Showing results for 
Search instead for 
Did you mean: 

Cannot deactivate hierarchy in Query

0 Kudos

Dear all,

From my problem is about activate/deactivate hierarchy for query in SAP BI version 7.0 whether query running on portal or on Business Exploeror(excel).

First of all, this query is reported about cost center value and amount.

I set the user with authorized for responsibled cost center.

This user can access and run this query for responsibled cost center with hierarchy display active without error.

And i see that, this report is filter with the user authorization, that's correct.

But my problem is ...when this user deactivate the hierarchy in the query, the message " User is not authorized" will be showned. It's mean that the auto-filter doesn't work.

How can i set the authorization to user which can deactivate hierarchy and see data only responsible cost center?

Thanks for any help in advance.

Best Regards,

Lavitra P.

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Hi Lavitra,

This is the correct system behavior.

You are right that the hierarchy auto-filter only works when hierarchy display is active.

In order to execute the query successfully without hierarchy display,

you need to set a filter for the characteristic in query definition.

Normally the recommended way is to define an authorization variable for it.

Then the variable can be filled automatically from user authorization.

With this filter, the authorization check will succeed.

Hope this helps.



0 Kudos

Dear Sir,

Thanks for your help.

And I already set as your recommend but the result still doesn't work.

I'm not sure that it's because of the designed model of costcenter object or not.

In the designed, this object comes from navigate attribute (0COORDER__0RESP_CCTR)

0RESP_CCTR are navigated attribute of 0COORDER and also set AuthorizationRelevant for this object

and i set hierarchy from this object (0COORDER__0RESP_CCTR)

so i cann't deactivate hierarchy from this object.

Is it possible that cannot make because using navigated attribute model?

0 Kudos


If you are using navigation attribute 0COORDER__0RESP_CCTR,

you may define an authorization variable for it in query definition.

It should work in the same way as a normal InfoObject.

If it still doesn't work, a very useful way is to check the RSECADMIN (I assume you are using the BW7.0 authorization concept) authorization log.

You may refer to OSS note 1234567 (an interesting note number ) for very details about it.

From the log, you can see exactly why the authorization check failed.



0 Kudos

Hi Patricia,

Your info. are very helpful and can be guideline for my solution. And now i can resolve my problem. The way is, go to changing Type Auth. hier. of Hierarchy Authorization in the 0COORDER__0RESP_CCTR and add value of 0COMP_CODE, 0CO_AREA and 0RESP_CCTR in the characteristic: 0TCAIPROV (Authorization for InfoProvider).

Thank you very much

Active Participant
0 Kudos


Waht kind of authorization are u using? Is it an authorization based on hierachy node?

In that case the auth-check must be fail if the hierarchy will be switched of because the character is flagged as auth-relevant and no "auth. given" are matching.

In every case you should check TA SU53 after the "no-auth-message" appears.

It will return you (the user who has the problem) wht authorization is missing.



0 Kudos

Thanks for your information.

I have set authorization in authorization object: S_RS_AUTH (the value of this object will be cost center) and authorization is based on hierarchy node.

Moreover, in model, character is flagged as auth-relevant. (if not set as auth-relevant, i think that the cost center will not be check as authorize)

for checking SU53, i already done and the system require S_RS_AUTH with value 0BI_ALL which is the value of root of cost center (highest node). and if i assign this, although i can deactivate hierarchy but all cost center data will be shown ( not only responsible cost center) that user can see data in other cost center so it's not correct way to solve this problem.

Do you have the way to set without auth-check fail?