BI Query Authorization issue

Similar Messages

• Query Authorization Issue

  Hi,
  I have created an authorization object for info object Consolidation group (0CS_group) and checked for respective info cube too.
  selected the respective info objects and completed the process. In Role maintenance, i have created a proper authorization profile (and restrict the particular value for info object) as well as assign user id. but still I am able to access all the values of info object.
  What could be the issue in this scenario?
  Do i need to recreate a query to enforce the authorization?
  Please help
  Rajiv

  hi Rajiv ,
      Could u please send me error message which u r getting after this with snapshots to my mailid . if you r gettign the "You are not authorized " then check all the objects & components for your cube .
    still you are not able to get this you can send me  ur problem at [email protected]
  best regards,
  Vikas

• Authorization issue to execute query via analyzer

  Dear,
  We are experiencing an authorization issue that we can not solve...
  We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
  When we test in RESCEADMIN, everything is fine. We can execute the query.
  When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
  "There is no variable in the workbook, which allows user input"
  Does anybody have a direction to help us to orientate our investigation?
  Many thanks,
  Rodolphe

  Hello,
  What is the basic settings you have in the Query Properties basic setting tab
  Try making it mandatory
  Regards
  Nitin Bhatia

• Authorization issue for Jump query from Summary to Detail

  Hello Gurus,
  I am facing an interesting issue in Jump query authorization.
  I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
                   When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
                     Can anybody please suggest any innovative workaround for this issue.
  Gautam

  Hello Gurus,
  I am facing an interesting issue in Jump query authorization.
  I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
                   When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
                     Can anybody please suggest any innovative workaround for this issue.
  Gautam

• Sap bi authorizations issue with query designer..

  i am using bw 3.x and bi 7 query designer with different kind of probs?...
  i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
  and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
  please suggest if any authorizations should be added or not

  hi suman chakravar,
  thanks for replying,
  can u be little bit clear about the steps.
  i went to tcode su01 and entered profile 0bi_all..it doesnt work.
  and executed tcode su56.there i can find list of BI related authorization profiles
  i added s_rs_all profile to my user. even then i face the same problem.
  i can see only queries in query designer of bi 7 format and i can not view info providers.
  i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
  Edited by: satishchow on Dec 14, 2011 3:23 PM

• Authorization issue regarding Bex Query

  Hi All,
  User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .
  Back ground work:
  I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.
  Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.
  Autho_Objet
  Role
  UserID
  ZTEST_MAIN (which includes all - 23 compny codes)
  ZMain_Role
  All users have to access this role
  ZTEST_1111 (which includes only CC- 1111
  Z1111_Role
  Test1111
  ZTEST_2222 (Which Includes only CC - 2222)
  Z2222_Role
  Test2222
  ZTEST_3333 (Which Includes only CC - 3333)
  Z3333_Role
  Test3333
  ZTEST_4444 (Which Includes only CC - 4444)
  Z4444_Role
  Test4444
  To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.
      The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!
  BR
  Venkat...

  In the role ZTEST_MAIN,
  You need to remove all company codes as this is overriding the rest
  Then add aggregate authorization, ie "0COMP_CODE" = ":"
  This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.
  The rest of your design is fine.
  You should then use RSECADMIN to check any authorization issue you have.

• BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

  Hi All,
  This is regarding BI 7.0 Analysis Authorization issue.
  Overview:
  we have restricted some queries at infoobject level.
  Issue:
  a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
  b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
  c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
  d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
  e. But when we execute the same report with Auditors ID then we get a blank page.
  Any idea why this is so?

  Hi Neha,
  I tried the below also,
  GL Acnt
  I EQ 0000134010
  I EQ :
  but still it didn't work.
  No Infoobject is missing in Authorization Object.
  For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
  As mentioned earlier also it is giving me the below message,
  ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
  Kindly suggest, since this is a show-stopper for us!
  Thanks,
  Ishdeep Kohli.

• Variable screen/variant screen authorization issue

  HI All,
  We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
  We have three selection fields:
  1.Company Code which is mandatory
  2.My controlling Area which is also mandatory
  3.Costcenter which is not mandatory
  The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
  can anyone guide me on how to go about on this authorization issue at the variable screen itself.
  Please treat this issue/requirement on high priority.
  Appreciated in advance.
  Regards,
  raps.

  Hi,
  I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
  As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
  In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
  I hope this helps you.
  Regards,
  Maximiliano

• Authorization issue "No authorization"

  Dears gurus,
  I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
  Please let me know what is missing.
  Best regards,
  Pilar Infantas.

  Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
  goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
  Check box -->with Log option
  select RSRT option
  hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
  if not
  again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
  Hope it Helps
  Chetan
  @CP

• Authorization issue in BI system.

  Hi,
  Having a authorization issue in BI system.
  user trying to run a query in and attempt to drill down by customer, he gets customer details but some of the customers are missing...
  Does the authorization granted in BI system based on customers? Is it a security issue?
  pls help...
  Thanks...

  Hi,
  Please execute the query with your id(developer id who will be having access to all data) first. Check if you are able to see all the customer data. If you are able to see all the data then the user is restricted with some authorizations. ( usually the authorizations are done on sales organization, company codes, plant..etc.. please check how it is in your project...)
  If you are not able to see all the customer data, then check in the infoprovider on which the query is built and do your analysis.
  Check in the roles assigned to the user.
  Hope it helps.
  Edited by: Maddy on Apr 21, 2011 6:42 AM

• Regarding BI Authorization Issue

  Dear Friends,
  can anyone help me to solve this issue..
  I have a Authorization Issue, u201CNO Authorization u201C
  Error : EYE 007 ( Insufficient Authorizations )
  I have follow this stepsu2026
  Steps 1 :-
  Define Authorization-Relevant Characteristics ( ZCUSTOMER )
  Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
  Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
  Eg: 0TCAACTVT
  0TCAIPROV
  0TCAVALID
  0TCAKYFNM
  ZCUSTOMER
  Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
  For example : ZAUTH In That I have taken
  ZCUSTOMERrestricted with value C100.
  0TCAACTVT with 3 ( Display )
  0TCAIPROV with * ( Astric )
  0TCAVALID with *
  0TCAKYFNM with *
  Steps 4 :-
  Assign Authorizations to Roles
  Use authorization object S_RS_AUTH for the assignment of
  authorizations to roles.
  Maintain the authorizations as values for field BIAUTH
  Ex: ZTESTA1
  S_RS_AUTH
  Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
  S_RS_COMP
  Activity Create or generate, Change, Display, Delete, Execute <...>
  InfoArea : ZDEMO_ MIHI
  InfoCube : ZCUBET
  Name (ID) of a reporting compo : ZTEST_Q0001
  Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
  S_RS_COMP
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  InfoCube : ZCUBET
  Name (ID) of a reporting compo :ZTEST_Q0001
  Type of a reporting component :Query
  S_RS_COMP1
  Activity Display, Execute
  Name (ID) of a reporting compo : ZTEST_Q0001
  Type of a reporting component :All values
  Owner (Person Responsible) for *
  S_RS_COMP1
  Activity Change, Display, Delete, Execute, Enter, Include, Assign
  Name (ID) of a reporting compo ZTEST_Q0001
  Type of a reporting component All values
  Owner (Person Responsible) for :*
  S_RS_ICUBE
  Activity Create or generate
  Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
  InfoArea :ZDEMO_ MIHI
  InfoCube : ZCUBET
  S_RS_IOBC
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  Infoarea Catalog : zioc_test, Zkf_test
  S_RS_IOBJ
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
  Steps 5 :-
  AND Assign this Role to User.
  Steps 6 :- ERROR
  When I execute the Report it is showing u201CNO Authorization u201C
  u201C Insufficient Authorization u201C
  EYE 007.
  Regards
  Siva

  Hi,
  In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
  Hope that helps.
  Regards
  Mr Kapadia

• Authorization Issue to Upload file in Integrated Planning

  Hi All
    I have included the planning role for the user...which is the same as mine..I can execute and upload  the file..when I login with the user iD, it says you are not authorize to upload zFILE_SEQ/...in my role..there is Z* values also..
  No idea how to rectify as I dont see any problem??
  pppls help..

  Hi,
  Could you please look into the authorizations that restrict data selection for the user, say if he control one or two costcenters and you have access to all costcenters. Also you need to have that object in the Aggregation level that allow the user selection. You need to include that info object restriction based on authorization value in the aggregation level and in the upload file.
  Also try to execute the input ready query from RSECADMIN T-CODE . Use the 3rd tab and choose the user id and choose with log .Then on the next screen will be RSRT and choose your input ready query and execute. Then choose back button and the pervious screen choose display log, which will give you detail log on the authorization issue ...
  hope it helps...
  cheers,
  Balaji
  Edited by: Balaji NS on Jun 4, 2011 1:47 AM

• Authorization issue after technical upgrade

  We just completed an uprade to BI 7.0 SP 15.  We only want to complete a technical upgrade and use the old security model.
  We have found that when users run queries against multi-providers they aren't authorized.  BEX states that the user doesnt have access.
  Should our old authorizations work with the old model against multi-providers?

  In theory yes ..
  Some Analysis ..
  from the S_RS_COMP
  goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
  Check box -->with Log option
  select RSRT option
  hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
  if not
  again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
  Hope it Helps
  Chetan
  @CP

• InfoArea change effect on Query authorization

  Hi Gurus -
  If we move an InfoProvider to a different InfoArea, does the users will run into Authorization issues? Do we need to re-define the query? As far as I know, it shouldn't effect the users. Please advise me. THANKS.

  It depends what authorization given to users.
  If it is just query display authorization for user, should not effect users.
  If authorization defined in info area level also, will effect.
  Thanks.

• Authorization issues in Bex Analyzer

  Hello,
  Can somebody help me with an authorization challenge I’m working on? For certain reports a user should me authorized to see key figures for a certain area and this area is divided into several units. This is the high level report authorization. But when they want to see more detail in the report (the can drill down the person responsible or the customer for example) the user is only allowed to see the key figures of his own unit. To make this possible we have created two authorization roles:
  Role 1
  Area                          *     
  Unit                          11
  Person Responsible          *
  Customer               *
  Role 2
  Area                    *
  Unit                    *
  Person Responsible          :
  Customer               :
  When executing the query with the characteristics ‘area’ and ‘unit’ in the rows and ‘person responsible’ and ‘Customer’ in the free characteristics there are no authorization issues. But when in the query result the user wants to drill down ‘person responsible’ the error message “You do not have authorization to read object XXX”. I expected that the details would only be shown for unit 11. To be able to show the details the user must now first remove the drill down, filter the unit they have authorization for and then drill down the ‘person responsible’ again. This is considered a workaround but not desirable. Is there a different way to solve this issue?
  Kind Regards,
  Petra van Noort

  Hi,
  Have you tried to include a authorization variable on your report that filters 'Unit'?
  I'm not sure of what will happen if you use it (maybe you'll always filter your report on '11' unit, or maybe you get different filter values depending on your drill down status, which is what you want).
  It's just a thought...
  Regards,
  David.