RE: Table to View Analysis authorizations of all users in BI

Hi,
I want to pull a report in BI that shows all the users and their analysis authorizations. does anyone know how to view this report.
Thanks in Advance,
SS

Hi,
You can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
RSECHIE - Status of hierarchy authorizations
RSECTXT - Authorization text
RSECVAL - Authorization Value Status
RSECBIAU - Changes to Authorization (Last Changed By]
RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
Change log tables:
RSECUSERAUTH_CL - Assignment of users
RSECHIE_CL - Change log of hierarchy authorizations
RSECTXT_CL - Authorization texts
RSECVAL_CL - Authorization Value Status
Hope this helps!!
Rgds,
Raghu

Similar Messages

View chat history for all users and prevent them f...

"I need to be able to view chat history for all users in the organization and prevent them from deleting their chat history. This needs to be done form a centralized admin portal and not on each workstation. I don’t see that as possible with Skype for Business. If it is please let me know. That is a must-have. The rest I can work around. "
Can anyone please provide documents that confirm if its possible or not.
Thank you

You can reset a VIs rev history using VI Server to load the vi and a method to reset. See attached (LV 8.6)
Now is the right time to use %^<%Y-%m-%dT%H:%M:%S%3uZ>T
If you don't hate time zones, you're not a real programmer.
"You are what you don't automate"
Inplaceness is synonymous with insidiousness
Attachments:
Reset VI History.vi ‏9 KB

Table that stores Analysis authorization values

Hi all,
       We generated analysis authorizations for users on Profit centers. In RSECADMIN for each user we see an automatic authorization object being assigned with a name like RSR_000234 so on. We can see the values (profit centers) for this object when we double click on it. I would like to create a list of all users and the assigned profit centers. Can you please tell me if a table is available to get this list.
Thanks,
Ram.

Chetan,
         We are loading authorizations values to 0PROFIT_CTR from ECC and flatfile into the Authorization DSO's and generating authorizations to assing the profit centers to users. I would like to see the profit centers assigned to a user. For example suppose if a user is assigned a particular region. I would like to see all the values of the profit centers assigned to the user from a table rather than going to the hierarchy and getting the list for each region.
        The tables that you specified give the userid and the technical name of the authorization(RSR_000234..) but I would like to see the actual values in the authorization.
      Hope I am clear. Thank you for your assistance.
Ram.

How to set an adapted project dashboard view as initial for all users?

Hi all.
We have the cProjects project dashboard active and have defined (via settings, save as) a custom view with the columns relevant in this particular installation.
I can however only save this view with assignment "user" meaning that it only applies to the user logged on when creating it.
We are however looking to have a common global customized view that all users should begin with.
Compare the R/3 functionality with layout management in reports where you can define whether the layout should be
user specific or not
default
My question is therefore if it should be possible to save global views in the above example and if not how to achieve what we are looking for.
I assume one option could be to see if one can use BADI DPR_EVE_DASHBOARD but it seems this should be possible to handle within the application given that the field "Assignment" is there when you save the view. At the moment only with the value "user" available though ...
Regards / Anders

Hej Anders
You can save a default view for all users under administration mode:
http:<server>:<port>/sap/bc/webdynpro/sap/cprojects?sap-config-mode=X
BR
Matthias

GOS view attachment: Attachment of all users.

Hello colleagues,
Proud to say that I was able to implement attachment service from GOS by using the information I got entirely from this forum ! Kudos to all experts who have posted such excellent learning content.
I have only one remaining issue for which I could not find an answer here.
How can I view attachments of all users? Currently, I can view only my attachments for an object. Seems to me that GOS by default selects only attachments for a user (sy-uname).
I have used CL_GOS_MANAGER, CL_GOS_ATTACHMENTS, CL_GOS_SRV_ATTACHMENT_LIST and CL_GOS_PUBLICATION.
Basically, I have copied all these classes to my local class and made some adjustements to achieve my objective.
thanks in advance, Vikram

Hi Vikram,
i have worked on GOS menu and as of my Knowledge there is no such option to view all the attachments of all users
we have to see the attachments of that user
Regards
Surendra

How to create tables and views and procedures in other users as one

HI to all,
I am having a user named vijay and i am trying to create the tables in user srini as user vijay
in user vijay i'm having tables
1. company
2. department
i wrote one procedure
create or replace procedure sp_createobjects{short_name in varchar2}
{my openbracket key is not working so that i put open braces here}
as
cursor table_name is select object_name from dba_tables where object_type = 'TABLE';
var_table_name varchar2{1000};
begin
open table_name;
loop
fetch table_name into var_table_name;
execute immediate 'create table ' || short_name || '.' || var_table_name || ' as select * from '||var_table_name;
end loop;
end;
the procedure is created sucessfully. but when i am trying to execute the procedure it is throwing the error as insufficient privileges.
my 2nd question is how to create the procedures into the other user?
Thanks in advance

First of all, your query "from dba_tables where object_type = 'TABLE'" returns all tables, not just the tables of the user vijay.
So there are two possibilities, you may be getting the error because you cannot select from another user's table or you may be getting the error because you cannot create a table under the user srini. To create tables in another schema you need the "create any table" privilege.

BI analysis authorizations/ RSECADMIN/ Tables

Hello,
Does anybody know which tables are used with RSECADMIN.
In which tables are the values of the authorizations created in the RSECADMIN stored ?
Thanks in advance.
Kind Regards,
Vincent

Vincent,
The tables are:
RSECAUTHTRUSER - Shows the users that will be log
RSECVAL - shows analysis authorizations values
RSECUSERAUTH - Shows analysis authorizations added to users manually.
You can also check the following page for more information
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorization%2bin%2bsap%2bnw%2bbi
Regards, Jose

How to get Query Results based on Analysis Authorization Ranges????

Hi Experts,
I have gone through the lot of SDN Links, however not able to find the answer to my question.
I have an Authorization Issue, NO Authorization
Error : EYE 007 ( Insufficient Authorizations )
Here is the issue:
Need to see the complete query result when I gave the range in Analysis Authorization for Controlling Area 001-005. Controlling Area is auth relevant and right now a variable is inserted in the query for it. If I select Controlling Area 001, the result for Controlling Area 001 is displayed in query. If 002 then also displayed. If I do not enter anything, then I get the Eye 007 error message.
I am not sure how do I display/authorize the entire result in the query for all the Controlling Areas, I have authorized user to see??
Its really urgent, please help..!
Here are the logs:
Authorization Check Log
Date and Execution Time (Local Server)
Execution Date: 06.09.2007
Execution Time: 14:48:41
Executed Query: 0CCA_C11/GBCCA_MP01_Q0002_AP
Executed by User ZBI_TEST_001
Executed with Analysis Authorizations of Another User ZBI_TEST_001
InfoProvider Check
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider 0CCA_C11 with activity 03?
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
InfoProvider Check
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider 0CCA_C11:
0CO_AREA
0TCAACTVT
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider :
List Is Empty:
There Are No Characteristics That Have to Be Checked in Detail
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
CO_AREA = '0003'
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Authorized
Subselection (SUBNR) Is Authorized
Authorization Check Complete
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Partially or Fully Authorized (Intersection) Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
184 ( 0CO_AREA )
Authorization Check Complete

Hi,
 Have you defined the vaule for 0CO_AREA as BT 001-005 in you Authorization for 0CO_AREA.Also how have you defined your Authorization Variable on the query? Have you define as select options or interval? I thing you need to define it as interval or select options.
Hope it helps,
Cheers,
Balaji

Analysis Authorization not working - Empty demarcation

Can someone help me on this Analysis Authorization? I read many threads in SDN, it seems that I followed the correct steps. The restriction on S_RS_COMP is working well but the restriction on the Analysis Authorization is not working. Surely I'm making some mistake, but can't find what's wrong.
I'm a User (say USER_00) in a test system, assigned to a Role (say Z:BI_USER). This is a broad role:
- S_RS_COMP and S_RS_COMP1 have full authorization (*) to all the fields,
- S_RS_AUTH has the BIAUTH field with Name of Authorization = *.
Also I have an InfoArea (ZIA_TEST) and an InfoCube (ZIC_TEST). The IC has some characteristics and key figures. The only authorization relevant characteristic is ZCA_CLI (client). The IC has only 5 lines, one for each client ("CLI_01" to "CLI_05").
Also there's a query (ZQR_TEST) on this IC, with an Authorization Variable (VAR_AUTH_CLI) restricting the characteristic ZCA_CLI.
I'm trying to create a new User and restrict him to this IC and only to the data of client "CLI_01". If it works I'll apply to a production system.
What I did:
1) With tcode SU01 created a new User (USER_01) with no Role neither Analysis Authorization.
2) With tcode PFCG copied the Role Z:BI_USER as Z:ROLE_TEST then made some changes:
a) S_RS_COMP
- Activity = 03 and 16
- InfoArea = ZIA_TEST
- InfoCube = ZIC_TEST
- Type of report component = *
- Name of report component = *.
b) S_RS_COMP1
- Kept * to all fields.
c) S_RS_AUTH
- I inactivated and deleted this Authorization Object.
(I don't want to keep characteristic values restriction inside the role. The idea is to associate different users to the same role, allowing them to see the same ICs and execute the same queries. And differentiate wich characteristic values each one can see by manually associating different analysis authorization to each one.).
3) With tcode RSECAUTH I created an Analysis Authorization (Z_AA_CLI_01) to restrict access only to client "CLI_01":
- ZCA_CLI = "CLI_01"
- 0TCAACTVT = "03"
- 0TCAIPROV = "ZIC_TEST"
- 0TCAVALID = "*".
4) With tcode PFCG I assigned User "USER_01" to the Role " Z:ROLE_TEST" and made Complete Comparison.
5) With tcode RSU01 I manually assigned Analysis Authorization " Z_AA_CLI_01" to User "USER_01".
It seems to me that these steps are enough. But:
a) When I log as USER_00 and go to tcode RSRT2, searching by InfoAreas I can see all the InfoAreas and all the InfoCubes, select and execute the query. That's OK.
b) When I log as USER_01 and go to RSRT2, searching by InfoAreas I can see only ZIA_TEST and under it I can see only ZIC_TEST. That's OK. Then I select and execute the query.
Wich means that S_RS_COMP is OK and each user is assigned to the correct Role.
c) The problem is that in both cases the query brings data from all Clients.
Under Information and Variable Values (when I run with HTML display) the message is "Empty demarcation".
I changed the variable to be Ready for Input, just to see wich values it brings. In both cases (as USER_00 and as USER_01) in the Variable Screen it brings all the 5 Clients from the IC and I can select and execute any value.
So the problem is with the Analysis Authorization or with the Variable, but I can't find what's wrong.
Any help will be very appreciated.
César

OK Marc, it worked.
Sorry for not answering earlier, but I could get back to this front only some days ago, then began testing your suggestions.
1) Security Concept
Authorization Mode was set to "Obsolete Concept with RSR Authorization Objects" (it would never work with this setting).
I changed to "Current Procedure with Analysis Authorizations".
Anyway, what's the function of this setting? Do old Reporting Authorizations work with "Current Procedure with Analysis Authorizations" setting?
2) Variable Representation
With "Multiple Single Values" it really led to problems.
With "Selection Option" it worked well.
3) 0TCAKYFNM
I don't understand why, but if the AA doesn't have the char/dimension 0TCAKYFNM, when the User tries to run the query (tcode RSRT2) it accuses "You do not have sufficient authorization".
Info Cube ZIC_VE95 has two KFs (ZKF_QTL95 and ZKF_VLT95). These KFs are used only on this IC (also in the KF Catalog, but it doesn't impact). This IC is used only on Query ZQR_VE95 (also in Transformation and DTP, wich doesn't impact).
Well, I inserted 0TCAKYFNM and it worked, either with CP, "*" or with EQ, the two KFs.
4) Authorization Policy Definition
The situation I'm working on is very typical. Ex.: Some users are Administrators, Managers, Operator 1, Operator 2 and so on. Each Role needs authorization to access some queries. At the same time, they can access information only of the Cost Centers to wich they are related.
There are many ways to implement it (I tested some of them and they worked well). My point is to define a most practical way, easy to understand and to maintain.
I'm now sympathetic to this way:
a) Create functional Roles (ex.: "Administrator", "Manager", "Operator 1", "Operator 2" and so on) defining only the Queries (or Info Areas, Info Providers, etc) each Role needs. No S_RS_AUTH definition.
b) Create Char Value Roles (ex.: "CC_100_to_199", "CC_200_to_299", etc), only with S_RS_AUTH definition, each one associated with a corresponding AA (ex.: AA for CC 100 to 199, AA for CC 200 to 299 and so on).
c) Create Composite Roles associating functional and char value Roles. Ex. Composite Role "Administrator for CC 100 to 199", composed of the Roles "Administrator" and "CC_100_to_199".
d) Associate Users to the Composite Roles.
Anyway, I'd appreciate if you could indicate some literature (blogs, articles, etc) on this theme.
Well, thank you very much for your answers. Now I can go on with my studies on this subject.
César Menezes

Analysis Authorization (Role, Profile and Direct Assignments)

Analysis Authorization Question:
1) In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.
2) Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign Reporting Authorizations as per the process defined in BW 3.x system.
3) Customer sometime have 100 + Roles to have 3.X Reporting Authorizations. This is Managed, assigned, approved using role concept.

Migration Options:
1) New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned Like Company code 1100 not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.
2) Analysis Migration Tool - RSEC_MIGRATION does not update ROLES. It creates or changes PROFILES.
3) Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.
Questions
a) This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.
b) Does any one use direct assignment to Users? It is good business practice?
c) Is Profiles recommended method of Authorization Maintenance?
d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.
Just want to check how other folks have done migration that can be supported going forward.
Pankaj Gupta

Hey Pankaj,
In general, assigning the analysis authorization directly to user makes a lot of sense for granular levels of authorization. For example, if you had 3,000 users, 3,000 specific authorization combinations, and 3,000 roles, using roles is a lot of additional overhead. If you had 12 roles and 3,000 users, your role concept makes a lot of sense.
Therefore, the recommendation is that it varies on what makes the most sense logically. Authorization groups can be created to group analysis authorizations and combine them. Also, you have the ability to generate analysis authorizations using the Content Datastores for this. That is an option as well.
RSEC_MIGRATION does use profiles as you've stated. If you want, there would be manual work to convert to roles afterwards. In case you haven't seen Marc's presentation on security, it's pretty good and covers how to generate authorizations from the datastore.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce

Assignment of analysis Authorization

Hello Experts,
i have created an analysis authorization and assign the same to 20 users. Now i want to assign some other analysis authorization to all those 20 users instead of that previous one.
so how can i achieve this??
thanks in advance
Neha

I think you might have assigned that authorization object to some role.
Then if you remove the authorization object from that role it will removed from
all the user.and assign the new authorization object to
this role .
You can check the user with that role in suim t-code.
Thanks,
Saveen Kumar

Rational approach for Analysis Authorization:

This post is regarding the implementation of Analysis Authorization. Considering the role based approach; please let me know the optimized way to implement the analysis authorization such that there will be very low maintenance.
For e.g. I have queries which need to be restricted at data level PLANT wise. So I mark the characteristic 0PLANT as authorization relevant. There are 150 plants so I create the 150 Analysis Authorizations and put each one of them in roles (1:1) resulting in 150 roles. In addition; 151th Role and Analysis Authorization for ALL plant access.
Now to restrict the queries themselves, I create a Role with object S_RS_COMP , S_RS_COMP1 (For queries) ; S_USER_AGR and S_USER_TCD( for workbooks).
Then I create a composite role with above 2 single roles (one containing AA and other role for Query restriction)and assign it to user.
Now suppose when I need to restrict data at some other level say DIVISION wise. Then I would be again creating analysis authorization for all the divisions and putting them in roles.
Using this approach ; there would be many roles and analysis authorizations. Also during production support it may be cumbersome to debug the errors.
Please comment if any other approach for implementing the above scenarios.
Regards,
Ajit
Edited by: Ajit Nadkarni on Apr 4, 2010 5:47 PM

Hi,
I had a similar requirement where in we had 178 plants and each plant manager has to see their own site by default in the selection screen when they run the query.
By defalut it should display there own site but its not restricted to only that site. Managers can also look into other sites but by default they wanted their own site to be displayed.
So I have created DSO and did mapping with username and store. And in query I created a variable in plant of type customerexit and written exit in CMOd using I_STEP 1. This solved our requirement. But to restrict to particular site i guess we can extend the routine in cmod.
Thanks
Srikanth

How to clear table control view lines?

Dear Experts,
I created one ALV Report with push buttons. User can select multiple line. After select the lines, when user clicks push button in ALV, then am calling POPUP screen 1100 with save and cancel button. which ever line user selected in ALV, that will appear in the POPUP screen 1100 with table control view.
issue :
Ex :
In ALV user selected 3 lines , that appeared in POPUP screen 1100 table control view. Now user wants to select some more line in ALV. so user clicked cancel and reached ALV screen. user selected 2 more line in ALV (total 5 lines). Again user clicked same push button in ALV, But now same 3 lines (old record) are appearing in POPUP screen 1100, new records (5 lines) are not appearing.
Code :
My PBO internal table is having 5 records. but in table control only 3 records are appearing.
PROCESS BEFORE OUTPUT.
MODULE status_1100.
LOOP AT git_prq_items1 INTO gwa_prq_items1
                         WITH CONTROL ctl_pr_items.
ENDLOOP.
PROCESS AFTER INPUT.
MODULE user_command_1100.
LOOP AT git_prq_items1.
    MODULE read_table_control. " if any changes happened in table control - read table control.
ENDLOOP.
MODULE status_1100 OUTPUT.
SET PF-STATUS ''.
ENDMODULE.                 " status_1100 OUTPUT
git_prq_items1 - this internal table is having 5 records.
Please suggest where should i correct.
Regards
chessleo.
Edited by: sapleo on May 6, 2011 9:59 AM

Hi.,
Clear the records and populate new records., also use refresh table display if u are using oo alv.
check BCALV_GRID_05 report.,
Hope this helps u.,
Thanks & Regards
Kiran

APO - Demand Planning: Tracing Analysis Authorizations

Hi,
I was wondering if there is a way to trace analysis authorizations for demand planning?
I have an APO concept that uses analysis authorizations. A user gets blocked in transaction /SAPAPO/SDP94
If I run ST01, the missing value is in S_RS_AUTH, meaning Analysis Authorizations are missing.
However,
I can't seem to find a way to trace transaction /SAPAPO/SDP94 as another user with RSECADMIN.
Any advice?
FYI - I do NOT want to assign 0BI_ALL.
Thanks for your help

Hello Mariano,
ST01 and SU53 tells me it's Analysis Authorizations that are missing.
It's asking for S_RS_AUTH object 0BI_ALL. If I assign 0BI_ALL everything works; but that is NOT what I want to do.
Hence I know it's related to Analysis Authorizations and I would like to know HOW to trace WHAT analysis authorizations are missing.
Best regards,
Tom

ADF- Personalization done by one user reflected for all users

Hi All,
Using my custom Customization Class (that extends usersCC) and MDS, i am able to persist the preference changes (like visible columns,order of columns ets) for a user.But the problem is even if i login as another user ,the preferences changed by the previous user is applied. Any pointers what might be going wrong/how to debug this issue?
Another point is for the af:query component the preference changes made by a user is applied only to that user as expected.Only for af:table the changes are applied to all users
Thanks,
Srihari

Hi,
The customizations should be applied only for the user who does it and not for all.
My custom CC (that extends UserCC) class's getValue() method correctly returns the logged in user name.
Is there anywhere we should explicitly mention the scope of customization layer?
Thanks,
Srihari
Edited by: srihari manian on Mar 26, 2010 4:54 AM

RE: Table to View Analysis authorizations of all users in BI

Similar Messages

Maybe you are looking for