topic Re: Testing Analysis Authorizations in Application Development and Automation Discussions

Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 20:03:20 GMT

Hi Gurus,

I have created Analysis Authorizations and now i wanted to test them.

1.I have created AA on 'company code:0COMP_CODE' with the value '*'

and for the special charecteristics i have mentioned the below values:

0TCAIPROV - with the list of infocubes that were listed in the S_RS_COMP auth obj.

0TCAACTVT - 03 (display) as the query execution authorization is already given in the s_rs_comp auth obj with the values 03 and 16.

0TCAVALID - '*'

Now for testing i have added this authorization in a role( which was already designed in BW) through 'S_RS_AUTH' auth obj.

like in this fashion:

BI Analysis Authorizations: Na 'Z_ENDUSR_ALL'

the above line i did copy and pasted here from the profile generator screen i dont know what is that 'Na' before 'Z_ENDUSR_ALL'

what does it mean? is it 'not applicable' some thing like that.

after that i have added the above role to the user and changed the switch in the IMG to the value ' current proceedure with Analysis Authorization'

when we ran the report its giving 'user not authoriozed' and the same error is coming for any company code.

but in BW its working fine when we switch back to old obselete proceedure.

This is the problem iam facing can some one please tell me where i went wrong.does i need to change any more settings.

Thanks in advance

Padmaja.

Re: Testing Analysis Authorizations

Former Member — Thu, 14 Aug 2008 20:09:16 GMT

Hi Padmaja,

You said you created an AA : Z_ENDUSR_ALL and you added this in the S_RS_AUTH in the existing role.

I am not clear about


> like in this fashion:
> BI Analysis Authorizations: Na 'Z_ENDUSR_ALL'

Also, check if other characteristics are marked Auth Relevant other than company code.

Regards,

Zaheer

Edited by: Zaheer on Aug 14, 2008 1:09 PM

Edited by: Zaheer on Aug 14, 2008 1:17 PM

Re: Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 20:23:13 GMT

Hi Zaheer,

In the Role i have manually added through S_RS_AUTH auth object and after adding the styntax of the auth obj look like :

Manually BI Analysis Authorizations in Role (S_RS_AUTH)

Manually BI Analysis Authorizations Role (T-BD05013300)

BI Analysis Authorizations:Na Z_ENDUSR_ALL (BIAUTH)

Hope now you understood what i meant.i have given the value of the authorization in the role in the above way.

Please let me know if i did nt exaplain my problem well.

Re: Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 20:25:45 GMT

yes zaheer there are other charecteristics which are marked as auth relevant.and there was also an error the charecteristic 'OS_controlarea' is an auth relevant.so where should i include this control area charecteristic.

Re: Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 20:37:58 GMT

"Also, check if other characteristics are marked Auth Relevant other than company code. "

Zaheer,when running a report using the company code if that report contains another Auth relevant Charecteristic then how should we define the analysis authorization or where should that particular authorization can be given to the user.

Re: Testing Analysis Authorizations

Former Member — Thu, 14 Aug 2008 20:41:13 GMT

You need to add those characteristics in the AA object.

In RSECADMIN, edit the AA. Click the infocube icon (next to insert special charc.), then add the infoproviders which were there in the existing role and have auth relevant charac., once you'll click the OKAY it will prompt you with all the auth relevant characteristics of the infoprovider, include them all (including the Control area) and accordingly maintain each as per your requirements, to try with put them as *

Otherwise, you can simply click + sign and add 0CO_AREA, however i would recommend the first option, since it will also tell you other the control area what all others are marked as auth relevant in infoproviders

Regards,

Zaheer

PS : If my memory is with me, i remember answering migration related queries to you earlier also...

Re: Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 20:53:19 GMT

Thanks a lot zaheer . i will try with the proceedure you have given.

Re: Testing Analysis Authorizations

former_member672609 — Thu, 14 Aug 2008 21:08:07 GMT

Actually i was asked to replicate their old auth concept which was in BW with the respective Analysis Authorizations in BI.

For this scenario which i was trying to create AA was,they have defined an Custom Rep Auth Obj on Company code by including just the company code charecteristic and linked it to some infocubes.

In this auth obj they have not mentioned control area.. etc charecteristics which are auth relevant.

But if a report is run on this there is no auth error for 'control area' char and in BI we are getting an auth error for the 'control area' char saying user is not authorised.

Why is it so?

Re: Testing Analysis Authorizations

Former Member — Thu, 14 Aug 2008 21:18:55 GMT

New BI Security features are totally different from BW.

Refer this guide :

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea

and

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/707cbec7-9716-2a10-8092-cb7485e25de9

Regards,

Zaheer

Re: Testing Analysis Authorizations

former_member672609 — Fri, 15 Aug 2008 13:13:13 GMT

Thanks zaheer it worked.