Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

BEx Analyzer access

Former Member

on ‎2009 Jul 23 10:08 PM

0 Likes
968

Hi experts!

I have seen some posts about the subject but still is not very clear to me, i would appreciate your suggestions.

We need to restrict bex analyzer access and we want to know if it is possible to do by applying some authorization objects, roles or security settings at BI level.

We need to reinforce control over bex analyzer deployment in client installations, but this is not immediately possible.

Even if that would be possible, we would like to reinforce security using some authorization constraint at BI level.

Thank you in advance

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎2009 Aug 01 7:10 AM
0 Likes

closed

Show replies
Show replies
Former Member
‎2010 Oct 18 8:06 AM
0 Likes

Just saw this thread in search for another.

IMHO it is possible to restrict the use of BEx analyzer. You can do this at userlevel. Mark the webquery users as "Communication users". Mark the BEx analyzer users as "Dialog users".

We used this in SAP BW version 3.1.

Former Member
‎2009 Aug 01 7:09 AM
0 Likes

trying

Show replies
Show replies
Former Member
‎2009 Jul 24 8:12 AM
0 Likes

You can do that restrictions in BI level by adding these authorizaiton components.

1. S_RS_COMP

2. S_RS_COMP1

in these you have to maintain the info areas, multiproviders and info cubes.

in S_RS_COMP1, please maintain the owners as well to restrict in user level.

Activity should be exeucte, display. if they are super users grant them create access.

Hope this would help you more.

Show replies
Show replies
Former Member
‎2009 Jul 25 12:30 AM
0 Likes

Mohan

Thanks for your reply

Final users roles already have these authorization objects, they can't modify reports.

Maybe i'm not explaining clearly the problem. The only accepted way to access reports for all users is by using web querys published in our intranet. But many users have bex analyzer installed and we don't want that an unauthorized user download data to a excel sheet via bex analyzer.

I want to restrict bex analyzer access, not all access. We have a complete set of authorizations controlling data acces and of course final users can't create nor modify production querys. The only thing i want is specifically restrict access to bex analyzer. Of course too, if users don't have installed bex analyzer there isn't any problem, so they could only access web reports (the de facto standard) but the true is that yet we have a problem identifying and uninstalling bex analyzer from all the people who shouldn't have permissions to use it. Only a limited amount of authorized users may have the rights to do.

Thanks in advance

gaurav_kothari
Contributor
‎2009 Jul 27 8:23 AM
0 Likes

Hi,

Did you check whether the users have access to the t-code RRMX ? If so you need to remove this access. Thus they will not be able to acess BEx.

Regards,

Gaurav

Former Member
‎2009 Jul 29 8:04 PM
0 Likes

Gaurav

Thank's again for your post.

I did a test, removing t-code RRMX from test user authorizations. This avoid access to bex from the transaction, but still let me use a report directly by executing START->Programs->Business Explorer->Analyzer.

As i seen removing t-code only avoids calling bex from "inside" the system, but don't restrict using analyzer from "outside".

dennis_scoville4
Active Contributor
‎2009 Jul 29 8:30 PM
0 Likes

In the Authorization Object S_RS_COMP, do you have the following Activity values set for the users that you want to provide access to?

01 - Create or generate

02 - Change

06 - Delete

22 - Enter, Include, Assign

I'm assuming that this Authorization Object is already setup with Activity values:

03 - Display

16 - Execute

Former Member
‎2009 Jul 29 10:45 PM
0 Likes

That's right Dennis, actually authorization object S_RS_COMP only have activities 03 (Display) and 16 (Execute) in users roles.

When you say "for the users that you want to provide access to", remember that the thing i need to do is restrict access via bex analyzer.

The scenario is this:

Of all the users we have, only a restricted amount of them must access reports via bex analyzer ... all the rest should only access reports via portal/intranet.

The problem is that, from the group of users who only have this access, there are many of them who have bex analyzer installed and access reports directly from their front end installation (Start->Programs->Business Explorer->Analyzer, not from RRMX).

Other team is leading the task of remove bex analyzer installations from unauthorized users, but i want to know if there is also another way to prevent access from bex analyzer for users who should only access reports via portal/intranet.

Thanks!

dennis_scoville4
Active Contributor
‎2009 Jul 30 12:03 AM
0 Likes

From my recollection, there is no way to be able to allow a user to only use BEx Web while not allowing the use of BEx Analyzer, because the Authorization Objects for BEx are based on queries, query elements and objects (e.g. InfoProviders, et. al.). Since they have access to a query, they can execute that query by any means they have available to them.

Former Member
‎2009 Aug 01 7:05 AM
0 Likes

Dennis, i think you are right, certainly we have to examine certain practices and policies.

This leads me to make other questions, but i think the particular issue is clear.

Thanks to all you for your answers

Former Member
‎2009 Jul 23 11:11 PM
0 Likes

Thanks Dennis

That's true and actually users already have those restrictions.

In fact we want to prevent unauthorized download of data to excel sheets from users who have installed bex analyzer but are not authorized to do that. Certain users only have to access querys from web and shouldn't have to use reports from bex analyzer, even if by accident they have installed.

I want to know if the only way to do that is eliminating bex analyxer from their installations or exists another way to prevent this by using some authorization object(s).

Show replies
Show replies
gaurav_kothari
Contributor
‎2009 Jul 24 6:14 AM
0 Likes

Try removing the authorization for the T-Code RRMX. Hope this helps.

Regards,

Gaurav

dennis_scoville4
Active Contributor
‎2009 Jul 23 10:36 PM
0 Likes

In the Authorization Objects S_RS_COMP and S_RS_COMP1, make sure the activities are 03 and 16 (Display and Execute respectively). That should remove their ability to create or modifty a BEx Analyzer query.

Show replies
Show replies
Ask a Question