User variable in rule set

Similar Messages

• What's user variable name using Smart View POV function (ex:HypGetActiveMember)?

  Hi,
  We want to use Smart View POV function (ex:HypGetActiveMember) to get the active member of user variables from HFM forms selected into Excel, but we don't know the user variable name in the following paragraph of Smart View developer guide:
  "To uniquely identify the user variable, provide the user variable name rather than the dimension name."
  For example, what's the user variable name of Year dimension? How to get the user variable name?
  Any information would be appreciated. Thank you!

  Hi,
  I guess user variable name is set by users/developers. I am not very clear on your question. If you have defined some variables to select any members from a dimension then it will be in HFM only. In planning we have two kinds of variables User Variables (we set it from Planning Preferences) and Substitution variable (we set it from Essbase Consol in the backend). Without looking into your application it is difficult to say the user variable name. Like for Year the user variables can be "PreviousYear", "CurrentYear", or "NextYear" etc.
  Soumya

• User Variable Options: How can I use them in a Business Rule?

  How can I use a "User Variable" set in File / Preferences in a Business Rule? It doesn't seem to appear as an Essbase Substitution Variable or as a Global Variable of Business Rules. The only way I know how to use it is to place the dimension on the POV or Page dimension of a data form, then use a Global Variable in a run time prompt to pick the member and run a BR against it, or some function of it.
  What do I do if I want to have that dimension in Columns or Rows? How can I set a BR to directly reference the member chosen under User Variable Options?
  J

  Thanks Alp, but I can't seem to reproduce what you are writing below. I want to refer my Business Rule to address the value set in File / Preferences / User Variable Options; no matter what members I show elsewhere in the data form.
  My other workaround is through a run time prompt and hope the user selects the appropriate user variable at the very bottom of the selection list in order to calculate the appropriate list of members.
  J

• User Variable in Business Rule or Global Variable

  I wanted to call the User Variable value of Planning application under the Globel Variable of Default Value. Example I have created one Globel variable under the Default value the user varible value need to pickup so any thought how I can do this.
  I know in the Form if you use &UsrVar this will show the user variable value in the Data form but it is not showing the User Variable value in global variable or inside the Business rule.It is giving an error message there is no substitution variable has been defined. Please explain.
  Thanks in Advance,
  Irsh
  Edited by: 818693 on 17 May, 2011 7:22 AM

  Hi,
  User variables are meant to be used in web forms and web forms only. You can certainly pass their values to business rules when you used them in POV or page section of the form during save. All you need to do is to create another business rule (local or global) variable in business rule on the corresponding dimension and use it in your business rule. If you enable running the business rule on save and using the form values for variables options in form properties, business rules would replace the values of business rule variables with the values that are set in user variables.
  Cheers,
  Alp

• Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

  I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

  Hi,
  Assign ECC connector to SAP_ECCS_LG group.
  Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
  Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
  Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
  Regards,
  Vivek

• Cannot attach User property set within a Rule set

  Hi,
  I cannot attach a user property set within a rule set. When i create a new
  rule set in the tools it doesnt give me a field to attach a User property
  set to a rule set. I dont get this.
  I am using WLCS 3.2, cloudscape, WL 5.1 SP 6, Win2000.
  Any help wud be greatly appreciated.

  Hello Kapil,
  This is a good thing. Allow me to convince you. Prior to WLCS 2.0.1 sp1,
  each rule set required that a property set be associated with it. Rules in
  that rule set could only use properties from that property set. You could not
  write a rule that used properties from multiple property sets. Therefore, it
  was impossible to combine user/group, session, and request properties in
  rules. It is a good thing that you don't have to associate a property set
  with the rule set anymore.
  kapil wrote:
  Hi,
  I cannot attach a user property set within a rule set. When i create a new
  rule set in the tools it doesnt give me a field to attach a User property
  set to a rule set. I dont get this.
  I am using WLCS 3.2, cloudscape, WL 5.1 SP 6, Win2000.
  Any help wud be greatly appreciated.--
  Ture Hoefner
  BEA Systems, Inc.
  2590 Pearl St.
  Suite 110
  Boulder, CO 80302
  www.bea.com

• Doubt in Execute Rule Set Action

  Hi,
  I have seen the following documentation in help doc regarding Execute Ruleset action
  'The Execute Ruleset and Execute Flow Ruleset rule script actions result in evaluating and executing another ruleset u2013 either a rete ruleset or a flow ruleset. This action is similar to invoking a ruleset, except that the current value of objects, including variable definitions, are available to the ruleset being invoked (instead of their initial values). If the invoked ruleset changes the value of any of the objects, these are reflected in the initial Flow Ruleset'
  I have a rule flow set invoking another rule set in its action script. I need to pass a variable defined in rule flow set to invoked rule set. I did this with following action
  Execute Ruleset RuleSet1 On var1.
  My doubt is how do i access this in invoked rule set? I didnt see this in invoked rule set.
  Regards,
  Dhana

  Hi Dhana,
  'The Execute Ruleset and Execute Flow Ruleset rule script actions result in evaluating and executing another ruleset u2013 either a rete ruleset or a flow ruleset. This action is similar to invoking a ruleset, except that the current value of objects, including variable definitions, are available to the ruleset being invoked (instead of their initial values). If the invoked ruleset changes the value of any of the objects, these are reflected in the initial Flow Ruleset'
  What we mean by the stmt above is - In case the action  "Execute Ruleset" or "Execute Flow Ruleset" is used, all those global definitions which are modified at the ruleset level will retain their changed value when the other ruleset is evaluated.
  This needn't be specifically mentioned using the "ON" option.
  This option is provided for a user to pass the current value of objects alone. "except that the current value of objects... are available to the ruleset being invoked"
  Your other question related to passing the variable definition created at the flow ruleset level, to be passed to the other ruleset - such a mapping is not yet possible. You will have to define this as a common(global) definition.
  Hope this clarifies your doubt.
  Best Regards,
  Arti

• Corrupt Global User Variable?

  We're running ICM 7.5 and over the weekend, calls stopped routing to one skill.  AT&T, our first line, worked with Cisco and after research/testing, came back with an answer that the global user variable was corrupt.  Has anyone experienced this?  It seems odd that out of the blue this becomes corrupt, especially over a weekend when call volume is low.
  My team, along with Network and AT&T did a process of elimination, removing translation route & global user to validate call routing and adding each piece back.  When the variable was added, call routing failed to backup routing.
  Thanks,
  Jill M Gorrie

  Hi,
  User variables are meant to be used in web forms and web forms only. You can certainly pass their values to business rules when you used them in POV or page section of the form during save. All you need to do is to create another business rule (local or global) variable in business rule on the corresponding dimension and use it in your business rule. If you enable running the business rule on save and using the form values for variables options in form properties, business rules would replace the values of business rule variables with the values that are set in user variables.
  Cheers,
  Alp

• When Role is assigned to User through membership rule then it's membership is not added to OID ?

  Hi All,
        I have OIM 11gR2 installed with  LDAPSync enabled.
  When tried to assign Role to User through membership rule, Role is successfully assigned to User in OIM, but it is not added in OID.
  Role membership is added in OID when User requests Role through Catalog search. Also, Role membership is added in OID after running job 'LDAPSync Post Enable Provision Role Memberships to LDAP '.
  How can I add Role membership in OID  as soon as Role is assigned to User  through membership rule in OIM ?

  Hi
  It sounds like you have not selected anything on the Presentation & Data tab of the Workspace Startpoint/User Service.
  You need to specify:
  Your Asset (the form you want to present to the user)
  An associated Action Profile (tells the server how you want the form rendered...typically it is set to Default which uses the Render PDF Form process)
  The variable to hold your data(typically an xml variable)
  Make sure these are set.
  Diana

• Utilizing XML Publisher Report Bursting Program user-variables

  When running the XML Publisher Report Bursting Program against a bursting control file, I see the following in the log:
  Bursting propertes.....
  {user-variable:cp:territory=US, user-variable:cp:ReportRequestID=4413342, user-variable:cp:language=en, user-variable:cp:responsibility=20678, user-variable.OA_MEDIA=http://hostname:8000/OA_MEDIA, burstng-source=EBS, user-variable:cp:DebugFlag=N, user-variable:cp:parent_request_id=4413342, user-variable:cp:locale=en-US, user-variable:cp:user=USER, user-variable:cp:application_short_name=XDO, user-variable:cp:request_id=4413368, user-variable:cp:org_id=204, user-variable:cp:reportdescription=Report Name, user-variable:cp:Dummy for Data Security=Y}
  I would like to reference one or more of these in
  1. My bursting control file
  2. My template (to be output in final PDF).
  I cannot seem to get this to work in my bursting control file by referencing:
  ${cp:user} (note that it just returns the word 'null' here instead of the value)
  nor can I get it to work in my RTF template by referencing:
  <?xdoxslt:get_variable($_XDOCTX, ‘cp:user’)?>
  Should this work, or I am missing something?
  Thanks

  Thanks Ike, it likely would. The thing I keep coming back to is an example in the BIP Developer's Guide that suggests you can set a property and have it made available:
  DocumentProcessor dp = new DocumentProcessor (cfgFile, xmlFile, dir);
  Properties prop= new Properties();
  prop.put("user-variable:ADMIN_EMAIL","[email protected]");
  dp.setConfig(prop);
  dp.process()
  Seems to me that the work going on behind the scenes here (based on log statements alone) suggest the same sort of integration.. but I suppose not.
  Thanks

• Do you trust the SAP standard rule set ?

  Hello all,
  I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
  As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
  1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
  2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
  Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
  So, the best practice is :
  a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
  b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
  You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
  Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
  Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
  Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
  Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
  Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
  Success !
  Sam

  Sam and everyone,
  Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
  I'll try to address each area that Sam brings up:
  1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
  The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
  The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
  If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
  Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
  2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
  If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
  3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
  4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
  1083611 Compliance Calibrator Rule Update Q3 2007
  1061380 Compliance Calibrator Rule Update Q2 2006
  1035070 Compliance Calibrator Rule Update Q1 2007
  1173980 Risk Analysis and Remediation Rule Update Q2 2008
  5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
  6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
  https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
  Under Key Topics - Access Control; choose document below:
      o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
  The access risk management guide helps you set up and implement risk    
  identification and remediation with GRC Access Control.

• Issue with User Variable Due Shared Member Security Access

     Hi All,
  One of my client is using User variable in data form to define POV.
  Now if user has access to 2 member in the Dimension, he should able to see 2 member when he try to assign the value to this "user variable"
  but he can see some of the parent member name ,this parent name has only one child which is a shared member of the 2 base member for which he has access.
  For Example:
  Entity Dimension:
  E1 (user has access)
  E2
  E3(user has access)
  E4
  Alt_Entity
  Alt_Entity1E1 (sharedmember)
  Alt_Entity2E2 (sharedmember)
  Alt_Entity3E3 (sharedmember)
  Alt_Entity4E4 (sharedmember)
  User is able to see below members, when he try to assign value
  E1 (user has access)
  E3(user has access)
  Alt_Entity1
  Alt_Entity3
  Now if I add another member under this parent, than user are unable to see this parent member.
  For Example:
  Entity Dimension:
  E1 (user has access)
  E2
  E3(user has access)
  E4
  Alt_Entity
  Alt_Entity1
  E1 (sharedmember)
  E2 (sharedmember)
  Alt_Entity2E2 (sharedmember)
  Alt_Entity3
  E3 (sharedmember)
  E2 (sharedmember)
  Alt_Entity4E4 (sharedmember)
  User is able to see below members, when he try to assign value
  E1 (user has access)
  E3(user has access)
  Any idea?

  Sorry, but actually its the parent that needs tagging with "Never Share", not the level 0 member, so Alt_Entity1 and Alt_Entity2 etc, see Essbase DBA guide
  understanding Implied
  Sharing
  The shared member property defines a shared data relationship explicitly. Some
  members are shared even if you do not explicitly set them as shared. These
  members are said to be implied shared members.
  If you do not want a member to be shared implicitly, mark the parent as Never Share so
  that the data is duplicated, and is not shared. See Understanding Shared Members for an
  explanation of how shared members work.
  So in the example above
  Entity Dimension:
  E1 (user has access)
  E2
  E3(user has access)
  E4
  Alt_Entity
  Alt_Entity1 - Set to "Never Share"E1 (sharedmember)
  Alt_Entity2E2 (sharedmember)
  Alt_Entity3 - Set to "Never Share"E3 (sharedmember)
  Alt_Entity4E4 (sharedmember
  Thanks
  Anthony

• Migrating HBR Sequences into 11.1.2.x as Rule Sets

  Hi, has anyone been able to migrate sequences into Calc Manager?  With the method I'm trying, Calc Manager recognizes the rules and variables in the sequence(s) (will skip then when the Skip option selected), but the rule set does not appear (verified by <Find><Contains> search.
  -Vince

  Hi, has anyone been able to migrate sequences into Calc Manager?  With the method I'm trying, Calc Manager recognizes the rules and variables in the sequence(s) (will skip then when the Skip option selected), but the rule set does not appear (verified by <Find><Contains> search.
  -Vince

• HELP: SSIS 2012 - Execute SQL Task with resultset to populate user variables produces DBNull error

  I am experiencing an unexplainable behavior with the Execute SQL Task control in SSIS 2012. The following is a description of how to simulate
  the issue I will attempt to describe:
  1. Create a package and add two variables User::varTest1 and User::varTest2 both of String type with default value of "Select GetDate()"
  for each, have shown this to not matter as the same behavior occurs when using a fixed string value or empty string value.
  2. Add a new Execute SQL Task to the control flow.
  3. Configure an OLE DB connection.
  4. Set SQLSourceType = "Direct Input"
  5. Set the ResultSet property of the task to "Single Row"
  6. In the ResultSet tab add two results as follows: 
  Result Name: returnvalue1, Variable Name: User::varTest1
  Result Name: returnvalue2, Variable Name: User::varTest2
  7. Set an expression for the SqlStatementSource property with a string value of "Select 'Test' returnvalue1, 'Testing' returnvalue2'"
  The idea is that the source would be dynamically set in order to run a t-sql statement which would have dynamic values for database name
  or object that would be created at runtime and then executed to set the user variable values from its resultset. Instead what occurs is that a DBNull error occurs.
  I am not sure if anyone else has experienced this behavior performing similiar actions with the Execute SQL Task or not. Any help would be
  appreciated. The exact message is as follows:
  [Execute SQL Task] Error: An error occurred while assigning a value to variable "varRestoreScript": "The type of the value
  (DBNull) being assigned to variable "User::varRestoreScript" differs from the current variable type (String). Variables may not change type during execution. Variable types are strict, except for variables of type Object.
  User::varRestoreScript is the first return value. And even with the a dummy select the same result occurs. I have narrowed the issue down
  to the T-SQL Statement structure itself. 
  The following works just fine within the execute sql task control as long as no resultset is configured for return:
  "Declare @dynamicSQL nvarchar(max)
  Select @dynamicSQL = name 
  From sys.databases 
  Where name = 'master'
  Select atest_var1=@dynamicSQL, atest_var2='static'"
  I have tried various iterations of the script above with no success. However, if I use the following derivative of it the task completes
  successfully and variables are set as expected.  This will not work for my scenario however as I need to dynamically build a string spanning multiple resultsets to build one of the variable values.
  "Select atest_var1=name, atest_var2='static'
  From sys.databases
  Where name = 'master'
  I have a sample package which can reproduce this issue using the above code.  You can get to that through the post on www.sqlservercentral.com/Forums/Topic1582670-364-1.aspx
  Scott

  Arthur,  the query when executed doesn't return a null value for the @dynamicSQL variable.  It returns "master" as a string value.  Even the following fails which implements that suggestion:
  Declare @dynamicSQL as nvarchar(max)
  Select @dynamicSQL = name
  From master.sys.databases 
  Where name = 'master' -- (or any other DB name)
  I believe I have found the cause of the issue.  It is datatype and size related.  The above script will properly set the variables in the resultset as long as you don't use nvarchar(max) or varchar(max).  This makes the maximum data size for
  a String variable 4000 characters whether unicode or non-unicode typed.

• Does the "The Project Owner has the same RBS value as the User" dynamic category rule include Status Managers?

  I tested the following scenario in Project Server 2010 and 2013:
  Assume you have three users: User1, User2, and User3.
  User1 has RBS value Org.UnitA
  User2 and User3 both have RBS value Org.UnitB
  User3 belongs to a group that gets permissions to view projects from a category with "The Project Owner has the same RBS value as the User" setting enabled.
  User2 creates ProjectABC and by default becomes the project Owner. User2 creates a task in the project, and by default becomes the Status Manager of the task.
  User2 then changes the project owner to User1 and republishes the project. User2 remains the Status Manager in the project task.
  User3 can still see ProjectABC. Apparently this is because User2, who has the same RBS value as User3, is still a Status Manager of project tasks.
  If I change User2 RBS value to Org.UnitA, then User3 can no longer see ProjectABC. Note that User2 is not the project Owner at this stage, but the change in User2's RBS still affects the visibility of the project.
  It seems to me that in "The Project Owner has the same RBS value as the User" dynamic category rule, the "Owner" should be "Owner or Status Manager".
  Is this a bug or by design?

  Hi Barbara,
  Thanks for going through the trouble of reproducing the behaviour. It's interesting to know that Effective Rights in Project Online displays different results.
  The system in which I tested this scenario is updated with the December CU, so I'm guessing you'll still get the same result after updating your environment.
  In my usage scenario, a user needs to create projects on behalf of other users, and then change the Owner. Unfortunately this doesn't change the Status Manager of tasks, and consequently the visibility of the project is not what was expected.
  The user who creates the project can change the Owner, but can't change the Status Manager. The new owner would have to open the project for editing in Project Pro, change the Status Manager value of every task, and republish. Precisely the sort of extra
  work that the users want to avoid.
  Using delegation might be a workaround, but opens up a whole new can of worms in terms of information security. It's unfortunate that the "The Project Owner has the same RBS value as the User" setting doesn't do what it says, but potentially
  opens up visibility of projects to a wider audience than intended.