cancel
Showing results for 
Search instead for 
Did you mean: 

Generated analysis authorization cannot be changed

PKing
Participant
0 Kudos
329

Hello all,

did someone manage to edit/delete generated (from DSO) analysis authorizations? When I want to correct a typo in one of the generated analysis authorizations it is not possible although the system is telling that it should be possible to do so. I did not find any note or thread yet.

Message number RSEC292:

Diagnosis text

A generated authorization can be changed (this message is only a warning ), but one should be sure that this authorization is not generated again. Then it will be removed from the user, created again (perhaps with different content), and if there no fixed name was generated, it is renamed.

....

Thanks in advance for your inputs

Accepted Solutions (1)

Accepted Solutions (1)

PKing
Participant
0 Kudos

no comments

Former Member
0 Kudos

Hi Petra!

I've solved this problem. I don't know if it will help you, but in my case it was very easy and typical SAP feature (I haven't known about it). After this warning appears, you should press "Enter" and fields become availble for changing.

May be it will help you

former_member192700
Active Contributor
0 Kudos

Hi Lana,

this is how the general behavior of SAP systems, regardless whether it is a BI, ERP, or any SAP GUI based system, should be.

A warning can be ignored by pressing the enter button, it is only a warning, not an error. Somehow the behavior seems to be different for Petra, which I cannot explain.

Cheers

SAP NetWeaver BI Organisation

Former Member
0 Kudos

hello,

Perhaps this will give some answers(SAP information). Changing is not an item in this help information.

kind regards Jan

Deletion of Authorizations and Regeneration

For users for which data exists in the DataStore object that has to be regenerated, first the existing, generated authorizations are deleted. Afterwards, authorizations are generated using the data in the DataStore objects in the usual way.

If a data record with the user name 'D_E_L_E_T_E' is loaded into the DataStore object 0TCA_DS01, first the generated authorizations for all users in the BI system for the DataStore object record are deleted (separated by the first part of the name before the digits) and then generated for the rest of the data.

Log for Generation

A detailed log is created during generation that documents the generation steps and that is displayed automatically. Old logs can be viewed from the transaction RSECADMIN under the Analysis tab page ® Generation Logs or at the start of the report RSEC_GENERATE_AUTHORIZATIONS by clicking on the log symbol.

Answers (1)

Answers (1)

former_member192700
Active Contributor
0 Kudos

Hi Petra,

in our system you can change the value of the authorisation after the warning message (RSEC 292). Please try to investigate further what the issue might be. Have you checked SU53 whether your general authorizations are sufficient.

In the worst case, you have to open a customer message.

Cheers

SAP NetWeaver BI Organisation

PKing
Participant
0 Kudos

Hello Andreas,

that's what I did. Because I am in charge of security tasks/issues, the first thing I did was to execute SU53 - and unfortunately as supposed every authorization check was passed successfully.

OK I will follow up on your suggestion and create a customer message.

Thanks a lot for your quick reply!

Petra

Former Member
0 Kudos

Hello, Petra!

Have you managed this problem? Cause I have the same warning and can't change any analysis authorization that were created after automatical migration to the new concept

Former Member
0 Kudos

Hi,

Normaly SAP does not allow changes in generated authorizations/profiles, because you get an inconsistency in compair with the source, so I am not surprised.

Bye Jan

PKing
Participant
0 Kudos

Hi Lana, hi Jan,

the problem still exists and I guess that Jan is right and the warning message from SAP is wrong. Though I entered a customer message and after some really unprofessional answers from SAP they actually having a look at the error in the system directly.

Bye,

Petra

PKing
Participant
0 Kudos

Hello Lana,

this is how SAP solved the problem

Bye Petra

Spezifikation

: Message RSEC292: Generierte Analyseberechtigungen können nic

Short text:


Message RSEC292: Generierte Analyseberechtigungen können nic Langtext
It is not possible to change from DSOs generated analysis
authorizations although the system is telling that it should be
possible to do so. Authorizations are sufficient (SU53; SAP_ALL)

Message number RSEC292:
Diagnosis text
A generated authorization can be changed (this message is only a
warning ), but one should be sure that this authorization is not
generated again. Then it will be removed from the user, created again
(perhaps with different content), and if there no fixed name was
generated, it is renamed.

Here is the communication path (please read from below):

09.07.2007 - 09:03:36 CET Petra King Info für SAP

Hello Ms. ,

I always was telling about one issue:

Change of generated analysis authorization is not possible.

Since BI 7.0 we are talking about analysis authorizations so the

transaction code used is obvious.

There is no need for furhter information because it is only this single

issue: I guess that it should be an error message and not a warning

message and SAP made a mistake here by using the wron message category.

I was never talking about users and xxxxxx is not an user but an

analysis authorization.

Please consider the call a solved - in the meantime I got

professional support from the SDN platform.

Regards,

Petra King

05.07.2007 - 09:14:22 CET SAP Antwort

Hello Ms King,

I must say that I find this message quite incomprehensible. First you

write that you are irritated because my colleague asked you which

transaction is being used to generate authorizations. This information

is necessary so that the message can be assigned to the appropriate

area. Indeed, the message was incorrectly sent to BC-SEC. Next you

write that you are angry when I give you a consulting note regarding

generation of analysis authorizations. I am mystified as to how such

information from customers should help us in solving a technical or

procedural probem. I have read the message from the beginning and

there is very little technical and procedural information. Moreover, itis not clear what the "error" is here. The message RSEC292 is a warning(as clearly stated in the long text of the message) and this should not

hinder the process. Lastly, in your last info you refer to a specific

user, xxxxxxxx, as an example of a generated authorization. This is

separate issue than the original:

It is not possible to change from DSOs generated analysis

authorizations although the system is telling that it should be

possible to do so. Authorizations are sufficient (SU53; SAP_ALL)

So in response to the original inquiry regarding RSEC292. The answer,

as I have already mentioned and as stated in the text, is that this

is just for information purposes. Please continue with the process.

If you have a separate inquiry regarding the authorizations of

particular users, please open a second message. We request that

customer log one issue per message. Please read note 375196:

Separate message for new problem/subsequent problem

Regards,

Senior Support Consultant

SAP Active Global Support

Netweaver Business Intelligence

03.07.2007 - 15:14:39 CET Petra King Info für SAP

Hello ,

can you please contact the Basis Administrator xxx via phone

(+xxxxx) so he can open the line and provide you with the

user and password for system xxxxx.

Please note that the error occurs on xxxx and you can have a look at the

analysis auth. xxxxxxxx as representive for one of the generated

authorizations.

03.07.2007 - 15:08:43 CET Petra King Info für SAP

Hello ,

I am getting angry because note 1052242 is a documentation and I

executed everything besides the fact that the analysis auths cannot be

changed. Please read the error message from the beginning.

Regards,

Petra King

28.06.2007 - 14:52:09 CET SAP Antwort

Hello Ms King,

Please excuse the delay in the processing of your message.

Please read note 1052242 if you have not already done so. If this note

does not help you to solve the problem, I would like to have a look at

the situation on your system. Please open the R/3 Support connection

provide me with a user and password. This information can be stored

in the log on information of this message.

Regards,

Senior Support Consultant

SAP Active Global Support

Netweaver Business Intelligence

25.06.2007 - 08:48:03 CET Petra King Info für SAP

Hello ,

if this is in the wrong queue, yes please forward it to the appropriate

queue and please let the question be answered asap.

Thanks,

Petra King

21.06.2007 - 07:47:29 CET SAP Info für Kunde

Hello Petra,

it is possible to generate authorizations in PFCG too. As RSECADMIN

belongs to BW-BEX-OT-OLAP-AUT, I forward your message accordingly.

Best regards

Support Consultant

Global Support Center Austria

Netweaver Web Application Server ABAP

20.06.2007 - 09:54:47 CET Petra King Info für SAP

Hello ,

sorry to let you know so late but there was a typo in my email address

xxxxxinstead of xxxxxxxxx

Your question is a little bit irritating. Generation of analysis

authorizations in 7.0 is usually done only with transaction code

RSECADMIN - correct me if there is another possibility. Generation

works fine but the authorizations cannot be edited after then.

Bye,

Petra

23.05.2007 - 11:53:16 CET SAP Antwort

Dear Ms. King,

please let me know which transaction code do you use or in which

transaction do you get this message.

Best Regards

Support Consultant

SAP Active Global Support - Netweaver Web Application Server