on 2014 Aug 31 2:34 PM
Hi all,
I am performing a change on the authorization concept.
From Authorization 3.5 (RSSM) to Authorization 7 (RSECADMIN)
Our system is BW 7.01 SP 14.
We are using structural authorization for HR reports on 0ORGUNIT.
some of our reports are using 0ORGUNIT and some are using 0EMPLOYEE__0ORGUNIT.
In the old auth concept there was no problem,
but the new concept all reports with 0EMPLOYEE__0ORGUNIT are not working due to authorization issues.
When I mark 0EMPLOYEE__0ORGUNIT as auth. relevant all reports are not working.
All the queries use the same auth. variable which is on 0ORGUNIT.
How can I make it work on both objects?
Why does in looks on the nav. attribute different?
Thanks & BR,
Or.
Hi Ish-Shalom,
Did you include 0ORGUNIT and 0EMPLOYEE__0ORGUNIT in the RSECADMIN? You must enter same values for each group having same authorization..
For example:
If GROUP A must be authorized to 0ORGUNIT = 10..
Then in RSECADMIN, enter 10 for 0ORGUNIT and 0EMPLOYEE__0ORGUNIT..
Hence,
0ORGUNIT = 10
0EMPLOYEE__0ORGUNIT = 10
Did I answer your query?
NOTE:
The authorization relevant for both object must be ticked..
Regards,
Loed
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Leod,
Thanks for the answer.
As you said i ticked both objects as Auth. relevant.
We are working with structural ahutorizations, meaning there us a hierarchy authorization on each object in RSECADMIN.
We have one report that uses 0ORGUNIT with the authorization variable an another reprot that uses 0EMPLOYEE__0ORGUNIT with the authorization variable.
now both reports don't work because it has miising auth. on both.
Meaning:
when you run report 1 (uses 0ORGUINT) it says it is missing auth. on object 2 (0EMPLOYEE__0ORGUNIT).
and when you run report 2 (uses 0EMPLOYEE__0ORGUINT) it says it is missing auth. on object 1 (0ORGUNIT).
BR,
Or.
Hi,
This are 2 logs on the report with 0EMPLOYEE__0ORGUNIT
Authorization Check Log
For a general description, see the Note 1234567
Date and Execution Time (Local Server)
Execution Date: 04.09.2014
Execution Time: 11:44:06
Executed Query: ZCUBE/ZQUERY
Transaction RSRT ( BW - output test )
Executed by User
Executed with Analysis Authorizations of Another User
Software Component Release Level Support Package
SAP_BASIS 701 0014 SAPKB70114
SAP_ABA 701 0014 SAPKA70114
SAP_BW 701 0014 SAPKW70114
InfoProvider Check
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider ZCUBE with activity 03?
Authorization exists for general access to InfoProvider ZCUBE with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZCUBE:
Characteristic
0EMPLOYEE__0ORGUNIT
0ORGUNIT
0USERNAME
0TCAACTVT
Authorization Check
Detail Check for InfoProvider ZCUBE
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0ORGUNIT
Check Added for Aggregation Authorization: 0USERNAME
Authorizations missing for aggregation (":")
Char. Z_ORGUNT_001
0ORGUNIT Node
0USERNAME I EQ :
Entries marked with red do not have aggregation authorization
You can find more information about checking aggregation authorization in Note: 1140831
The authorization check stops here as this selection is no longer needed
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
158 ( 0EMPLOYEE__0ORGUNIT )
Authorization Check Complete
After adding colon authorization in addition to the hierarchy authorization…
Authorization Check Log
For a general description, see the Note 1234567
Date and Execution Time (Local Server)
Execution Date: 04.09.2014
Execution Time: 11:45:50
Executed Query: ZCUBE/ZQUERY
Transaction RSRT ( BW - output test )
Executed by User
Executed with Analysis Authorizations of Another User
Software Component Release Level Support Package
SAP_BASIS 701 0014 SAPKB70114
SAP_ABA 701 0014 SAPKA70114
SAP_BW 701 0014 SAPKW70114
InfoProvider Check
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider ZCUBE with activity 03?
Authorization exists for general access to InfoProvider ZCUBE with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZCUBE:
Characteristic
0EMPLOYEE__0ORGUNIT
0ORGUNIT
0USERNAME
0TCAACTVT
Authorization Check
Detail Check for InfoProvider ZCUBE
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0ORGUNIT
Check Added for Aggregation Authorization: 0USERNAME
List of authorizations that provide authorization for selection on ":" (aggregation):
Char. Z_ORGUNT_001
0ORGUNIT I EQ :
0USERNAME I EQ :
You can find more information about checking aggregation authorization in Note: 1140831
In the following part of the check, the remaining characteristics will be checked
Explanation of the Authorization Check Logic: 1233793
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Content in SQL Format
0TCAACTVT
0EMPLOYEE__0ORGUNIT
0TCAACTVT = '03'
AND 0EMPLOYEE__0ORGUNIT LIKE *
Characteristic Content in SQL Format
0EMPLOYEE__0ORGUNIT Node A0001 ,
I EQ :
0TCAACTVT I EQ 03
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
158 ( 0EMPLOYEE__0ORGUNIT )
Authorization Check Complete
Objects Used
Hierarchy Node Definitions:Used in the Authorization: Node Char. Hierarchy Version Key Date Node InfoObject Node Name Type Level Validity Period Structure Date
Node A0001 0EMPLOYEE__0ORGUNIT ORGEH 000 99991231 0HIER_NODE ROOT 2 00 0 20140901
Legend:
Type 0: Selected Nodes Only
Type 1: Subtree under Node
Type 2: Subtree under node up to and including level (absolute)
Type 3: Complete Hierarchy
Type 4: Subtree under node up to and including level (relative)
Validity Area 0: Name, Version Identical, Key Date Smaller or Equal
Validity Area 1: Name and Version Identical
Validity Area 2: Name Identical
Validity Area 3: All Hierarchies
User | Count |
---|---|
67 | |
11 | |
10 | |
10 | |
9 | |
9 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.