Solved: Testing Analysis Authorizations

former_member672609 · ‎2008 Aug 14

Hi Gurus,

I have created Analysis Authorizations and now i wanted to test them.

1.I have created AA on 'company code:0COMP_CODE' with the value '*'

and for the special charecteristics i have mentioned the below values:

0TCAIPROV - with the list of infocubes that were listed in the S_RS_COMP auth obj.

0TCAACTVT - 03 (display) as the query execution authorization is already given in the s_rs_comp auth obj with the values 03 and 16.

0TCAVALID - '*'

Now for testing i have added this authorization in a role( which was already designed in BW) through 'S_RS_AUTH' auth obj.

like in this fashion:

BI Analysis Authorizations: Na 'Z_ENDUSR_ALL'

the above line i did copy and pasted here from the profile generator screen i dont know what is that 'Na' before 'Z_ENDUSR_ALL'

what does it mean? is it 'not applicable' some thing like that.

after that i have added the above role to the user and changed the switch in the IMG to the value ' current proceedure with Analysis Authorization'

when we ran the report its giving 'user not authoriozed' and the same error is coming for any company code.

but in BW its working fine when we switch back to old obselete proceedure.

This is the problem iam facing can some one please tell me where i went wrong.does i need to change any more settings.

Thanks in advance

Padmaja.

Former Member · ‎2008 Aug 14

Hi Padmaja,

You said you created an AA : Z_ENDUSR_ALL and you added this in the S_RS_AUTH in the existing role.

I am not clear about


> like in this fashion:
> BI Analysis Authorizations: Na 'Z_ENDUSR_ALL'

Also, check if other characteristics are marked Auth Relevant other than company code.

Regards,

Zaheer

Edited by: Zaheer on Aug 14, 2008 1:09 PM

Edited by: Zaheer on Aug 14, 2008 1:17 PM

Former Member · ‎2008 Aug 14

Hi Padmaja,

You said you created an AA : Z_ENDUSR_ALL and you added this in the S_RS_AUTH in the existing role.

I am not clear about


> like in this fashion:
> BI Analysis Authorizations: Na 'Z_ENDUSR_ALL'

Also, check if other characteristics are marked Auth Relevant other than company code.

Regards,

Zaheer

Edited by: Zaheer on Aug 14, 2008 1:09 PM

Edited by: Zaheer on Aug 14, 2008 1:17 PM

former_member672609 · ‎2008 Aug 14

Hi Zaheer,

In the Role i have manually added through S_RS_AUTH auth object and after adding the styntax of the auth obj look like :

Manually BI Analysis Authorizations in Role (S_RS_AUTH)

Manually BI Analysis Authorizations Role (T-BD05013300)

BI Analysis Authorizations:Na Z_ENDUSR_ALL (BIAUTH)

Hope now you understood what i meant.i have given the value of the authorization in the role in the above way.

Please let me know if i did nt exaplain my problem well.

former_member672609 · ‎2008 Aug 14

yes zaheer there are other charecteristics which are marked as auth relevant.and there was also an error the charecteristic 'OS_controlarea' is an auth relevant.so where should i include this control area charecteristic.

former_member672609 · ‎2008 Aug 14

"Also, check if other characteristics are marked Auth Relevant other than company code. "

Zaheer,when running a report using the company code if that report contains another Auth relevant Charecteristic then how should we define the analysis authorization or where should that particular authorization can be given to the user.

Former Member · ‎2008 Aug 14

You need to add those characteristics in the AA object.

In RSECADMIN, edit the AA. Click the infocube icon (next to insert special charc.), then add the infoproviders which were there in the existing role and have auth relevant charac., once you'll click the OKAY it will prompt you with all the auth relevant characteristics of the infoprovider, include them all (including the Control area) and accordingly maintain each as per your requirements, to try with put them as *

Otherwise, you can simply click + sign and add 0CO_AREA, however i would recommend the first option, since it will also tell you other the control area what all others are marked as auth relevant in infoproviders

Regards,

Zaheer

PS : If my memory is with me, i remember answering migration related queries to you earlier also...

former_member672609 · ‎2008 Aug 14

Thanks a lot zaheer . i will try with the proceedure you have given.

former_member672609 · ‎2008 Aug 14

Actually i was asked to replicate their old auth concept which was in BW with the respective Analysis Authorizations in BI.

For this scenario which i was trying to create AA was,they have defined an Custom Rep Auth Obj on Company code by including just the company code charecteristic and linked it to some infocubes.

In this auth obj they have not mentioned control area.. etc charecteristics which are auth relevant.

But if a report is run on this there is no auth error for 'control area' char and in BI we are getting an auth error for the 'control area' char saying user is not authorised.

Why is it so?

Former Member · ‎2008 Aug 14

New BI Security features are totally different from BW.

Refer this guide :

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19f...

and

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/707cbec7-9716-2a10-8092-cb7485e2...

Regards,

Zaheer

former_member672609 · ‎2008 Aug 15

Thanks zaheer it worked.

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Testing Analysis Authorizations