Skip to Content

Authorization Object Issue


We are facing a very strange issue for authorization object. We want to restrict a division for a particular user who has given a particular query. Following steps I did :

1. Assigned s_rs_auth and auth object to user's pfcg. also in s_rs_comp/comp1 relevant query and infocube and with own responsible as * is given.

2. It gave error for colon, so two more infoobjects were added to auth object with I EQ :

3. After that further it said you don't have authorization for infoprovider, so another infobject was added ( OTKEYFNM ) as * in auth object.

4. A variable as authorization type was create i query ( not input ready ).

But user is able to access to all division and not the two division that were assigned on 0Division in auth object. Tried everything but data is not getting restricting.

Please help.

warm regards,


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Apr 06, 2017 at 05:13 PM


    Assigned the mentioned four but still authorization is not working, still user can access all the data. No Luck.

    warm regards,

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Koen,

      It finally worked. At RSECADMIN when I was checking from any 'authorization relevant' infobjects for the cube, it was only showing 1 IObj. Now I reactivated the cube again and again checked in RSECADMIN, it finally showed two more authorization relevant infoobjects ( division and sales org ), I included them also in the same auth object with parameters I CP * and I EQ : for both. Now finally the authorization worked at query level and BO dashboards level.

      thanks for the time and help

      warm regards,


  • Apr 06, 2017 at 06:39 AM
    Add comment
    10|10000 characters needed characters exceeded

    • hi,

      you only need

      • S_RFC: (Authorization Check for RFC Access) requires for execution of query in Analyzer.
      • S_RS_AUTH: (BI Analysis Authorizations in Role) Analysis Authorizations objects can be added. E.g. your authorization object
      • S_RS_COMP: (Business Explorer - Components), used for reporting relevant components.
      • S_RS_COMP1 (Business Explorer - Components: Enhancements to the Owner) used for reporting relevant components.