Urgent!!Analysis Authorisation!!
Hi All,
We have created aothorisation for an user to access only a particular Vendor Id to access thru custome exit,but particular user viewing all other Vendor Datas also..
Pls tell where the problem could be???
Help me ASAP.
Hi
Still we have set the break point & checking ..But Couldnt able to analyze the problem yet?
What We have found is I _ step=0, then it displays no values in the varilable selection & when I_step=3,
it display all the values...
Pls help me out as I dont have any idea of ABAP coding.
thnx in advance.
Similar Messages
-
BI7 Analysis Authorisations - relationship between value & hierarchy auths
Hi all
Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?SDN is the place to discuss technical problems..
Please avoid such weird post.
G@urav. -
Hierarchy Analysis Authorisation
Hi All
We are trying to limit the output of a HR Sickness report depending on the user's position in the Org Structure hierarchy. We can't use structural authorisation as its not maintained in ECC.
We have the org struct in BI and we want to setup dynamic Analysis Authorisation (AA). So we want to create AA with hierarchy restriction on 0orgunit based on a variable. Then at runtime the variable is populated by ABAP with the user's org unit. The report then shows the data for the user's org unit (and all other org units below in the org structure).
In RSECADMIN I can create a new authorisation object and add 0orgunit to it. On the Hierarchy Authorisations tab I hit the create button and select orgeh hierarchy . Then I press the 'select variable' button and I get the error message 'No variable of type Customer/SAP exit for characteristic 0ORGUNIT exists'.
What am I doing wrong? Where do I specify a variable for 0ORGUNIT so that it can be available in the selection screen?
Thanx
Asifhttps://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144&overridelayout=true
Go through these links. Hope this would help you. -
BI analysis authorisations direct assign to user in RSECADMIN
Hello,
In RSECADMIN it is possible to directly assign the 'analysis authorisations' to user-id's
It is also possible to assign the 'analysis authorisations' to a role via the authorisation object S_RS_AUTH
Can somebody tell me
- what are the pros and cons of directly assigning the analysis autorisations to the users in the RSECADMIN ?
- In which situation is direct assigning in RSECADMIN used ?
- IS dirtectly assigning to users in RSECADMIN in a production environment critical?
- what does SAP propose: directly assigning in analysis authorisations our via a role
In our case we have the situation of
BI system with a large number of analysis authorisations. The values of the analysis authorisations should be
maintainable in production environment.
We have also to take in mind:
- Roles are added to users via CUA ( RSECADMIN is not maintainable via CUA)
- Business Objects is coming. So set up the authorisations that they can be used for Business Objects
- Flexible ( new autorisation relevant info Objects) should be easy adeptable.
What we want to use is
- assigning analysis authorisations via a single role ( in a composite ) to the user
- a variable in the analysis authorisations as field value of a characteristic. In that case the values can be
assigned dynamically in production.
the data access role has the link to the analysis autorisations in the RSECADMIN.
this analysis authorisation contains variables instead of a fixed field value.
The values of the variables are maintained in a table in a production environment
Is using directly assigning analysis authorisations to users in the RSECADMIN in the production environment an alternative ?
Thanks for your answers
With Kind Regards,
Vincent
Edited by: Vincent Willems on Apr 7, 2011 10:37 AMHello Vincent,
My way of working is to follow the structure you have in the providing systems. If you have created a role for a production employee then try to translate the roles for the production analysis the same way in BI. You can use the s_rs_auth object. In HR you can use structural authorizations, you can use some programs to set the structural authorizations in BI and that will be done by creating an analysis object and add this to the user involved. Also updates from structural authorizations will be done automatically by these programs. I should not add your own objects to single users, that is a lot of maintenance you do not want. Use in BI the same concept as in the providing systems, it is more clear for anyone who has to work with it.
Have fun
Bye
Jan van Roest
PS. Did you solve your problem? If so please close your question
Edited by: J. van Roest on Jul 7, 2011 12:51 PM -
Hi,
Query regarding Analysis Authorisation.....
I had a 3 Queries based on a Multiprovider which is a combination of 10 Info Cubes....
Where do i need to implement my authorisation on Multiprovider level or at the cube level..as data is avaliable in cube
ThanksHi there,
You need at MultiProvider level.
Assign points if helpfull.
Diogo. -
Doubt in Analysis authorisations
i have implemented analysis authorisations in BW 7.0 System
After that when i login to the query using a user id where analsysis authorisation is implemented,
I could not see the Report directly. I have to apply filter and then only i was able to view the report.
My question is, when u implement analysis authorisations , you will be able to view the report direcly or you will be able to view the report only after applying filters> You need a authorization-variable in your filter for
> the infoobject IO_DEPT.
Be aware that there is no need to use authorization variables in SAP BI 7.0!!!
This is one of the great GREAT advantadges of using analysis of authorizations.
What you need is to define the adequate authorizations to access query/workbook and funcionality. Analysis authorizations does not relate with funcionality access, only with providers and data access.
Q: "When ever u implement Analyis Auth, you will be able to see filtered data directly or you have to do that Filter changes and only view the data. "
A: You only view the data, no need to filter. Once again, use the log from the analysis authorization to see the information the system provides.
I defined the following technical objects in a
separate "technical authorization":
0TCAACTVT Activity in Analysis Authorizations
0TCAIPROV Authorizations for InfoProvider
0TCAKYFNM Key Figure in Analysis Authorizations
0TCAVALID Validity of an Authorization
Message was edited by:
Miguel Costa -
Looking to Migrate to Analysis Authorisation from 3.x Migration
Hi Masters,
we are migrating our system from Old Authoristaion to new Analysis Authorisation.
Need some information like:-
1) What should be checked as a part of Impact Anaylsis at the start.
2) What will be the Impact on the existing Authorisation
3) Whether We have to create new roles or the existing Role will work.
Please respond quickly so that I can Start working on that.
TIA.
Regards,
Amit Kumar TrivediHi,
Have a look at below threads for similar query, hope it helps.
Analysis Authorization - Problem with navigation attribute
BI Authorizations : Regarding Analysis Authorization
Analysis Authorization & its compaitbility with BW 3.5 Query
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/9000928e-dd3d-2e10-9ca1-a00f249305b7?QuickLink=index&overridelayout=true
Regards,
Mani -
":" in analysis authorisation objects
Hi,
We made 0DEPARTMENT as authorisation relevant.
In one of our Analysis Authorisation Objects(Rsecadmin) Settings for 0DETARTMENT IS = :
What exactly ":" represents
Thanks in advanceHi,
The colon( value is used in BW to authorise display of aggregates. If you are using company code in the free characteristics and do not restrict on it to authorised values, you need to maintain : for it. Once you drill down on it (or equivalently put it in the rows) you need the actual values to be maintained in the authorisations as well.
Have you investigated the use of authorisation variables? You can maintain the values 1000 and 3000 in the authorisation and restrict the characteristic with an authorisation variable. This will ensure that the query is run for only the authorised values. This will work irrespective of whether you use company code in the rows or free characteristics.
Thanks,
Venkat -
Dear Gurus,
I have the turned two navigation attributes as auth. relevant,
global cost center: this is based on hierarchy authorisation
local cost center: this is based on value authorisation.
There is one-to-one mapping between glocal cost center and local center. Users would request authorisation on either of them but they can ask for authorisation for more than one role with different combination.
I have created three analysis authorisation for the below scenarios:
1: Role_1 has Auth_1 with the below values
global cost center: X (node)
local cost center: * (as users have no knowledge about the mapping)
This works fine.
2: Role_2 has Auth_2 with the below values
global cost center: * (as users don't know the mapping)
local cost center: A
This works fine as well.
3: Role_3 has auth_1 and auth_2.
This doesn't work. It throws authrisation error.
Can you please suggest how can scenario 3 work.
Thanks in advance
RegardsHi Max,
Unlike ECC Auth Objects, Analysis Auths always work on the concept of Intersection. Which means when you run query for a particular input selection and you have multiple analysis auth assigned, then queries will only be executed if input selection falls within the intersected region for the characteristics in two analysis auths.
Therefore effectively when you assign auth_1 and auth_2 to an user, user gets the following access:
global cost center: Node
local cost center: A
Can you confirm if the user is selecting the above values while executing queries and still getting authorization error?
I didn't understand the requirement of Role_3 = Auth_1+Auth_2 though, but if you can explain the requirement, I can try to suggest some solution.
Thanks,
Deb -
Dear all,
i have the following question:
I would like to restrict a user for the following settings:
1. The user is allowed to access the following infoobjects:
Version 100 on Infocube 1 and Posting level 00 -10
2. The same user is allowed to access
Version 101 on Infocube 2 and Posting level 00 - 30
For both requirements i created 2 analysis authorisations:
But after assigning both authorisations the following happens:
The user has access on each infocube to all versions and all Posting level.
How i have to handle this problem???Hi Christina,
The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
0TCAIPROV
0TCAACTVT
0TCAVALID
And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
So for your issue you have to define these three characteristics first
0TCAIPROV: Name of your infoprovider
0TCAACTVT: Activity for which you want to authorize the user
such as 1 - Create
2 - Change
3 - Display
- For all Activity
So as per the need you can give the authorization to the user (1,2,3 or *)
0TCAVALID: If you want to give a validity then specify here or
give * value
So as per these guidelines you have to define both the analysis authorization.
Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
Hope I could help you in this regard.
Kindly Asign points if useful...
Regards,
Abhi -
Hi all,
I've just started working on a new project and am familiarising myself with the build. Part of this is the BI analysis authorisations, of which there are over a hundred. Rather than attempt to view these inividually is there a table that can give me this info, rather like AGR_1251 but for analysis auths?
Thanks,
Nick.Hi,
tables of analysis authorization for RSECADMIN are
RSECHIE_CL Change log of hierarchy authorizations
RSECUSERAUTH BI Analysis authorization assignment to users
RSECUSERAUTH_CL BI Analysis authorization assignment to users
RSECTXT_CL Change log of authorization texts
RSECVAL_CL Change log of Authorization Value Status
RSECBIAU Changes to Authorization (Last Changed By]
You can find more table start with RSEC* just check with F4 in SE16.
Hope this helps
Edited by: connecpk on Feb 1, 2010 4:49 PM -
Hi, is there any table I can use to determine the content of analysis authorisations assigned to users rather than look individually in each user via RSECADMIN? Thanks, Mark.
Hi Mark,
I hope you have posted the question in multiple areas. Please post all the BI related questions in BI forums. However, you can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
RSECHIE - Status of hierarchy authorizations
RSECTXT - Authorization text
RSECVAL - Authorization Value Status
RSECBIAU - Changes to Authorization (Last Changed By]
RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
Change log tables:
RSECUSERAUTH_CL - Assignment of users
RSECHIE_CL - Change log of hierarchy authorizations
RSECTXT_CL - Authorization texts
RSECVAL_CL - Authorization Value Status
Hope this helps!!
Rgds,
Raghu -
Analysis authorisation settings
Hi All
When using the standard business content characteristics , 0TCAACTVT,0TCAIPROV,and 0TCAVALID, within analysis authorisations. Do these characteristics need flagging as authorisation relevant in all clients, Dev Uat and Prodn, as at present they are only authorisation relevant in our Dev client, even though the authorisation exists in all clients.
Thanks
SimonHi,
Yes, these characteristics need to remain flagged as authorization relevant in all systems and clients. If not, please ensure to transport these characteristics from DEV first before transporting analysis auths.
Thanks,
Deb -
Deleting Automatic Generated Analysis Authorisation
Dear All,
We are generating Value and Hierarchy analysis authorisation automatically with the help of DSOs 0TCA_DS01 and 0TCA_DS02.( through RSECADMIN )
Upon generation everytime, it first deletes all the previously generated analysis authorisation ( for the users that are available in these DSOs ) and creates new ones with the name starting as RSR_*.
If the username for a particular user is not present in these DSOs, system will not delete / create anything for those users.System deletes / creates analysis authorisations only for those users that are available in these DSOs.
Suppose a user a going out from the organisation, in that case we need to manually find out all the analysis authorisations ( RSR_* ) that were previously generated for that user and delete the analysis authorisations manually.
This is time consuming process.
Could you please advise any automatic / simpler way for deleting previously generated analysis authorisations for such users.
Assume that these users are not available in the new data loaded in these DSOs.
Thanking You,
Tarun Brijwani.Hi Tarun,
If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are completely deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.
Please refer the following link for more information.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/55/46eb411a7f6324e10000000a1550b0/frameset.htm
Thanks,
Krishnan -
Regarding the analysis authorisations.
Hi experts,
I was new to concept analysis authorisations .Actually i am creating the authorisations for the company code we are having 10 company code among that one for 1100 i am creating the authorisations for to restrict the data of the 1100 to an particular user .Using the analysis authorisations i created and passed the parameters 0tctactv ,....ect like this on which infoprovider,and on which company code i am making the restrictions to the particular user .when i am executing the particular user all the reports what ever it is having on the cube is comming but here i need to get the report based up on only the company code 1100 .but i dont need the data from the 1000,2000,like that for that user.can you tell me experts where exactly i am doing the mistake .if it is possible can you give me the screen shots for the analysis authorisations .
bye.Hi,
Use following link to create role and auth object
http://help.sap.com/saphelp_scm50/helpdata/EN/0c/515bb287fe41829556fb4227820e52/content.htm
Regards
Pramod -
EYE 007 Aggregated Value for Analysis Authorisations
Hi there,
I'm attempting to unit test a new report in our development environment via RSECADMIN. Having created the role and assigned to the test user I get the error that aggregated values for particular characteristics are empty. However I've already added these to an analysis authorisation and used this for another report where it finds the characteristics.
I'm stumped as to why this report doesn't find the same values. I've generated the role and run a user master compare, but this still fails. Any help is appreciated.
Thanks.1. Please take the InfoProvider on which you have created your query and find which characteristics are Authorization Relavant for that MultiProvider/InfoProvider.
2. Make sure all these characteristics are added to the analysis authorizations assigned to the user: Detailed feild values for the one your report is about and aggregated value for the other one and all the relevant 0TCA* content as well
The report should work, however in your case it seems like you are assigning the characteristics using separate analysis authorizations, in that case make sure the concerned InfoProvider is mentioned in each analysis authorization under 0TCAIPROVfor the analysis authorizations to combine.
Maybe you are looking for
-
Time Machine will not back up. I get this error message: "/Volumes/Data/MacBook Pro.sparsebundle" could not be accessed (error -1).
-
Can I connect the IC Web Client directly to a R/3 Backend?
Hello, I want to connect the IC Web Client directly to a R/3 Backend, is that possible? I want to do in this way so I won't need to transfer all the data in the R/3 Backend to the CRM system. Thanks!
-
Outgoing mails are not going on N97
Dear All, Please help me out. I have N97 and i have set up the mail box but i can only receive the message but i cannot send it from my mobile. when i checked out in my outlook configuration i found, there is one option more settings, once i press th
-
How to enable....
Ok so I've got a QT movie with the video track enabled, but no audio track, and and ad QT movie with the audio track enabled, but no video track. I'm trying to combine the two. I can't "add" the aduio to the QT picture file because the audio track is
-
Exit Code: 7 on flash cs5 installation? help please??
Hello i'm having a bit of a problem with re-installing flash cs5, i used to have it but i factory setted my laptop cuse it was acting up for a while and including flash was cting up and not loading so now i got to install it and it is giving problems