-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Interpreting RSECADMIN Trace (BI Analysis Authoriz...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Interpreting RSECADMIN Trace (BI Analysis Authorizations)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 05 5:56 PM
- SAP Managed Tags
- Security
Dear Experts,
Recently, one of the users ran a query and encountered an authorization issue. I logged his ID into RSECADMIN and after he re-ran the query with authorization issues, I took a look at the trace logs and found a section with errors:
Following Set Is Checked
Characteristic Contents
0CS_GROUP Node 3 12 0 1185 7
Comparison with Following Authorized Set
Characteristic Contents
0CS_GROUP Node 1 Node 2 Node 3 Node 4 Node 5
My interpretation is that this user has authorizations for Node 1 - 5, but what I do not understand is:
0CS_GROUP Node 3 12 0 1185 7
I know it is checking for the characteristic 0CS_GROUP but what does the "Node 3 12 0 1185 7" represent?
Any help in interpreting this is greatly appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 03 10:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 02 3:14 PM
- SAP Managed Tags
- Security
Confusing: Up to know I had know the report RSECADMIN which deals with the secure storage, but this questions is about transaction RSECADMIN, which manages the analysis authorizaions in BI... I've added a note about the component into the heading of this thread.
Kind regards
Frank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 03 10:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 03 4:01 PM
- SAP Managed Tags
- Security
Frank: Thanks for adjusting the title.
Lodewijk: It seems there is no sense in those node numbers. When I first ran RSECADMIN trace, I was figuring it would be just as straightforward as SU53 - at least that would tell you EXACTLY what you are missing. However, RSECADMIN trace is cryptic sometimes and it's very difficult with no official documentation. Not even the experts here seem to know. About the only thing that helps is when they tell you 'EYE007' (authorization error) and the node/characteristic that the error is happening on. Then you can sort of look through the user's roles and compare against the variable selection criteria.
Anyhow, I would love to find out what those Node numbers mean as well. I asked a fellow BI Security consultant doing this for a couple of years and he was unable to tell me as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 05 8:10 AM
- SAP Managed Tags
- Security
Hello,
These node numbers does not have any meaning.
However you can go through SAP Note 1234567 - The authorization log RSECADMIN.
There you can check the paragraph
Under the heading
The Following Hierarchy Authorizations Were Found",
there is a list of the hierarchy authorizations of the user.
The fields TCTAUTH and TCTIOBJNM again specify the authorization and
characteristic names. The fields HIESID and HIEID have no significance in
this context. The fields TCTHIENM und TCTHIEVERS and TCTHIEDATE are three
specifications that generally and precisely define each hierarchy of a
characteristic in a BI system: Hierarchy name, version and date (valid-to).
The fields TCTNIOBJNM and TCTNODE precisely define the authorized node.
TCTNODE is simply the technical node name.
TCTNIOBJNM specifies the node type.
a) If TCTNIOBJNM = 0HIER_NODE, then a text node with the name
<TCTNODE> is authorized.
b) If TCTNIOBJNM is blank, a hierarchy leaf with the given name is
authorized.
c) If TCTNIOBJNM has the same name as the hierarchy-defining
characteristic, a chargeable node is authorized.
CAUTION The node type is relevant for the authorization. For example: A
hierarchy authorization for a text node cannot directly authorize a
chargeable node with the same name.
Regards
Imran
Edited by: Imran Mulani on Jul 5, 2009 9:10 AM
Edited by: Imran Mulani on Jul 5, 2009 9:11 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jul 06 2:49 PM
- SAP Managed Tags
- Security
Imran: Thank you very much for leading me to SAP Note 1234567. This is some helpful information in there!
Bluesky