topic Re: Authorization problem in BI in Application Development and Automation Discussions

Authorization problem in BI

Former Member — Mon, 21 Jan 2008 17:51:35 GMT

Hi Gurus,

I am facing problem with BI authorizations

i have created a role in PFCG for query authoriztion

and i have created authoriztaion in RSECADMIN

with required characterists

0PLANT

0COMPANY

0PUR_GROUP

and assigned to role in object S_RS_AUTH

i assigned the role to user

now my problem is

when user executes that report giving the Purchasing Group its give "You are not authorized"

when i checked the Purchasing group it is related with two diffrent plants

but user having access to one of the plants still it is not giving out put it is checking both the plants

can any body please help me how should i resolve this issue

thanks

kishore

Re: Authorization problem in BI

Former Member — Mon, 21 Jan 2008 18:10:09 GMT

Users that are allowed to this report MUST have authjorisation for both Plants, the check in this needs to find an OKAY for every field value of the fields in the provider.

So plant with value * in the role is okay or both values.

Re: Authorization problem in BI

Former Member — Tue, 22 Jan 2008 04:54:30 GMT

Hi Visser,

Thanks for your reply

but in my case it should check only for that plant he is authorized for

he/she should not be authroized for the other plants values

and also i cannot give * in plant field

like this i am having couple of reports

Example:

when ever user gives the Purchasing Group value in the variable field and execute it should chekc what he is authorized for and give the results

please let me know is there any way i can restrict them

thanks

kishore

Re: Authorization problem in BI

Former Member — Tue, 22 Jan 2008 06:19:49 GMT

In that case there is only one option create a new purch org ( one for each plant ) and create data a like.

Edited by: Auke Visser on Jan 22, 2008 7:19 AM

Re: Authorization problem in BI

Former Member — Tue, 22 Jan 2008 06:58:09 GMT

Hi Kishore,

If the purchasing group has been associated with both the plants, then it is logical for the query to check both the plants. There is nothing more that you can do.

You should perhaps discuss the issue with the creator and tell him the issue of giving extra authorization for a plant. Maybe it is required for this particular query. Or else what Auke suggested sounds good to me.

Regards

Sachin

Re: Authorization problem in BI

Former Member — Sun, 27 Jan 2008 06:06:28 GMT

Hi Visser and sachin,

thanks for your replys

the user having authorization to other queries also

but if i give * value for a plant

it will effect other queries also

is there any way we can restrict

thanks

kishore

Re: Authorization problem in BI

Former Member — Sun, 27 Jan 2008 09:08:02 GMT

NO you can not.

This is simply the way things work, if a field is in a infoprovider the user must have access to all values.

It might be that you remove the field plant fom the infoprovider that it might work, but that is the only thing you can try ( no success garanteed!)

Else the other options provided before.

Re: Authorization problem in BI

DanH1 — Tue, 29 Jan 2008 03:34:42 GMT

Hi there,

if not already in your RSECADMIN object add the 'special charactistics' from the menu icons

it will add 3 areas . activity,infoprovider and validity date(?) . set the activity

at the typical 03 display.

Re: Authorization problem in BI

Former Member — Tue, 29 Jan 2008 04:59:45 GMT

If you are using BI7 with analysis authorisations - Within the query you should set the Plant (or other characteristics) varibale as authorisation variable.

So when executing the query and if Plant is a character in the Query the user will be presented with ONLY the Plant data he has authorisation for.

Hope this helps.

Sam

Re: Authorization problem in BI

Former Member — Tue, 29 Jan 2008 06:12:18 GMT

The last remark is how to do this in the query, but it will not solve the probelm of having to have access to all values in the query!

Re: Authorization problem in BI

Former Member — Tue, 29 Jan 2008 10:20:55 GMT

Hi,

Correction Visser – your suggestion of creating a new purchasing org will just increase complexity and admin overhead.

We had a similar issue at my last client where user A required access to Plant 1 & 2 Purch org 1 and User B required access to Plant 1 & 3 Purch org1, whilst executing the same query.

To create this model you would need to set the analysis authorisation for the plants in Rsecadmin, then assign to users either through PFCG or directly in RSECADMIN. Then make sure that the queries that are you require this restriction use the authorisation variable in the query– which needs to be created, and for this example would be for Plant & Purch Org. This is a common mistake that alot of consultants make when using BI7.

If this is not done the user will see more than they are authorised to see. Basically the Auth variable needs to be in the query for your model to work.

Thanks,

sam

Re: Authorization problem in BI

Former Member — Sun, 03 Feb 2008 10:55:20 GMT

Hi Parmar,

Thanks for your reply,

i tried it with authorization variables also but still i am getting the same issue you are not authorized

in BI if we restrict authorization for eg.comany code, plant it should give result in the query he/she is authorized for

but still searching for the dependent values

eg:compay 1000

is authorized to the plant related to 10* and should give the out put for only that

in my query i dont have a plant selection variable

if i give CC 1000 and execute the query it searcing for all the plants related to the 1000 and trying to give the output

there i am getting the problem till i give the * value for the plant it dotn give me the result

is any thing missing at authorization level plz. let me know

thanks

kishore

Re: Authorization problem in BI

Former Member — Sun, 03 Feb 2008 11:11:50 GMT

Please maintain the value of the 0pur_group as you have maintained for the plant to restrict the user to see the report of the authroized plant and 0pur_group.

REgards

Anwer Waseem

SAP BASIS

Re: Authorization problem in BI

Former Member — Sun, 03 Feb 2008 11:16:44 GMT

Also, my suggestion is that set the athorization trace by the st01 for the specific time to analyze the problem where authorization are failed, then you can determine easily, what authorization data required to complete the authorization process successfully.

Regards

Anwer Waseem

Re: Authorization problem in BI

Former Member — Mon, 11 Feb 2008 06:25:46 GMT

Hi,

can any body please help me on this

i have created an authorization variable for 0plant, 0plant is authorization relevant

authorization variable : if there is no input from the user it will automatically pick the values for which the user is authorized and will show data in the report based on those values

but it is not working for me i have created variable and selected processing by authorization

if user is not giving any input and executing it says no sufficient authorization

that means authorization variable is not working

is anything i am missing or any exit code i needs to right please suggest

Thanks and Regards,

Kishore

Re: Authorization problem in BI

Former Member — Mon, 18 Feb 2008 06:24:13 GMT

Hi ALL,

Thanks you very much for your valuable inputs

issue is resolved

regards,

kishore