cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BW authorization level is not reflecting in BO

Go to solution
former_member552170
Participant

on ‎03-11-2015 3:38 AM

0 Kudos

Dear All,

   Greetings. In our landscape we used Win AD authentication type for all the users. Now our new requirement is they wants to create only one report for all the zones and in authorization level we have to restrict the data zone wise. So we planned to change the authentication type from WinAD to SAP. We have configured as per the below wiki link and sap admin document. I can fetch the role from BW system and users has been fetched from BW system and no issues with login also.  we are using BICS connectivity for all the reports and dashboards. Only the authorization level is not reflecting in BO. Please suggest your inputs.

BOBI 4.1 SP4

http://wiki.scn.sap.com/wiki/display/BOBJ/Setting+up+the+SAP+plug-in

Thanking you in anticipation.

Regards,

Obinna.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-11-2015 7:01 AM
0 Kudos

Obinna,

As per the workflow, you are pulling in the data from SAP BW, BEx Query into BO using BICS connectivity. In this workflow you cannot set any data or row level restrictions from BO end.

The data returned here is based on the roles assigned for the user. You can check the below

Let us say you have user A.

Login to BW and run the query and make a note of the result. Now login to BO using the same user and check the data. What ever data you are getting in BW, you will get in BO.

So if you want to apply restrictions on the data as per the region, then you need to do it on BW end only.

Show replies
Show replies
former_member552170
Participant
‎03-11-2015 9:33 AM
0 Kudos

Hi Bhavanam Reddy,

   Thanks for your support. I have checked with one user ID in BW system and BO system. But in BW system its showing only one zone data but in BO reports its showing all the zone data's. It means the authorization is working perfectly in BW system but in BO no luck.

I want to clarify one more thing, actually we are using only one OLAP connection for all the reports and dashboard. We are using one communication user with sap all authorization in BW system. Is that a problem? Please suggest your inputs.

Thanking you in anticipation.

Regards,

Obinna

Former Member
‎03-11-2015 9:45 AM
0 Kudos

How is the OLAP connection created?

Is it using SSO /pre defined / Prompt?

I guess in your case it is predefined user account, which has all the rights to all regions.

If you have SSO configured, use the SSO option or use the Prompt option.

former_member552170
Participant
‎03-11-2015 10:45 AM
0 Kudos

Hi Bhavanam Reddy,

  How is the OLAP connection created?

    We have created the OLAP connection through CMC.

   Is it using SSO /pre defined / Prompt?

      We are using Pre defined.


   If change to Prompt mode, then its throwing error.


Please do i need to configure SSO to achieve this.


Regards,

Obinna

Former Member
‎03-11-2015 10:52 AM
0 Kudos

What error are you getting when you set it as prompt?

You can also achieve this via SSO as well.

Workflow is as below:

When you are using predefined: data restrictions will work according to Pre Defined user account only.

So to get the data restrictions working correctly you would need to use either SSO or Prompt.

former_member552170
Participant
‎03-11-2015 11:41 AM
0 Kudos

Hi Bhavanam Reddy ,

    Please find below the error message if i use Prompt authentication for OLAP connection. Please suggest.

Regards,

Obinna

former_member189884
Contributor
‎03-11-2015 11:41 AM
0 Kudos

As mentioned because you are using pre-defined you will inherit the security of the defined user. you should use SSO for this to be seamless. Also look into STS (SAP SSO Service) on the BOBJ system.

How to setup SSO against SAP BW with SAP BO BI4.0 Common Semantic Layer (UNX) or BICS - Business Int...

-josh

former_member552170
Participant
‎03-12-2015 3:41 AM
0 Kudos

Hi Bhavanam Reddy,

  I have configured SSO and now its working depends on BW authorization level. Thank you for your support to resolve this.

Regards,

Obinna.

Answers (2)

Answers (2)

Former Member
‎03-11-2015 6:39 AM
0 Kudos

I believe for the requirement you have, this can be done by using publications as the authorization has to be performed at Data Level.

Show replies
Show replies
former_member552170
Participant
‎03-11-2015 6:52 AM
0 Kudos

Hi Arvind,

   In our landscape users are accessing the reports through launchpad or mobile. So i dont think so through publication we can do that. Please correct me if am wrong.

Obinna

Former Member
‎03-11-2015 7:01 AM
0 Kudos

I guess we can deliver the reports using publication to user's BI inbox which is available in BI LaunchPad as well as Mobile. Hope that would suffice your requirement.

tanveer1
Active Contributor
‎03-11-2015 6:39 AM
0 Kudos

Hi Obinna,

Can you explain bit better what do you mean by not reflecting ?

when the users are replicated in BOBJ then authorization will automatically be taken care.

Thanks,

Tanveer.

Show replies
Show replies
former_member552170
Participant
‎03-11-2015 6:50 AM
0 Kudos

Hi Tanveer Ahmed Mohammed,

  In BO system, we have reports fetching data from BW system. In reports we have all the zone data. As per the SAP authentication type, the data should be restricted by BW authorization level. When the user don't have authorization to view all the zone data in BW system, the user has authorization to view only one zone data in BW system. The same should reflect in BO also. But the user is able to view all the zone data in BO reports. Please suggest.

Regards,

Obinna.

tanveer1
Active Contributor
‎03-11-2015 6:57 AM
0 Kudos

Hi Obinna,

Try to check if BW authorizations are working fine or not ?

If BW auths are working fine then BO data will be restricted accordingly.

run the reports as the user in the transaction "rsudo"

and compare the output when the same user runs the report in webi. If both are same then the issue is due to auths not working properly rather than a BO issue.

Thanks,

Tanveer.

Ask a Question