,say for example asigning authorization object using RSECADMIN to a user  with values 0PROFIT_CTR and )TCAACTVT.
    Follow the steps of LSMW and Run the batch input session for whole file mapped earlier.
    LSMW - Step by Step
    Hope it Helps
    Chetan
    @CP..

  • Table that stores Analysis authorization values

    Hi all,
           We generated analysis authorizations for users on Profit centers. In RSECADMIN for each user we see an automatic authorization object being assigned with a name like RSR_000234  so on. We can see the values (profit centers) for this object when we double click on it. I would like to create a list of all users and the assigned profit centers. Can you please tell me if a table is available to get this list.
    Thanks,
    Ram.

    Chetan,
             We are loading authorizations values to 0PROFIT_CTR from ECC and flatfile into the Authorization DSO's and generating authorizations to assing the profit centers to users. I would like to see the profit centers assigned to a user. For example suppose if a user is assigned a particular region. I would like to see all the values of the profit centers assigned to the user from a table rather than going to the hierarchy and getting the list for each region.
            The tables that you specified give the userid and the technical name of the authorization(RSR_000234..) but I would like to see the actual values in the authorization.
          Hope I am clear. Thank you for your assistance.
    Ram.

  • Table for Analysis authorization along with values for authorization fields

    Hi,
    I am looking for table that contains the Analysis Authorization name along with values for all the authorization fields within this Analysis Authorization. Individually i can go to PFCG or Rsecadmin but since i need all the Analysis auth objects, i need to get this info into excel, so need a table.

    Hi Prashanth
      You can check RSECVAL that is appropriate for your requirement please let us know if any further help is needed.
    Thanks & Regards
    Santosh Varada

  • RE: Table to View Analysis authorizations of all users in BI

    Hi,
    I want to pull a report in BI that shows all the users and their analysis authorizations. does anyone know how to view this report.
    Thanks in Advance,
    SS

    Hi,
    You can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
    RSECHIE - Status of hierarchy authorizations
    RSECTXT - Authorization text
    RSECVAL - Authorization Value Status
    RSECBIAU - Changes to Authorization (Last Changed By]
    RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
    Change log tables:
    RSECUSERAUTH_CL - Assignment of users
    RSECHIE_CL - Change log of hierarchy authorizations
    RSECTXT_CL - Authorization texts
    RSECVAL_CL - Authorization Value Status
    Hope this helps!!
    Rgds,
    Raghu

  • Issues with Analysis Authorization checks in APO

    Hi Friends,
    I am facing an issue with Analysis authorization checks in APO.
    We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
    Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
    This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
    In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
    However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
    Resultant trace results are as below: This should not happen..
    I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
    Will it be possible for you to advise on what could I be missing.

    Hi All,
    If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
    while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
    Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
    Please advise.. Thanks..
    Regards,
    Prakash

  • D_E_L_E_T_E doesn't delete analysis authorizations

    Dear SAP BI colleagues,
    I use the standard DSO's for analysis authorization (0TCA_DS0*). After successful upload and generating the analysis authorizations, I tried to delete this entries again. For this I followed the SAP documentation as well as other community hints: I only have the D_E_L_E_T_E entry for infoobject 0TCTUSERNM in the value DSO 0TCA_DS01. After generating via RSECADMIN the analysis authorization still exist in the user assignment as well as the DB table RSECAUTHGENERATD.
    Does anybody know why?
    Regards,
    Joern

    You need to set the 0TCTOBJVERS to 'A' and 0TCTADTO to '99991231' as well.
    Regards,
    Lars

  • Analysis Authorization Issue 7.3

    Hello Friends,
    System BW 7.3, Currently there are 80 odd analysis authorization objects
    We want to introduce a new info object (GL Account) to be authorization relevant, ( there are few objects in the system which are already authorization relevant in the system with proper analysis authorization objects and they are working fine)
    Things done, made the GL Account object authorization relevant in RSA1, Created 2 analysis authorization objects with GL Account and TCT objects and one with hierarchy restrictions and one open access.
    Added this object to the user in addition to its already existing authorization objects. Created authorization variable in BEx.
    Some how the authorization is not picked up and it gives us all the values in the report. But if I add the GL Account info object to the existing analysis authorization objects then it works fine.
    I do not want to change all the existing analysis authorization objects to add GL Account.
    Your inputs are most welcome.
    Thanks
    Ed.

    Gajesh- I have added the new analysis authorization object to the user in RSECadmin.
    Subhendu- Problem statement: What are the steps involved in making a new info object(GL Account) authorization relevant. Authorizations are given at hierarchy level. Can we create a new analysis authorization with  GL Account only or do we have to add it to every existing analysis authorization
    I have done the following steps
    1. Made the GL Account object authorization relevant in RSA1,
    2. Created 2 new analysis authorization objects with GL Account ( with hierarchy restrictions) and TCT objects and one with GL Account open access.
    3. Added this object ( which has restrictions) to the user in RSECADMIN, in addition to its already existing authorization objects.
    4. Created authorization variable in BEx.
    5. No existing analysis authorization objects have been changed.
    When I test the report, It does not restrict based on the hierarchy that I have given, it gives open access.
    But If I add GL Account with restrictions to the existing analysis authorization object, it works good.
    Guess I am missing some thing here.
    Do you need any other screen shots.
    Thanks
    Ed.

  • BW Analysis authorization issue... need help urgently....

    We have one BW query which is pulling data from Contract Division info-object. Now this report does not variable selection object so it is pulling data from all values of Contract Division. Values of  Contract Division are CNC, CNS, CNE and CNL.
    Now we have created an analysis auth. object called z_es_3 and added Contract division info-object. Now we have added that z_es_3 into role and given value to CNS. now when we are running report, we are getting No Authorization error. When we are giving * value in z_es_3, it is running fine.
    Now we have to restrict report to contract division. please help.
    Thanks in advance

    Are you running unrestricted search on Contract division in your queries? You should restrict it to value which is maintained in the authorization for the InfoObject.
    Also please run the analysis authorization trace from RSECADMIN. That will give you a clearer picture of what is wrong.

  • Analysis Authorization based on Hier node with multiple display hierarchies

    Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
    Requirement:
    Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
    Preferred solution:
    The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
    u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
    u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
    u2022     The display level will be specified as required (here: Level 7)
    u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
    Reporting Scenario and technical impact:
    As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
    My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
    Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
    Thanks everyone for your input...
    Claus
    Edited by: Claus64 on Jul 13, 2009 4:10 AM

    HI CLause,
    On Jul 14 2009, you wrote in SDN and said:
    FYI: Found a solution...
    The hierarchy analysis authorization will be based on a navigational attribute of cost center.
    With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
    The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
    Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
    As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
    If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
    Claus
    See this thread:
    Analysis Authorization based on Hier node with multiple display hierarchies
    I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
    I appreciate if you can share your solution from the past in more details.
    many thanks

  • Web Intelligence Report + BI 7.0 Analysis Authorizations

    Hello Experts,
    I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
    BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
    It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
    For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
    When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
    I have tried several settings on the universe (like filter working on LoV as well) but none helped.
    If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
    Any ideas?
    Best regards
    Giorgos

    Hi,
    has the Universe been created on the cube level or on the query level ?
    In case it is on the cube level it will fail because :
    Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
    The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
    You can then assign this authorization to one or more users.
    All characteristics flagged as authorization-relevant are checked when a query is executed.
    *A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
    Ingo

  • [BO over SAP BW] Web Intelligence Report + BI 7.0 Analysis Authorizations

    Hello Experts,
    I have created a report on a universe based in a SAP BW InfoCube that contains an authorization relevant InfoObject (Company Code).
    BW Analysis authorization have been set up for this cube in such way that the user should have access only to data containing one of the two values of Company Code (lets say for example that the user can access value "A").
    It seems to be working fine when testing them via a BEx Query or via rsecadmin (rsrt with detailed analysis authorization logs). When the test user tries to view the full contents of the specific cube gets an "access denied" message (this is normal), whereas if the user runs a report with a filter "A" on Company Code the report returns the results as it should have. So far so good.
    For testing use within Web Intelligence, I have created the following Single Sign On (SSO) universes: a)directly on the cube, b)via a "select all" query and finally c)via a filtered query (filtering the exact allowed values of analysis authorization of the test user). All of the above have unfortunately the exact same issues:
    When a test user with limited analysis authorization (i.e. a user that can only access value "A" of Company Code) tries to view a report on either of these universes, then the result is the following message when trying to execute the query "A database error occured. The database error text is: Error loading cube MyCube/MyQuery (catalog MyCube): Unknown error. (WIS 10901)"
    I have tried several settings on the universe (like filter working on LoV as well) but none helped.
    If we replace the user's analysis authorizations with full access on company code (values "A" and "B") the query runs as it should have.
    Any ideas?
    Best regards
    Giorgos

    Hi,
    has the Universe been created on the cube level or on the query level ?
    In case it is on the cube level it will fail because :
    Analysis authorizations are not based on authorization objects. Instead, you create authorizations that include a group of characteristics. You restrict the values for these characteristics.
    The authorizations can include any authorization-relevant characteristics, and treat single values, intervals, and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorization-relevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics.
    You can then assign this authorization to one or more users.
    All characteristics flagged as authorization-relevant are checked when a query is executed.
    *A query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic*
    Ingo

  • Need analysis authorization help

    Hello Gurus,
    Could someone please help me out with my Analysis Authorization issue?
    We have a BW query and workbook outputting "Tcode usage" like the following:
    UserGroup| Username| Tcodename| Frequency
    This one has been running long time without any problems in reporting authorization, but now We want to get it restricted and only allow data associated group HR to display using new Analysis authorization. The scenario for this report is as follows:
    1. Rsecadmin >Maintenance> Create New authorization "Group" which consists of 4 characteristics: 0TCAACTVT, 0TCAIPROV, 0TCAVALID and 0TCTUSRGRP(which is the characteristic about group name and already authorizatio relevant). Set 0TCTUSRGRP "EQ HR".
    2.Assigned this authorization to a role using PFCG through the S_RS_AUTH. Other authorization objects in this role are:   S_BDS_D, S_BDS_DS, S_RS_MPRO, S_RSEC, S_RS_COMP, S_RS_COMP1, S_RS_HIER, S_RS_ICUBE, S_RS_ODSO.
    3.In BEx analyzer, set type: Characteristic Values and Variable filled from authorization and value "Selection Option". Unselected "ready for input". Put the characteristic associated with group name to filter windown on the top righ hand side of the Query Designer. Also compare users in PFCG.
    The question is the I still get all data about all groups. Looks like the authorization group doesn't work. I  used the "execute as " and get no errors back.
    Note: I didn't use "generation" to create the new authorization in Rsecadmin
    Thank you very much for any answers!
    Haifeng

    I guess i have found the reason why my authorization dosen't work. I don't activate infoObjects 0TCA* and 0TCT* and infoCubes 0TCA* as well. But another thing I am confused about is :
    Should I activate HR and CO businees content for authorizations 0TCA_DS02OTCA_DS05 and 0CCA_O010CCA_O03 before i get started? or should i run generation everytime i create a new authorization using Maintenance in Rsecadmin?
    Haifeng

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

Maybe you are looking for

  • Hr-abap - customer layout names for forms

    hi in hr-abap i have form3a , form6a form16a i want the coustmerlayout names for those forms thanks in advance Edited by: Julius Bussche on Feb 5, 2009 9:18 AM Please use meaningfull subject titles

  • Problem while writing to file

    I have a value '2222.12' stored in a database table. i fetch this value and write this value to a file but in file the value is '2222,12' instead of '2222.12'. i.e dot is being replaced with a comma automatically, can anyone tell what is the mistake

  • Grand Total Level in OBIEE 11g

    Hi , I had a report with product name , order number , order quantity , order amount as columns . Now i want add a new column at the bottom level as grand total for ordered amount. Can some one please tell me how to do that ,,,I am in hurry Thank you

  • Running SQL Queries in PeopleSoft Application Designer

    Hi, I'd like to find out which peoplesoft tables contain two fields x and y. I have the sql query to do that, but I don't know where I can run that query from in application designer. Its quite possible that it will be done from "Query" window in App

  • DB-fields duplicated between FI and JVA

    Hello, I am a BW consultant and need the field "Transaction type" (RMVCT) from FI (table FAGLFLEXT) for reporting in SAP BW. I know several fields are duplicated between FI and JVA whenever a transaction is created. In JVA (table JVSO1) there is a fi