No Masterdata for 0TCAACTVT, 0TCAIPROV, 0TCAVALID
All,
I'm trying to implement the Analysis authorizations within our new BI7 installation.
I've been trying to follow all the advice in the forum, help, and various presentations that are out there, and I'm hitting some road blocks.
I've activated all the 0TCA* and 0TCT* objects from business content, and I know they need to be marked as authorization relevant. However, none of the infoobject has as masterdata associated with it. Did I miss a step here? For example when i maintain 0TCAACTVT in RSD1 no data exists, similarly when i look at table /BI0/MTCAACTVT in SE11 there is nothing.
Do i need to manually enter the materdata in these new objects? If so what are the values?
Thank you for your help, I will award points for suggestions that are relevant. Please don't tell me to do a search on the forum, because I swear I've been doing just that for days.
Thanks again
Chris
There isn't supposed to by masterdata... the values come from a generic systems table. The values can be seen from within RSECADMIN if you try to edit the details of the object.
Similar Messages
-
BPS You have no authorization for the requested data
We are implementing Hierarchy node based security for our BPS.
When the user tries to display the planning layout, they get the error message "You have no authorization for the requested data "
I have given authorization to the relavant Infocubes, also checked the all the Authorization Relavant Info Objects and added theses Info Object to the custom authorization created in RSECADMIN.
Also added the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID to the custom authorization.
In pfcg, this authorization has been added to S_RS_AUTH. I have also given activity 02, 03, 16 values and a * to planning areas, functions, packages, groups, levels, folders, ... to the objects R_AREA
R_BUNDLE
R_METHOD
R_PACKAGE
R_PARAM
R_PLEVEL
R_PM_NAME
R_PROFILE
But still we get the same error.
Has anyone encountered this problem? Can you please provide me some clues to resolve this issueThank you very much Grevaz, but that template does not help.
I did run both ST01 trace and BI RSECADMIN trace. RSECADMIN Trace shows the below authorization failure
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR BETWEEN '4012001000'
AND '4012001999'
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Partially Authorized (Average) Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
206 ( 0FUNDS_CTR )
Authorization Check Complete
We have created custom authorization and trying to restrict based on hierarchy node.
One point I observed is, when I give access to all nodes with a wildcard * in the custom authorization, then the error disappears and the layout is visble. But our point here is to try to restrict based on the nodes and we cannot give display access to all nodes. -
hi
i have this report
employee emp group emp sub group number of employees
what steps i need follow at rsa1
what steps i need follow at rsecadmin
what setps i need follow at pfcg
can i gets tep by step processHi,
Do you want to restrict your report based on Employee ?? If so follow the below steps.
RSA1 - Make the Employee InfoObject as Authorization revlevant in the Business Explorer tab of the InfoObject.
RSECADMIN - Create an analysis authorization( AA ) with the following InfoObjects.
0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
and Employee InfoObject and restrict them with the values you feel you need to give authorization to.
Now assign the analysis auth to the user directly in RSECADMIN or you can create a role in PFCG and under the Authorization Object S_RS_AUTH give the new AA name.
Hope it helps.
You can go through the following document for detailed infomation on Authorizations.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
Regards,
Gaurav
Edited by: Gaurav Kothari on Oct 15, 2008 5:10 PM -
Object level authorizations for deffirent user restrictions
Hi
i have 1 object, this object have only 3 values?
i need authorizations for this object at report level?
rsa1- i keep authorization relevant?
rsecadmin i can include this object , here i need give from value and to value? i have 3 values only? suppose user 1 want only 1 value? user 2 need 2 and 3 value? how can i restrict like this ? ple let em knowHi Suneel,
Go to RSECADMIN.
Here, in maintain authorizations, create authorization for your characteristics along with the special characteristics.
i.e. in your case, create authorization(assume 0plant is marked as authorization relevant)
0PLANT
0TCAACTVT
0TCAIPROV
0TCAVALID
Double click on each characteristic to assign them the authorized value set.
Thus, you will create two authorizations
Z_PLANT_1
0PLANT...................I..EQ..............1
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Z_PLANT_2&3
0PLANT...................I..EQ..............2
..............................I..EQ..............3
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Go to RSECADMIN again in user tab in assignment, assign these authorizations created to the respective users.
Like assign User1 -
>Z_PLANT_1
................User2 -
>Z_PLANT_2&3
Refer the link below for more information
[Analysis Authorization|http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm]
Hope this helps,
Best regards,
Sunmit. -
Required Characteristics from 0BI_ALL for new custom object
Hello,
I created a small query with the following characteristics on 0BPARTNER info.provider
with the following characteristics
Rows:
Business Partner (0BPARTNER)
Country(0COUNTRY)
Region(0REGION) With Variable Mandatory
Now I need to secure this query by region.Hence started creating new authorization object ZREGUSCA using RSECADMIN and with the following charactertics / Dimensions limiting to only these characteristics out of 40 characteristics from 0BI_ALL.(I donot want to assign 0BI_ALL to S_RS_AUTH, if i do,i cannot secure this query)
0REGION
0TCAACTVT
0TCAIPROV
0TCAVALID
0APO_LOCNO
0CUSTOMER
0TCAKYFNM
My question is why do i need to have the last three characteristics (0APO_LOCNO,0CUSTOMER,0TCAKYFNM)
included in the object apart from the region and the special Characteristics? I found these three non related objects as required, after a lot of trouble shooting?
How do i know, what are the required characteristics if i want to secure by plant in another query?
I will really appreciate your responses and thoughts
Regards
SreeniHi Sreeni
Because the chars are auth relevant and are in the cube.
0TCAKYFNM is also auth relevant and therefore you need to authorize key figures.
Chars that are not explicitly in the drilldown must be authorized with aggregation auth, that is with the colon-sign :
You can find the information in the authorization protocol. There is a block auth relevant chars.
Record your query via RSUDO for the restricted user and flag the "with protocol" box or go to RSECADMIN->Error logs where you can enter your name to be logged always.
There, you will also find the protocol.
Best Peter -
Need analysis authorization help
Hello Gurus,
Could someone please help me out with my Analysis Authorization issue?
We have a BW query and workbook outputting "Tcode usage" like the following:
UserGroup| Username| Tcodename| Frequency
This one has been running long time without any problems in reporting authorization, but now We want to get it restricted and only allow data associated group HR to display using new Analysis authorization. The scenario for this report is as follows:
1. Rsecadmin >Maintenance> Create New authorization "Group" which consists of 4 characteristics: 0TCAACTVT, 0TCAIPROV, 0TCAVALID and 0TCTUSRGRP(which is the characteristic about group name and already authorizatio relevant). Set 0TCTUSRGRP "EQ HR".
2.Assigned this authorization to a role using PFCG through the S_RS_AUTH. Other authorization objects in this role are: S_BDS_D, S_BDS_DS, S_RS_MPRO, S_RSEC, S_RS_COMP, S_RS_COMP1, S_RS_HIER, S_RS_ICUBE, S_RS_ODSO.
3.In BEx analyzer, set type: Characteristic Values and Variable filled from authorization and value "Selection Option". Unselected "ready for input". Put the characteristic associated with group name to filter windown on the top righ hand side of the Query Designer. Also compare users in PFCG.
The question is the I still get all data about all groups. Looks like the authorization group doesn't work. I used the "execute as " and get no errors back.
Note: I didn't use "generation" to create the new authorization in Rsecadmin
Thank you very much for any answers!
HaifengI guess i have found the reason why my authorization dosen't work. I don't activate infoObjects 0TCA* and 0TCT* and infoCubes 0TCA* as well. But another thing I am confused about is :
Should I activate HR and CO businees content for authorizations 0TCA_DS02OTCA_DS05 and 0CCA_O010CCA_O03 before i get started? or should i run generation everytime i create a new authorization using Maintenance in Rsecadmin?
Haifeng -
Authorization issue "No authorization"
Dears gurus,
I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
Please let me know what is missing.
Best regards,
Pilar Infantas.Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
Check box -->with Log option
select RSRT option
hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
if not
again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
Hope it Helps
Chetan
@CP -
Issues with Analysis Authorization on Infoset
Hi all
We are facing an issue with Analysis Authorization on Infoset, it doesnt seem to throw authorization error when we access a record that is outside the authorization. We tried to use the same authorization set up from the same user we try to access the a record that is outside the authorization it behaves correctly.
Here is my setup
0CRM_MKTELM__0CRMCAMPTYP = ZA11
0TCAACTVT = *
0TCAIPROV = *
0TCAVALID = *
When I tried to access ZA12 it should throw an authorization error but for infoset it doesnt seem to work. Is there anything that we should take note for Infoset?Hi Chee,
I am getting similar issue.
I believe navigational attribute was already a authorization relevant in your case.
What and where did you set it as authorization relevant to make it work on infosets.
Regards,
Ramz -
NO Authorization .. EYE 007 -- Need inputs - still issue is there
Hi Experts,
i am very new to BI Authorization, can anyone help me to solve this issue..
<b>I have gone through the SDN Links,</b>
I have a Authorization Issue,<b> NO Authorization </b>
Error : <b>EYE 007 ( Insufficient Authorizations )</b>
I have follow this steps
An <b>Expert Guide</b> to New SAP BI Security Features <b>BY Marc Bernard</b>
I have followed all the steps which Marc Told..
<b>Steps 1 :-</b>
Define Authorization-Relevant Characteristics ( <b>0DIVISION</b> )
Note : I have 0Division values <b>1000 and 2000,</b> I want to restrict the user on <b>DEVISION = 1000.</b>
<b>Steps 2 :-</b>InfoObjects as authorization-relevant
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
<b>Steps 3 :-</b>Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
0DEVISION restricted with value 1000.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
<b>Steps 4 :-</b>
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZAUTH
S_RS_COPM with * and S_RS_COPM1 WITH *
<b>Steps 5 :-</b>
AND Assign this Role to User.
<b>Steps 6 :-</b> ERROR
When I execute the Report it is showing NO Authorization
Insufficient Authorization
EYE 007.
PLS Anyone can help me to resolve this Problem,
I need very Urgent,
Thanks = Points.
Regards,
JML
Message was edited by:
JMLI have followed the <b>David Roche</b> steps. But still I have the same problem.
The Steps I have given in my Role are
<b>S_RS_AUTH</b>
Here I have given my Authorization Analysis Object ( ZAUTH ) which I have created in RSECADMIN.
<b>S_RS_COMP</b>
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea *
InfoCube *
Name (ID) of a reporting compo *
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
<b>S_RS_COMP</b>
Activity Create or generate
InfoArea *
InfoCube *
Name (ID) of a reporting compo REP*
Type of a reporting component Query
<b>S_RS_COMP1</b>
Activity Display, Execute
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for *
<b>S_RS_COMP1</b>
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for $USER
I have assigned <b>this Role to User A</b> and I logon with User A and execute the Query then it is showing the Error :- No Authorization.
As per the <b>Chetan Patel ( CP@...)</b>
RSECADMIN>Analysis>Error Log
<b>The Log is .</b>
<b>InfoProvider Check </b>
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider ZSD_CS01 with activity 03?
Authorization exists for general access to InfoProvider ZSD_CS01 with activity 03 ( it is showing with <b>Right Mark </b> )
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZSD_CS01:
0DIVISION
Authorization Check
Detail Check for InfoProvider ZSD_CS01
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
End of Preprocessing
Filling the Buffer...
...Buffer Filled
<b>Main Check:</b>
Subselection (Technical SUBNR) 0
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0DIVISION
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0TCAACTVT
0DIVISION
SQL Format:
DIVISION = ':'
AND TCAACTVT = '03'
Characteristic Contents
<b>0TCAACTVT I EQ 03
0DIVISION I EQ IN</b>
<b>Not Authorized</b>
<b>All Authorizations Tested</b>
Message EYE007: You do not have sufficient authorization
<b>No Sufficient Authorization</b> for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
220 ( 0DIVISION )
Authorization Check Complete
Can any one help me to Resolve this issue,
<b>i need very argent</b> , we have GOLIVE ......
Regards,
JML. -
Regarding BI Authorization Issue
Dear Friends,
can anyone help me to solve this issue..
I have a Authorization Issue, u201CNO Authorization u201C
Error : EYE 007 ( Insufficient Authorizations )
I have follow this stepsu2026
Steps 1 :-
Define Authorization-Relevant Characteristics ( ZCUSTOMER )
Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
ZCUSTOMER
Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
ZCUSTOMERrestricted with value C100.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
Steps 4 :-
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZTESTA1
S_RS_AUTH
Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
S_RS_COMP
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea : ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
S_RS_COMP
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo :ZTEST_Q0001
Type of a reporting component :Query
S_RS_COMP1
Activity Display, Execute
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component :All values
Owner (Person Responsible) for *
S_RS_COMP1
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo ZTEST_Q0001
Type of a reporting component All values
Owner (Person Responsible) for :*
S_RS_ICUBE
Activity Create or generate
Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
S_RS_IOBC
Activity Create or generate
InfoArea :ZDEMO_ MIHI
Infoarea Catalog : zioc_test, Zkf_test
S_RS_IOBJ
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
Steps 5 :-
AND Assign this Role to User.
Steps 6 :- ERROR
When I execute the Report it is showing u201CNO Authorization u201C
u201C Insufficient Authorization u201C
EYE 007.
Regards
SivaHi,
In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
Hope that helps.
Regards
Mr Kapadia -
All,
I tried to create a custom authorization object for an infoobject otcaactivity (just for eg) .Before that I used RSD1 to make that infobject authorizartion relevant.But after that I inserted the infobject which is made as auth.relevant to the custom object and tried to assign value for the intervals.I got an message as the characteristic value is not authorization relevant...why is that?I tried in sand box..is it any way related to info cube which is not yet created for the particular info object in the sand box thats the reason I get error message ?
Whats the reason to secure characteristics and key figure values?Hey,
Activating business content mean making authorization relevant?
For BW3.5 there is no need of the mandatory info objects?(0TCAACTVT ,0TCAIPROV ,0TCAVALID ,0TCAKYFNM)
Whats the difference between securing through reporting authorization object and securing through BI specific object??
Thanks -
Analysis Authorization created in RSECADMIN
Hi
I created an alaysis authorization using the transaction RSECADMIN following the steps
Step 1:
Activate all business content related to authorizations before you get started:* InfoObjects: 0TCA* and 0TCT*
InfoCubes: 0TCA*
Set the following InfoObjects as "authorization relevant":* 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM (optional, if key figure restriction needed)
Add 0TCAIFAREA as an external hierarchy characteristic to 0INFOPROV (optional)
Step2 :
RSA1 -> InfoObjects -> Business Explorer Tab -> Flag 'Authorization relevant
RSA1 -> InfoObjects -> Attribute Tab -> Flag 'AuthorizRelevant'
Step 3 : Created a role in PFCG and inserted the above authorization value in S_RS_AUTH
Step 4: Maintained the following values in the role
S_RS_COMP : Query Accessibility
Activity: 03,16
InfoArea: '*'
InfoCube:*
Name (ID) of a reporting component:*
But still we are not able to restricted the data that is displayed when the query is executed.(It is displaying all the data without checking for the authorization created above)
Below is the error that is displayed in the trace for this user in RSECADMIN
There Are No Characteristics That Have to Be Checked in DetailSai,
Have u restricted authorization relevant characteristic to some values in authorization object in RSECADMIN?If so, at query level u have to create a variable with processing type "authorization variable" and variable represents option "multiple single values" or "selection options" either is fine and also u have to uncheck option "Input ready" on ur authorization relevant characteristic and drag that variable in global filter.Try to login again and check the query.
Chandu -
Inserting authorizations from template
Hi all,
Does anyone know what are the basic authorizations needed for reporting and planning activities. I do not mean the basic analysis authorizations - I mean the basis authorizations - those you usually insert from a template such as S_RS_TREPU.Hi,
you don't have to use:
S_RS_ICUBE
S_RS_ICUBE
S_RS_ISET
S_RS_MPRO
S_RS_ODSO
Because you have to set at less one authorization with the following authorization IO:
0TCAACTVT
0TCAIPROV
0TCAVALID
Don't forget:
S_DEVELOP
S_RO_BCTRA in ECC side for activate (remote) Datasource
S_RS_BITM NEW
S_RS_BTMP NEW
S_USER_AGR
S_RS_BC
S_RS_BCS
S_RS_AUTH (Data)
S_RS_IOBJ
S_GUI
S_RS_DS: Authorizations for working with the DataSource or its sub-objects (as
of SAP NetWeaver 2004s)
�� S_RS_ISNEW: Authorizations for working with new InfoSources or their subobjects
(as of SAP NetWeaver 2004s)
�� S_RS_DTP: Authorizations for working with the data transfer process and its subobjects
�� S_RS_TR: Authorizations for working with transformation rules and their subobjects
�� S_RS_CTT: Authorizations for working with currency translation types
�� S_RS_UOM: Authorizations for working with quantity conversion types
�� S_RS_THJT: Authorizations for working with key date derivation types
�� S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings.
�� S_RS_RST: Authorization object for the RS trace tool
�� S_RS_PC: Authorizations for working with process chains
�� S_RS_OHDEST: Open Hub Destination
�� S_RS_DAS: Authorizations for working with Data Access Services
�� S_RS_BTMP: Authorizations for working with BEx Web templates
�� S_RS_BEXTX: Authorizations for the maintenance of BEx texts
�� Authorization objects for the administration of analysis authorizations:
�� S_RSEC: Authorization for assignment and administration of analysis
authorizations
�� S_RS_AUTH: Authorization object to include analysis authorizations in
roles
�� Changed Authorization Objects:
�� S_RS_ADMWB (Data Warehousing Workbench: Objects)
hope it helps -
What is the impact of R/3 upgradation from 4.7 to ECC 6 on BI
Dear all,
Can any one tell me what will be the impact of R/3 Upgradation on BI... as we are shortly going to upgrade our R/3 from 4.7 to ECC 6.
Do we need to take any precautions in R/3 and aswell as BI
Please give the information...points will be given
Regards
venuHi
Please Refer this as this vll give u the Pros and Cons for upgrade.
Refer
http://wiki.ittoolbox.com/index.php/Upgrade_BW_to_Netweaver_2004s_from_v3.0B
This Wiki contains Rob Moore's ( BW Manager, Edwards Limited) teams experiences in upgrading Business Warehouse System from 3.0B to BW 7.0.
Contents
1 Upgrading from BW 3.0B to BW 7.0 (Netweaver 2004s)
2 Introduction
3 Overview & Scope
4 Drivers
5 Environment
6 Resource & Timescales
7 High Level Plan
8 Summary Task List
8.1 #Support Pack Hike
8.2 #Plug-in installation
8.3 #PREPARE process
8.4 #Dbase upgrades
8.5 #System Upgrade
9 Lessons Learnt
10 Issues & Fixes
10.1 Unfixed Issues
10.2 Fixed Issues
11 Regression Testing Process
11.1 Introduction
11.2 Set up
11.3 Actions
11.4 Security
12 Transport Freeze
13 Web Applications
13.1 Dashboards
13.2 Internet Graphics Server (IGS)
14 Detailed Task Lists
14.1 Support Pack Hike (detail)
14.2 Plug-in installation (detail)
14.3 Dbase upgrades (detail)
14.4 PREPARE Process (detail)
14.5 System Upgrade (detail)
Upgrading from BW 3.0B to BW 7.0 (Netweaver 2004s)
Introduction
This Wiki contains my teams experiences in upgrading our Business Warehouse System from 3.0B to BW 7.0.
Hopefully it will be useful to anyone else who's about to embark on this. If there's anything I've missed or got wrong, then please feel free to edit it or contact me and I'll try to explain.
Rob Moore - BW Manager, Edwards Limited.
Overview & Scope
This was to be a technical upgrade of BW only. The new BW 7.0 web functionality & tool suite which requires the Java stack rather than the ABAP stack was out of scope. We had heard that the latter was where most of the problems with the upgrade lay. Our plan is to wait for this part of BW 7.0 to become more stable. Also it has a big front end change and the business didn't have sufficient resource to cope with that much change management.
Drivers
3.0B at the end of its maintenance
Opportunities to do better reporting
Options to utilise BI Accelerator
Environment
Our R/3 system was at 4.6C and was not going to be upgraded. We have APO at version SCM4.0.
Our BW system is approximately 300 GB, with 125 global users. It was at version 3.0B SP 18
We have Development, Acceptance and Production environments.
Resource & Timescales
The Project ran for 3.5 months from Feb to May 2007. We used the following resources. The percentages are the approx. amount of their time spent on the project.
Project Manager * 1 70%
BW technical team * 3 50%
ABAP coder * 1 10%
SAP Systems Development expert * 1 20%
Basis * 1 25%
High Level Plan
These are the basic areas. We planned to complete this process for each environment in turn, learning our lessons at each stage and incorporating into revised plans for the next environment. However we did the Support Packs and Plug-Ins in quick succession on all environments to keep our full transport path open as long as possible.
Upgrade BW to the minimum support pack.
Install R/3 Plug-ins PI 2004.1
Run PREPARE on BW
Dbase upgrades (Database & SAP Kernel upgrade)
System Upgrade
Summary Task List
This list contains all the basic tasks that we performed. A more detailed check list is shown below for each of the headings.
#Support Pack Hike
We moved only to the minimum acceptable SP as this seemed most likely to avoid any problems with the 3.0B system prior to the upgrade.
Apply OSS 780710 & 485741
Run Baseline for Regression tests
Full Backup
Apply SP's (we were at SP18, going to SP20)
SPAU list review
Regression testing
#Plug-in installation
Apply SAP note 684844
Import and patch Basis plugin PI 2004.1
SPAU list review
#PREPARE process
BW Pre-Prepare tasks
BW - Inconsistent Data fix
Run PREPARE
Review of results
Any showstoppers from PREPARE?
#Dbase upgrades
Database Upgrade (FixPak)
SAP Kernel Upgrade
#System Upgrade
Reverse Transport of Queries
Reconnect DAB & SAB to AAE
Run Baseline for Regression tests
Full Backup
Run the Upgrade
SPAU list review
Regression testing
Lessons Learnt
Testing is all! We picked up on a lot of issues, but would have picked up more if we'd had a full copy of our production environment to test over.
Our approach of doing a full upgrade on each environment before moving to the next one paid dividends in giving us experience of issues and timescales.
Write everything down as you go, so that by the time you get to upgrading production you've got a complete list of what to do.
We succeeded because we had people on our team who had enough experience in Basis and BW to be able to troubleshoot issues and not just read the manual.
The SAP upgrade guide is pretty good, if you can understand what they're on about...
Remember the users! The fact that the loads have been successful doesn't count for anything unless the users can see the data in Excel! There's a tendency to get caught up in the technology and forget that it's all just a means to an end.
Issues & Fixes
I've listed the main issues that we encountered. I have not listed the various issues where Transfer rules became Inactive, DataSources needed replication or we had to reinstall some minor Business Content.
Unfixed Issues
We could not fix these issues, seems like SP 13 will help.
Cant delete individual request from ODS
After PREPARE had been run, if we had a load failure and needed to set an ODS request to Red and delete it, we found that we could not. We raised an OSS with SAP but although they tried hard we couldn't get round it. We reset the PREPARE and still the issue persisted. Ultimately we just lived with the problem for a week until we upgraded production.
Error when trying to save query to itself
Any query with a re-usable structure cannot be saved (more thsan once!)
OSS 975510 fixed the issue in Dev and Acc, but NOT in Production! SP 13 may solve this once it's released.
Warning message when running some queries post-upgrade
Time of calculation Before Aggregation is obsolete. Not a big issue so we haven't fixed this one yet!
Process Chain Scheduling Timing error
Process chains get scheduled for the NEXT day sometimes and has to be manually reset.
See OSS 1016317. Implement SP13 to fix this. We will live with it for now .
Fixed Issues
Duplicate Fiscal Period values in Query
If you open up a drop down box ("Select Filter Value") for Fiscal Year/Period to filter your query, you are presented with duplicate entries for Month & Year.
Due to Fiscal Year Period InfoObject taking data from Master Data not InfoProvider. Thus it picks up all available periods not just Z2.
Auto-Emails being delayed
Emails coming from BW from process chains are delayed 2 hours on BW before being released
Due to userids that send these emails (e.g. ALEREMOTE) being registered on a diffferent timeazone (i.e. CET) from the BW system (i.e. GMT)
Pgm_Not_Found short dump
Whenever a query is run via RRMX or RSRT
Call transaction RS_PERS_ACTIVATE to Activate History and Personalisation
Characteristics not found
When running a query the warning message Characteristic does not exist is displayed for the following: 0TCAACTVT, 0TCAIPROV, 0TCAVALID
We activated the three characteristics listed and the warnings stopped. NO need to make them authorisation-relevant at this stage.(also did 0TCAKYFNM)
System generated Z pgms have disappeared
Post-upgrade the system Z-pgms ceased to exist
Discovered in Development so we compared with pre-upgraded Production and then recreated them or copying them from production.
Conversion issues with some Infoobjects
Data fails to Activate in the ODS targets
For the InfoObjects in question, set the flag so as not to convert the Internal values for these infoobjects
InfoObject has Conversion routine that fails, causing load to fail
The routine prefixes numeric PO Numbers with 0s. SD loads were failing as it was not able to convert the numbers. Presumably the cause of the failure was the running of the Pre-Prepare RSMCNVEXIT pgm.
Check the Tick box in the Update rule to do the conversion prior to loading rather than the other way round.
Requests fail to Activate on numeric data
Request loads OK (different from above issue) but fails to Activate
Forced conversion within the update rules using Alpha routine. Deleted Request and reloaded from PSA.
Database views missing after pre-PREPARE work
Views got deleted from database, although not from data dictionary
Recreated the views in the database using SE14.
Workbook role assignations lost
We lost a few thousand workbook assignments when we transported the role they were attached to into Production
The workbooks did not exist in Development, thus they all went AWOL. We wrote an ABAP program to re-assign them in production
Regression Testing Process
Introduction
We were limited to what we could do here. We didn't have a sandbox environment available. Nor did we have the opportunity to have a replica of our production data to test with, due to lack of disk space in Acceptance and lack of sufficient Basis resource.
Set up
We manually replicated our production process chains into test. We didn't have any legacy InfoPackages to worry about. We asked our super-users for a list of their "Top 10" most important queries and did a reverse transport of the queries from Production back into test (as we do not generally have a dev/acc/prodn process for managing queries, and they are mostly created solely in prodn). We made sure every application was represented. In retrospect we should have done some Workbooks as well, although that didn't give us any problems.
Actions
Prior to the various changes we loaded data via the Process chains and ran the example queries to give ourselves a baseline of data to test against. After the change we ran the same queries again and compared the results against the baseline. We tried to keep R/3 test environments as static as possible during this, although it wasn't always the case & we often had to explain away small changes in the results. After upgrading BW Development we connected it to Acceptance R/3, so that we had pre-upgrade (BW Acceptance) and post-upgrade (BW Development) both taking data from the same place so we could compare and contrast results on both BW systems. We did the same thing once BW Acceptance had been upgrading by connecting it (carefully!) to Production R/3. To get round the lack of disk space we tested by Application and deleted the data once that Application had been signed off. Once we got to System test we involved super-users to sign off some of the testing.
Security
We chose to implement the new security schema rather than choosing the option to stick with old. For us, with a relatively small number of users we felt we could get away with this & if it all went wrong, just temporarily give users a higher level role than they needed. Our security roles are not complex: we have end user, power-user and InfoProvider roles for each BW application, together with some common default roles for all. In the event we simply modified the default "Reports" role that all our users are assigned, transported it and it all went smoothly. Apart from the fact that everyone's workbooks are assigned to this role and so we "lost" them all !
Transport Freeze
Once you've upgraded Development you've lost your transport path. We planned around this as best we could and when absolutely necessary, developed directly in Acceptance or Production, applying those changes back to Development once the project was complete. Depending on what other BW projects you have running this may or may not cause you pain!
Web Applications
Dashboards
We had various dashboards designed via Web Application Designer. All these continued to function on the upgraded system. However there were various formatting changes that occurred e.g. Bar graphs were changed to line graphs, text formats on axes changed etc. SAP provides an upgrade path for moving your Web applications by running various functions. However we took the view that we would simply re-format our dashboards manually, as we didn't have very many to do. Plus the external IGS (see below) powered all our environments and needs upgrading separately as part of the SAP method. Thus we couldn't have tested the SAP path in Development without risking Production. Sticking with manual mods was a lower risk approach for us. We did find we had to re-activate some templates from BC to get some of the reports to continue to work.
Internet Graphics Server (IGS)
We had an external IGS server with v3.0B. Post-upgrade the IGS becomes part of the internal architecture of BW and thge external server is redundant. We found no issues with this; after the upgrade BW simply stops using the external IGS and no separate config was needed.
Detailed Task Lists
Support Pack Hike (detail)
Apply OSS 780710 & 485741
Communicate outage to users
Warning msg on screen
Stop the jobs which extract data into delta queues
Clear the delta queues by loading into BW
Check RSA7 in PAE that delta queues are now empty
Run Baseline for Regression tests
Stop Delta queues
Lock Out users
Full Backup
Apply SP's
Upgrade the SAP kernel from 620 to 640
SPAU list review
Apply OSS Notes 768007 & 861890
Unlock Test users (inc. RFC id's on R/3)
Regression testing
Regression sign-off
Remove warning msg
Unlock users
User communication
Plug-in installation (detail)
Communicate outage to users
Warning msg on screen
Apply SAP note 684844
Lock out users
Full Backup
Empty CRM queues
Import and patch Basis plugin PI 2004.1
SPAU list review
Apply OSS 853130
Switch back on flag in TBE11 (app. BC-MID)
Remove warning msg
Unlock users
User communication
Dbase upgrades
Dbase upgrades (detail)
Communicate outage to users
Warning msg on screen
Run Baseline for Regression tests
Stop the Data extract jobs
Full Backup
Lock Out users
Apply FixPak13SAP to DB2 database
Upgrade the SAP kernel from 620 to 640
Apply OSS 725746 - prevents RSRV short dump
Unlock Test users (inc. RFC id's on R/3)
Regression testing
Regression sign-off
Remove warning msg
Unlock users
User communication
PREPARE Process (detail)
Pre-PREPARE Process
RSDG_ODSO_ACTIVATE
Repair Info objects and recreate the views
Communicate outage to users
Warning msg on screen
Run Baseline for Regression tests
Stop the Data extract jobs
Lock Out users
Full Backup
Run RSMDCNVEXIT Using BSSUPPORT ID
If there conversion process runs longer delay the regular backup
Re-run Baselines and sign off
If there conversion process Fails repeat the steps on Sunday after the regular backup
BW work
Back up customer-specific entries in EDIFCT (note 865142)
Activate all ODS objects
Execute report RSUPGRCHECK with flag "ODS objects" (note 861890)
Check Inconsistent InfoObjects - Upgr Guide 4.4; OSS 46272; Convert Data Classes of InfoCubes - Upgr Guide 4.3
Execute report SAP_FACTVIEWS_RECREATE (note 563201)
Make sure Delta queues are empty (RSA7)
Basis Work
Full Backup of BW
Lock users
Unlock id's RFC id's and designated test users
Confirm backup complete OK
Apply OSS 447341 Convert Inconsistent Characteristic Values - Upgr Guide 4.5
Confirm OK to PREPARE
Run PREPARE
Review of results
System Upgrade (detail)
Communicate outage to users
Process errors from PREPARE
Check disk space availability for PAB
Warning msg on screen
Reverse Transport Queries from PAB to SAB & DAB
Change BW to R/3 connection
Get backup put on hold, for Ops to release later
Ensure Saturday night backup is cancelled
Final run of PREPARE
Run Baseline for Regression tests
Clear Delta Queues
Delete Local Transports
Remove process chains from schedule
Lock Out users (with some exceptions)
Confirm to Ops and Angie that we're ready
Full Backup
Incremental backup of Unix files
UPGRADE "START"
Back up kernel
Unpack latest 700 kernel to upgrade directory
Check ids required for upgrade are unlocked
Check no outstanding updates
Turn off DB2 archiving
Open up the client for changes
Stop saposcol, & delete from exe directory
Run the Upgrade
Execute the saproot.sh script
Perform the database-specific actions
Perform follow-up activities for the SAP kernel
Reimport additional programs
Import Support Packages
Call transaction SGEN to generate ABAP loads
Transport Management System (TMS)
Handover to BW Team
SPAU list review
Apply OSS Notes from SPAU
Process Function Module XXL_FULL_API (part of SPAU)
Restore table EDIFCT (if required)
Transport Fixes from our BW Issue list
Convert the chart settings - manually
Perform activities in the Authorization Area
Activate hierarchy versions
Update the where-used list
Execute the conversion program for the product master
Transport New roles to PAB
Unlock selected users
Regression testing
Regression sign-off
Go / No Go decision
Restore if required
Remove warning msg
Tell Ops that the CR is now complete
Lock down PAB
Unlock users
User communication
Perform the follow-up activities for SAP Solution Manager
Reschedule background jobs
Reschedule weekly backup on Ctrl-M
Drinks all round.
Vendors mentioned: dBase
Hope this helps. -
Have some problems with BI 7.0 Authorization
I am really new to BI 7.0. I learnt that there is a new way for setting up the authorization which is called Analysis Authorization. In fact, my requirement is simply to set authorization for a characteristic. For example, if the user A logs on via the BEx and try to view the query, he should see only the company XXXX. In this case, I tried to set authorization to the infoobject Z_COMPANY.
I followed the instruction in help.sap.com like this.
1) Tick the AuthorizationRelevant flag
2) Create Authorization via the maintenance screen SAP Menu -> Business Explorer -> Manage Analysis Authorizations
3) Create an authorization
4) Add my infoobject (Z_COMPANY)
5) Insert all special characteristics
6) Set the authorized value for my infoobject (Z_COMPANY)
7) Assign the authorization to a user (I tried both Direct assignment and Profile Assignment )
My problem is that if I set the authorized value for my infoobject as I CP *, all the company code in my infoprovider are shown on the Bex (as it should be). However, if I set this value as I EQ XXXX, where XXXX is the company code, really existing in my infoprovider, it raises a message that 'you do not have sufficient authorization'. I want it to show only the company code XXXX in my Bex report instead.Hi,
Ok
Do the things like this:
1) Make sure the info object Z_COMPANY is authorization relevent
2) Go to RSECADMIN, Click on Maintenance
3) Type ZAO1 and clcik on Create
4) Inser the characterstic Z_COMPANY in the Characterstics for Auth.Structure
5) Put the cursor on this line and clcik on Detal
6) Give value XXXX for From and take operation = EQ
7) SAve
8) Go back to first screen and click on User tab
9) clcik on Assignment tab
10) Give the user id of that enduser and click on Change
11) Put ZAO1 in the selection for NAME and click on Insert
12) SAve
13) Make sure the info objects <i>0TCAACTVT,0TCAIPROV,0TCAVALID</i> are authorization relevent
14) Go to RSECADMIN, Click on Maintenance
15) Type ZAO2 and clcik on Create
16 ) Inser the characterstic <i>0TCAACTVT,0TCAIPROV,0TCAVALID</i> in the Characterstics for Auth.Structure
17) Put the cursor on this line and clcik on Detail of 0TCAACTVT
18) Give value * for From and take operation = EQ
19) Put the cursor on this line and clcik on Detail of 0TCAIPROV
20) Give value * for From and take operation = EQ
17) Put the cursor on this line and clcik on Detail of 0TCAVALID
18) Give value * for From and take operation = EQ
19) SAve
20) Go back to first screen and click on User tab
21) clcik on Assignment tab
22) Give the user id of that enduser and click on Change
23) Put ZAO2 in the selection for NAME and click on Insert
24) Save,
25) And also take AO S_RS_IOBJ in the role assigned to the end user and give values like below:
Activity 03
InfoObject *
InfoObject catalog *
Subobject of InfoObject *
Ofcouse I am not expert on Authrozations in version 7. I am trying exploew myself to this topic at the same time I would like to help others.
With rgds,
Anil Kumar Sharma .P
Maybe you are looking for
-
Mass maint for material master
Dear All can any one tell me how can i change profit center of material master without removing existing stock? as on today i am getting error, that stock exists... i am tried thru MM17 but unable to do it. plz help my to resolve this issue.. rgds s
-
HT204380 I have purchased iPhone 5s in bahrain and now I am in India how to install FaceTime
I have purchased iPhone 5s in bahrain and now I am in India how to install facetime
-
This is my first experience building a pie chart in Crystal. I usually try to avoid using them. I can't get the labels to arrange properly. I unchecked "Auto Arrange". That doesn't seem to help. When I refresh with new data the labels move (which I u
-
FCE file sharing with FCP...?
I am considering purchasing FCE (and a macbook pro), but need to know a few things from users who have experience with it. First, is FCE totally compatible in terms of file sharing with FCP? I'm a beginer and need to learn editing. I just completed p
-
If I text my mom it will go to her from our email as a text and the same for her. It's hard to tell who is who because every text is on the right side of the screen. Please descibe how to turn this off and have me and my mother's text sent to her num