cancel
Showing results for 
Search instead for 
Did you mean: 

Analysis Authorization and relates issue

Former Member
0 Kudos

Hello all,

I am in the midst of designing authorizations using RSECADMIN transaction.

We have a set of 50 different queries.

In our cube, there are 5 different characteristics, which are authorization relevent.

So, in RSECADMIN, i have created one analysis auth role, included all special and authorization relevent characteristics and maintained the appropriate values.

But when i execute the queries,the desired output is not coming.

- Do i need to create authorization varaibles and included in all my queries ?

- Without including the auth.variabes in queries, is there any other way to restrict the users ?

I though, by assigning the parameters in RSECADMIN, the query will automatically filter the data.

Can you pls help ?

We are on SP19.

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
0 Kudos

was the issue resolved? was my answer helpful to you ????

please update...

Former Member
0 Kudos

Hi,

First of all, The query is always based on a InfoCube. Now, you have 50 different Queries which is based on this InfoCube if I am not wrong as you are not getting any authorization error.

For a query to run, the user should have access to 1. Query, 2. Infocube and 3. Data(All Auth Relevant + 4 Special Objects)

Authorization relevant objects are for an InfoCube which means that these objects are important or key fields for the infocube.

You say that in your case, you have 5 Auth relevant objects which means they are important. But please note that there are more infoObjects in that InfoCube.

Now, when you go to the query design, you can restrict on any object in the InfoCube but it makes more sense that you do it on one of those authorization relevant objects as you have to specify that in the Analysis Authorization where the system can pick up the data easily and give the output.

Again, on the query design, if you have designed the query with processing type "Authorization", then it would automatically pick up (What you mentioned as automatic filtering) the value from the Analysis Authorization which is contained in the user's role for that query which otherwise gives a wide variety of options to chose from where the user has to choose the correct one.

To get the desired output, all the correct variables should be included in the query and user should have access to all the three mentioned above.

May be this gives a clear picture.

Regards,

Prasanna

Edited by: Prasanna Nagaraja on Sep 11, 2009 11:40 PM

Former Member
0 Kudos

Hi,

I guess not all 50 queries contain the full set of five authorization relevant characteristics.

For those characteristics, which are in the cube but not in the query, the user needs authorization for aggregated values.

So the Analysis Authorization has to contain for those characteristics (I think all in this case but not the special ones) following entry:

Including/Excluding: 'I'

Operator: 'EQ'

Value(from): ':'

Regards

Markus

Former Member
0 Kudos

Hello all,

I have read all the threads and i am not still clear

do we need to have the authorization variable inside the query or not?

thanks in advance

Edited by: Narender Metuku on Aug 19, 2009 5:20 PM

Former Member
0 Kudos

Yes you have to create authorization variable for the query to avoid authorization check failed....

Former Member
0 Kudos

thanks a lot Mohan, is it ok if i call you in the morning

Former Member
0 Kudos

Hi,

you have to include variables for the authorization relevant characteristics...

You should use a variable witch represents "Selection Option" and processing type "Authorization".

Check:

http://help.sap.com/saphelp_nw70/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm

Regards

Andreas

Former Member
0 Kudos

if you are executing query, i think you should create authorization variable for the same.

As i got the same error once. without the authorization variable, i able to exeucte the query but not the desired output.

the values were not came up in the query fields. So you have to create authorization variable i suppose.