Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

BW3.5 to BI 7.0

Former Member
0 Kudos
142

Hi,

My organisation is moving from 3.5 to BI 7.0

My activitiy is focussed primarily on Roles & Authorisation. In this regard what are the steps that that I need to do ? I am at a loss more so as I am not a BW-BI guy ! and I have taken the challenge!

Where Do I begin ? What are the steps ?

1 ACCEPTED SOLUTION

PKing
Participant
0 Kudos
116

Hello Pratap,

after you have done the basics mentionned before (which I think were already done when you come from BW3.5) you have to check your security model and <b>to grant analysis authorization</b> (new in BI 7.0) instead of restrict authorizations ( < BI7.0) - if applicable for your company.

The first thing for you is to check in RSD1-3 if some infoobjects are marked as authorization relevant. If so you have to establish an authorization otherwise execution of the queries will fail.

Please refer to the basic documentations.

Bye,

Petra

7 REPLIES 7

Former Member
0 Kudos
116

Hi,

I have done the upgrade. I did not find any complicated problem with roles...

After upgrade you have to use transaction su25... just click "information about this transaction" and follow ...

I found only one small problem... missing assigned workbooks to the role...

Regards

Ben

0 Kudos
116

Thanks Ben,

What are the steps you went through can you please take me thru those,please.Also any documentaion that u may have georgesap at yahoo dot com thanks

0 Kudos
116

Hi,

I have followd, follwing steps ..

This transaction is used to fill the customer tables of the Profile

Generator the first time the Profile Generator is used, or update the

customer tables after an upgrade. The customers tables of the Profile

Generator are used to add a copy of the SAP default values for the check

indicators and field values. These check indicators and field values are

maintained in transaction SU24. If you have made changes to check

indicators, you can compare these with the SAP default values and adjust

your check indicators as needed.

Step 1

o If you have not yet used the Profile Generator or you want to add

all SAP default values again, use the initial fill procedure for the

customer tables.

Steps 2a to 2d

o If you have used the Profile Generator in an earlier Release and

want to compare the data with the new SAP defaults after an upgrade,

use steps 2a to 2d. Execute the steps in the order specified here.

- Step 2a

is used to prepare the comparison and must be executed first.

- Step 2b

If you have made changes to check indicators or field values in

transaction SU24, you can compare these with the new SAP default

values. The values delivered by SAP are displayed next to the

values you have chosen so that you can adjust them if necessary.

If you double-click on the line, you can assign check indicators

and field values. You maintain these as described in the

documentation for transaction SU24.

Note on the list of transactions to be checked

To the right of the list you can see the status which shows

whether or not a transaction has already been checked. At first

the status is set to to be checked.

If you choose the transaction in the change mode and then choose

save, the status is automatically set to checked.

By choosing the relevant menu option in the list of transactions

you can manually set the status to checked without changing

check indicators or field values, or even reset this status to

to be checked.

If you want to use the SAP default values for all the

transactions that you have not yet checked manually, you can

choose the menu option to copy the remaining SAP default values.

- Step 2c

You can determine which roles are affected by changes to authorization

data. The corresponding authorization profiles need to be edited and

regenerated. The affected roles are assigned the status "profile

comparison required".

Alternatively you can dispense with editing the roles and manually

assign the users the profile SAP_NEW (make sure the profile SAP_NEW only

contains the subprofiles corresponding to your release upgrade. This

profile contains authorizations for all new checks in existing

transactions). The roles are assigned the status "profile comparison

required" and can be modified at the next required change (for example,

when the role menu is changed). This procedure is useful if a large

number of roles are used as it allows you to modify each role as you

have time.

Note

The process can take several minutes.

To go directly to the authorization data for a role, double-click the

relevant role in the output list.

If you have roles in several clients, you must perform this step in

every client to determine which roles are affected.

- Step 2d

Transactions in the R/3 System are occasionally replaced by one or more

other transactions.

This step is used to create a list of all roles that contain

transactions replaced by one or more other transactions.

The list includes the old and new transaction codes. You can replace the

transactions in the roles as needed. Double-click the list to go to the

role.

Step 3

This step transports the changes made in steps 1, 2a, and 2b.

Tailoring the Authorization Checks

This area is used to make changes to the authorization checks.

o Changes to the check indicators are made in step 4. You can also go

to step 4 by calling transaction SU24.

- You can then change an authorization check within a transaction.

- When a profile to grant the user authorization to execute a

transaction is generated, the authorizations are only added to

the Profile Generator when the check indicator is set to

Check/Maintain.

- If the check indicator is set to do not check, the system does

not check the authorization object of the relevant transaction.

- You can also edit authorization templates that can be added to

the authorizations for a role in the Profile Generator. These

are used to combine general authorizations that many users need.

SAP delivers a number of templates that you can add directly to

the role, or copy and then create your own templates, which you

can also add to roles.

- See the general documentation for the meaning of the check

indicators.

o In step 5 you can deactivate authorization objects systemwide.

o In step 6 you can create roles from authorization profiles that you

generated manually. You then need to tailor and check these roles.

More documentation for the Profile Generator and for changing check

indicators

Regards

Ben

0 Kudos
116

Ben,

The first sentence says " This transaction ..." did u mean SU25?

PKing
Participant
0 Kudos
117

Hello Pratap,

after you have done the basics mentionned before (which I think were already done when you come from BW3.5) you have to check your security model and <b>to grant analysis authorization</b> (new in BI 7.0) instead of restrict authorizations ( < BI7.0) - if applicable for your company.

The first thing for you is to check in RSD1-3 if some infoobjects are marked as authorization relevant. If so you have to establish an authorization otherwise execution of the queries will fail.

Please refer to the basic documentations.

Bye,

Petra

Former Member
0 Kudos
116

H Petra,

Thanks.

You mentoned of a " Basic Documentation " Do you have links to it or can u mailit ,please?

Former Member
0 Kudos
116

Hi,

you can check this wiki page:

https://wiki.sdn.sap.com/wiki/x/0VI

hope it helps