cancel
Showing results for 
Search instead for 
Did you mean: 

Analysis Authorisation

Former Member
0 Kudos
62

Dear all,

i have the following question:

I would like to restrict a user for the following settings:

1. The user is allowed to access the following infoobjects:

Version 100 on Infocube 1 and Posting level 00 -10

2. The same user is allowed to access

Version 101 on Infocube 2 and Posting level 00 - 30

For both requirements i created 2 analysis authorisations:

But after assigning both authorisations the following happens:

The user has access on each infocube to all versions and all Posting level.

How i have to handle this problem???

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
0 Kudos

Hi Christina,

The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:

0TCAIPROV

0TCAACTVT

0TCAVALID

And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.

So for your issue you have to define these three characteristics first

0TCAIPROV: Name of your infoprovider

0TCAACTVT: Activity for which you want to authorize the user

such as 1 - Create

2 - Change

3 - Display

  • - For all Activity

So as per the need you can give the authorization to the user (1,2,3 or *)

0TCAVALID: If you want to give a validity then specify here or

give * value

So as per these guidelines you have to define both the analysis authorization.

Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.

Hope I could help you in this regard.

Kindly Asign points if useful...

Regards,

Abhi

Former Member
0 Kudos

Dear Christina,

I'm going try to hepl you,

You created two analysis authorization.

First Analysis Authorization your should have to the following standard characteristics with the following values:

0TCAIPROV: Infocube 1

0TCAACTVT: 03

0TCAVALID: *

Also, this authorization should have to the characteristic regarding to Version and Posting Level, and all of characteristic relevant authorization into InfoProvider "Infocube 1".

Second Analysis Authorization your should have to the following standard characteristics with the following values:

0TCAIPROV: Infocube 2

0TCAACTVT: 03

0TCAVALID: *

Also, this authorization should have to the characteristic regarding to Version and Posting Level, and all of characteristic relevant authorization into InfoProvider "Infocube 2".

Caution: Check in the user profile into analysis authorization asigned, if they have the 0BI_ALL, this is a special authorization that give total access.

I hope that can help you,

Luis

Former Member
0 Kudos

Hi,

http://help.sap.com/saphelp_nw70/helpdata/EN/55/46eb411a7f6324e10000000a1550b0/frameset.htm

This is the general proces to create the analysis authorization.

Also pls check if you have included the three mandatory characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) in "Maintain Authorizations" screen

pls reward if u find this useful

Former Member
0 Kudos

hi,

check whether you are meeting the prerequisites.

1) have you changed the concept to analysis auth in SPRO

2) the authorisation relevent check is active for your infoobjects for version and posting level.

Former Member
0 Kudos

BW 7.0 and BCS 6.0, SAP Netweaver 2004s.

Former Member
0 Kudos

what bw version are you in?