2007 Jun 28 3:28 AM
Hi,
My organisation is moving from 3.5 to BI 7.0
My activitiy is focussed primarily on Roles & Authorisation. In this regard what are the steps that that I need to do ? I am at a loss more so as I am not a BW-BI guy ! and I have taken the challenge!
Where Do I begin ? What are the steps ?
2007 Jun 28 2:21 PM
Hello Pratap,
after you have done the basics mentionned before (which I think were already done when you come from BW3.5) you have to check your security model and <b>to grant analysis authorization</b> (new in BI 7.0) instead of restrict authorizations ( < BI7.0) - if applicable for your company.
The first thing for you is to check in RSD1-3 if some infoobjects are marked as authorization relevant. If so you have to establish an authorization otherwise execution of the queries will fail.
Please refer to the basic documentations.
Bye,
Petra
2007 Jun 28 9:15 AM
Hi,
I have done the upgrade. I did not find any complicated problem with roles...
After upgrade you have to use transaction su25... just click "information about this transaction" and follow ...
I found only one small problem... missing assigned workbooks to the role...
Regards
Ben
2007 Jun 28 9:22 AM
Thanks Ben,
What are the steps you went through can you please take me thru those,please.Also any documentaion that u may have georgesap at yahoo dot com thanks
2007 Jun 28 9:26 AM
Hi,
I have followd, follwing steps ..
This transaction is used to fill the customer tables of the Profile
Generator the first time the Profile Generator is used, or update the
customer tables after an upgrade. The customers tables of the Profile
Generator are used to add a copy of the SAP default values for the check
indicators and field values. These check indicators and field values are
maintained in transaction SU24. If you have made changes to check
indicators, you can compare these with the SAP default values and adjust
your check indicators as needed.
Step 1
o If you have not yet used the Profile Generator or you want to add
all SAP default values again, use the initial fill procedure for the
customer tables.
Steps 2a to 2d
o If you have used the Profile Generator in an earlier Release and
want to compare the data with the new SAP defaults after an upgrade,
use steps 2a to 2d. Execute the steps in the order specified here.
- Step 2a
is used to prepare the comparison and must be executed first.
- Step 2b
If you have made changes to check indicators or field values in
transaction SU24, you can compare these with the new SAP default
values. The values delivered by SAP are displayed next to the
values you have chosen so that you can adjust them if necessary.
If you double-click on the line, you can assign check indicators
and field values. You maintain these as described in the
documentation for transaction SU24.
Note on the list of transactions to be checked
To the right of the list you can see the status which shows
whether or not a transaction has already been checked. At first
the status is set to to be checked.
If you choose the transaction in the change mode and then choose
save, the status is automatically set to checked.
By choosing the relevant menu option in the list of transactions
you can manually set the status to checked without changing
check indicators or field values, or even reset this status to
to be checked.
If you want to use the SAP default values for all the
transactions that you have not yet checked manually, you can
choose the menu option to copy the remaining SAP default values.
- Step 2c
You can determine which roles are affected by changes to authorization
data. The corresponding authorization profiles need to be edited and
regenerated. The affected roles are assigned the status "profile
comparison required".
Alternatively you can dispense with editing the roles and manually
assign the users the profile SAP_NEW (make sure the profile SAP_NEW only
contains the subprofiles corresponding to your release upgrade. This
profile contains authorizations for all new checks in existing
transactions). The roles are assigned the status "profile comparison
required" and can be modified at the next required change (for example,
when the role menu is changed). This procedure is useful if a large
number of roles are used as it allows you to modify each role as you
have time.
Note
The process can take several minutes.
To go directly to the authorization data for a role, double-click the
relevant role in the output list.
If you have roles in several clients, you must perform this step in
every client to determine which roles are affected.
- Step 2d
Transactions in the R/3 System are occasionally replaced by one or more
other transactions.
This step is used to create a list of all roles that contain
transactions replaced by one or more other transactions.
The list includes the old and new transaction codes. You can replace the
transactions in the roles as needed. Double-click the list to go to the
role.
Step 3
This step transports the changes made in steps 1, 2a, and 2b.
Tailoring the Authorization Checks
This area is used to make changes to the authorization checks.
o Changes to the check indicators are made in step 4. You can also go
to step 4 by calling transaction SU24.
- You can then change an authorization check within a transaction.
- When a profile to grant the user authorization to execute a
transaction is generated, the authorizations are only added to
the Profile Generator when the check indicator is set to
Check/Maintain.
- If the check indicator is set to do not check, the system does
not check the authorization object of the relevant transaction.
- You can also edit authorization templates that can be added to
the authorizations for a role in the Profile Generator. These
are used to combine general authorizations that many users need.
SAP delivers a number of templates that you can add directly to
the role, or copy and then create your own templates, which you
can also add to roles.
- See the general documentation for the meaning of the check
indicators.
o In step 5 you can deactivate authorization objects systemwide.
o In step 6 you can create roles from authorization profiles that you
generated manually. You then need to tailor and check these roles.
More documentation for the Profile Generator and for changing check
indicators
Regards
Ben
2007 Jun 28 9:44 AM
2007 Jun 28 2:21 PM
Hello Pratap,
after you have done the basics mentionned before (which I think were already done when you come from BW3.5) you have to check your security model and <b>to grant analysis authorization</b> (new in BI 7.0) instead of restrict authorizations ( < BI7.0) - if applicable for your company.
The first thing for you is to check in RSD1-3 if some infoobjects are marked as authorization relevant. If so you have to establish an authorization otherwise execution of the queries will fail.
Please refer to the basic documentations.
Bye,
Petra
2007 Jun 28 2:44 PM
H Petra,
Thanks.
You mentoned of a " Basic Documentation " Do you have links to it or can u mailit ,please?
2007 Jul 11 8:52 AM