Showing results for 
Search instead for 
Did you mean: 

what are the steps involved in SAP BI report authorization check.

Former Member
0 Kudos

Ex: In Ecc, when a Transaction code is executed, system check if its valid tcode or not in TSTC and then goes on checking if its locked or not, then su24 comes in to play. Similar fashion, how does a report gets checked in SAP BI. How does system know that it should look for S_RS_COMP/ S_RS_COMP1 or S_RS_AUTH for data authorization check.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos


You can check authorization for report by the following:

Go to rsecadmin tcode,

Click on analysis > Execute as > specify user ID, then execute.  If ther's no authorization, you can identify by checking it's log.

Similarly, you can get what all the authorization that a user has from tcode su53.

S_RS_Comp/S_RS_COMP/S_RS_AUTH are required for reporting authorization.

You've to specify which reports a user wants access here along with it's infoprovider name.


Antony jerald.

Former Member
0 Kudos

Hi Kalpana,

The BI authorization concept is a little different

The objects like



works little different

generally the object S_RS_COMP/S_RS_COMP1 holds the query or reports, this will give access to the reports

where as this object S_RS_AUTH holds the analysis authorization and again analysis authorization provides authorization to the data

the role which holds the objects S_RS_COMP/S_RS_COMP1 are called menu roles

the role which holds the object S_RS_AUTH is called data roles

when the user is given the menu role and data he will get access to the reports and data

hope this answered your question



Former Member
0 Kudos

Thank you Surya. You have answered my query partly and I agree with you that BI authorizations work differently as the data is stored differently here.

However, there should be some table or program which tells the system that it should check S_RS_COMP object for authorization check (i.e. the menu role.) when user executes the report.

So how does system understands this logic. Where this logic is stored in the system.

I want to understand that part of the authorization check. I hope my question is clear.



Former Member
0 Kudos

Hi Kalpana,

the system checks the table called RSECVAL, this table holds all the Analysis authorization created.

once the user click on the report, the system checks whether the user is having the authorization for report from the roles assigned to him ( agr _1251 )

hope this answered you query



Former Member
0 Kudos

Hi Surya,

Unfortunately this does not really answer my question

When a report is executed, system checks if that report access is there for the user under the objects S_RS_COMP and S_RS_COMP1. Then it checks S_RS_AUTH object for data access - which in turn checks the AA and the available Info-providers along with their Auth relevant fields.

I am clear in this process. 

My question here is very primitive, What tells the system or what triggers the system to check in the above objects when a report is executed ??