Issues with Analysis Authorization on Infoset

Similar Messages

• Issues with Analysis Authorization checks in APO

  Hi Friends,
  I am facing an issue with Analysis authorization checks in APO.
  We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
  Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
  This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
  In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
  However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
  Resultant trace results are as below: This should not happen..
  I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
  Will it be possible for you to advise on what could I be missing.

  Hi All,
  If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
  while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
  Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
  Please advise.. Thanks..
  Regards,
  Prakash

• Issue with Analysis Office Add in

  Hi,
  User are having an issue with Analysis Office and giving the error.
  From Analysis Office-> Open workbook->after Login to AO using BW connection
  After opened the report ->when refresh the report, getting the error
  "An Exception occurred in one of the data sources. SAP BI Add in has disconnected
  Nested Exception. See inner exception below for more details
  Initial RANGE-LOW for customer exit variable ****_EXIT_001 corrected ..
  Under details
  An exception has occurred in one of the data sources.
  SAP BI Add-in has disconnected all data sources.(ID-111007)
  We are using BO AO for MS Office Add-in 1.4 SP3 in BO server.
  Please let me know the reason for this error and how to fix this.
  Thanks in advance.
  Jayakrishna

  Hi Krishna,
             Thanks for the reply.  The Sales office field is directly mapped  in the transformation and does not have any routine. Its the Key field.
  The Billing Document Condition infocube is being feed by the DSO '2LIS_13_VDKON - Billing Document Condn' and datasource is '2LIS_13_VDKON'.
  The Open Orders infocube is being feed by the DSO Document Order item / Delivery;  below which we have another 3 DSO.
  1st DSO has the Datasource '2LIS_13_VDITM'
  2nd DSO has the Datasource '2LIS_11_VAITM'
  3rd DSO has the Datasource '2LIS_11_V_SSL'
  The Sales Office 7 has txn records for the month of April & May.
  The report built on top of a Multiprovider and the for the months June and July, we have txn records fine for the sales office 01 - 06.
  Please help me, if i am missing anything here and make me to understand better.

• Problem with analysis authorization- 0BI_ALL always needed

  Dear all:
  we have a serious issue on so-called "analysis authorization" now. We have auth-restricted user who only have authorization to access data on one company code. We also create a BI-authorization in analysis authorization and assign the following auth-relevant object to this authorization-
  0TCAACTVT = 01-03
  0TCAIPROV = ALL
  0TCAVALID = ALL
  0TCAKYFNM = ALL
  0COMP_CODE = A001
  And we create one query with only company code and number of employee in the row and column. But everytime we execute this query, there s always message" No Authorization". We used ST01 to trace and the result shows we need to have "0BI_ALL" in auth object S_RS_AUTH. If we added 0BI_ALL, all company code data will display, which definitely no auth restriction at all. Is there any specific authorization setting we need to do?
  We are stuck here pretty bad. Thank you all in advance if any input.
  BR
  SF

  Hi,
  I guess the Authorization profile is active , and in the Tcode PFCG -> Role name -> User tab page ( user comparision is done ).
  Check if any of the tab page shows red light .
  And assignment of 0BI_ALL is not a solution , as any user can do anything in the system.
  Also do not forget to log - off and log-in into system after changing into any of the authorization profile to see changes that had happened.
  Hope that helps.
  Regards
  Mr Kapadia
  Assigning points is the way to say thanks in SDN.

• [CUA] Compatibility with Analysis Authorizations (RSECADMIN)

  Hello,
  I have two questions for you, BI experts :
  1) Could someone please confirm that it is not possible to centrally maintain Analysis Authorizations (trx RSECADMIN) from the CUA ?
  2) Does it make sense to start a CUA project now with the Identity Management solution coming soon ? What are the pros & cons of each ?
  Thanks in advance.
  Best regards,
  Guillaume

  Hi,
  I had a look at the Roles and Profiles tables used by CUA.
  I found that it uses special tables such as :
  USRSYSACT     CUA: Roles in Distributed Systems
  USRSYSACTT     CUA: Roles in Distributed Systems
  USRSYSPRF     CUA: Profiles in Distributed Systems
  USRSYSPRFT     CUA: Profile Text in Distributed Systems
  USLA04          CUA: Assignment of Users to Local  Roles
  USL04          CUA: Assignment of Users to Local Profiles
  There is no analogous table for RSECADMIN tables such as :
  RSECAUTHGENERATD     BI AS Authorization Reporting: Generated Authorizations
  RSECLOG               Storage for Authorizations Logs xml
  RSECTXT               Authorization Texts
  RSECUSERAUTH          BI AS Authorizations: Assignment of User Auth
  RSECVAL               Authorization Value Status
  This, I conclude that it is not possible to maintain BI analysis authorizations from the CUA central system.
  This kind of authorizations has to be performed in the child system directly.
  Unless, SAP has something to draw out of its pocket soon... 
  I indeed read that some development was done on the CUA, parallel to the SAP NW Identity Management solution.
  Best regards,
  Guillaume

• Scheduling issue with Analysis for Excel

  Hi,
  I am trying to schedule a workbook in Analysis for  Excel from CMC. The schedule always fails when I uncheck the APPLY DEFAULT FORMATS in the components tab of the Display Analysis. The schedule works fine if this box is checked. Has anyone come across this issue?
  Analysis Excel Version: 1.4.5.2837
  Thanks,
  Kal

  Hi Tammy,
  Sorry for getting back to you so late. We are right now BIP-add on SP5 for Analysis Office. We are planning to have BIP-add on SP6 next week. Dont know if this will solve my issue but something to try.
  Thanks,
  Kal

• Analysis Authorizations on Infosets

  Hi,
  I just wonder if analaysis authorizations work on infosets in SAP BW(701) SP8.
  I have got Infoobject A, which is authorization relevant. When I use this object in DSO/Cubes/Multiproviders then data level authorizations(analysis) are work fine.
  But when I use this infoobject into an infoset then it has become F35_XXX. When I create authorization variable on F35 and restrict value of A to certain values in RSECADMIN(analysis Auth). then it is simply allowing user to all values of A instead of restricting access to values specific in RSECADMIN.
  At the moment my analysis auth is restricted as follow:
  0TCAACTVT = 03
  0TCAIPROV = Infoset name
  0TCAVALID = *
  A = 100
  Am I missing anything?
  Regards,
  Ramesh

  Hi Ramesh,
  Infoset authorization should also work for authorization relevant navigational attributes.
  Navigation attribute has it's own setting for authorization relevant. It is set in RSD1 attribute tab.
  Can you check whether it's set to authorization relevant there?
  In addition, if a use has full authorization(*) for a certain characteristic (or navigation attribute), it might not be listed in the authorization log as detailed check does not need to be done for it.
  Best regards,
  Patricia

• Issue with display data from infoset

  Dear Experts,
  When I am trying to display data from BI INFOSET in (Execute in background ctrl+F2)backend it is working fine but when in try to run the execution in forground (execute F8) then the system gets hang.. and time out. could any one has this kind of experience. if so kindly let me know do i need to implement any patch or  else which way i can do work to resolve this issue.
  Thanks in advance.
  Mannu

  Hi Krishna,
  I have tried as you have suggested ie. using Tcode RSISET for displaying data but still i have the same issue.
  Could any one post any additional suggestions to follow.
  Thanks in advance,
  Mannu

• Issue with the authorization

  Dear all,
  There is one multiprovider. It points 2 cubes. Activity cubes and Opportunity cubes.
  Now reports works fine and if a person has SAP_ALL access. if a user has only access few roles then keyfigures from Activities cube is not being displayed.
  Key figures from Opportunity cube is being displayed.
  Additional information:-
  In Opportunity cube we have one authorizatio object but in Activity cube there is no authorizatio object. I am not sure if we need to have authorization object defined for activity cube too.
  We have recently migrated the old authorization(3.5) to new authorization(7.0).
  This is highly critical. Appreciate your immediate inputs.
  Thanks & Regards,
  Anup

  Hi Anup,
  As there is a Authorization object in a Cube, it means this object is most probably there the Multiprovider  as well.
  The InfoObject Authorization restrictions are applied at the Infoobject level and not at the Cube/multiprovider level, meaning say 0Plant is authrization relevant, then whenever it is being used ( cube/multiprocider) it will be restricting the user access and asking for roles. No matter if the 2nd cube has this object or not still it will be restricted as its there in multiprover.
  So better provider users with that roles.
  Regards,
  Pratap Sone

• Issue with storing authorization information, trying to start Home Sharing

  I am currently attempting to set 'Home Sharing' up on my iTunes so that I will be able to share music and videos between two computers in my household. Both computers are on the same network, my home network. When I attempt to start Home Sharing, the following phrase pops up after putting in my iTunes username and password:
  "There was an error storing your authorization information on this computer." (followed by other writing)
  If anyone can help me to correct this issue and to start my Home Sharing it would be greatly appreciated.

  Hello \'CUSE FAN,
  I would recommend taking a look through the following article.
  Troubleshooting Home Sharing
  http://support.apple.com/kb/TS2972
  Cheers,
  Allen

• Issue with Analysis Connection

  Hi to all! I have installed BoBj 4.1 edge edition.
  When I try to open OLAP connection in CMC I receive the following error:
  Analysis, edition for OLAP encountered an unexpected exception at 18:14 that has caused it to close.
  The following reasons may have caused the unexpected exception:
  Analysis, edition for OLAP has timed out. Your workspace may have been automatically saved to your Favorites folder as an "autosave" file.
  A fatal exception has occurred. Log on again to Analysis, edition for OLAP.
  If you repeatedly see this error, contact your administrator.
  Have anyone experience the same problem? All BI platform servers are running properly.

  Hi,
  please clarify this a bit.
  Does this error occur when you try to modify an exisiting OLAP connection in the CMC or does this happen when you try to open an Analysis for OLAP Workspace?!
  If the second one please check
  http://service.sap.com/sap/support/notes/1962431
  Regards
  -Seb.

• New PC, new itunes, and iphone. Having issues with pairing/authorization/library transfer

  Hello all,
  I recently got a new PC. Before unplugging the old one, I deauthorized it from itunes. I immediately authorized the new computer. I also have cloud syncing on (for all the good it's doing me)
  (HATE the new itunes btw - I find the user interface SUPER confusing and none of the itunes articles use the new version for reference).
  Anyway, I must have messed up the initial sync or something. For some reason it's recognizes all of my apps, and happily adding anything I download from the phone back onto the computer - but everything else is a mess. I had to recreate my podcast subscriptions (no biggie) but it won't let me sync my music library back and forth (nor my audio books). It only seems to want to let me erase my music library on the phone with the mostly empty one on the computer. It's not recognizing the playlists from my phone at all on the PC, and today I bought some new songs on the PC and it won't let me add them to those playlists.
  I even tried "transferring" back....but it's still not letting me access playlists and music libary
  Any suggestions would be MOST appreciated. I'm not particularly interested in losing my entire music library that's on my phone. If I had to lose anything I guess I'd prefer to lose the songs I bought today on the PC.

  Copy your whole iTunes folder from the old computer to the same location on the new one.  It is trying to erase the phone because the phone is synced to the library on the old computer and does not recognize the one on the new computer.  You can transfer purchases from a phone to a computer but otherwise file transfer is one direction, computer to phone.

• Analysis Authorization : Selection screen not appearing for query

  Hi,
  I am facing an issue with analysis authorization. I have created the new roles and assigned to the users. For one user when I am executing the query, the selection screen is not coming up and it shows error message to specify the variables. Whereas its running for all other users.
  In S_RS_COMP I have selected Type of a reporting component as Query View, Query & Template structure. I also tried adding Variable in this field but that also did not help.
  Please let me know if you have faced similar issue.
  Regards,
  Manish

  Hi,
  Go to your query desinger opend your query and select your variable in that you have see first "Ready Input Query" Check box is selected or not. It's not selected you can select that check box.
  Your problem will be sloved.
  Thanks & Regards,
  venkat.

• Analysis Authorization based on Hier node with multiple display hierarchies

  Hi guys - I've got a problem where s.o. might have an idea of how to switch on the light at the end of the tunnel, I am currently standing in:
  Requirement:
  Cost Center Authorization should be given through RSECADMIN, reporting should be possible for any hierarchy that exists for the authorization relevant info object.
  Preferred solution:
  The Cost Center Analysis Authorization should be given through RSECADMIN - Hierarchy node assignment.
  u2022     A dedicated Authorization Cost Center Hierarchy will be maintained in ECC6 as an alternative cost center hierarchy and extracted into BW.
  u2022     The RSECADMIN Hierarchy node assignment should be based on a particular node (Type 2).
  u2022     The display level will be specified as required (here: Level 7)
  u2022     The Authorization granted should be independent of hierarchy name and version (validity 3).
  Reporting Scenario and technical impact:
  As mentioned above, when designing and running a query the user should be able to freely select other (i.e. than the authorization) display hierarchies for the authorization relevant reporting object 'Cost Center' as well. The technical names of the semantically relevant hierarchy nodes could therefore vary. E.g. cost centers 1, 2 and 3, being assigned under hierarchy node u2018Au2019 of the RSECADMIN relevant authorization hierarchy, could be subsumed by hierarchy node u2018Bu2019 in another display hierarchy, which the user may want to display in accordance to his reporting needs. Ideally, the alternative display hierarchy should therefore display node u2018Bu2019.
  My findings so far (based on prototyping) turn out that this is not possible as long u2018Bu2019 (and its hierarchy) is not authorized in RSECADMIN. Can these findings be confirmed? And if not, would anyone have an idea of how to facilitate the reporting scenario?
  Would there be any other way to grant access, possibly based on RSECADMIN single values, and also enable the user to flexibly display hierarchies with only those hierarchy nodes whose single cost center values the user has been given access to?
  Thanks everyone for your input...
  Claus
  Edited by: Claus64 on Jul 13, 2009 4:10 AM

  HI CLause,
  On Jul 14 2009, you wrote in SDN and said:
  FYI: Found a solution...
  The hierarchy analysis authorization will be based on a navigational attribute of cost center.
  With analysis authorizations it is possible to declare the Auth object (e.g. 0COSTCENTER__RACCAUT0) as authorization relevant and leave the superior object 0COSTCENTER auth irrelevant.
  The auth will be given for 0COSTCENTER__RACCAUT0. This object will be placed as a filter of the query, being restricted by an Authorization variable for hierarchy nodes.
  Due to the concept of Analysis Authorizations, this variable will automatically pick up the nodes granted as part of RSECADMIN Hierarchy based Authorization.
  As mentioned above, 0COSTCENTER as the regular reporting characteristic remains auth irrelevant and can therefore take any hierarchy thatu2019s available. Reporting on single values will be possible, too. Only those nodes show up that hold the authorized cost centers in accordance to the authorization.
  If the auth relevant 0COSTCENTER__RACCAUT0 is not used in the query definition by either not taking it in as a filter or skipping the Auth variable, the query will launch the message that the authorization is missing. No data show up at all.
  Claus
  See this thread:
  Analysis Authorization based on Hier node with multiple display hierarchies
  I am also in the same situation as you and need to understadn your solution. I understand that you created a Nav Attr on 0COSTCENTER and made this auth relevant whilst ensuring that 0COSTCENTER is NOT auth relevant. This is all fine. The issue was you have multiple hierachies for 0COSTCENTER, how did the new Nav Attr help you solve your issue. When loading 0COSTCENTER what values did you load ino the new Nav Attribute and how did that link to the hierachies? Also, in RSECADMIN you created hiearchy nodes based on the Nav Attribute but I am confused as to what values you have in the Nav Attr.
  I appreciate if you can share your solution from the past in more details.
  many thanks

• BW Analysis Authorization on two charcteristics issue

  I am familiar with analysis authorizations in BW 7.0 and worked on it.
  Today we have blanket authorization (RSECADMIN) for 0TAX_NUMB = *. Meaning user who has this auth/role can see values (from where ever 0TAX_NUMB is used, all company codes etc). And as you might know 0TAX_NUMB is used in 0VENDOR & 0CUSTOMER master data (as an attribute). This works well, because its easy
  Now, new requirement is to create more strict analysis authorizations for 0TAX_NUMB based on other characteristic values.
  Auth1 (should apply to 0TAX_NUMB used in 0VENDOR):
  0TAX_NUMB = all values and only for vendor account group = XXX
  Auth2 (should apply to 0TAX_NUMB used in 0VENDOR):
  0TAX_NUMB = all values and only for vendor account group = yyy
  Auth3 (should apply to 0TAX_NUMB used in 0VENDOR):
  0TAX_NUMB = all values and only for vendor account group = zzz
  Auth4 (should apply to 0TAX_NUMB used anywhere other than 0VENDOR, for example, as I said above its also used in 0CUSTOMER and may be used elsewhere in future):
  0TAX_NUMB = all values
  Do I also need to add 0CUSTOMER here? unable to visualize!!!
  Also, 0TAX_NUMB and Vendor account group will have colon authorization.
  So, at this time I am not sure how this will impact other queries with following scenario(s):
  User1 has auth1:
  Here, User1 can see tax_numb values for vendor act grp XXX, thats good, so far.
  But can user see query results where tax_numb is not used but would like to see all vendor account group related data (or other than value XXX)?
  User2 has auth4:
  Since this auth has blanket tax_numb, can user2 see all values for tax_numb used in 0CUSTOMER (which he/she should) and also in 0VENDOR (he/she should not)...
  And what about queries that do not have 0TAX_NUMB (but infoprovider has)? Colon auth on TAX_NUMB & Vendor act grp would resolve this?
  I appreciate your thoughts on this. We are BW 7.01 (Ehp1), SPS10.
  Regards
  -Bala
  Edited by: Bala Shetty on Dec 15, 2011 12:02 AM
  Edited by: Bala Shetty on Dec 15, 2011 12:04 AM
  Edited by: Bala Shetty on Dec 15, 2011 12:05 AM
  Edited by: Bala Shetty on Dec 15, 2011 12:09 AM

  Thank you Sushant.
  I am aware of these notes and provide basic information and also usage of value restrictions. I am looking for usage of different combinations for multiple characteristics (especially the attributes of master data)....
  Regards
  -Bala