Skip to Content
avatar image
Former Member

Do not allow a user to send data via input form (BPC 10.1 Embedded)

Hello,

Edit: I have use an analysis authorization and now I am able to visualize the data that is assigned in the DAP. However, I can not change to 'Edit Mode', it says that I do not have enough autorization. More strange thing is that if I change my DAP to 'All members' with access 'write' I am able to change to 'Edit Mode'.

Refer to this comment:

http://answers.sap.com/comments/152129/view.html

I have created a user with the minimum authorization objects:

However when the user logs in EPM, he can still press the "Edit Mode" button and save data:

What can I do so the user cannot save data?

Thank you.

test.png (73.9 kB)
capture.png (24.8 kB)
capture2.png (38.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Feb 14, 2017 at 12:13 PM

    seems I'm running out of comment depth...

    I'm not so worried about the generated role. BPC will know how to interpret the !!!

    But slowly, I'm running out of ideas. If the authorization log looks the same for your DELTEST2, you can try to look at the place where the DAP and the backend authorizations are merged.

    Go to transaction SE37 and open function module "RSEC_INTERSECTION_BPC". Set an external break-point at the first loop (as the restricted user). When you open your workbook (also as restricted user) the debugger will come up and you can inspect the variables i_thx_bw_auts (the BW-sided authorizations) and i_thx_bpc_auths (the DAP authorizations).

    These two sets of authorizations will be intersected to produce the effective authorization. Maybe that gives you a hint what's going on.

    If that doesn't help, the only thing I can recommend is opening a ticket -- the support coleagues will have better chances when they can look at the system directly.

    Best regards,
    Marc

    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      if it explicitly states that you have no authorization, a good starting point is transaction RSECPROT. There you will see why you were refused to write.

      Of course, you need to make sure the cells you want to enter are also input-enabled. If you change a value on the lowest level and the cell was marked as input-ready, then you should be able to write with your configuration.

      Best regards,
      Marc

  • Feb 09, 2017 at 03:53 PM

    Please read: http://service.sap.com/~sapidb/011000358700001239962013E

    6.8 Authorization Levels and Their Precedence (Embedded only)

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 09, 2017 at 05:57 PM

    Hi Christina,

    the issue might be that you selected * for "BI Analysis Authorizations". That means you assigned all analysis authorizations to the role. This includes 0BI_ALL, which is the super-authorization granting access to everything and overrules the DataAccessProfile.

    You might want to create an explicit analysis authorization and assign this one instead. If you want to maintain your authorizations on the BPC side, you can be generous with this analysis authorization because it will be intersected with the DAP at runtime.

    Best regards,
    Marc

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 11, 2017 at 03:01 AM

    In same t/a RSECADMIN you can run any query with selected user. Run it with log and it will show you what authorizations you are missing.

    Add comment
    10|10000 characters needed characters exceeded