Hierarchy Analysis Authorization in BW and BOBJ Webi Report

Similar Messages

• Analysis Authorization in BO 4.0 Webi report

  Hi All,
  I am using BO 4.0 and creating connection from Information Design tool to a BW query using BICS client. This connection is then published to CMC.
  We are using SAP authentication and importing the roles from BW system. We have added profiles to this role and these profiles have Analysis Authorization set on Company Code. So one user can access data to one company code and vice versa. Now this works well in Bex Analyzer, but if I try to create a report in Webi, the analysis authorization fails. I went through the forum before posting this question and I found that is in 3.1 version and in most cases using SSO in universe connection solved the problem.
  However in 4.0 I am using BICS client and followed the same processes to create a connection but for some reason it doesn't work ? Is this suppose to work differently in 4.0 ?
  I have tried:
  1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
  2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
  3. Publish the connection to CMC with my Enterprise and SAP ID and in both cases it doesn't work.
  Please let me know if anyone encountered a similar issue and what is the best method to resolve this.
  (BO 4.0 no service pack or fix pack installed on the system yet)
  Thanks - Appreciate your help !
  Prasad Rasam

  Ingo,
  1. To create connection in Information Design tool using SSO, selecting user ID and password. It doesn't work.
  >> Correct you need to setup you OLAP Connection with SSO.
  >>> What I meant was I created the connections using both the methods, Using SSO it allows me to create a connection. The ID which I am using to create a connection has Admin access to BOBJ system. When I login as a regular user to create a Webi report and select this new connection, it throws an error message 'The DSL Service returned an error: com.businessobjects.dsl.services.workspace.impl.QueryViewAnalyzer$CannotGetCubeFromConnectionException: Cannot get the cube from the connection'
  Using the other method to create a connection with User ID and password, I can create a connection and with the normal user login I can connect to the BW query but Analysis Authorization doesn't work.
  Ingo : Could you be more specific what you mean here with the different users ? When you say "regular" user are you referring to an SAP credentials or SAP BusinessObjects Enteprrise credentials ?
  2. Checked the Bex query and it already has Company code as a Characteristic restrictions (I have made it a mandatory variable).
  >> The variable in the BEx query needs to be an authorization variable.
  >>> This has already been set as Authorization variable. There is still a question here. If I select the variable as Authorization variable, I cannot set the other parameters in the query properties such as Mandatory variable (as this is greyed out).
  Ingo : What other parameters would you like to configure ? Could you perhaps describe the scenario with more details ?
  regards
  Ingo Hilgefort

• Analysis Authorization In Dev and impact of reports and roles in prod trans

  Hello,
  We are planning to switch to analysis authorization. We plan to make that change first in Dev and we were wondering what would be the impact on roles and reports we transport from dev (which is switched to Analysis Authorization) to production( on Old authirization) ? We wont transport new things to production till we switch to new auth in Prd.
  Thanks a lot,
  BP.

  Hello
  Even if you are transporting the roles from dev to quality and production, the analysis authorization objects will not be checked until you set "current procedure..." in RSCUSTV23.
  So there is no harm in transporting the roles and auhotrization until you change the concept to analysis.
  regards,
  Payal

• Hierarchy Analysis Authorization does not work after transport

  Hi Gurus,
  I am facing a issue in hierarchy analysis authorization in quality system but the same authorization works perfectly fine in development.
  All hierarchy authorizations works in Quality except for this one. I found one old sap note describing this as program error but this note is not applicable in BW 7.3.
  I have checked the table RSECVAL, RSECHIER and authorization is active so everything looks good. Please advise if anyone faced this issue after transporting hierarchy auths to other systems
  Regards,
  Salman

  Salman,
  What I understood from your description is that you have same role+AA in Dev and QA, which provides access in Dev for all the nodes for said hierarchy but in QA, same role+AA provides access to the same hierarchy for all the nodes but one. Try to create a ZTEST analysis authorization in QA itself with access for the problematic hierarchy node and see if it works ? This will rule out the case if there is a difference in hierarchy in DEV & QA.
  Regards,
  Shivraj Singh

• Is it possible to add buttons for user feed back in Bobj WEBI report?

  Dear all,
  I am an ABAP Web dynpro developer. 
  As part of the workflow, i am displaying  a BOBJ Webi Report to the users.
  The requirement is to allow users Aapprove/Reject the data in the report.
  Is it possible to have user input or any buttons in the Webi Report?
  If yes, How to achieve this ? Please help.
  Thanks,
  Vamshi

  There is discussion option as an out of the box feature. Check this: BI launch pad 4.0: Participate in a discussion about a document

• Analysis Authorization (Role, Profile and Direct Assignments)

  <b>Analysis Authorization Question:</b>
  1)     In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.
  2)     Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign “Reporting Authorizations” as per the process defined in BW 3.x system.
  3)     Customer sometime have 100 + Roles to have 3.X “Reporting Authorizations”. This is Managed, assigned, approved using role concept.
  <b>
  Migration Options:</b>
  1)     New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned “Like Company code 1100” not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.
  2)     Analysis Migration Tool - RSEC_MIGRATION does not update “ROLES”. It creates or changes “PROFILES”.
  3)     Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.
  <b>Questions</b>
  a)     This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.
  b)     Does any one use direct assignment to Users? It is good business practice?
  c) Is <b>Profiles</b> recommended method of Authorization Maintenance?
  d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.
  Just want to check how other folks have done migration that can be supported going forward.
  Pankaj Gupta

  Hey Pankaj,
  In general, assigning the analysis authorization directly to user makes a lot of sense for granular levels of authorization. For example, if you had 3,000 users, 3,000 specific authorization combinations, and 3,000 roles, using roles is a lot of additional overhead. If you had 12 roles and 3,000 users, your role concept makes a lot of sense.
  Therefore, the recommendation is that it varies on what makes the most sense logically. Authorization groups can be created to group analysis authorizations and combine them. Also, you have the ability to generate analysis authorizations using the Content Datastores for this. That is an option as well.
  RSEC_MIGRATION does use profiles as you've stated. If you want, there would be manual work to convert to roles afterwards. In case you haven't seen Marc's presentation on security, it's pretty good and covers how to generate authorizations from the datastore.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce

• Authorization Error ERR_WIS_30263 when creating WebI reports

  Dear all,
  I'm currently trying to setup all authorizations in BI4 for my key-users and I'm getting some issues with my WebI authorizations.
  Each time I logon to the WebI rich client, I get for all data sources which I can choose as the basis for my WebI reports the following error:
  Your security profile does not include permission to create documents. (Error: ERR_WIS_30263) (WIS 30263)
  I already checked again and again all available authorizations in my access level, but I can not get it to work.
  Any ideas, which authorization right might be missing?
  Thanks,
  Andreas

  Hi,
  As advised in previous answer, check the users access via the CMC.
  Central Management Console > Users and Groups > User Lists
  Double click on user concerned and check the Group the user belongs to. Maintain accordinlgy :
  Try the following
  Member Of > Join Group > Universe Designer Users
  Hope this helps,
  Hecham

• Link from BOBJ Webi report to CRM webUI screen

  Hi experts,
  I was wondering, if there's a way to create a link from Webi report (based on CRM data) to webUI content in CRM? For example, Webi report will have opportunity numbers. User will be able to click on the opportunity number and get to webUI screen where he could see opportunity details and maybe even modify it.
  Best regards,
  Vlad

  Hi,
  You can link Webi Document to webUI content in CRM with help of Hyperlink based on particular column then you need to parse the data.
  Once Parse button is clicked, it displays with the parts of the URL parsed into sections depending on parameters specified in OpenDocument URL.
  for more information kindly go through following document.
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f0daee1d-0e38-2d10-0c91-8bb4ab5aa266?QuickLink=index&overridelayout=true&47467978778722
  Best Regards,
  Pushkar Dhale

• Authorization Hierachy Node Variable in Web Report

  Hi friends,
  I have a Authorization Hierachy Node Variable on 0COMPANY and this is placed in Free Characteristics in BEx Query.
  Now i want to catch the value of this Company in Web Template either using Text Element web Item or etc. and then pass this value to the Print Layout of the same report.
  Could some body help me on this.
  Thank you very much advance.

  Hello Aneesh,
  these is how i have BUT NOT WORKING.
  i am thinking, if it in free characteristics, then it wont give values !!..
  var COMPNM  = '<object>
           <param name="OWNER" value="SAP_BW"/>
           <param name="CMD" value="GET_ITEM"/>
           <param name="NAME" value="TEXTELEMENTS_5"/>
           <param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
           <param name="DATA_PROVIDER" value="DP"/>
           <param name="GENERATE_CAPTION" value=""/>
           <param name="WIDTH" value="453"/>
           <param name="BORDER_STYLE" value="NO_BORDER"/>
           <param name="SHOW_COMMON_ELEMENTS" value=""/>
           <param name="SHOW_FILTERS" value=""/>
           <param name="SHOW_VARIABLES" value="X"/>
           <param name="ELEMENT_TYPE_1" value="VARIABLE"/>
           <param name="ELEMENT_NAME_1" value="IVCMP_H"/>
           <param name="ONLY_VALUES" value=""/>
           ITEM:            TEXTELEMENTS_5
  </object>';

• BW BEX Queries and Analysis Authorizations

  Hello....
  Have an opportunity with BW BEX queries and Analysis Authorization...would like to see if anyone has had the same experience and if so is there a answer....
  1) given a query....
  2) given a analysis authorization with a info-object that has intervals defined to be both single values and ranged values
  the following happens...
  after the query is fired the starter screen appears...the info-object in question appears with the defined single values only....if....the window is opened....again only the single values appear...the range values do not appear...once the query is executed the only results given are those for the single values...
  also if you re-fire the query and manually enter a valid value for the info-object that falls with-in any of the range values no result is given...even if there is data for it....the reponse given is no data found....
  NOW...if the single values, for the given info-object, are removed from the Analysis Authoriization then the range values appear and work....
  Is this a problem within in the query...or...is this a "feature" of the query...and thus must be "lived" with...
  Terry
  PS...this problem currently only happens if the window for the info-object allows for multi-selection....this problem does not occurr when the window only allows for one selection...

  Hi,
  This is a known problem with analysis authorization and multi selection IO selection criteria.
  When you define the analysis authorization with ranges and when you try to enter single values on the selection critera of the query, then the system shows zero data.
  You can run the query without entering any selection values for the IO in question only.
  I have tried several combinations and still encountering the same issue.
  Ravi

• Analysis Authorization based on Hier node with multiple display hierarchies

  Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
  Requirement:
  Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
  Preferred solution:
  The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
  u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
  u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
  u2022     The display level will be specified as required (here: Level 7)
  u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
  Reporting Scenario and technical impact:
  As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
  My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
  Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
  Thanks everyone for your input...
  Claus
  Edited by: Claus64 on Jul 13, 2009 4:10 AM

  HI CLause,
  On Jul 14 2009, you wrote in SDN and said:
  FYI: Found a solution...
  The hierarchy analysis authorization will be based on a navigational attribute of cost center.
  With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
  The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
  Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
  As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
  If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
  Claus
  See this thread:
  Analysis Authorization based on Hier node with multiple display hierarchies
  I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
  I appreciate if you can share your solution from the past in more details.
  many thanks

• Need analysis authorization help

  Hello Gurus,
  Could someone please help me out with my Analysis Authorization issue?
  We have a BW query and workbook outputting "Tcode usage" like the following:
  UserGroup| Username| Tcodename| Frequency
  This one has been running long time without any problems in reporting authorization, but now We want to get it restricted and only allow data associated group HR to display using new Analysis authorization. The scenario for this report is as follows:
  1. Rsecadmin >Maintenance> Create New authorization "Group" which consists of 4 characteristics: 0TCAACTVT, 0TCAIPROV, 0TCAVALID and 0TCTUSRGRP(which is the characteristic about group name and already authorizatio relevant). Set 0TCTUSRGRP "EQ HR".
  2.Assigned this authorization to a role using PFCG through the S_RS_AUTH. Other authorization objects in this role are:   S_BDS_D, S_BDS_DS, S_RS_MPRO, S_RSEC, S_RS_COMP, S_RS_COMP1, S_RS_HIER, S_RS_ICUBE, S_RS_ODSO.
  3.In BEx analyzer, set type: Characteristic Values and Variable filled from authorization and value "Selection Option". Unselected "ready for input". Put the characteristic associated with group name to filter windown on the top righ hand side of the Query Designer. Also compare users in PFCG.
  The question is the I still get all data about all groups. Looks like the authorization group doesn't work. I  used the "execute as " and get no errors back.
  Note: I didn't use "generation" to create the new authorization in Rsecadmin
  Thank you very much for any answers!
  Haifeng

  I guess i have found the reason why my authorization dosen't work. I don't activate infoObjects 0TCA* and 0TCT* and infoCubes 0TCA* as well. But another thing I am confused about is :
  Should I activate HR and CO businees content for authorizations 0TCA_DS02OTCA_DS05 and 0CCA_O010CCA_O03 before i get started? or should i run generation everytime i create a new authorization using Maintenance in Rsecadmin?
  Haifeng

• Analysis Authorization mass maintenance

  Hi All,
  During the migration, due to Complexity of our complex BW 3.5 authorization setup we are end up in BI 7 New Design where we have to maintain new Cube to more than 150 Analysis Authorizations each time when we have new Cubes comes.
  Do you guys know any method where you can update the new cube to large no of Analysis Authorization (for ex 150) instead of doing manually? Due to complexity of the old design itu2019s very difficult for us to change the new design.
  Looking forward for expert opinion.
  BR,
  Deepak

  Hi,
  As per my knowledge, it is always recommended to maintain the Analysis authorizations individually. However, you may refer the below thread:
  Analysis Authorization Mass Maintenance
  and also the below link:
  http://help.sap.com/saphelp_nw73/helpdata/en/c4/057a2de519451faf1819dba4092887/content.htm
  Hope this helps!!
  Rgds,
  Raghu

• Hierarchy node text shows short text instead of medium text in WebI report

  Hi,
  We have created a simple Hierarchy suing Tx RSH1.
  US -> North Carolina
            South Carolinakey
           Rest of America
  Please note "North Carolina" is the medium text for the node while the short text which can contain max of 10 chars is "North Caro"
  We have used and activated the hierarchy within the BEx query. Text display with "Medium Text" has been enabled for the InfoObject. The display on the BW report is as expected showing the medium text for all levels and all modes.
  When a universe is built on the query and a WebI report is created based on the universe everything works fine other than than the Hierarchy text for different levels and nodes. Instead of showing the Medium text, the short text is getting display.
  We took out the text object from the Universe in the Universe designer and went ahead with the key and medium text, but that did not help.
  Is this a known bug? Is there a workaround for this issue?
  We are on XI 3.1 SP3.
  Rgds

  Hi,
  I am working on BO XI 3.1 SP2.
  I have displayed the medium text for the hierarchy nodes as:
  In my universe three detail objects(key, medium name and long name) gets generated for each hierarchy node.
  I have copied the definition of L01 Medium name (detail object) in the L01 dimension object. similarly for other hierarchy nodes.
  i.e. L02, L03.. etc.
  Now the master data which have been loaded for the medium name will be displayed.
  Regards,
  Rohit

• Transport Webi Reports and Web services as the backend of dashboards from BO Production to BO Development system

  Hello Experts,
  I am working on SAP BO 4.1. I have made several dashboards on top of web services ie;Web Service Method. I have 2 systems in BO ie; Development and Production Systems.The BW production system is connected to BO Development and Production both.
  The Webi reports are made on top of BI BEx Query. From the webi reports, BI Web Services are made on top of which the dashboards are made further.
  The Webi Reports, Web Services and the Dashboards everything is made directly in BO Production.
  My question is, Can I transport the Webi Reports and the Web Services from BO Production to BO Development?
  And If yes, will it have any other impact on webi reports, web services or dashboards?
  Thanks & Regards,
  Alfred Thomas

  Hi Gill,
  As per your reply,with the promotion managament i have make the web services again manually in Dev system...Right?
  Is there any way possible that i can transport the webservices and the webi reports usind Query AS A Web Service Designer. And if yes, through this QAAWS will the WSDL or the URL required for the web services in the connection button in dashboards will automatically updated or changed as per the Development System?
  But i am not able to enable the "Deploy to Other servers Option" in QAAWS.
  Can you please help?
  Regards,
  Alfred thomas