https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998303#M1494896 <HTML><HEAD></HEAD><BODY><P>Hi Rao,</P><P></P><P>Assigning the Analysis Authorizations via roles is advantageous over directly assigning them as per my experience due to the following reasons:</P><P></P><P>1. Consistent design through out the system. </P><P>2. Less confusion for the end users. They might have to keep track of roles and analysis authorizations if you have both ways.</P><P>3. Less maintenance when there are large number of users. If you are changing or renaming the analysis authorizations you do not have to reassign all the users but just change the role and the user assignments will be still fine.</P><P></P><P>Overall assigning via roles will be a cleaner design and will be much easier for your reports.</P><P></P><P>Thanks,</P><P>Karthik.</P></BODY></HTML> Fri, 18 Jun 2010 16:28:25 GMT Former Member 2010-06-18T16:28:25Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998297#M1494890 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>I have seen security documents and couple of links and tested with dircect analysis authorization to user and also checked with Pfcg role with s_rs_authobject assginment both are working . i have seen some docs assign users via role is more flexible to maintain is it correct .</P><P></P><P>Analysis authorizations can be assigned</P><P>Directly to users</P><P>To users via roles</P><P></P><P>what will be best to design and maintain the analysis role ? any suggestions will be appreciate </P><P>Thanks rao</P></BODY></HTML> Thu, 17 Jun 2010 21:34:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998297#M1494890 Former Member 2010-06-17T21:34:30Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998298#M1494891 <HTML><HEAD></HEAD><BODY><P>I have found that assigning analysis auths to users via roles is generally a much cleaner solution.</P></BODY></HTML> Thu, 17 Jun 2010 22:32:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998298#M1494891 Former Member 2010-06-17T22:32:35Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998299#M1494892 <HTML><HEAD></HEAD><BODY><P>Ram,</P><P></P><P>You have flagged characteristics that you want to protect as authorization-relevant in InfoObject maintenance.</P><P></P><P>In principle, all authorization-relevant characteristics are checked for existing authorizations if they occur in a query or in an InfoProvider that is being used. For this reason, you should avoid flagging too many characteristics as authorization-relevant so you keep the administrative efforts to a minimum and keep performance good.</P><P></P><P>We recommend that you include a maximum of 10 authorization-relevant characteristics in a query, since performance is otherwise negatively impacted. Authorization-relevant characteristics with asterisk (*) authorization are an exception to this; you can include more authorization-relevant characteristics of this type in a query.</P><P></P><P></P><P>These are the option; In this best option will be to users vis role.</P><P>Analysis authorizations can be assigned</P><P>Directly to users</P><P>To users via roles</P><P></P><P></P><P>Thanks,</P><P>Sri</P></BODY></HTML> Thu, 17 Jun 2010 23:00:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998299#M1494892 Former Member 2010-06-17T23:00:47Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998300#M1494893 <HTML><HEAD></HEAD><BODY><P>Hi Rao,</P><P></P><P>Even I would recommend to go for assignment by role, because in this case you can take help of SE16 standard table for e.g agr_1251 or SUIM for pulling out reports from SAP. Also you will have a better control over the security issues as the trouble shooting would be quite easy <SPAN __jive_emoticon_name="happy"></SPAN>)</P></BODY></HTML> Fri, 18 Jun 2010 04:36:10 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998300#M1494893 Former Member 2010-06-18T04:36:10Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998301#M1494894 <HTML><HEAD></HEAD><BODY><P>hi </P><P></P><P>thanks for your suggestions, it is good toassign with role assignment . is there any pros and cons that we should not do . </P><P>as sri mentioned it is easy to track through se16/agr_1251, but we also have a tables where we can track analysis assigned to user s</P><P>RSECBIAU Changes to Authorization (Last Changed By</P><P>RSECUSERAUTH BI Analysis authorization ? assignment to users</P><P>RSECUSERAUTH_CL BI Analysis authorization ? assignment to users</P><P></P><P>any ideas or suggestions please</P></BODY></HTML> Fri, 18 Jun 2010 15:39:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998301#M1494894 Former Member 2010-06-18T15:39:37Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998302#M1494895 <HTML><HEAD></HEAD><BODY><P>Hi Rao,</P><P></P><P>I would say, its basically your choice to go about it and also how much you are comfortable with BW tables/ R3 tables. </P><P></P><P>There doesn't seems to be any pros and cons as such neither I have found any mentioned by SAP. However if you want to compare the access of two users , or roles etc, you can use SUIM more effectiviely if you have used role based methodology.</P><P></P><P>Also you might miss good and meaningful reports from SUIM:-))</P></BODY></HTML> Fri, 18 Jun 2010 15:52:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998302#M1494895 Former Member 2010-06-18T15:52:34Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998303#M1494896 <HTML><HEAD></HEAD><BODY><P>Hi Rao,</P><P></P><P>Assigning the Analysis Authorizations via roles is advantageous over directly assigning them as per my experience due to the following reasons:</P><P></P><P>1. Consistent design through out the system. </P><P>2. Less confusion for the end users. They might have to keep track of roles and analysis authorizations if you have both ways.</P><P>3. Less maintenance when there are large number of users. If you are changing or renaming the analysis authorizations you do not have to reassign all the users but just change the role and the user assignments will be still fine.</P><P></P><P>Overall assigning via roles will be a cleaner design and will be much easier for your reports.</P><P></P><P>Thanks,</P><P>Karthik.</P></BODY></HTML> Fri, 18 Jun 2010 16:28:25 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998303#M1494896 Former Member 2010-06-18T16:28:25Z https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998304#M1494897 <HTML><HEAD></HEAD><BODY><P>answered</P></BODY></HTML> Tue, 10 Aug 2010 01:52:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/analysis-assignment/m-p/6998304#M1494897 Former Member 2010-08-10T01:52:37Z