Skip to Content
author's profile photo Former Member
0
Former Member

Data Access Profile migration to BI Analysis Authorization

Posted on Jun 08, 2015 at 12:59 PM 140 Views

Hi ,

Is it possible to create BI Analysis Authorization from BPC Data Access Profile?

Thanks.

Andrea

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Gersh Voldman
    Gersh Voldman
    Posted on Jun 09, 2015 at 02:12 PM
    0

    Hi Andrea,

    Right now it's a manual process. If you have 1:1 mapping between Standard Dimensions and Embedded InfoObjects then it should be straightforward.

    Regards,

    Gersh

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Rodolfo Bermudez Neubauer
    Rodolfo Bermudez Neubauer
    Posted on Aug 12, 2016 at 06:13 PM
    0

    Andrea:

    I am in the process of attempting to mirror BPC Data Access Profiles access rights (Dimension Members) in BW Analysis Authorizations by using a User-exit BEx Variable that determines the according values by going through the backend BW and BPC tables (UJE_MEMACCESS, UJE_TEAM_AGR, USR04, etc.). My requirement is to control access rights on the BW InfoProvider (0COMPANY is authotization relevant) that feeds actual data to BPC using the same logic and values assigned on the BPC side (ENTITY is secured and mapped from 0COMPANY) in order to simplify security administration leaving it entirely on the BPC side (BW should inherit rights from the DAP defined and assigned in BPC). My proposed solution would require a single Analysis Authorization on the BW that dynamically determines the allowed members for every user through logic defined in the User-exit variable.

    If I manage to come up with a straightforward and simple solution I will post it here.

    Cheers

    Add a comment
    10|10000 characters needed characters exceeded

    • Rodolfo Bermudez Neubauer
      Aug 12, 2016 at 07:09 PM

      For the time being, I've come up with the following logic that should de coded into the Include for BEx variable User-exit:

      1. Read current USER from system variable (use function module RSEC_GET_USERNAME as SY-USER will not work with Analysis Authorizations when debugging with tx RSUDO)

      call function 'RSEC_GET_USERNAME'

      importing

      e_username = l_username.

      2. Determine ABAP Backend AUTH PROFILES assigned to l_username through table USR04


      3. Determine corresponding ABAP ROLES for assigned AUTH PROFILES through table AGR_1016

      4. Determine BPC Data Access Profiles (field CAPTION) for assigned ABAP ROLES through table UJE_PROFILE_AGR (optionally can filter APPSET_ID through through roletype ZBPC_xxUnnnnn ABAP Role in table UJE_USR_AGR)

      5. Use BPC PROFILE_ID from table UJE_USR_AGR to determine allowed members for secured BPC Dimension (ENTITY) from table UJE_MEMACCESS

      6. Fill e_t_range internal table in BEx Variable user-exit with member values read from UJE_MEMACCESS (optionally, check list of member values against BW Master Data table for 0COMPANY)

      Any suggestions are appreciated.

      Regards

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.