on 05-11-2010 4:00 PM
Hello,
Is it possible to provide any security with authorization objects relating to BW query variants?
I would like to prevent end users from modifying or deleting standard query variants whose technical name starts with Z_
The way to secure query variants doesn't seem obvious with regards to the implementation.
Thanks,
Nick
As per OSS:
Here is the information of the S_RS_PARAM usage from our developer:
S_RS_PARAM is applicable only for 7.x Java Run-Time and 7.x Analyzer.
and it's not applicable for ABAP Run-Time and 3.x.
Which means the beahvior you described is normal behavior as design.
If you want to use the variant control, you could use 7.x Analyzer or
web query.
Thanks!
Nick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Yes you have the authorization "S_RS_PARAM" to configure the "Business Explorer - Variants in Variable Screen"
you can create two variants, one to only view the Z*, and other to change or create other variants with diferent naming convection.
Regards,
Dani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Dani,
Thanks for the response. The solution you provided does not seem to work for me though. Does it require an entry anywhere else (Such as RSZCONTROLTEXTS table) in order for it to work?
I have S_RS_PARAM configured as follows
T-BD29013800
Activity: 01, 02, 03, 06
Technical Name of Variant: Y*
T-BD29013801
Activity: 03
Technical Name of Variant: A-X, Z*
This doesn't seem to control the variants though, my users still have full control of any BW Query variant related task.
Any other suggestions to get this working.
Also we are using the old authorization concept on BW 7.0, we have not migrated to the Analysis authorization concept yet.
Thanks,
Nick
Edited by: Nick Bertz on May 11, 2010 11:24 AM
Hi Nick,
It's strange i remeber that it's work, but now i'm not sure ....
The users don't have SAP_ALL, SAP NEW athorizations no?
Try to find the authorization object S_RS_PARAM in other roles or profiles .... with the transaction SUIM.
In one project i have similar problem with other authorization object and at the end this object was in other profile ..
Regards,
Dani
Hello Dani,
Actually I am creating a brand new user from scratch in my development system. S_RS_PARAM is only in the test role that I have created for this user.
So I know that there is not an erroneous authorization that is permitting the activity to continue.
I don't know if there is anything unique in a BW DEV environment that might be counteracting my security attempts, however, thus far all other security aspects are working normally.
One thing that I have found is that S_RS_PARAM seems to work as designed when i use Analyzer 7, but the problem i am describing above seems to be specific to Analyzer 3572.0.78 (3.5 Version)
Thanks for following up, I am still open to advice/suggestions.
Thanks!
Nick
Edited by: Nick Bertz on May 11, 2010 12:29 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.