How to implement complex analysis authorizations in simple way

Similar Messages

• How to Move Migrated Analysis Authorization across the landscape?

  Hi,
  we have migrated existing 3.x obsolete authorization concept to 7.x Analysis Authorization with the SAP delivered program RSEC_MIGRATION. Unit test is completed in the Development. What is the process to move the changes to quality.
  Any help is greatly appreciated.
  Thanks!

  Hi Tony,
  what about the roles that are updated during the migration process. How do I identify them and Do I need to collect them and transport too? Is there a way I can use the tables you mentioned in the above discussion for this.
  First you should decide on whether you wish to use direct AA assignment or use S_RS_AUTH authorization object (This is referred as indirect AA assignment).
  If you wish to assign AA directly, you doesn't require the roles to be transported and just need to transport the AA, since the AA works independently.
  If you with to implement indirect AA assignment, you should identify the roles (from the tables I've provided in my last post) and findout the roles based on query's. Further the AA that were related to the queries should be added using S_RS_AUTH and these roles require a transport.
  Hope this helps!!
  @Arpan - Those tables are required to quickly find out the roles Vs queries Vs InfoAreas/InfoCubes information to work on the AA.
  Regards,
  Raghu

• Complex analysis authorizations.

  Hi all,
  I'm trying to model analysis authorizations given the following parameters:
  1 infoprovider (basic InfoCube)
  2 queries (TOPLEVEL & DRILLDOWN) to be accessed via a Portal
  3 Portal roles based on CC range restrictions (‘A&C but not B’, ‘B&C but not A’ & ‘AB&C’)
  The TOPLEVEL query displays values by Asset Class for <i>all</i> Cost Centers. It allows the user to select a CC Hierarchy (Budget or Actuals) at run time, via a variable. It then serves as the sender for a RRI jump target. It passes the CC hierarchy, Comp Code, Fiscal Year & Asset Class.
  The DRILDOWN receiver query displays Assets filtered by Comp Code, Fiscal Year, Asset Class and the CC Hierarchy, but it needs to restrict access to certain CC ranges based on the roles outlined above.
  Is this possible in NW2004s? If so can anyone point me towards a solution?
  Many thanks,
  M

  Hi Nitesh,
  From what you describe, this would be a good case to use variables in your analysis authorisations. You can specify a variable value for the BUKRS field and have a couple of options to populate the values which are picked up in the query execution.
  You will need to ensure that you activate the istep to read customer exit variables and have the query variable set as customer-exit. Once those are complete, you can create a custom table to maintain the mapping of groups to company codes, or to read the company codes directly from your ERP system (if you want to base authorisations on what the users can see in ERP) and populate the table with those values.
  However you populate the value to the variable, I think this approach will get you closer to minimal maintenance going forward. Enhancement RSR00001 should be implemented, some help documentation for this below
  http://help.sap.com/saphelp_nw70/helpdata/en/1d/ca10d858c2e949ba4a152c44f8128a/content.htm
  Hope this helps,
  Tom

• I would like to create a sine wave in Illustrator. How do I do this in a simple way?

  Hi,
  As the title suggest I would like to create a sine wave in illustrator. I know that applying the zig zag effect to a line and choosing "smooth" will create a cosine wave. But is there a simple way like that to create a sine way? Or any way at all?
  Thanks for the help!
  ekmanch

  1. start with the zig zag effect
  2. with the scissor tool cut where the ends of the red line is - I made the rest blue to make it clear
  3. delete the blue segments to get this
  4. using the black pointer or scale tool stretch horizontally to match the reference
  5. using the white pointer select one of the smooth anchor points, and using the Scale tool and holding Shift drag to scale constraining horizontally until the curve matches the reference
  6. select the other smooth point and with the scale tool selected press the Enter key on your keyboard twice to apply the previous scale
  click the image to see it larger

• ApexLib and Implementing in-field validation the simple way.

  Hello again,
  I have installed and configures ApexLib and attempted to do what was just answered, but I put it on the back burner until I could get a few other problems solved. What put me on hold utilizing ApexLib was a message about t20Messages not being found. Once I get these other issues resolved, I will revisit ApexLib, but since I did mention it, any help with the following error would be great... Not so important, but good to know how to get fixed and implemented.
  bq. --- Error Message \\ Message section t20Messages not found. Error:<span class="ApexLibError">Height (inches) has to be between 0 and 100. \\ --- end of Error Message
  This is a different field test being conducted, but the error is the same... a pop-up being displayed instead of a in line message.
  Anyone who has time, a pointer would be appreciated, although, until I am on track with some other issues, it is not on my priority list as being terribley important to me right now.
  Thanks,
  Charles

  Hi,
  in the page 0, you will be having one region called ApexLib - Handle error page
  region definition and in the region source it should be like this
  <script type="text/javascript">
  apexlib.error.init
    ( "t12Messages"
     , "t12Notification"
     , "#6699cc"
     , "#000000"
     , apexlib.error.DISPLAY_LOCATION.FIELD
  apexlib.error.handleErrorPage();
  </script>Note the line apexlib.error.DISPLAY_LOCATION.FIELD
  hope u got it
  bye
  Srikavi

• Analysis Authorization problem (new BI auth concept)

  Hi,
  I am trying to implement a analysis authorization for controlling the sales organization characteristic.
  I am working in a APO system.... when I set a * in the value list for the sales organization ..... I can select characteristic in demanding Planing   without problem....
  but when I create a whole list of all possible values (selecting from a pop up list) in the analysis authorization like this
  I EQ 2000
  I EQ 2001
  I get a message :
  You do not have authorization for all the
  characteristic values selected
  I will appreciate any idea
  Thanks
  FedeX

  Hi,
  I was able to trace the problem...and now I do not understand why I get as Result : "Not Authorized"
  here the last part of that trace log:
  Value selection partially authorized. Check of remainder at end
  Following Set Is Checked
  Contents
  SQL Format:
  NOT /BIC/YWSO_S
  ORG IN ('#','0605','0624','0625','0707','0807','2000','2001','707','807',':')
  AND TCAACTVT = '03'
  Comparison with Following Authorized Set
  Characteristic Contents
  0TCAACTVT I CP *
  I EQ #
  I EQ 0605
  I EQ 0624
  I EQ 0625
  I EQ 0707
  I EQ 0807
  I EQ 2000
  I EQ 2001
  I EQ 707
  I EQ 807
  I EQ :
  Result
  Not Authorized
  All Authorizations Tested
  Message EYE007: You do not have sufficient authorization
  No Sufficient Authorization for This Subselection (SUBNR)
  Following CHANMIDs Are Affected:
  103 ( <charac name> )
  Remaining Set
  <no info in this column>
  I really not identify any difference between the data in Following Set Is Checked and Comparison with Following Authorized Set
  well if someone has some idea... I will appreciate it.
  Thanks
  FedeX
  Edited by: FedeX on Apr 1, 2009 4:33 PM

• Rational approach for Analysis Authorization:

  This post is regarding the implementation of Analysis Authorization.  Considering the role based approach; please let me know the optimized way to implement the analysis authorization such that there will be very low maintenance.
  For e.g. I have queries which need to be restricted at data level PLANT wise. So I mark the characteristic 0PLANT as authorization relevant. There are 150 plants so I create the 150 Analysis Authorizations and put each one of them in roles (1:1) resulting in 150 roles. In addition; 151th Role and Analysis Authorization for ALL plant access.
  Now to restrict the queries themselves, I create a Role with object S_RS_COMP , S_RS_COMP1 (For queries) ; S_USER_AGR  and S_USER_TCD( for  workbooks).
  Then I create a composite role  with above 2 single roles (one containing AA and other role for Query restriction)and assign it to user.
  Now suppose when I need to restrict data at some other level say DIVISION wise. Then I would be again creating analysis authorization for all the divisions and putting them in roles.
  Using this approach ; there would be many roles and analysis authorizations. Also during production support it may be cumbersome to debug the errors.
  Please comment if any other approach for implementing the above scenarios.
  Regards,
  Ajit
  Edited by: Ajit Nadkarni on Apr 4, 2010 5:47 PM

  Hi,
  I had a similar requirement where in we had 178 plants and each plant manager has to see their own site by default in the selection screen when they run the query.
  By defalut it should display there own site but its not restricted to only that site. Managers can also look into other sites but by default they wanted their own site to be displayed.
  So I have created DSO and did mapping with username and store. And in query I created a variable in plant of type customerexit and written exit in CMOd using I_STEP 1. This solved our requirement. But to restrict to particular site i guess we can extend the routine in cmod.
  Thanks
  Srikanth

• APO - Demand Planning: Tracing Analysis Authorizations

  Hi,
  I was wondering if there is a way to trace analysis authorizations for demand planning?
  I have an APO concept that uses analysis authorizations. A user gets blocked in transaction /SAPAPO/SDP94
  If I run ST01, the missing value is in S_RS_AUTH, meaning Analysis Authorizations are missing.
  However,
  I can't seem to find a way to trace transaction /SAPAPO/SDP94 as another user with RSECADMIN.
  Any advice?
  FYI - I do NOT want to assign 0BI_ALL.
  Thanks for your help

  Hello Mariano,
  ST01 and SU53 tells me it's Analysis Authorizations that are missing.
  It's asking for S_RS_AUTH object 0BI_ALL. If I assign 0BI_ALL everything works; but that is NOT what I want to do.
  Hence I know it's related to Analysis Authorizations and I would like to know HOW to trace WHAT analysis authorizations are missing.
  Best regards,
  Tom

• Comparison of analysis authorization roles ?

  Hello Experts,
  I am using BI7.0 new analysis authorization concept.
  I know how to compare pfcg role across systems but does anybody know how we can compare analysis authorization roles across systems?
  Thanks and Regards
  Imran

  Hi,
  Easy comparison of roles (PFUD):
  Many times the Role Comparison (Profile match up) is required after the transport of roles. One usually does it from PFCG for each role individually. For a quick solution to this problem, use transaction code PFUD.
  Please check the below link :
  http://help.sap.com/saphelp_bw21c/helpdata/en/5c/deaa7dd3d411d3970a0000e82de14a/content.htm
  http://help.sap.com/saphelp_nw04/Helpdata/EN/5c/deaa7dd3d411d3970a0000e82de14a/content.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/c1/db3fc2fd3111d5997a00508b6b8b11/content.htm
  http://help.sap.com/saphelp_mic10/helpdata/en/69/1810a4c51144dc833353183155ec88/content.htm
  Regards
  Sreedhar Reddy

• How to get Query Results based on Analysis Authorization Ranges????

  Hi Experts,
  I have gone through the lot of SDN Links, however not able to find the answer to my question.
  I have an Authorization Issue, “NO Authorization “
  Error : EYE 007 ( Insufficient Authorizations )
  <b>Here is the issue:</b>
  Need to see the complete query result when I gave the range in Analysis Authorization for Controlling Area 001-005. Controlling Area is auth relevant and right now a variable is inserted in the query for it. If I select Controlling Area 001, the result for Controlling Area 001 is displayed in query. If 002 then also displayed. If I do not enter anything, then I get the <b>Eye 007 error message</b>.
  I am not sure how do I display/authorize the entire result in the query for all the Controlling Areas, I have authorized user to see??
  <b>Its really urgent, please help..!</b>
  Here are the logs:
  Authorization Check Log
  Date and Execution Time (Local Server)
  Execution Date: 06.09.2007
  Execution Time: 14:48:41
  Executed Query: 0CCA_C11/GBCCA_MP01_Q0002_AP
  Executed by User ZBI_TEST_001
  Executed with Analysis Authorizations of Another User ZBI_TEST_001
    InfoProvider Check  
  Building the Buffer...
  ...Buffer Built
  Are there authorizations for accessing InfoProvider 0CCA_C11 with activity 03?
  Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03 
    InfoProvider Check  
  Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03 
    Relevant Characteristics for Detailed Authorization Check  
  (Characteristics with Full Authorization Are Not Listed!)
    List of Effective Authorization-Relevant Characteristics for InfoProvider 0CCA_C11:  
  0CO_AREA 
  0TCAACTVT 
    Relevant Characteristics for Detailed Authorization Check  
  (Characteristics with Full Authorization Are Not Listed!)
    List of Effective Authorization-Relevant Characteristics for InfoProvider :  
  List Is Empty:
    There Are No Characteristics That Have to Be Checked in Detail  
    Authorization Check  
    Detail Check for InfoProvider 0CCA_C11  
    Preprocessing:  
  Selection Checked for Consistency, Preprocessed and Supplemented As Needed
  Subselection (Technical SUBNR) 1
  Check Node Definitions and Value Authorizations...
  Node- and Value Authorizations Are OK
  End of Preprocessing
  Filling the Buffer...
  ...Buffer Filled
    Main Check:  
    Subselection (Technical SUBNR) 1  
  Supplementation of Selection for Aggregated Characteristics
    No Check for Aggregation Authorization Required  
  Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
  Characteristic  Contents 
  0CO_AREA
  0TCAACTVT
  SQL Format:
  CO_AREA = '0003'
  AND TCAACTVT = '03'
  Characteristic  Contents 
  0CO_AREA  I BT 0001 0005
  0TCAACTVT  I EQ 03
  I EQ 16
  Authorized   
    Subselection (SUBNR) Is Authorized  
    Authorization Check Complete  
    Authorization Check  
    Detail Check for InfoProvider 0CCA_C11  
    Preprocessing:  
  Selection Checked for Consistency, Preprocessed and Supplemented As Needed
  Subselection (Technical SUBNR) 1
  Check Node Definitions and Value Authorizations...
  Node- and Value Authorizations Are OK
  End of Preprocessing
  Filling the Buffer...
  ...Buffer Filled
    Main Check:  
    Subselection (Technical SUBNR) 1  
  Supplementation of Selection for Aggregated Characteristics
    No Check for Aggregation Authorization Required  
  Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
  Characteristic  Contents 
  0CO_AREA
  0TCAACTVT
  SQL Format:
  TCAACTVT = '03'
  Characteristic  Contents 
  0CO_AREA  I BT 0001 0005
  0TCAACTVT  I EQ 03
  I EQ 16
  Partially or Fully Authorized (Intersection)   Characteristic  Contents 
  0CO_AREA
  0TCAACTVT
  SQL Format:
  ( CO_AREA < '0001'
  OR CO_AREA > '0005' )
  AND TCAACTVT = '03'
  Value selection partially authorized. Check of remainder at end
  Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
  Characteristic  Contents 
  0CO_AREA
  0TCAACTVT
  SQL Format:
  ( CO_AREA < '0001'
  OR CO_AREA > '0005' )
  AND TCAACTVT = '03'
  Characteristic  Contents 
  0CO_AREA  I BT 0001 0005
  0TCAACTVT  I EQ 03
  I EQ 16
  Not Authorized   
  All Authorizations Tested
    Message EYE007: You do not have sufficient authorization  
    No Sufficient Authorization for This Subselection (SUBNR)  
  Following CHANMIDs Are Affected:
  184 ( 0CO_AREA )
    Authorization Check Complete  

  Hi,
      Have you defined the vaule for 0CO_AREA as BT 001-005 in you Authorization for 0CO_AREA.Also how have you defined your Authorization Variable on the query? Have you define as select options or interval? I thing you need to define it as interval or select options.
  Hope it helps,
  Cheers,
  Balaji

• How to implement Custom Authentication and Authorization in Oracle SOA 11g

  Can anyone please tell me, how to implement Custom Authentication in Oracle SOA 11g ?
  Because in Oracle SOA 10.1.3.4 , i have implemented this custom authentication and authorization by implementing BPMAuthenticationService, BPMAuthorizationService, BPMIdentityService to verify againt my database systems.
  implementation classes like the mentioned below
  1).
  public class SampleAuthenticationService extends SampleServiceBase implements BPMAuthenticationService {
  2).
  public class SampleAuthorizationService extends SampleServiceBase implements BPMAuthorizationService {
  3).
  public class SampleIdentityService extends SampleServiceBase implements BPMIdentityService {
  Please help me to implement the authentication and authorization in Oracle SOA 11g .
  thanks in advance

  To start with please go through following document
  http://docs.oracle.com/cd/E21764_01/integration.1111/e10231/adptr_jms.htm
  http://docs.oracle.com/cd/E23943_01/integration.1111/e10231/adptr_file.htm
  Regards
  Arpit

• How to implement a simple node-edge graph?

  Can any one give me some advice on how to implement a simple node-edge graph in a frame? Every node is a rectangle which can be moved by mouse, and every edge is a arc between two nodes.
  Should the node class extend JPanel, and the edge class extend Graphics? and so on?

  It is impossible to generate similar update from OWB.
  Does your table1 contain primary key columns? What is the number of rows in this table?
  The only working solution in this case - use table1 twice in mapping - as source and as target (with UPDATE operation),
  link these operators with primary key columns and specify matching by PK columns.
  Updated column link to Constant operator attribute.
  In this case OWB generate SQL like
  merge table1 a
  using table1 b
  on (a.pk_column=b.pk_column)
  when matched then update set column1=1
  Regards,
  Oleg

• How to implement simple CEV rules?

  Hi,
  I have some doubts how to implement very simple CEV rules (ex: When enddate is filled then determinationdate is sysdate)
  When i follow the CDM Guidelines then I have to create a custom routine and make a derivation expression for the column.
  When i use commom sense I do a update in the BR implementation. Saves a lot of work.
  What is the opinion of the Headstart team?
  Regards, Jan-Derk

  Hi Kathyaini,
  For using a XML connection as data source then you have to follow the below:
  Configure the following elements as described below:
  u2022 <JavaDir>
  u2022 <Classpath>
  u2022 <JDBCURL>
  u2022 <JDBCUserName>
  u2022 <JDBCClassName>
  It will prompt you for the class name and path of the URL using, that also depends upon the data base you use.
  It is different for each database like oracle, sql and DB2.
  For configuring the connection you should follow the process for each database.
  JDBCURL  - The JDBCURL parameter value is the default JDBC connection URL that will be displayed in Crystal Reports when you create a new JDBC data connection. The exact format of the connection URL is specific to the database driver and is provided by the database driver vendor.
  For example, the connection URL for the Oracle JDBC driver is:
  jdbc:oracle:thin:@<hostname>:<port>:<sid>
  Sample for SQL Server:
  jdbc:microsoft:sqlserver://SERVERNAME:1433
  Sample for DB2:
  jdbc:db2:XTREME
  JDBCUserName  - Default username for the Database
  JDBCDriverName - The JDBCDriverName is the default full classname of the JDBC driver that will be displayed in Crystal Reports when creating a new JDBC data connection..
  Oracle: oracle.jdbc.driver.OracleDriver
  Let me know if any.
  Regards,
  Naveen.

• How to implement this complex logic on rpd

  How to implement following sql logic on OBIEE 10g RPD...whole thing to be implemented as single column on presentation layer.
  to calculate numerator===
  select sum(flag) as ap_account_no,exp from                                                                                           
  (select a.invoice_id as invid,a.payment_no, max(a.payment_dt) as payment_dt,max(a.due_dt) as due_dt,b.expenditure_type as exp,                                                                                          
  case when max(a.due_dt)+ 3 > max(a.payment_dt)                                                                                           
  then 1                                                                                           
  else 0                                                                                           
  end As Flag                                                                                          
  from Supplier_inv_pymt_map a, po_invoice_map b                                                                                          
  where a.invoice_id= b.invoice_id and a.invoice_dt!=a.due_dt and a.usd_gross_AMOUNT >0 and a.PAYMENT_STATUS!='VOIDED' and to_char(a.payment_dt,'MON-YYYY')='JUN-2011'                                                                                          
  group by a.invoice_id, a.payment_no,b.expenditure_type) GROUP BY exp                                                                                          
  to calculate denominator===
  select count(invid),exp from                                                                                      
  (select a.invoice_id as invid,a.payment_no, max(a.payment_dt) as payment_dt,max(a.due_dt) as due_dt, b.expenditure_type as exp                                                                                     
  from Supplier_inv_pymt_map a, po_invoice_map b                                                                                     
  where a.invoice_id= b.invoice_id and a.invoice_dt!=a.due_dt and a.usd_gross_AMOUNT >0 and a.PAYMENT_STATUS!='VOIDED' and to_char(a.payment_dt,'MON-YYYY')='JUN-2011'                                                                                     
  group by a.invoice_id, a.payment_no,b.expenditure_type) GROUP BY exp                                                                                     
  tables n column used in sql r available on physical layer....
  can anyone help

  Hi
  if you don't want to aggregate try to define a user function
  analytic_sum($(value))
  implémented by
  sum($(value))
  after that
  replace your
  sum(NOTICES) over ( partition by property order by RELAVANTDATE range between interval '30' day preceding and current row)
  by
  analytic_sum(NOTICES) over ( partition by property order by RELAVANTDATE range between interval '30' day preceding and current row)

• How to implement authorization at sales order/projects level?

  If we open a sales order in VA02 and then try to open the same sales order in another session in VA02, there will be a message that the sales order is being processed. 
  I wish to implement similar functionality in my application which consists of editable report. 
  I tried to debug the situation in VA02 case mentioned above, to know something more about it, but could not understand anything!
  I know that lock objects can be helpful in this, but in my case there can a be range of sales orders (and projects within a range of profit centers). 
  How to implement such a functionality?
  Edited by: Ankit Modi on Dec 30, 2009 10:54 AM
  Edited by: Ankit Modi on Dec 30, 2009 10:55 AM

  @ Max -
  Yes Max, but the problem is that I want the lock on many sales orders at a time.  Its like, there is a report in which many rows (for sales orders) are editable.  I want all those to be locked at a time. This will not work by Lock object, I believe...
  @ Soumya -
  Yes Soumya, but, as I explained above, I want a range of sales orders rather than a sales order in particular.  That will not work by lock object.  Right?