cancel
Showing results for 
Search instead for 
Did you mean: 

BI 7.0 Analysis Authorization

Former Member
0 Kudos

Hi,

Can you please advise on providing analysis authorisation for following scenario?

Single User

Profit Center ALL(*) but G/L Account Restricted(xyz) &

Specific Profit Center (ABC) and access to ALL G/L Account (*)

Best Regards,

UR

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello,

If you need to have those two authorizations in queries built over different infoProviders, you can manage to do that be this:

RSECADMIN transaction and build two authorizations:

Aut_1:

Profit Center ALL(*)

G/L Account Restricted(xyz)

0TCAACTVT (03 - Display)

0TCAIPROV (the InfoProvider name X where the query you want to restrict this way)

0TCAKYFNM (* - every key figure)

0TCAVALID (* - valid for ever)

Aut_2:

Specific Profit Center (ABC)

G/L Account (*)

0TCAACTVT (03 - Display)

0TCAIPROV (the InfoProvider name Y where the query you want to restrict this way)

0TCAKYFNM (* - every key figure)

0TCAVALID (* - valid for ever)

Give both authorizations to the user. When he/she executes the query over InfoProvider X he/she will be using authorization Aut_1 values, if executes query over InfoProvider Y he/she will be using aut_2 values.

Diogo.

Former Member
0 Kudos

Hi,

The queries in question are built on same info-provider. Is there anyway to achieve this with the single query?

Best Regards,

UR

Former Member
0 Kudos

Dear UR,

Iu2019m going to try helping you about your question,

In the authorization system in BI has two main levels, the first itu2019s focus in authorization object, the second itu2019s focus analysis authorization.

What is authorization object aim? Is for restrict access by object as (transactions; create, delete and maintenance entire object in BI as InfoObject, InfoCube, InfoSet; Open Hub Destination, DataSource, Extractor, Queries, Workbook, etc. These actions you can maintenance through Tcode: PFCG

What is analysis authorization aim? Is for restrict access by characteristic and navigational attributes values. These actions you can maintenance through Tcode: RSECAUTH.

According Diogo said, you need to set up analysis authorization for restrict your access by value.

But youu2019re faced in potential combining authorization, whether you assign both authorizations for one user.

Aut (Combining)

Specific Profit Center (ABC) + * = *

G/L Account (*) + (xyz) = *

0TCAACTVT (03 - Display)

0TCAIPROV (the InfoProvider name Y where the query you want to restrict this way) + X

0TCAKYFNM (* - every key figure)

0TCAVALID (* - valid for ever)

You should avoid this scenario. For do this, try to use a customer exit, in your analysis authorization, where you have a set of value

SE11 u2013 Create a table,

Profit Center G/L Account

ABC *

* XYZ

And include a customer exit in your design:

Specific Profit Center $ProfitCenter

G/L Account $G/L Account

0TCAACTVT (03 - Display)

0TCAIPROV (the InfoProvider name where the query you want to restrict this way)

0TCAKYFNM (* - every key figure)

0TCAVALID (* - valid for ever)

I hope this suggestion can help you regarding your question,

Luis

Edited by: Luis Benavides on Mar 20, 2009 10:23 AM

Edited by: Luis Benavides on Mar 20, 2009 10:24 AM

Former Member
0 Kudos

Hi Luis,

Thank you for your suggestion.

Can you please explain little more about Customer exit and how it will select required authorization from table?

Best Regards,

UR

Former Member
0 Kudos

Dear UR,

Iu2019m going to try giving you an overview regarding customer exit,

If you like have a specific behavior in your authorization system. According of your requirement

u201CSingle User

Profit Center ALL(*) but G/L Account Restricted(xyz) &

Specific Profit Center (ABC) and access to ALL G/L Account (*)u201D

Instead of using a single value, interval or hierarchy node, you can also use variables of type customer exit in authorizations. The advantage of costumer exit is, en some cases reduces the maintenance effort.

More details,

http://help.sap.com/saphelp_nw70ehp1/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm

If you want to process a variable using a processing type other than Manual Entry/Default Value, Replacement Path, SAP Exit, or Authorization, you can use Customer Exit to set up a customized processing type for variables to suit your specific needs.

More details,

http://help.sap.com/saphelp_nw70ehp1/helpdata/en/f1/0a56f5e09411d2acb90000e829fbfe/frameset.htm

Hint: You can create a customer exit through your BEx Query Designer.

I hope this overview can help you regarding your question,

Luis,

Answers (0)