on 2008 Feb 27 10:26 AM
Dear all,
i have the following question:
I would like to restrict a user for the following settings:
1. The user is allowed to access the following infoobjects:
Version 100 on Infocube 1 and Posting level 00 -10
2. The same user is allowed to access
Version 101 on Infocube 2 and Posting level 00 - 30
For both requirements i created 2 analysis authorisations:
But after assigning both authorisations the following happens:
The user has access on each infocube to all versions and all Posting level.
How i have to handle this problem???
Request clarification before answering.
Hi Christina,
The concept of Analysis Authorization is newer Authorization concept in BI 7.0. As per this concept system first checks the following three Characteristics:
0TCAIPROV
0TCAACTVT
0TCAVALID
And all these three characteristic must satisfy the users authorization then only system will check the other authorization for that user.
So for your issue you have to define these three characteristics first
0TCAIPROV: Name of your infoprovider
0TCAACTVT: Activity for which you want to authorize the user
such as 1 - Create
2 - Change
3 - Display
- For all Activity
So as per the need you can give the authorization to the user (1,2,3 or *)
0TCAVALID: If you want to give a validity then specify here or
give * value
So as per these guidelines you have to define both the analysis authorization.
Kindly make sure that the user does not have the BI_ALL or SAP_ALL Authorization as this authorization give the full access to the user and ignore any other restriction given by other authorization.
Hope I could help you in this regard.
Kindly Asign points if useful...
Regards,
Abhi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Christina,
I'm going try to hepl you,
You created two analysis authorization.
First Analysis Authorization your should have to the following standard characteristics with the following values:
0TCAIPROV: Infocube 1
0TCAACTVT: 03
0TCAVALID: *
Also, this authorization should have to the characteristic regarding to Version and Posting Level, and all of characteristic relevant authorization into InfoProvider "Infocube 1".
Second Analysis Authorization your should have to the following standard characteristics with the following values:
0TCAIPROV: Infocube 2
0TCAACTVT: 03
0TCAVALID: *
Also, this authorization should have to the characteristic regarding to Version and Posting Level, and all of characteristic relevant authorization into InfoProvider "Infocube 2".
Caution: Check in the user profile into analysis authorization asigned, if they have the 0BI_ALL, this is a special authorization that give total access.
I hope that can help you,
Luis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
http://help.sap.com/saphelp_nw70/helpdata/EN/55/46eb411a7f6324e10000000a1550b0/frameset.htm
This is the general proces to create the analysis authorization.
Also pls check if you have included the three mandatory characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) in "Maintain Authorizations" screen
pls reward if u find this useful
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi,
check whether you are meeting the prerequisites.
1) have you changed the concept to analysis auth in SPRO
2) the authorisation relevent check is active for your infoobjects for version and posting level.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
BW 7.0 and BCS 6.0, SAP Netweaver 2004s.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
what bw version are you in?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
73 | |
30 | |
8 | |
8 | |
7 | |
6 | |
6 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.