SAP BI authorization relevant

Similar Messages

• Report data restriction based on SAP ID - Authorization in BI 7.0

  Hi Friends,
  In our project the requirement of restriction of report is as follows.
  There are two reports
  1. Carrier View Report
  2. Carrier Drilldown Report
  Carrier View which is on Multiprovider is main report and Carrier Drilldown report, which is on DSO (ODS) is RRI report.
  Carrier Vendors (these are vendors taking care of transporting the goods to customer locations from plant) will be viewing these reports. We have a master data maintained for Carriers as Carrier ID. The report has this Carrier ID in rows. Each carrier vendor would be given a SAP ID for logging into BW WEB reports.
  Security Requirement: When a carrier execute report, the data in the report should be restricted to Carrier ID associated with the SAP ID which he is using.
  Kindly suggest us the steps to do it, I am not basis person, but I need to help him.
  Thanks and regards,
  Balaraj

  Hi Balaraj,
  You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI.  Use transaction RSECADMIN to create authorizations and user assignments.
  You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
  Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization  variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
  Assign points if you find it helpful.
  Regards, Uday

• InfoObject - Business Explorer Tab and field Authorization Relevant

  Is their a SAP utility / table / or transaction which can identify a field flagged on InfoObjects.
  I would like to determine all active InfoObjects which have the "authorization relevant" flagged on the
  InfoObject - Business Explorer tab.
  Version 7.0
  Thank you ...... dan

  Hi Dan,
  trIf you have used old analysis authorizations of BW3.5, in transaction RSSM if you click on Check authorization infoobjects for all infoproviders you should find a list of all authorization object which are in productive use.
  However, it does not give you the list of object which are marked as authorization relevant and have not been used in any productive cubes.
  Try table RSDCHA in se16. CHARNM - Put your char name and in OBJVERS put A. Authorization relevant flag would be 'X', if it is marked for authorization relevance.
  Hope it helps,
  Regards,
  Sunmit.

• SAP Report Authorization

  Hello,
  I have developed some reports for HR using InfoCubes 0PAPA_C02 and 0PA_C01. My reports are based on Company Code, Personnel Area, Country Code.
  The Problem that I am facing is how to restrict employees related data based on company Code, Countries, Personnel Area.
  I have tried to create Roles in RSECADMIN but some how values in the queries are not getting restricted.
  Please Help.
  Anil Kachru

  Hi Balaraj,
  You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI.  Use transaction RSECADMIN to create authorizations and user assignments.
  You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
  Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization  variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
  Assign points if you find it helpful.
  Regards, Uday

• List Database Table – Infoprovider, InfoObject, Flag Authorization Relevant

  Dear Expert,
  I’m working with SAP BI 2004s user management & authorization. I have several objects that I’ll have check. I don’t like check one by one, I like to check for the SE16 transaction, for this reason, I need to know what is the database table have content Infoprovider by InfoObject (Characteristics) which each have the flag authorization relevant.
  Moreover, in the same idea, which database has content Queries by Infoprovider which authorization variable?
  Thank for all,
  Luis

  For your first question:
  In addition to be above mentioned table, RSDCUBEIOBJ will give the information about Infoprovider and all the Infoobjects within this infoprovider.
  1. Find all the authorization relevant Infoobjects from RSDCHA table and copy them.
  2. In the table RSDCUBEIOBJ, paste all the Infoobjects obtained from 1 in the field "Infoobject". The result will be list of Infocubes and their corresponding authorization relevant Infoobjects.

• InfoObject 0TCAIFAREA Authorization Relevant

  Do I need to CHECK the InfoObject 0TCAIFAREA as Authorization Relevant for the SAP BI NW2004s NEW Analysis Authorizations concept?
  Please advice.
  Regards,
  Nicolette Nguyen

  Hi,
  Use transaction rsd1
  enter object name 0TCAIFAREA click on display
  Click on business explorer tab
  there you can find the check box authorization relevant or not
  Regards
  Ben

• Learning SAP BW authorizations structure and hierarchy  -  concepts

  Hello Experts,
  I need a good document for learning Authorizations structuring and hierarchy in SAP BIW 3.5 . I am giving authorizations in BIW but do not hv conceptual nd fundamentalistic knowledge of SAP BW authorizations and its structure . Plz send a good document for learning BW authorizations .............................it may be an excerpt frm FU&FU guide. My Email Id is [email protected]
  A short but complete SAP BW fundamentalistic , concepts and structure & hierarchy covering document is appreciated.
  Requested to revert at earliest as this is very urgent.
  Points guaranteed.
  Regards,
  Somya

  Hi maheshwari ,
  Use these steps for authorizations,
  1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
  EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
  first u ahve to decide which area & on which Infoobject.
  2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
  2.after that U Have to goto RSSM there u have to create authorization object
  Ex: Zxxx ( XXX is Infoobject Name ).
  3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
  4.next goto PFCG create role & save it
  5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
  6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
  7.click generate +enter
  8. goto user tab Enter userId+enter + click on usercomparision+ enter
  9.save the role.
  FOR HIRARCHIES:
  1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
  2. there u have to select Hierachy on which u have to apply authorization.
  Thanks,
  kiran

• Updating users profile when infoobject marked as authorization relevant

  Hi All,
  Consider a scenario where there are some projects in which perticuler infoobject is not authorization relevant but in some upcomming project the same infoobject needs to be authorization relevant.but when i marked this infoobject as authorization relevant then i need to manually insert this new authorization infoobject in each user profile. If there are more than 200 users available then it is not very good idea to include this infoobject in each profile manually. Is there any other way through which we can insert this infoobject in all user profile automatically.
  Regards,
  Deepak

  Hi again.
  Go to transaction se38 and create a program with the name ZCHANGE_APPEND_AUT.
  Insert the following code:
  REPORT  ZCHANGE_APPEND_AUT                             .
  TABLES RSECVAL.
  DATA: T_RSECVAL TYPE RSECVAL OCCURS 0 WITH HEADER LINE,
        T_RANGE TYPE RSEC_S_AUTH_VALUES_RANGE.
  SELECT-OPTIONS: ZAUT    FOR RSECVAL-TCTAUTH NO INTERVALS.
  PARAMETERS:     ZOBJN   LIKE RSECVAL-TCTIOBJNM DEFAULT '0TCAIPROV'.
  SELECT-OPTIONS: ZVALUES FOR RSECVAL-TCTLOW NO INTERVALS.
  LOOP AT ZAUT.
     LOOP AT ZVALUES.
        T_RANGE-IOBJNM = ZOBJN.
        T_RANGE-SIGN = 'I'.
        T_RANGE-OPT = 'EQ'.
        T_RANGE-LOW = ZVALUES-LOW.
        CALL FUNCTION 'RSEC_INSERT_FLAT_AUTH'
           EXPORTING
              I_AUTH = ZAUT-low
              I_RANGE = T_RANGE.
         CLEAR T_RANGE.
      ENDLOOP.
  ENDLOOP.
  Activate the program.
  Now when you run this program you'll be prompted for 3 parameters.
  The first is a list of Analysis Authorizations names that you wish to change.
  The second is the name of the InfoObject you want to insert to those authorizations, by default is 0TCAIPROV but you can change it to whatever you want
  The third is a list of values that will be inserted for those InfoObject.
  Therefore imagine that for authorization ZZZA, ZZZB and ZZZC you want to insert the object 0CUSTOMER with the values xpto, yyyy, and wwww.
  You would in this case run the program with the following parameters:
  AUT:
  ZZZA
  ZZZB
  ZZZC
  OBJN:
  0CUSTOMER
  VALUES:
  xpto
  yyyy
  wwww
  Please assign points,
  Diogo.

• Authorization Relevant Infoobject restriction for particular value

  Hi All,
  We have infoobject - 0COMPCODE which is authorization relevant. In query designer authorization variable - ZAUTH1 has been created.
  Now users want to restrict one particular Company Code (Ex- RU10) globally, so that none of the users will view this particular company code.
  We can't restrict this in query designer. Users can select among the company codes in the input selection of the report.
  Authorisations have been mantained in BW3.5 version
  Need help on this urgently.

  Hi Asish,
  Two ways.
  1. You can exclude the company code in the default values section, so that they would be able to view it in the list they see.
  2. You can exclude it in the authorizations assigned to the roles of the users. Give all the company code values in the authorization, except this company code, so that since the auth variable is createed in the query, you woulld view only the company codes that are authorized.
  Hope this helps.
  Regards
  Snehith.

• How can I activate 0CURRENCY  as Authorization Relevant?

  Hello gurus,
    I have many reports that use 0currency in the parameters in order to use a certain currency.  How ever we want to restrict the options using authorizations. 
  When I tried to mark 0currency as authorization relevant, i couldnt do it.  There is no tab of business explorer where I can mark it.
  ¿Does anybody knows how? or if it is not ossible, ¿how can i solve this problem?
  thank you!
  David Guerra

  Standard unitinfoobjects dont have Bex tab...if we use customized infoobjects we can

• Table name for authorization relevant InfoObjects

  Hi Gurus,
  In which table I could see all Authorization relevant InfoObjetcs ?
  Thanks
  Liza

  Hi,
  Table RSDCHA, field AUTHRELFL.
  or
  1. Go to RSSM t-code
  2.click the radio button Authorizations for several users there u have to enter ur login  Id name
  3.right hand side 1 spects symbol is there for disply-- click on it.
  It will show u all authorisation Infoobjects for u.
  Try this link. this might be helpful.
  Program to find the list of Authorization relevent info objects for given
  Regards,
  Haritha.
  Edited by: Haritha Molaka on Dec 7, 2009 5:47 AM

• Authorization Relevent Scenarios

  Hi All,
  I need a help of your suggestins to get a proper way to write my thesis over New Bi Authorization topic.
  I want to ask you what are the possible authorization scenarios you can think according to your experience.
  for example
  I have few of them
  1.Restriction to the one value of an InfoObjects.
  2.User has access to two projects in one project he has access to few material plant while in other project he has access to all material plant.
  3.You have for an InfoObject the checkbox authorization relevant has activated. What are the effects of this on other projects.
  4.How Authorization to the hierarchy nodes are defined.
  5.How combination of value authorization restriction and hierarchy authorization is working.
  can you think more of such scenarios.
  Please forward me as meny possible  authorization scenarios you can think.so that i can implement these scenarios as an prototype and it will be helpful to me to write my master thesis.
  Hope for the positive and quick answer from your side.
  With Best Regards And Thanks,
  Deepak

  Well,
  User has access to one key-figure for one project and all key-figures for another project;
  User has automatic filled authorization while executing a query;
  User has his/her authorization automatically filled in a user exit while executing any query;
  User has access to company code has a navigational attribute authorization with for example 0PLANT__0COMP_CODE instead of 0COMP_CODE and even for example 0PLANT is not marked as authorization relevant;
  User has access in one project to view the data (executing queries) and in another project he/her has access to plan the data (write data);
  Diogo.

• Authorization Relevant Info Objects

  Hi Experts,
    In my Business scenario,Profit center infoobject is
  authorization relevant for FI reports.In my FI reports,I have used profit center authorization variable.FI reports are working fine according to the authorizations.
  In sales Report,users should be able to see all profit
  centers(No Authorization needed for sales report)
  In my sales Report,I have used value based non authorization variable.When I run the sales report,I am getting authorization error
  How can I make profit center authorization relevant for only FI
  Info Area?
  Can Some one help me in solving this problem?
  Thank you in advance.
  Reward Points expected

  Hi Senoy,
  I suggest the following steps,
  1. You should list all of Sales Report, after that you need identify all of InfoProviders of this sales scenarios.
  2. In base of the InfoProviders sales scenarios, you need list all of InfoObejct authorization relevant of this scenario. In case of the "0PROFIT_CTR" is part of the InfoProvider sale scenarios, you need include in your authorization with the follow value "*" (total access) or ":" (acess agregation).
  3. For avoid future problem, the InfoProviders sales scenario have to be different of InfoProviders FI scenario. Otherwise, you will have the same condition in both scenario with the 0PROFIT_CTR.
  I hope help you,
  Luis

• Error when trying to make an infoobject "Authorization Relevant"

  We are getting the following message in German when we try to make an infoobject - 0PERS_AREA "Authorization Relevant" (using RSD1), Can anybody help us in translation of this nmessage and possile remedy. In fact, I tried other infoobjects as well lke 0ORGUNIT, 0EMPLOYEE, etc with the same message.
  "InfoObject 0PERS_AREA: Keine Berechtigung, um die
  Berechtigungsrelevanz zu ändern"
  Thanks
  Raj

  hi raj,
  You should do first this :
  1. Goto RSA1->Click on Infoobjects->Select ur Infoobject(0PERS_AREA )-> rightclick->select Change It will give Change Characteristic screen in this screen-> click on Business Explorer Tabstrip observe in general settings vey below ur having one <b>check box for  " AuthorizationRelavent"-> check that check box --->save +Activte.</b>
  next u have to follow these steps :
  1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
  EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
  first u ahve to decide which area & on which Infoobject.
  2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
  2.after that U Have to goto RSSM there u have to create authorization object
  Ex: Zxxx ( XXX is Infoobject Name ).
  3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
  4.next goto PFCG create role & save it
  5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
  6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
  7.click generate +enter
  8. goto user tab Enter userId+enter + click on usercomparision+ enter
  9.save the role.
  FOR HIRARCHIES:
  1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
  2. there u have to select Hierachy on which u have to apply authorization.
  Thanks,
  kiran

• Making 0PROFIT_CTR Authorization Relevant (RSECADMIN)

  I am in need on restricting certain queires to run, based on specific Company Codes and Profit Centers.
  I have made so far, only Company Code (0COMP_CODE) authorization relevant.
  If I make Profict Center (0PROFIT_CTR) authorization relevant, should the existing queries be affected ?
  In other words, when a user runs existing queries (which require to pass a Company Code), could it be
  asked to provide the Profit Center as well  [I won't insert the Profit Center (characteristic 0PROFIT_CTR) in the authorization ] ?
  Best regards,
  Tom

  If you are on BW3.5 authorization concept, all the queries should not be impacted if those are on different multiproviders (as in BW3.5 concept you can select which object is to be authorization relevant for a multiprovider). If you need profit center to be authorization relevant for one query, all other queries on the same multiprovider will be impacted and if you do not want to add profit center characteristic in all the queries, you will need to create a role with : (colon) access and assign it to the users.
  In 7.0 authorization concept, a authorization relevant info object will impact all the queries on all multiproviders. If you dont want to use profit center as auth relevant for some multiproviders, you will have to take care of it with functional role for that multiprovider or you can use : (colon) data access role.
  Regards,
  Gaurav