Urgent!!Analysis Authorisation!!

Hi All,
We have created aothorisation for an user to access only a particular Vendor Id to access thru custome exit,but particular user viewing all other Vendor Datas also..
Pls tell where the problem could be???
Help me ASAP.

Hi
Still we have set the break point & checking ..But Couldnt able to analyze the problem yet?
What We have found is I _ step=0, then it displays no values in the varilable selection & when I_step=3,
it display all the values...
Pls help me out as I dont have any idea of ABAP coding.
thnx in advance.

Similar Messages

  • BI7 Analysis Authorisations - relationship between value & hierarchy auths

    Hi all
    Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?

    SDN is the place to discuss technical problems..
    Please avoid such weird post.
    G@urav.

  • Hierarchy Analysis Authorisation

    Hi All
    We are trying to limit the output of a HR Sickness report depending on the user's position in the Org Structure hierarchy. We can't use structural authorisation as its not maintained in ECC.
    We have the org struct in BI and we want to setup dynamic Analysis Authorisation (AA). So we want to create AA with hierarchy restriction on 0orgunit based on a variable. Then at runtime the variable is populated by ABAP with the user's org unit. The report then shows the data for the user's org unit (and all other org units below in the org structure).
    In RSECADMIN I can create a new authorisation object and add 0orgunit to it. On the Hierarchy Authorisations tab  I hit the create button and select orgeh hierarchy . Then I press the 'select variable' button and I get the error message 'No variable of type Customer/SAP exit for characteristic 0ORGUNIT exists'.
    What am I doing wrong? Where do I specify a variable for 0ORGUNIT so that it can be available in the selection screen?
    Thanx
    Asif

    https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
    http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144&overridelayout=true
    Go through these links. Hope this would help you.

  • BI analysis authorisations direct assign to user in RSECADMIN

    Hello,
    In RSECADMIN it is possible to directly assign the 'analysis authorisations' to user-id's
    It is also possible to assign the 'analysis authorisations'  to a role via the authorisation object S_RS_AUTH
    Can somebody tell me
    -    what are the pros and cons of directly assigning the analysis autorisations to the users in the RSECADMIN ?
    -    In which situation is direct assigning in RSECADMIN used ?
    -     IS dirtectly assigning to users in RSECADMIN in a production environment critical?
    -     what does SAP propose: directly assigning in analysis authorisations our via a role
    In our case we have the situation of
           BI system with a large number of analysis authorisations. The values of the analysis authorisations should be  
           maintainable in production environment.
           We have also to take in mind:
                              -  Roles are added to users via CUA ( RSECADMIN is not maintainable via CUA)
                              -  Business Objects is coming. So set up the authorisations that they can be used for Business Objects
                              -  Flexible ( new autorisation relevant info Objects)  should be easy adeptable.
           What we want to use is
                                     - assigning analysis authorisations via a single role ( in a composite ) to the user
                                     -  a variable in the analysis authorisations as field value  of a characteristic. In that case the values can be  
                                        assigned dynamically in production.
                                       the data access role has the link to the analysis autorisations in the RSECADMIN.
                                      this analysis authorisation contains variables instead of a fixed field value.
                                      The values of the variables are maintained in a table in a production environment
             Is using directly assigning analysis authorisations to users in the RSECADMIN in  the production environment an  alternative  ? 
        Thanks for your answers
        With Kind Regards,
        Vincent
    Edited by: Vincent Willems on Apr 7, 2011 10:37 AM

    Hello Vincent,
    My way of working is to follow the structure you have in the providing systems. If you have created a role for a production employee then try to translate the roles for the production analysis the same way in BI. You can use the s_rs_auth object. In HR you can use structural authorizations, you can use some programs to set the structural authorizations in BI and that will be done by creating an analysis object and add this to the user involved. Also updates from structural authorizations will be done automatically by these programs. I should not add your own objects to single users, that is a lot of maintenance you do not want. Use in BI the same concept as in the providing systems, it is more clear for anyone who has to work with it.
    Have fun
    Bye
    Jan van Roest
    PS. Did you solve your problem? If so please close your question
    Edited by: J. van Roest on Jul 7, 2011 12:51 PM

  • Analysis Authorisations

    Hi,
    Query regarding Analysis Authorisation.....
    I had a 3 Queries based on a Multiprovider which is a combination of 10 Info Cubes....
    Where do i need to implement my authorisation on Multiprovider level or at the cube level..as data is avaliable in cube
    Thanks

    Hi there,
    You need at MultiProvider level.
    Assign points if helpfull.
    Diogo.

  • Doubt in Analysis authorisations

    i have implemented analysis authorisations in BW 7.0 System
    After that when i login to the query using a user id where analsysis authorisation is implemented,
    I could not see the Report directly. I have to apply filter and then only i was able to view the report.
    My question is, when u implement analysis authorisations , you will be able to view the report direcly or you will be able to view the report only after applying filters

    > You need a authorization-variable in your filter for
    > the infoobject IO_DEPT.
    Be aware that there is no need to use authorization variables in SAP BI 7.0!!!
    This is one of the great GREAT advantadges of using analysis of authorizations.
    What you need is to define the adequate authorizations to access query/workbook and funcionality. Analysis authorizations does not relate with funcionality access, only with providers and data access.
    Q: "When ever u implement Analyis Auth, you will be able to see filtered data directly or you have to do that Filter changes and only view the data. "
    A: You only view the data, no need to filter. Once again, use the log from the analysis authorization to see the information the system provides.
    I defined the following technical objects in a
    separate "technical authorization":
    0TCAACTVT Activity in Analysis Authorizations
    0TCAIPROV Authorizations for InfoProvider
    0TCAKYFNM Key Figure in Analysis Authorizations
    0TCAVALID Validity of an Authorization
    Message was edited by:
            Miguel Costa

  • Looking to Migrate to Analysis Authorisation from 3.x  Migration

    Hi Masters,
    we are migrating our system from Old Authoristaion to new Analysis Authorisation.
    Need some information like:-
    1) What should be checked as a part of Impact Anaylsis at the start.
    2) What will be the Impact on the existing Authorisation
    3) Whether We have to create new roles or the existing Role will work.
    Please respond quickly so that I can Start working on that.
    TIA.
    Regards,
    Amit Kumar Trivedi

    Hi,
    Have a look at below threads for similar query, hope it helps.
    Analysis Authorization - Problem with navigation attribute
    BI Authorizations : Regarding Analysis Authorization
    Analysis Authorization & its compaitbility with BW 3.5 Query
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/9000928e-dd3d-2e10-9ca1-a00f249305b7?QuickLink=index&overridelayout=true
    Regards,
    Mani

  • ":" in analysis authorisation objects

    Hi,
    We made 0DEPARTMENT as authorisation relevant.
    In one of our Analysis Authorisation Objects(Rsecadmin) Settings for 0DETARTMENT IS = :
    What exactly ":" represents
    Thanks in advance

    Hi,
    The colon( value is used in BW to authorise display of aggregates. If you are using company code in the free characteristics and do not restrict on it to authorised values, you need to maintain : for it. Once you drill down on it (or equivalently put it in the rows) you need the actual values to be maintained in the authorisations as well.
    Have you investigated the use of authorisation variables? You can maintain the values 1000 and 3000 in the authorisation and restrict the characteristic with an authorisation variable. This will ensure that the query is run for only the authorised values. This will work irrespective of whether you use company code in the rows or free characteristics.
    Thanks,
    Venkat

  • Two analysis authorisation

    Dear Gurus,
    I have the turned two navigation attributes as auth. relevant,
    global cost center: this is based on hierarchy authorisation
    local cost center: this is based on value authorisation.
    There is one-to-one mapping between glocal cost center and local center. Users would request authorisation on either of them but they can ask for authorisation for more than one role with different combination.
    I have created three analysis authorisation for the below scenarios:
    1: Role_1 has Auth_1 with the below values
    global cost center: X (node)
    local cost center: * (as users have no knowledge about the mapping)
    This works fine.
    2: Role_2 has Auth_2 with the below values
    global cost center: * (as users don't know the mapping)
    local cost center: A
    This works fine as well.
    3: Role_3 has auth_1 and auth_2.
    This doesn't work. It throws authrisation error.
    Can you please suggest how can scenario 3 work.
    Thanks in advance
    Regards

    Hi Max,
    Unlike ECC Auth Objects, Analysis Auths always work on the concept of Intersection. Which means when you run query for a particular input selection and you have multiple analysis auth assigned, then queries will only be executed if input selection falls within the intersected region for the characteristics in two analysis auths.
    Therefore effectively when you assign auth_1 and auth_2 to an user, user gets the following access:
    global cost center: Node
    local cost center: A
    Can you confirm if the user is selecting the above values while executing queries and still getting authorization error?
    I didn't understand the requirement of Role_3 = Auth_1+Auth_2 though, but if you can explain the requirement, I can try to suggest some solution.
    Thanks,
    Deb

  • Analysis Authorisation

    Dear all,
    i have the following question:
    I would like to restrict a user for the following settings:
    1. The user is allowed to access the following infoobjects:
    Version 100 on Infocube 1 and Posting level 00 -10
    2. The same user is allowed to access
    Version 101 on Infocube 2 and Posting level 00 - 30
    For both requirements i created 2 analysis authorisations:
    But after assigning both authorisations the following happens:
    The user has access on each infocube  to all versions and all Posting level.
    How i have to handle this problem???

    Hi Christina,
    The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
    0TCAIPROV
    0TCAACTVT
    0TCAVALID
    And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
    So for your issue you have to define these three characteristics first
    0TCAIPROV: Name of your infoprovider
    0TCAACTVT: Activity for which you want to authorize the user
                        such as 1 - Create
                                     2 - Change
                                     3 - Display
    - For all Activity
    So as per the need you can give the authorization to the user (1,2,3 or *)
    0TCAVALID: If you want to give a validity then specify here or
                       give * value
    So as per these guidelines you have to define both the analysis authorization.
    Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
    Hope I could help you in this regard.
    Kindly Asign points if useful...
    Regards,
    Abhi

  • Analysis Authorisation Table

    Hi all,
    I've just started working on a new project and am familiarising myself with the build. Part of this is the BI analysis authorisations, of which there are over a hundred. Rather than attempt to view these inividually is there a table that can give me this info, rather like AGR_1251 but for analysis auths?
    Thanks,
    Nick.

    Hi,
    tables of analysis authorization for RSECADMIN are
    RSECHIE_CL Change log of hierarchy authorizations
    RSECUSERAUTH BI Analysis authorization  assignment to users
    RSECUSERAUTH_CL BI Analysis authorization assignment to users
    RSECTXT_CL Change log of authorization texts
    RSECVAL_CL Change log of Authorization Value Status
    RSECBIAU Changes to Authorization (Last Changed By]
    You can  find more table start with  RSEC*  just check with F4 in SE16.
    Hope this helps
    Edited by: connecpk on Feb 1, 2010 4:49 PM

  • Analysis authorisation tables

    Hi, is there any table I can use to determine the content of analysis authorisations assigned to users rather than look individually in each user via RSECADMIN?                                                                                Thanks,  Mark.

    Hi Mark,
    I hope you have posted the question in multiple areas. Please post all the BI related questions in BI forums. However, you can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
    RSECHIE - Status of hierarchy authorizations
    RSECTXT - Authorization text
    RSECVAL - Authorization Value Status
    RSECBIAU - Changes to Authorization (Last Changed By]
    RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
    Change log tables:
    RSECUSERAUTH_CL   - Assignment of users
    RSECHIE_CL - Change log of hierarchy authorizations
    RSECTXT_CL - Authorization texts
    RSECVAL_CL - Authorization Value Status
    Hope this helps!!
    Rgds,
    Raghu

  • Analysis authorisation settings

    Hi All
    When using the standard business content characteristics , 0TCAACTVT,0TCAIPROV,and 0TCAVALID, within analysis authorisations. Do these characteristics need flagging as authorisation relevant in all clients, Dev Uat and Prodn, as at present they are only authorisation relevant in our Dev client, even though the authorisation exists in all clients.
    Thanks
    Simon

    Hi,
    Yes, these characteristics need to remain flagged as authorization relevant in all systems and clients. If not, please ensure to transport these characteristics from DEV first before transporting analysis auths.
    Thanks,
    Deb

  • Deleting Automatic Generated Analysis Authorisation

    Dear All,
    We are generating Value and Hierarchy analysis authorisation automatically with the help of DSOs 0TCA_DS01 and 0TCA_DS02.( through RSECADMIN )
    Upon generation everytime, it first deletes all the previously generated analysis authorisation ( for the users that are available in these DSOs ) and creates new ones with the name starting as RSR_*.
    If the username for a particular user is not present in these DSOs, system will not delete / create anything for those users.System deletes / creates analysis authorisations only for those users that are available in these DSOs.
    Suppose a user a going out from the organisation, in that case we need to manually find out all the analysis authorisations ( RSR_* ) that were previously generated for that user and delete the analysis authorisations manually.
    This is time consuming process.
    Could you please advise any automatic / simpler way for deleting previously generated analysis authorisations for such users.
    Assume that these users are not available in the new data loaded in these DSOs.
    Thanking You,
    Tarun Brijwani.

    Hi Tarun,
    If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are completely deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.
    Please refer the following link for more information.
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/55/46eb411a7f6324e10000000a1550b0/frameset.htm
    Thanks,
    Krishnan

  • Regarding the analysis authorisations.

    Hi experts,
                         I was new to concept analysis authorisations .Actually i am creating the authorisations for the company code we are having 10 company code among that one for 1100 i am creating the authorisations for to restrict the data of the 1100 to an particular user .Using the analysis authorisations i created and passed the parameters 0tctactv ,....ect like this on which infoprovider,and on which company code i am making the restrictions to the particular user .when i am executing the particular user all the reports what ever it is having on the cube is comming but here i need to get the report based up on only the company code 1100 .but i dont need the data from the 1000,2000,like that for that user.can you tell me experts where exactly i am doing the mistake .if it is possible can you give me the screen shots for the analysis authorisations .
                                                       bye.

    Hi,
    Use following link to create role and auth object
    http://help.sap.com/saphelp_scm50/helpdata/EN/0c/515bb287fe41829556fb4227820e52/content.htm
    Regards
    Pramod

  • EYE 007 Aggregated Value for Analysis Authorisations

    Hi there,
    I'm attempting to unit test a new report in our development environment via RSECADMIN. Having created the role and assigned to the test user I get the error that aggregated values for particular characteristics are empty. However I've already added these to an analysis authorisation and used this for another report where it finds the characteristics.
    I'm stumped as to why this report doesn't find the same values. I've generated the role and run a user master compare, but this still fails. Any help is appreciated.
    Thanks.

    1. Please take the InfoProvider on which you have created your query and find which characteristics are Authorization Relavant for that MultiProvider/InfoProvider.
    2. Make sure all these characteristics are added to the analysis authorizations assigned to the user: Detailed feild values for the one your report is about and aggregated value for the other one and all the relevant 0TCA* content as well
    The report should work, however in your case it seems like you are assigning the characteristics using separate analysis authorizations, in that case make sure the concerned InfoProvider is mentioned in each analysis authorization under 0TCAIPROVfor the analysis authorizations to combine.

Maybe you are looking for

  • What is a sparsebundle?

    Time Machine will not back up. I get this error message: "/Volumes/Data/MacBook Pro.sparsebundle" could not be accessed (error -1).

  • Can I connect the IC Web Client directly to a R/3 Backend?

    Hello, I want to connect the IC Web Client directly to a R/3 Backend, is that possible? I want to do in this way so I won't need to transfer all the data in the R/3 Backend to the CRM system. Thanks!

  • Outgoing mails are not going on N97

    Dear All, Please help me out. I have N97 and i have set up the mail box but i can only receive the message but i cannot send it from my mobile. when i checked out in my outlook configuration i found, there is one option more settings, once i press th

  • How to enable....

    Ok so I've got a QT movie with the video track enabled, but no audio track, and and ad QT movie with the audio track enabled, but no video track. I'm trying to combine the two. I can't "add" the aduio to the QT picture file because the audio track is

  • Exit Code: 7 on flash cs5 installation? help please??

    Hello i'm having a bit of a problem with re-installing flash cs5, i used to have it but i factory setted my laptop cuse it was acting up for a while and including flash was cting up and not loading so now i got to install it and it is giving problems