Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

BPC - End User unable to run BADIs

Go to solution
Former Member

on ‎2015 Aug 24 4:51 PM

0 Likes
534

Hi Experts,

I am facing a situation here, where my objects have been deployed in Quality and the End users have been performing their tasks of entering data via EPM templates successfully. No issues with the tasks profiles and the data access profiles.

However, there are certain calculations, which are configured using ABAP BADIs. These tasks are not getting executed when the SUPER users or the END users trigger it, but the IT team can execute it for them. My primary analysis is the business users are lacking necessary ABAP authorizations and BW authorizations to execute these ABAP BADIs and access the CPMB bw infocubes.

Do we create authorizations in RSECADMIN, for accessing CPMB bw infocubes?

If yes, requesting your guidance on this.


Immediate inputs will be appreciated.

Regards

Sushant Pradhan.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

former_member186338
Active Contributor
‎2015 Aug 24 4:55 PM
0 Likes

Hi Sushant,

You have to analyze the badi code - if you correctly use BPC objects and methods then you don't need extra security...

Vadim

Show replies
Show replies
Former Member
‎2015 Aug 24 5:07 PM
0 Likes

Hi Vadim,

Appreciate your prompt response.

I have checked and re-checked it again. We are nowhere reading the BPC objects, using the names given in BPC administration and our DAPs contain that information.

We have written the BADI and are reading the the Transaction data using techical ids of the BPC dimensions (bw infoobjects) and the BPC models (CPMB bw infocubes), as that's how its to be done.

I am trying to get a developer, who can help me set up RSECADMIN in this week. But till then, I am hoping for a workaround.

Regards,

Sushant Pradhan

former_member186338
Active Contributor
‎2015 Aug 24 5:20 PM
0 Likes

"We are nowhere" - ????

Have you read this document

- Read Transaction Data via RSDRI

- Write using write back

...

Vadim

Former Member
‎2015 Aug 24 5:34 PM
0 Likes

Hi Vadim,

This document is superb, we will definitely take care of the points mentioned going further, if not already adhered by the ABAPer.

However given the time crunch, we have 25 BADIs which are running fine. Going back and investigating the classes used, may not be a recommended approach right now.

In my earlier response "We are nowhere" was actually used in context as "We are not using the BPC names given in BPC administration, anywhere in our ABAP programs, I know our DAPs contain that information."

For now, I am looking for an immediate solution, to get me through this.

RSECADMIN will definitely help me, but will take some time to set it up.

Regards,

Sushant Pradhan.

former_member186338
Active Contributor
‎2015 Aug 24 5:47 PM
0 Likes

First - you have spend time to write badi's without testing with real user rights. Bad! And you managed to write badi's without looking for some basic documents... No comments...

Second - you can spend a lot of time implementing specific BW security for BPC users... Also bad. And it will be a disaster in future to manage this security.

It's a time to make a tough decision - rewrite badi's!

Vadim

Former Member
‎2015 Aug 24 8:53 PM
0 Likes

Hi Vadim,

Apologies but please dont slander me. As a Project Lead, I had an ABAPer on the project and I have shared your document with him He is a senior developer worked on BPC-ABAP for last 4 years and has adhered to all the best practices with the corresponding versions.

We do admit that the end user security aspect for running the most important ~25 BADIs was missed out, but all other authorizations and functionality is working fine as expected.

I too never faced such an issue before, as the end users never executed any BADIs in all my earlier projects. Most of the ABAP scripts were batch jobs configured and triggered in background with system ids. Hence my confusion this time.

If need arises, we will definitely rewrite BADIs, as the quality takes the utmost importance.

Thanks again.

Regards,

Sushant Pradhan

Former Member
‎2015 Aug 30 11:49 PM
0 Likes

Hi Sushant Pradhan,

What does it mean that BADIs don't work: do you have dumps or error messages or everything finishes fine, but result is incorrect? Can you please clarify?

If you think that it's a security issue, can you trace security in t/a ST01 and check which access is being rejected?

I doubt very much that you'd need RSECADMIN for BPC BADI. Worst case scenario you can use IMPERSONATE BADI to overcome security issues, but first you have to find out why you're runing into them.

Regards,

Gersh

Answers (1)

Answers (1)

damovand
Product and Topic Expert
Product and Topic Expert
‎2015 Aug 24 8:26 PM
0 Likes

Hello,

If you are expecting a BADI to be invoked through a BPC operation, through BPC client components, by BPC users, then you have to ensure that the BADI is correctly configured for the correct enhancement spot.  More importantly the user who is invoking the operation that invokes the BADI must have the user security to do so, especially if the BADI is updating transaction data within BPC namespace.

Best Regards,

Leila

Show replies
Show replies
Ask a Question