Skip to Content
author's profile photo Former Member
Former Member

Issue with analysis authorisation post upgrade to 7.3 from 3.5

Hi Experts,

We have recently upgraded BW system from 3.5 to 7.31.

As it's mandetory in 7.31, we migrated the old data authorisation with new analysis authorsations. However, we are still facing some issues of No Authorisation during report execution. Thus, seeking clarification on below concerns -

1. Do we need to remove old data authorisation roles while assigning new analysis authorsation roles to user ? Or there is NO harm to let the old roles stay as they don't interefer with new analysis auth?

2. We have a one user with ONLY old data authorisations assigned but it still works without any authorisations issue (where as ideally it should not work with old data authorisation) . However, when a new user is copied from this user to have same old auths only, the new user id does NOT work unless new analysis authorisations are assigned to it. This keeps us wondering how on that one user ID is working with old data authorisation without any issues. So is there any other setting that can overwrite the old data authorisation roles in SU01?

Any inputs will be highlighy appreciated. Thanks in advance.

Regards,

P.K.


Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Posted on Dec 27, 2013 at 05:56 AM

    Hi Pritesh,

    You will find lot many useful document regarding migration of role based authorization to analysis authorization on google.search with "steps to migrate analysis authorization SAP Bi"

    read it and paln according to the steps provided in the document.first understand what is AA.

    hope it will help.

    Regards,

    Ganesh Bothe

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Ganesh,

      We are already through with migration of authorisation as a part of upgrade done, i.e. New roles based on authorisation objects created to replace old data authorisation roles.

      However, question is whether the old data authorisation roles needs to be removed from user profile in SU01 before applying new analysis authorisation role ?

      And nextly, the case of user id that is having ONLY old authorisations (which are not supposed to work in 7.3) but still working without giving any authorisation error. Any clue on this ?

      Regards,

      P.K.

  • author's profile photo Former Member
    Former Member
    Posted on Dec 27, 2013 at 05:56 AM

    Hi PK,

    Just for our understanding, you have upgraded system to 7.31, and migrated roles. Have you migrated BEx components to 7.31 or those are still on older version?

    This might be a reason for this kind of issue. You can confirm by taking su53 screens.

    for comparison of users check with SUIM, you have better options for comparison of users.

    Regards,

    Ganesh

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks for reverting Ganesh W.

      Yes we have migrated to new analysis authorization but the reports are still in 3.x. But I don't see that report migration is necesary in upgrade or before starting to use analysis authorization. Correct?

      Regards,

      P.K.

  • Posted on Dec 27, 2013 at 10:24 AM

    Hi,

    At the time of analysis only I think you have identified all the roles means which charecterstic is required,infoprovider etc...according to that only you have created AA and added in new role correct?

    After setting in SPRo for AA you will be used AA in BI7.3...

    1)regarding old role i think you should remove and add new AA objects.

    2)Have you made setting in SPRO?I think your old roles have required authorization thats why i will not give error..

    I have worked on analysis authorization very long time not able to recollect but its sure you will get proper document on google for step by step migration.

    Regards,

    Ganesh Bothe

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 27, 2013 at 10:46 AM

    Hi Pritesh,

    Step 1: The first issue here is the program you were using in BW3.5, if it was a custom program then it may or may not be replicated using standard RSECADMIN. Please check with the developer of this program to understand what it was doing in BW 3.5 and can that be replicated in RSECADMIN

    Step 2: The issue that generated profile under 3.5 settings in SU01 is not taking effect after upgrade is expected. Please go to SU01 or open the generated profile in SU02 and look at the Info Objects it is using and then compare the Info Objects being used in RSECADMIN generation - you can get that information from the Logs. It will be different because under analysis authorizations the authorization check happens at the underlying Info Object rather than the Z object built under 3.5 settings.

    Step 3: For RSECADMIN generation please attempt using the standard content first, please check with your developer about where the data is coming from and where is getting loaded to in BW. SAP provide the standard ODS for HR and CO. Using standard content is always preferable as it comes with SAP support.

    your ODS will have following fields (at least)

    - a field for ORDER ( 0TCTIOJNM ?)

    - a field for the values (TCTLOW)

    - A field for the user

    There can be aadditional fields also and you will be running the data load and generation every-time you want to update the authorizations and user assignment One way around it is generate all ORDER values with user assignment and then manage the user assignment manually.

    For further reference please find below links:

    " http://scn.sap.com/docs/DOC-47671 "

    " http://scn.sap.com/community/data-warehousing/netweaver-bw/blog/2012/05/22/authorization-in-bi-7 "

    http://www.scribd.com/doc/28336078/Analysis-Authorizations

    /" /help.sap.com/saphelp_nw70ehp1/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm "

    Regards,

    Baskaran

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Antony Jerald J

      Hi Pritesh,

      After migration of roles from 3.5 to 7.3 yu need to change the setting in RSCUSTV23.you need to switch analysis authorization then only it will work.i think you might have forgot to change the setting it's still poiniting standard authorization concept that's why old user can able to execute the report without authorization issue.

      Please change the setting and let me know if still issue persists.

      Regards,

      Siva

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.