cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with analysis authorisation post upgrade to 7.3 from 3.5

Former Member

on ‎12-27-2013 4:58 AM

0 Kudos

Hi Experts,

We have recently upgraded BW system from 3.5 to 7.31.

As it's mandetory in 7.31, we migrated the old data authorisation with new analysis authorsations. However, we are still facing some issues of No Authorisation during report execution. Thus, seeking clarification on below concerns -

1. Do we need to remove old data authorisation roles while assigning new analysis authorsation roles to user ? Or there is NO harm to let the old roles stay as they don't interefer with new analysis auth?

2. We have a one user with ONLY old data authorisations assigned but it still works without any authorisations issue (where as ideally it should not work with old data authorisation) . However, when a new user is copied from this user to have same old auths only, the new user id does NOT work unless new analysis authorisations are assigned to it. This keeps us wondering how on that one user ID is working with old data authorisation without any issues. So is there any other setting that can overwrite the old data authorisation roles in SU01?

Any inputs will be highlighy appreciated. Thanks in advance.

Regards,

P.K.


Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎12-27-2013 10:46 AM
0 Kudos

Hi Pritesh,

Step 1:   The first issue here is the program you were using in BW3.5, if it was a custom program then it may or may not be replicated using standard RSECADMIN. Please check with the developer of this program to understand what it was doing in BW 3.5 and can that be replicated in RSECADMIN

Step 2:  The issue that generated profile under 3.5 settings in SU01 is not taking effect after upgrade is expected. Please go to SU01 or open the generated profile in SU02 and look at the Info Objects it is using and then compare the Info Objects being used in RSECADMIN generation - you can get that information from the Logs. It will be different because under analysis authorizations the authorization check happens at the underlying Info Object rather than the Z object built under 3.5 settings.

Step 3:  For RSECADMIN generation please attempt using the standard content first, please check with your developer about where the data is coming from and where is getting loaded to in BW. SAP provide the standard ODS for HR and CO. Using standard content is always preferable as it comes with SAP support.

your ODS will have following fields (at least)

- a field for ORDER ( 0TCTIOJNM ?)

- a field for the values (TCTLOW)

- A field for the user

There can be aadditional fields also and you will be running the data load and generation every-time you want to update the authorizations and user assignment One way around it is generate all ORDER values with user assignment and then manage the user assignment manually.

For further reference please find below links: 

" http://scn.sap.com/docs/DOC-47671 "

" http://scn.sap.com/community/data-warehousing/netweaver-bw/blog/2012/05/22/authorization-in-bi-7 "

http://www.scribd.com/doc/28336078/Analysis-Authorizations

/"  /help.sap.com/saphelp_nw70ehp1/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm "

Regards,

Baskaran

Show replies
Show replies
Former Member
‎12-30-2013 8:03 AM
0 Kudos


Thanks for reply guys.

I have figured it out one of the bottleneck, please correct me if I am wrong anywhere -

1. Old roles can stay in SU01 profile of user along with assignment of new analysis authorization roles. since new authorizationare based new authorization objects, old and new roles when existing SU01 does NOT ineterfer with each other.

2. User ID with only old data authorization roles assigned in SU01 was working even after upgrade to 7.3 while it is not supposed to work unless new analysis authorization roles are assigned -> I found the new analysis authorization object was directly assigned to user via RSECADMIN and thus the ID was working even with only old authorizations in it's SU01 profile.

Former Member
‎12-30-2013 8:13 AM
0 Kudos

Hi Pritesh,

Are you sure that all your roles which you've migrated from 3.x to BW 7.3 has values of auth object transferred properly too?

Also, can you check whether those values of auth objects has proper values which is exactly matching with 3.x ?

If not, after transporting all such objects from 3.x, you have to choose mass transfer object and you have to sync all such roles and auth objects in comparison to 3.x with ur new upgraded version.

You'll get this from rsecadmin transaction, in one of such menus, such option is available.

Even I faced same errors like users are not getting authorized data, etc after migrating to 7.3.

After doing such option, errors got resolved.

Kindly try this;

Regards,

Antony Jerald.

Former Member
‎12-30-2013 9:36 AM
0 Kudos

Hi Pritesh,

After migration of roles from 3.5 to 7.3 yu need to change the setting in RSCUSTV23.you need to switch analysis authorization then only it will work.i think you might have forgot to change the setting it's still poiniting standard authorization concept that's why old user can able to execute the report without authorization issue.

Please change the setting and let me know if still issue persists.

Regards,

Siva

former_member183012
Active Contributor
‎12-27-2013 10:24 AM
0 Kudos

Hi,

At the time of analysis only I think you have identified all the roles means which charecterstic is required,infoprovider etc...according to that only you have created AA and added in new role correct?

After setting in SPRo for AA you will be used AA in BI7.3...

1)regarding old role i think you should remove and add new AA objects.

2)Have you made setting in SPRO?I think your old roles have required authorization thats why i will not give error..

I have worked on analysis authorization very long time not able to recollect but its sure you will get proper document on google for step by step migration.

Regards,

Ganesh Bothe

Show replies
Show replies
Former Member
‎12-27-2013 5:56 AM
0 Kudos

Hi PK,

Just for our understanding, you have upgraded system to 7.31, and migrated roles. Have you migrated BEx components to 7.31 or those are still on older version?

This might be a reason for this kind of issue. You can confirm by taking su53 screens.

for comparison of users check with SUIM, you have better options for comparison of users.

Regards,

Ganesh

Show replies
Show replies
Former Member
‎12-27-2013 7:12 AM
0 Kudos

Thanks for reverting Ganesh W.

Yes we have migrated to new analysis authorization but the reports are still in 3.x. But I don't see that report migration is necesary in upgrade or before starting to use analysis authorization. Correct?

Regards,

P.K.

former_member183012
Active Contributor
‎12-27-2013 5:56 AM
0 Kudos

Hi Pritesh,

You will find lot many useful document regarding migration of role based authorization to analysis authorization on google.search with "steps to migrate analysis authorization SAP Bi"

read it and paln according to the steps provided in the document.first understand what is AA.

hope it will help.

Regards,

Ganesh Bothe

Show replies
Show replies
Former Member
‎12-27-2013 7:09 AM
0 Kudos

Hi Ganesh,

We are already through with migration of authorisation as a part of upgrade done, i.e. New roles based on authorisation objects created to replace old data authorisation roles.

However, question is whether the old data authorisation roles needs to be removed from user profile in SU01 before applying new analysis authorisation role ?

And nextly, the case of user id that is having ONLY old authorisations (which are not supposed to work in 7.3) but still working without giving any authorisation error. Any clue on this ?

Regards,

P.K.

Ask a Question