Two analysis authorisation

Similar Messages

• BI7 Analysis Authorisations - relationship between value & hierarchy auths

  Hi all
  Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?

  SDN is the place to discuss technical problems..
  Please avoid such weird post.
  G@urav.

• Hierarchy Analysis Authorisation

  Hi All
  We are trying to limit the output of a HR Sickness report depending on the user's position in the Org Structure hierarchy. We can't use structural authorisation as its not maintained in ECC.
  We have the org struct in BI and we want to setup dynamic Analysis Authorisation (AA). So we want to create AA with hierarchy restriction on 0orgunit based on a variable. Then at runtime the variable is populated by ABAP with the user's org unit. The report then shows the data for the user's org unit (and all other org units below in the org structure).
  In RSECADMIN I can create a new authorisation object and add 0orgunit to it. On the Hierarchy Authorisations tab  I hit the create button and select orgeh hierarchy . Then I press the 'select variable' button and I get the error message 'No variable of type Customer/SAP exit for characteristic 0ORGUNIT exists'.
  What am I doing wrong? Where do I specify a variable for 0ORGUNIT so that it can be available in the selection screen?
  Thanx
  Asif

  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
  http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144&overridelayout=true
  Go through these links. Hope this would help you.

• BI analysis authorisations direct assign to user in RSECADMIN

  Hello,
  In RSECADMIN it is possible to directly assign the 'analysis authorisations' to user-id's
  It is also possible to assign the 'analysis authorisations'  to a role via the authorisation object S_RS_AUTH
  Can somebody tell me
  -    what are the pros and cons of directly assigning the analysis autorisations to the users in the RSECADMIN ?
  -    In which situation is direct assigning in RSECADMIN used ?
  -     IS dirtectly assigning to users in RSECADMIN in a production environment critical?
  -     what does SAP propose: directly assigning in analysis authorisations our via a role
  In our case we have the situation of
         BI system with a large number of analysis authorisations. The values of the analysis authorisations should be  
         maintainable in production environment.
         We have also to take in mind:
                            -  Roles are added to users via CUA ( RSECADMIN is not maintainable via CUA)
                            -  Business Objects is coming. So set up the authorisations that they can be used for Business Objects
                            -  Flexible ( new autorisation relevant info Objects)  should be easy adeptable.
         What we want to use is
                                   - assigning analysis authorisations via a single role ( in a composite ) to the user
                                   -  a variable in the analysis authorisations as field value  of a characteristic. In that case the values can be  
                                      assigned dynamically in production.
                                     the data access role has the link to the analysis autorisations in the RSECADMIN.
                                    this analysis authorisation contains variables instead of a fixed field value.
                                    The values of the variables are maintained in a table in a production environment
           Is using directly assigning analysis authorisations to users in the RSECADMIN in  the production environment an  alternative  ? 
      Thanks for your answers
      With Kind Regards,
      Vincent
  Edited by: Vincent Willems on Apr 7, 2011 10:37 AM

  Hello Vincent,
  My way of working is to follow the structure you have in the providing systems. If you have created a role for a production employee then try to translate the roles for the production analysis the same way in BI. You can use the s_rs_auth object. In HR you can use structural authorizations, you can use some programs to set the structural authorizations in BI and that will be done by creating an analysis object and add this to the user involved. Also updates from structural authorizations will be done automatically by these programs. I should not add your own objects to single users, that is a lot of maintenance you do not want. Use in BI the same concept as in the providing systems, it is more clear for anyone who has to work with it.
  Have fun
  Bye
  Jan van Roest
  PS. Did you solve your problem? If so please close your question
  Edited by: J. van Roest on Jul 7, 2011 12:51 PM

• Analysis Authorisations

  Hi,
  Query regarding Analysis Authorisation.....
  I had a 3 Queries based on a Multiprovider which is a combination of 10 Info Cubes....
  Where do i need to implement my authorisation on Multiprovider level or at the cube level..as data is avaliable in cube
  Thanks

  Hi there,
  You need at MultiProvider level.
  Assign points if helpfull.
  Diogo.

• Doubt in Analysis authorisations

  i have implemented analysis authorisations in BW 7.0 System
  After that when i login to the query using a user id where analsysis authorisation is implemented,
  I could not see the Report directly. I have to apply filter and then only i was able to view the report.
  My question is, when u implement analysis authorisations , you will be able to view the report direcly or you will be able to view the report only after applying filters

  > You need a authorization-variable in your filter for
  > the infoobject IO_DEPT.
  Be aware that there is no need to use authorization variables in SAP BI 7.0!!!
  This is one of the great GREAT advantadges of using analysis of authorizations.
  What you need is to define the adequate authorizations to access query/workbook and funcionality. Analysis authorizations does not relate with funcionality access, only with providers and data access.
  Q: "When ever u implement Analyis Auth, you will be able to see filtered data directly or you have to do that Filter changes and only view the data. "
  A: You only view the data, no need to filter. Once again, use the log from the analysis authorization to see the information the system provides.
  I defined the following technical objects in a
  separate "technical authorization":
  0TCAACTVT Activity in Analysis Authorizations
  0TCAIPROV Authorizations for InfoProvider
  0TCAKYFNM Key Figure in Analysis Authorizations
  0TCAVALID Validity of an Authorization
  Message was edited by:
          Miguel Costa

• Looking to Migrate to Analysis Authorisation from 3.x  Migration

  Hi Masters,
  we are migrating our system from Old Authoristaion to new Analysis Authorisation.
  Need some information like:-
  1) What should be checked as a part of Impact Anaylsis at the start.
  2) What will be the Impact on the existing Authorisation
  3) Whether We have to create new roles or the existing Role will work.
  Please respond quickly so that I can Start working on that.
  TIA.
  Regards,
  Amit Kumar Trivedi

  Hi,
  Have a look at below threads for similar query, hope it helps.
  Analysis Authorization - Problem with navigation attribute
  BI Authorizations : Regarding Analysis Authorization
  Analysis Authorization & its compaitbility with BW 3.5 Query
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/9000928e-dd3d-2e10-9ca1-a00f249305b7?QuickLink=index&overridelayout=true
  Regards,
  Mani

• ":" in analysis authorisation objects

  Hi,
  We made 0DEPARTMENT as authorisation relevant.
  In one of our Analysis Authorisation Objects(Rsecadmin) Settings for 0DETARTMENT IS = :
  What exactly ":" represents
  Thanks in advance

  Hi,
  The colon( value is used in BW to authorise display of aggregates. If you are using company code in the free characteristics and do not restrict on it to authorised values, you need to maintain : for it. Once you drill down on it (or equivalently put it in the rows) you need the actual values to be maintained in the authorisations as well.
  Have you investigated the use of authorisation variables? You can maintain the values 1000 and 3000 in the authorisation and restrict the characteristic with an authorisation variable. This will ensure that the query is run for only the authorised values. This will work irrespective of whether you use company code in the rows or free characteristics.
  Thanks,
  Venkat

• Analysis Authorisation

  Dear all,
  i have the following question:
  I would like to restrict a user for the following settings:
  1. The user is allowed to access the following infoobjects:
  Version 100 on Infocube 1 and Posting level 00 -10
  2. The same user is allowed to access
  Version 101 on Infocube 2 and Posting level 00 - 30
  For both requirements i created 2 analysis authorisations:
  But after assigning both authorisations the following happens:
  The user has access on each infocube  to all versions and all Posting level.
  How i have to handle this problem???

  Hi Christina,
  The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
  0TCAIPROV
  0TCAACTVT
  0TCAVALID
  And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
  So for your issue you have to define these three characteristics first
  0TCAIPROV: Name of your infoprovider
  0TCAACTVT: Activity for which you want to authorize the user
                      such as 1 - Create
                                   2 - Change
                                   3 - Display
  - For all Activity
  So as per the need you can give the authorization to the user (1,2,3 or *)
  0TCAVALID: If you want to give a validity then specify here or
                     give * value
  So as per these guidelines you have to define both the analysis authorization.
  Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
  Hope I could help you in this regard.
  Kindly Asign points if useful...
  Regards,
  Abhi

• Analysis Authorisation Table

  Hi all,
  I've just started working on a new project and am familiarising myself with the build. Part of this is the BI analysis authorisations, of which there are over a hundred. Rather than attempt to view these inividually is there a table that can give me this info, rather like AGR_1251 but for analysis auths?
  Thanks,
  Nick.

  Hi,
  tables of analysis authorization for RSECADMIN are
  RSECHIE_CL Change log of hierarchy authorizations
  RSECUSERAUTH BI Analysis authorization  assignment to users
  RSECUSERAUTH_CL BI Analysis authorization assignment to users
  RSECTXT_CL Change log of authorization texts
  RSECVAL_CL Change log of Authorization Value Status
  RSECBIAU Changes to Authorization (Last Changed By]
  You can  find more table start with  RSEC*  just check with F4 in SE16.
  Hope this helps
  Edited by: connecpk on Feb 1, 2010 4:49 PM

• Analysis authorisation tables

  Hi, is there any table I can use to determine the content of analysis authorisations assigned to users rather than look individually in each user via RSECADMIN?                                                                                Thanks,  Mark.

  Hi Mark,
  I hope you have posted the question in multiple areas. Please post all the BI related questions in BI forums. However, you can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
  RSECHIE - Status of hierarchy authorizations
  RSECTXT - Authorization text
  RSECVAL - Authorization Value Status
  RSECBIAU - Changes to Authorization (Last Changed By]
  RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
  Change log tables:
  RSECUSERAUTH_CL   - Assignment of users
  RSECHIE_CL - Change log of hierarchy authorizations
  RSECTXT_CL - Authorization texts
  RSECVAL_CL - Authorization Value Status
  Hope this helps!!
  Rgds,
  Raghu

• Analysis authorisation settings

  Hi All
  When using the standard business content characteristics , 0TCAACTVT,0TCAIPROV,and 0TCAVALID, within analysis authorisations. Do these characteristics need flagging as authorisation relevant in all clients, Dev Uat and Prodn, as at present they are only authorisation relevant in our Dev client, even though the authorisation exists in all clients.
  Thanks
  Simon

  Hi,
  Yes, these characteristics need to remain flagged as authorization relevant in all systems and clients. If not, please ensure to transport these characteristics from DEV first before transporting analysis auths.
  Thanks,
  Deb

• Deleting Automatic Generated Analysis Authorisation

  Dear All,
  We are generating Value and Hierarchy analysis authorisation automatically with the help of DSOs 0TCA_DS01 and 0TCA_DS02.( through RSECADMIN )
  Upon generation everytime, it first deletes all the previously generated analysis authorisation ( for the users that are available in these DSOs ) and creates new ones with the name starting as RSR_*.
  If the username for a particular user is not present in these DSOs, system will not delete / create anything for those users.System deletes / creates analysis authorisations only for those users that are available in these DSOs.
  Suppose a user a going out from the organisation, in that case we need to manually find out all the analysis authorisations ( RSR_* ) that were previously generated for that user and delete the analysis authorisations manually.
  This is time consuming process.
  Could you please advise any automatic / simpler way for deleting previously generated analysis authorisations for such users.
  Assume that these users are not available in the new data loaded in these DSOs.
  Thanking You,
  Tarun Brijwani.

  Hi Tarun,
  If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are completely deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.
  Please refer the following link for more information.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/55/46eb411a7f6324e10000000a1550b0/frameset.htm
  Thanks,
  Krishnan

• Sharing one navigation item to two analysis items

  Hello Experts,
  I want to use only one navigation pane for two analysis items. Any body is having an idea how to integrate one navigation item to two analysis items.
  Regards,
  Abhi

  If I got it, you want to have one filter affecting two tables.
  In workbook, create two analysis grids and one navigation pane.Then assign the same data providers to navigation pane and two analysis tables(and give the same names).Then, when you change something in navigation pane, two tables will be affected.
  Step by step document for workbook:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d032116a-1ba6-2e10-8db6-d84e7dcc9975?QuickLink=index&overridelayout=true

• OBIEE lookup between two analysis?

  Is it possible to create an excel 'vlookup' style linkage between two analysis in OBIEE?
  For example:
  Analysis A has a list of customer ID's and their YTD revenue.
  Customer_Id
  YTD_Revenue
  1234
  $54321
  4321
  $12345
  Analysis B has a customer ID's and total AR billings for the year:
  Customer_Id
  YTD_Billings
  1234
  $231
  4321
  $894
  Is it possible to "lookup" the YTD revenue by Customer_Id from the first analysis and use it in the second? I know this can be accomplished in SQL with sub-queries, but I'm not sure if I can do this in the OBIEE.

  It depends on what you would like to accomplish. You have three options:
  1) Create a union all request. Create 3 columns: Customer_id, YTD_Billings and YTD_Revenue. In the first part of the union use Customer_Id and YTD_Billings and a surrogate column (''). The second part of the union has Customer_Id, a surrogate column and the YTD_Revenue column.
  2) create an Advanced filter - Sub query. Filter the report on the results of the other report.
  3) Direct Database request. Use a query as you like as a source for your report.