Hierarchy Node Authorization Issue

Similar Messages

• Hierarchy node authorization problem

  Hi All,
  We are on SP10 for BI.
  We are restricting user to a node (fund center) in the hierarchy (based on fund centers).
  1) When a user executes the query and selects a node (in the filter
  selection criteria) to which he is authorized, the output of the query is
  restricted to the authorized node. This is what we want. Test is successful.
     After the query is executed, when the user tries to play around with the
  Fund Center info-object by moving it to the Free Characteristics space and
  back to the Rows, the node restriction still works and the user is again
  restricted to the authorized node. This is what we want. Test is successful.
  2) When a user executes the query and selects a higher node (in the filter
  selection criteria) to which he is NOT authorized, the output of the query
  is still restricted to the authorized node. This is what we want. Test is
  successful.
     After the query is executed, when the user tries to play around with the
  Fund Center info-object by moving it to the Free Characteristics space and
  back to the Rows, the node restriction no longer works and the user is now
  able to the data for the complete hierarchy. Now here our security fails and
  we do not want this to happen.
  Possible approach for a solution:
  We would want the user to see only the authorized nodes in the filter
  selection criteria. By doing this, the user will not be able select any
  other nodes and would be restricted to Testing scenario 1, thus avoiding testing scenario 2. Is this approach feasible? I found couple of OSS note but none of them exactly match to our situation here. Did anyone encounter this problem?
  Is there any other solution for this problem?
  Thanks,
  Jay

  Hello,
  this is interesting and sounds like system failure.
  I would suggest to open an OSS message and explain the system behaviour to the support. I'm sure they can help you.
  For me it sounds like the node authorization restriction should be active anytime.
  Best, Michael

• Hierarchy Node authorization with customer exit

  Hi All,
  I have created a hierarchy for an info-object A along with nodes test1 and test 2.node test1 consisit of value 10,20,30,40,50 and node test2 consist of value 60,70,80,90.  .
  1) I want that perticuler user should access perticuler node in hierarachy for that reason I have created a database table in which i have maintained the username and the values from the Infoobject A .I want to write a customer exit code in which user X can access node test1 and user Y can access node test2
  but in database table i can not maintain the nodes i can only maintain the values from the nodes
  so how can i restrict the user to perticuler node instead of values
  The authorization values for the perticuler user will get filled by customer exit variable maintained in the authorization profile
  can any body suggest me or send me example customer exit code for this scenario.
  I really appreciate your thoughts on this issue.
  Thanks,

  Hi,
  in addition to Anil's valid input, make sure that ZTEST is NOT ready for input. Indeed "ready for input" vars cannot be changed via customer exits.
  hope this helps...
  Olivier.

• Identifying hierarchy node in authorization log

  Hi,
  I created a error log (RSECADMIN) for an authorization problem.
  The log displays - among other things - :
  Main Check:
  Following Set Is Checked
  Characteristic  Contents 
  0COMPANY    Node 0 1 0 824 1
  What do these 5 numbers after the word Node mean?
  The number 824 seems to be the SID for the hierarchy ID. I assume that the other numbers are somehow used to identify the exact node. But I don't really know.
  Can anybody help me here?

  Hi,
  Please explain, what is your authorization issue.?
  in the previous post, authorization issue was not explained exactly.
  please do the needful.

• Issue with hierarchy node variable and multiple SAP hierarchies

  Hello experts,
  We are currently facing an issue when using two SAP hierarchies in Web Intelligence and one of them is restricted with a hierarchy node variable.
  The systems we use are a SAP BI 7.01 (SPS 05) and a Business Objects Enterprise XI R3.1 SP2 (fix pack 2.3). I want also to point out that the fix pack 2.3 has been applied to all BOE related components: the SAP integration Kit, client tools, and enterprise (server and client).
  The universe used in our scenario is based on a BEX Query with two hierarchies (non-time dependent hierarchies, intervals allowed) loaded on their corresponding characteristics. One of these characteristics is restricted with a hierarchy node variable (manual input, optional, ready for input, multiple single values allowed). 
  Prerequisites for replicating the problem:
  1)     When building the web intelligence query select several levels from both hierarchies (they have seven levels each) and    the   only amount of the InfoCube that the BEX query (that was used to create our universe) relies on.
  2)     In the hierarchy node variable prompt select a hierarchy node entry (not an actual InfoObject value that exists as transactional data in the InfoCube )
  By executing the query built above, all characteristics are returned null (no value) and the key figure with value u201C0u201D. No error messages, no partial results warnings.  Now if we go back to u201CEdit queryu201D and select levels of only one of any of the two hierarchies the query runs normally (by selecting the exact same value for the hierarchy node variable prompt).
  Any ideas on the matter?
  Regards,
  Giorgos

  Hi,
  Have you ever got a solution for this problem?
  I have a similar one.
  Thanks,
  regards, Heike

• Variable for hierarchy node using in authorization

  Hi all,
  I have the following problem:
  When I create a variable for a hierarchy node and I use it for the authorization, I have the possibility to say, that a user can see all elements under a node.
  But it should now be possible, that the user can also see the usage of this node bottom-up ( multi-level usage of this node ).
  Is there a possibilty ?
  Thanks
  Dieter

  Hi,
  I would suggest you provide more details than just "doesn't work". In addition keep in mind that this is a forum and not an official support channel. In case you need a faster response you should talk to the support team.
  Ingo

• BW Hierarchy node Variable - Value help Issue in Crystal Report

  Dear All,
  1. We have created the BW-Query with Hierarchy node Variable .
  2. On the above query we have preapred Crystal Report.
  3. We have published the Crystal Report using BW Publisher ( Through Content Administrator in BW).
  4. Followed the steps as below link.
  http://wiki.sdn.sap.com/wiki/display/BOBJ/CrystalReportsandBWquery+elements
  Problem:
  When we are accessing the Crystal Report in the InfoView BW-Hierarchy node variable is not appearing in the value help as a tree structure ( It is appearing as a list ).
  Please suggest me the solution.
  Thanks & Regards,
  Kiran Manyam.

  Classic Crystal Reports and Classic SAP connectivity questions
  Classic Crystal Reports and Classic SAP connectivity questions

• Hierarchy Analysis Authorization does not work after transport

  Hi Gurus,
  I am facing a issue in hierarchy analysis authorization in quality system but the same authorization works perfectly fine in development.
  All hierarchy authorizations works in Quality except for this one. I found one old sap note describing this as program error but this note is not applicable in BW 7.3.
  I have checked the table RSECVAL, RSECHIER and authorization is active so everything looks good. Please advise if anyone faced this issue after transporting hierarchy auths to other systems
  Regards,
  Salman

  Salman,
  What I understood from your description is that you have same role+AA in Dev and QA, which provides access in Dev for all the nodes for said hierarchy but in QA, same role+AA provides access to the same hierarchy for all the nodes but one. Try to create a ZTEST analysis authorization in QA itself with access for the problematic hierarchy node and see if it works ? This will rule out the case if there is a difference in hierarchy in DEV & QA.
  Regards,
  Shivraj Singh

• Search Help for Hierarchy Node in SAP BW 7.3

  Hi Experts,
  We were previously using SAP BW 7.1 system and we had a table which used to be maintained through SM30 which has a customed search help on one of the fields for a hierarchy object. And it was working perfectly.
  However, one of our systems have just been migrated into 7.3 version and the above functionality is no longer working.
  This is what is happening now:
  - User selects a hierarchy and after selection nothing is being displayed on field on the table.
  We have tried to debug this customed search help in both environments to distinguish what is wrong. We have noted that a standard function module (RRSV_IOBJ_VALUE_OUTPUT) is not behaving similarly. In 7.1 system, the C_T_DATA table is being filled whereby in the 7.3 system, it is empty.
  Do you think this is the issue?
  Please do advise and propose what can be done to make it work. Or any idea on how to create a new search help for a hierarchy node in 7.3?
  Thanks in advance.

  hi,
  one more thing i will like to add here is in BW 7.3 you get a new security admin feature that allows you to make mass changes to authorizations instead of one-by-one. This can be done by cut-and-paste in a worklist, hierarchy nodes, and you can also add users to multiple analysis authorizations.
  The u2018newu2019 authorizations has both the data value and hierarchy restrictions. You can still build using the u201CRSECADMINu201D transaction
  Also make sure that all objects are in the TLIBG library and they will be 'shielded' during the upgrade.
  regards
  laksh

• Authorizations issue

  Hi all,
  I have a infoobject with the authorization check box checked.
  This is been used in the infocube as a navigational attribute.When i dont use this at all in any query i get some error for some users.Like below.
  Authorizations missing for aggregation (":")  
  Char.  1 
  0CUST_SALES__0SALES_OFF    Empt      Empt   
  I checked in a note which says that "If you do not want to grant the user colon authorization: Restrict the characteristic in the query to a certain selection (single value, interval, hierarchy node, and so on) and authorize this selection explicitly".
  I have tried this too.I dragged and dropped the navigational attribute under characteristic restrictions and created a authorization variable for the same but still the same issue.Can someone guide me if i am doing anything wrong here.I cannot give authorizations to this user at all and the user has to see the report without any issues.
  Thanks in advance.
  Regards,
  Harish

  The user needs colon authorization ( for 0SALES_OFF
  That way he can see the data he needs, but he won't be able to display values for individual 0SALES_OFF values.
  I guess you are on BW7 and use Analysis Authorizations (BW7), here are some useful links in the area
  SDN area for Analysis Authorizations
  http://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI#AuthorizationinSAPNWBI-Differencebetweenrssmandrsecadmin
  Marc Bernard session
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce
  SAP release note for new Analysis Authorizations
  http://help.sap.com/saphelp_nw04s/helpdata/en/80/d71042f664e22ce10000000a1550b0/frameset.htm
  Kamaljeetu2019s Blog about Step-by-Step SAP BI Security
  http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=%28J2EE3414800%29ID0905833350DB00412310482630446611End?blog=/pub/wlg/13333
  Best,
  Ralf

• Restric to hierarchy nodes and characteristics at the same time

  Hi together,
  I've got a profit center hierarchy and an authorization object with those fields:
  0CO_AREA
  0PROFIT_CTR
  0TCTAUTHH
  The controling area is compounded to the profitcenter.
  Then I created an authorization definition for hierarchies where i added a node from my profit center hierarchy.
  But aditionaly I want to add a single Profit center, which is not below this node. but it does not work. I only get the profit centers below the node i maintained for the hierarchy authorization and not the single entry for the profit center
  How can I setup this situation where I need to maintain on the one side one or more nodes in a hierarchy and then a single profit center which might be under another hierarchy node although this node is not explicitly allowed?
  Kind regards
  Stefan

  Thanks for the reply.  This issue is becoming a major problem for lots of implementations.  I have sent out several forum and OSS on this but no solution.

• RSECADMIN: Hierarchy node checked can not be interpreted (trace)

  Hi there,
  Time for me to ask for your help.
  When using RSECADMIN for tracing Hierarchy Analysys Authorization I cannot interpreted the hierarchy node that is checked:
  - The authorizations found are displayed as a clickable text e.g.  Node 1  and the value can be found below the check
  - The hierarchy node checked however is displayed as e.g.  Node 4 1 0 7 1 and I can not translate this node to any existing node in my hierarchy.
  [See this picture |http://farm4.static.flickr.com/3172/2978379084_acdf6baba5_o.jpg]that shows an example.
  Could anybody help me to find out the checked authorization node?
  Thank you!
  Kind regards,
  Lodewijk

  Hi Steve,
  Thanks for your reaction, in this case the problem indeed might be something else instead of the ZKLANT node. I will have a look at it rightaway.
  Nevertheless I find it very discomforting that these strange node numbers seem to be of no use at all.
  Can anyone shine a light on this issue?
  Thanks,
  Lodewijk

• How to filter hierarchy node in BEX query designer

  Dear experts
  We are working on FI balance sheet with hierarchy infoobject 0GLACCEXT. Example of our balance sheet is as follow:
  Parent Node A = 20
       Sub-parent Node A1 = 10
           Leaf A11 = 5
               Leaf A12 = 5
  Parent Node B = 20
       Sub-parent Node B1 = 10
                 Leaf B11 = 5
                 Leaf B12 = 5
  We require only:
      Sub-parent Node A1 = 10
      Leaf B12 = 5
  So I filter those out in BEX restriction;  however, after we examine the report in tcode RSRT, "Sub-parent Node A1" is not shown in BEX Report, and the result is as follow：
  Parent Node B = 5
       Sub-parent Node B1 = 5
               Leaf B12 = 5
  Are there solutions for us to show merely A1 and B12 ?

  Hi Chu
  Try the following steps.
  Initial Output
  In this example I will restrict the query for only displaying Node 8603 and leaf 9000
  Proceed to restrict the Characteristic. Please be aware of the difference between hierarchy nodes and leaf characteristic values. Also set the Hierarchy display properties to expand up to level 1.
  Execute the query again:
  Please be aware that users will still be able to expand node 8603 and see the lower level nodes/leaf. In order to restrict users from doing this set up users authorizations.
  Regards,
  Carlos

• Creation of  Variable for Hierarchy Node

  Greetings...fellow matez,
     I am using Characteristic "0PROFIT_CTR" : PROFIT CENTER
     Here, I created used SAP <b>Standard</b> variable 0N_PCTR (Profit Center/Profit Center Hierarchy)
     This meets my requirement of allowing User to Input the TOP MOST Hierarchy Node basically means my Hierarchy.
     Now, what I need is the ability of a User Input/Key In Variable to ask for a specific Node of my Hierarchy instead of just the <b>'main'</b> hierarchy
    Let me demonstrate with an example :-
    At the moment, I have a variable defined for "0PROFIT_CTR". So, I am able to choose "XXX GROUP" as my hierarchy.
    Now, under this "XXX Group" I have several Sub-Nodes like XXX-Functional Groups ; XXX-Business Units; XXX-Subsidaries.
    How can I create a variable which prompts for this Subnodes of my hierarchy ?

  Matez,
    Issue remains unresolved.
    What I need is a <b>Hierarchy - NODE</b> variable for my "Profit and Loss" Hierarhy
    But, when I use the variable option in the 'Selecting Variable for Hierarchy' scree, I only get to choose my Hierarchy instead of my Hierarchy Node.
    How can I created a variable of type Hierarchy-NODE instead of Hierarchy for my characteristic "0Account"
  Kindly advice matez!

• How to provide a list of Hierarchy-nodes for selections?

  Hi specialists,
  some of our users often want to use some hierarchy-node-values from one report as filter of a 2nd report.
  For all non-hieararhy-values it is possible to do that using the clipboard.
  But there seems not to be a way to do the same with hierarchy-nodes.
  Is there any workaround to reach that target?
  Btw: I'm talking about users using the BEx 3.5 Analyzer.

  Hello,
  was this problem resolved?
  can you please temm me how you resolved this issue?
  Actually I also am having similar requirements in the project.
  Thank you.