EYE 007 Aggregated Value for Analysis Authorisations
Hi there,
I'm attempting to unit test a new report in our development environment via RSECADMIN. Having created the role and assigned to the test user I get the error that aggregated values for particular characteristics are empty. However I've already added these to an analysis authorisation and used this for another report where it finds the characteristics.
I'm stumped as to why this report doesn't find the same values. I've generated the role and run a user master compare, but this still fails. Any help is appreciated.
Thanks.
1. Please take the InfoProvider on which you have created your query and find which characteristics are Authorization Relavant for that MultiProvider/InfoProvider.
2. Make sure all these characteristics are added to the analysis authorizations assigned to the user: Detailed feild values for the one your report is about and aggregated value for the other one and all the relevant 0TCA* content as well
The report should work, however in your case it seems like you are assigning the characteristics using separate analysis authorizations, in that case make sure the concerned InfoProvider is mentioned in each analysis authorization under 0TCAIPROVfor the analysis authorizations to combine.
Similar Messages
-
Change documents or logs for Analysis authorisation access changes
Is there a way to review the change history or table logs in BI 7.0 to show who assigned analysis authorizations and when it was assigned or removed? I presume there should be a SUIM change document that shows the Analysis authorization access changes that are assigned directly to users via RSU01 or RESEADMIN when these analysis authorizations are not included in roles.
An example area of concern is with the assignment of 0BI_ALL, having an accurate log or mechanism to track the assignments to users.Hi Srinivas,
you can activate in DDIC that your entry changes will be logged.
Go to SE11 -> Your Tablenname -> CHANGE
Button TechnicalSettings -> Activate checkbox Log data changes.
From now on any chenge will be logged in table DBTABLOG.
Kind Regards
Henner -
BI7 Analysis Authorisations - relationship between value & hierarchy auths
Hi all
Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?SDN is the place to discuss technical problems..
Please avoid such weird post.
G@urav. -
Table for Analysis authorization along with values for authorization fields
Hi,
I am looking for table that contains the Analysis Authorization name along with values for all the authorization fields within this Analysis Authorization. Individually i can go to PFCG or Rsecadmin but since i need all the Analysis auth objects, i need to get this info into excel, so need a table.Hi Prashanth
You can check RSECVAL that is appropriate for your requirement please let us know if any further help is needed.
Thanks & Regards
Santosh Varada -
hi
i have sharepoint 2013 enterprise over sql server 2012 standard, and i want to create some reports trhought excel services and performance point using EffectiveUserName feature, but right actually my environment is not working, when a configure an excel
to read a SSAS cube from my local machine the rol is ok, but when i published the excel and try to update from Internet Explorer this error is presenting
XML for Analysis parser: The Domain\User' value of the 'EffectiveUserName' XML for Analysis property is not valid.
Anybody can helpme is urgent find out for some solution
thanks a lotTurns out that you need the SP Farm service account to be an admin on the SSAS server as well. That fixed the problem for us.
MS: Please update your documentation :) -
NO Authorization .. EYE 007 -- Need inputs - still issue is there
Hi Experts,
i am very new to BI Authorization, can anyone help me to solve this issue..
<b>I have gone through the SDN Links,</b>
I have a Authorization Issue,<b> NO Authorization </b>
Error : <b>EYE 007 ( Insufficient Authorizations )</b>
I have follow this steps
An <b>Expert Guide</b> to New SAP BI Security Features <b>BY Marc Bernard</b>
I have followed all the steps which Marc Told..
<b>Steps 1 :-</b>
Define Authorization-Relevant Characteristics ( <b>0DIVISION</b> )
Note : I have 0Division values <b>1000 and 2000,</b> I want to restrict the user on <b>DEVISION = 1000.</b>
<b>Steps 2 :-</b>InfoObjects as authorization-relevant
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
<b>Steps 3 :-</b>Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
0DEVISION restricted with value 1000.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
<b>Steps 4 :-</b>
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZAUTH
S_RS_COPM with * and S_RS_COPM1 WITH *
<b>Steps 5 :-</b>
AND Assign this Role to User.
<b>Steps 6 :-</b> ERROR
When I execute the Report it is showing NO Authorization
Insufficient Authorization
EYE 007.
PLS Anyone can help me to resolve this Problem,
I need very Urgent,
Thanks = Points.
Regards,
JML
Message was edited by:
JMLI have followed the <b>David Roche</b> steps. But still I have the same problem.
The Steps I have given in my Role are
<b>S_RS_AUTH</b>
Here I have given my Authorization Analysis Object ( ZAUTH ) which I have created in RSECADMIN.
<b>S_RS_COMP</b>
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea *
InfoCube *
Name (ID) of a reporting compo *
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
<b>S_RS_COMP</b>
Activity Create or generate
InfoArea *
InfoCube *
Name (ID) of a reporting compo REP*
Type of a reporting component Query
<b>S_RS_COMP1</b>
Activity Display, Execute
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for *
<b>S_RS_COMP1</b>
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for $USER
I have assigned <b>this Role to User A</b> and I logon with User A and execute the Query then it is showing the Error :- No Authorization.
As per the <b>Chetan Patel ( CP@...)</b>
RSECADMIN>Analysis>Error Log
<b>The Log is .</b>
<b>InfoProvider Check </b>
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider ZSD_CS01 with activity 03?
Authorization exists for general access to InfoProvider ZSD_CS01 with activity 03 ( it is showing with <b>Right Mark </b> )
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZSD_CS01:
0DIVISION
Authorization Check
Detail Check for InfoProvider ZSD_CS01
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
End of Preprocessing
Filling the Buffer...
...Buffer Filled
<b>Main Check:</b>
Subselection (Technical SUBNR) 0
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0DIVISION
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0TCAACTVT
0DIVISION
SQL Format:
DIVISION = ':'
AND TCAACTVT = '03'
Characteristic Contents
<b>0TCAACTVT I EQ 03
0DIVISION I EQ IN</b>
<b>Not Authorized</b>
<b>All Authorizations Tested</b>
Message EYE007: You do not have sufficient authorization
<b>No Sufficient Authorization</b> for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
220 ( 0DIVISION )
Authorization Check Complete
Can any one help me to Resolve this issue,
<b>i need very argent</b> , we have GOLIVE ......
Regards,
JML. -
BI analysis authorisations direct assign to user in RSECADMIN
Hello,
In RSECADMIN it is possible to directly assign the 'analysis authorisations' to user-id's
It is also possible to assign the 'analysis authorisations' to a role via the authorisation object S_RS_AUTH
Can somebody tell me
- what are the pros and cons of directly assigning the analysis autorisations to the users in the RSECADMIN ?
- In which situation is direct assigning in RSECADMIN used ?
- IS dirtectly assigning to users in RSECADMIN in a production environment critical?
- what does SAP propose: directly assigning in analysis authorisations our via a role
In our case we have the situation of
BI system with a large number of analysis authorisations. The values of the analysis authorisations should be
maintainable in production environment.
We have also to take in mind:
- Roles are added to users via CUA ( RSECADMIN is not maintainable via CUA)
- Business Objects is coming. So set up the authorisations that they can be used for Business Objects
- Flexible ( new autorisation relevant info Objects) should be easy adeptable.
What we want to use is
- assigning analysis authorisations via a single role ( in a composite ) to the user
- a variable in the analysis authorisations as field value of a characteristic. In that case the values can be
assigned dynamically in production.
the data access role has the link to the analysis autorisations in the RSECADMIN.
this analysis authorisation contains variables instead of a fixed field value.
The values of the variables are maintained in a table in a production environment
Is using directly assigning analysis authorisations to users in the RSECADMIN in the production environment an alternative ?
Thanks for your answers
With Kind Regards,
Vincent
Edited by: Vincent Willems on Apr 7, 2011 10:37 AMHello Vincent,
My way of working is to follow the structure you have in the providing systems. If you have created a role for a production employee then try to translate the roles for the production analysis the same way in BI. You can use the s_rs_auth object. In HR you can use structural authorizations, you can use some programs to set the structural authorizations in BI and that will be done by creating an analysis object and add this to the user involved. Also updates from structural authorizations will be done automatically by these programs. I should not add your own objects to single users, that is a lot of maintenance you do not want. Use in BI the same concept as in the providing systems, it is more clear for anyone who has to work with it.
Have fun
Bye
Jan van Roest
PS. Did you solve your problem? If so please close your question
Edited by: J. van Roest on Jul 7, 2011 12:51 PM -
":" in analysis authorisation objects
Hi,
We made 0DEPARTMENT as authorisation relevant.
In one of our Analysis Authorisation Objects(Rsecadmin) Settings for 0DETARTMENT IS = :
What exactly ":" represents
Thanks in advanceHi,
The colon( value is used in BW to authorise display of aggregates. If you are using company code in the free characteristics and do not restrict on it to authorised values, you need to maintain : for it. Once you drill down on it (or equivalently put it in the rows) you need the actual values to be maintained in the authorisations as well.
Have you investigated the use of authorisation variables? You can maintain the values 1000 and 3000 in the authorisation and restrict the characteristic with an authorisation variable. This will ensure that the query is run for only the authorised values. This will work irrespective of whether you use company code in the rows or free characteristics.
Thanks,
Venkat -
Dear Gurus,
I have the turned two navigation attributes as auth. relevant,
global cost center: this is based on hierarchy authorisation
local cost center: this is based on value authorisation.
There is one-to-one mapping between glocal cost center and local center. Users would request authorisation on either of them but they can ask for authorisation for more than one role with different combination.
I have created three analysis authorisation for the below scenarios:
1: Role_1 has Auth_1 with the below values
global cost center: X (node)
local cost center: * (as users have no knowledge about the mapping)
This works fine.
2: Role_2 has Auth_2 with the below values
global cost center: * (as users don't know the mapping)
local cost center: A
This works fine as well.
3: Role_3 has auth_1 and auth_2.
This doesn't work. It throws authrisation error.
Can you please suggest how can scenario 3 work.
Thanks in advance
RegardsHi Max,
Unlike ECC Auth Objects, Analysis Auths always work on the concept of Intersection. Which means when you run query for a particular input selection and you have multiple analysis auth assigned, then queries will only be executed if input selection falls within the intersected region for the characteristics in two analysis auths.
Therefore effectively when you assign auth_1 and auth_2 to an user, user gets the following access:
global cost center: Node
local cost center: A
Can you confirm if the user is selecting the above values while executing queries and still getting authorization error?
I didn't understand the requirement of Role_3 = Auth_1+Auth_2 though, but if you can explain the requirement, I can try to suggest some solution.
Thanks,
Deb -
Dear all,
i have the following question:
I would like to restrict a user for the following settings:
1. The user is allowed to access the following infoobjects:
Version 100 on Infocube 1 and Posting level 00 -10
2. The same user is allowed to access
Version 101 on Infocube 2 and Posting level 00 - 30
For both requirements i created 2 analysis authorisations:
But after assigning both authorisations the following happens:
The user has access on each infocube to all versions and all Posting level.
How i have to handle this problem???Hi Christina,
The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
0TCAIPROV
0TCAACTVT
0TCAVALID
And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
So for your issue you have to define these three characteristics first
0TCAIPROV: Name of your infoprovider
0TCAACTVT: Activity for which you want to authorize the user
such as 1 - Create
2 - Change
3 - Display
- For all Activity
So as per the need you can give the authorization to the user (1,2,3 or *)
0TCAVALID: If you want to give a validity then specify here or
give * value
So as per these guidelines you have to define both the analysis authorization.
Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
Hope I could help you in this regard.
Kindly Asign points if useful...
Regards,
Abhi -
Hi all,
I've just started working on a new project and am familiarising myself with the build. Part of this is the BI analysis authorisations, of which there are over a hundred. Rather than attempt to view these inividually is there a table that can give me this info, rather like AGR_1251 but for analysis auths?
Thanks,
Nick.Hi,
tables of analysis authorization for RSECADMIN are
RSECHIE_CL Change log of hierarchy authorizations
RSECUSERAUTH BI Analysis authorization assignment to users
RSECUSERAUTH_CL BI Analysis authorization assignment to users
RSECTXT_CL Change log of authorization texts
RSECVAL_CL Change log of Authorization Value Status
RSECBIAU Changes to Authorization (Last Changed By]
You can find more table start with RSEC* just check with F4 in SE16.
Hope this helps
Edited by: connecpk on Feb 1, 2010 4:49 PM -
Deleting Automatic Generated Analysis Authorisation
Dear All,
We are generating Value and Hierarchy analysis authorisation automatically with the help of DSOs 0TCA_DS01 and 0TCA_DS02.( through RSECADMIN )
Upon generation everytime, it first deletes all the previously generated analysis authorisation ( for the users that are available in these DSOs ) and creates new ones with the name starting as RSR_*.
If the username for a particular user is not present in these DSOs, system will not delete / create anything for those users.System deletes / creates analysis authorisations only for those users that are available in these DSOs.
Suppose a user a going out from the organisation, in that case we need to manually find out all the analysis authorisations ( RSR_* ) that were previously generated for that user and delete the analysis authorisations manually.
This is time consuming process.
Could you please advise any automatic / simpler way for deleting previously generated analysis authorisations for such users.
Assume that these users are not available in the new data loaded in these DSOs.
Thanking You,
Tarun Brijwani.Hi Tarun,
If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are completely deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.
Please refer the following link for more information.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/55/46eb411a7f6324e10000000a1550b0/frameset.htm
Thanks,
Krishnan -
BI7. Analysis Authorisations: 0TCA_DS01 to 0TCA_DS05
Good day
For those who have already implemented Analysis authorisations, PLEASE help?
I am investigating analysis authorizations and also need to implement at our site.
What I need to know is what objects are delivered with the template DSO's 0TCA_DS01 to 0TCA_DS05? Should they have any transformations, DTP's and datasources?
I am a bit lost on how this should work. I have gone through numerous links and instructions, with no success at all. Seems as if this whole concept of analysis authorisation is escaping me.
Please assist with any detailed information regarding the HOW TO, or STEP-BY-STEP instructions.
Thanks in advance.
CjHi Cornelius,
you're right, there is no data flow available for those DSO objects. What dataflow would you expect? You want to upload the auth data via flat file? Or you want to load from another source system by an dedicated logic or perhaps with an workflow as a trigger? You see, it's not that simple to deliver "the one and only" dataflow. The mentioned objects are templates as the program to generate the analysis auth expects a special order of the fields which are given when you use the ODS objects..
Read more here, http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
You have to create the dataflow by your own, regardless if you want to use 3.x dataflow or 7.0. The only thing you have to ensure is the correct order of the field in the DSO whit the values you want to use later in the generation.
Hope that helps a bit.
Best regards,
Maik. -
Can not input data when removed the value for seleciton condition
Dear Experts,
We met a very strange issue for the IP.
We create a aggregation level and relatd query for user to key in data.
We have a filter in the aggregation level.
It will set value for A,B,C,D
When user opent he report, system will require user to key in the value for A,B,C,D.
Now we found that if we key in value for B, cell is input ready.
If we removed the value in for the B in the selection condition (I mean the value of B is empty, this means tha all the value of B will display in the report), we can not key in data.
Could you kindly let me kow the reason?
Thanks and best regards
Alex yangDear Experts,
Many thanks for your information.
I know the principle for the IP.
But I think you may misunderstanding this issue due to my incorrect explaination.
First, we think the aggreagtion level is ok. This is due to that for the B in my example, we set its as column value in the query.
This is means for each record in the IP query, it has only one B value to reflect it.
But strange things is that if we set fixed value for B, IP input is ok.
If we removed fixed value for B, IP function is error.
Now, we will test if we key in multi value for B whether IP input function is ok or not.
Any update, I will inform you.
Thanks and best regards
Alex yang -
IPC pricing gross value for products in catalog
Hello all,
In ISA b2b application I need to add a new column with gross value for products in catalog. Here is how I've tryed :
</i>
<!-- CBI Added gross price -->
<td align="right" >
<%IPCItem priceRef2;
try {
priceRef2 = (IPCItem) item.getItemPrice().getPriceInfo()
.getPricingItemReference();
if (priceRef2 != null) {
DimensionalValue grossValue = priceRef2
.getGrossValue();
%>
<%=grossValue.getValueAsString() + " "
+ grossValue.getUnit()%>
<% } else {
%><isa:translate key="z_catalog.isa.nogrossvalue"/> <% }
} catch (Exception e) {
%><isa:translate key="z_catalog.isa.ipcexception"/>
<%} %>
</td>
<!-- CBI Added gross price -->
</i>
The problem is that the gross value is the same with the net value.
I've try also using <i>item.getItemPrice().getPriceInfo().getAllPriceInfos()</i>
where item is WebCatItem, and retrive an array of PriceInfo (s) with only one PriceInfo object which has the type <b>netValue</b>.
Then in the backendobject-config.xml I've modify the priceTypes attribute value for BO "CatPriceCalc", but without any succes. Here is the snippet:
<i><businessObject type="PriceCalc" name="CatPriceCalc" className="com.sapmarkets.isa.backend.crm.webcatalog.pricing.PriceCalculatorCRMIPC" connectionFactoryName="JCO" defaultConnectionName="ISAStateless">
<params>
<!-- CBI gross value -->
<b><param name="priceTypes" value="totalNetValue totalGrossValue"/></b>
<!-- for allowed values see defined constants in com.sapmarkets.isa.backend.boi.webcatalog.pricing.PriceType -->
<param name="doItemCalls" value="true"/>
<!-- set this to true if you want to have additional call of CRM_ISA_PRICING_ITMDATA_GET when doing item pricing -->
</params></i>
Do you know how to solve this problem? Or why is not working.
Any help (soultion, docs, links) is very wellcome and rewarded.
Thank you
BogdanHi Bodgan,
It seems that some values like tax, discount are not being calculated by IPC as required parameters are not sufficient enough to differentiate between the two. You can run catalog pricing analysis and see what are the gross and net pricing value. You can update the extra parameters to IPC by extending the class you mentioned and modify backend config xml file to use that class for ISA.
Regards.
Vivek
Maybe you are looking for
-
Should i upgrade from Snow Leopard to Lion on my Macbook Air1,1 ?
Hi, I just found out the Macbook Air i bought from my friend recently isn't compatible to upgrade to Mountain Lion. I'm very dissapointed, but thought i would upgrade to OS X Lion instead, so at least i would be able to use iCloud. Two problems: Thi
-
Windows 2008 Server Configuration - Help
Hello All, I am not an expert in configuring servers and I have just started to learn. Please forgive me if I am doing something funny! I have a router with static IP address and DHCP enabled on the router. The router had the following configuration
-
BPM ----to---Webservice scenario
Hi all, I am doing BPM - to---Webservice(target) scenario,the webservice URL would be https://116.50.64.33:443/RRIntegration/BusinessUseCases/StarterServices/BANKSTATEMENT_UPLOAD_STARTER. Here my problem is ,if i send the data to webservice is receiv
-
Request status is Green,But no data is loaded into infocube.
Hi, I have loaded the data from Flat File to Infocube. The status of the request is Green. But no records are added into infocube. The data is available in PSA.
-
Can I have a Single Licence for Windows and Mac?
I have PS CS4 for Windows installed on my desktop computer. I have recently bought a MacBook Pro. Can I install PS on my new laptop using my Windows licence or must I buy another licence.