Skip to Content
author's profile photo Former Member
Former Member

BI 7.0 upgrade; RSEC_MIGRATION program - necessary to select users/groups?

Hi,

I have a question regarding program RSEC_MIGRATION, which semi-automatically migrates from the old reporting authorization concept to the new analysis authorization concept in BI 7.0. In the documentation from SAP and other presentations, it says to select the users to migrate over. (As an FYI, I have searched extensively on the SAP BI forum and didn't find a specific answer).

I am a bit puzzled as to why you'd have to select the users (and groups) since the migration originates in the dev system (per Amelia Lo's presentation and others, "Pre-requisite: a user group must be complete and self-contained!"). From my understanding, the users are selected so that an option to assign the new analysis authorizations directly to the users can be selected (if so desired); however, can the step of choosing users NOT be executed? We are going to test the migration steps in the sandbox to understand how the migration works; we will actually do it in the dev system, of course.

The end users don't have accounts in dev, so I would like any insight to this program; we don't have our sandbox system yet, so I can't test, but I am just trying to better detailed understanding.

Also, per SAP, S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and S_RS_ODSO will no longer be checked during query processing. Instead, the check is performed using special characteristics 0TCAIPROV, 0TCAACTVT and 0TCAVALID.

Would any values for the various infoproviders and cubes in those obsolete objects be populated automatically for the 0TCAIPROV characteristic?

We are planning on doing a mock migration in the sandbox to understand how things work, but any feedback from those of you who've got through it would be helpful.

Thanks in advance!

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    Posted on Jul 13, 2007 at 12:22 PM

    Hi Julie,

    the standard authorisation object like S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and S_RS_ODSO protect the maintenance of BI objects, whereas Analysis Authorization protect the data contained in InfoProviders.

    Therefore, there are independent of each other and are not populated automatically by the migration.

    Please check also the online help which should provide you more insight on the topic.

    http://help.sap.com/saphelp_nw04s/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htmhttp://help.sap.com/saphelp_nw04s/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm>

    Cheers

    SAP NetWeaver BI Organisation

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 13, 2007 at 12:41 PM

    Thanks for your reply. I have gone through the documentation regarding the analysis authorization concept and understand that it replaces the old reporting authorization concept in the 3.x versions of BW (so any auth objects created in RSSM will have to be converted) and now that the migration is independent of the S_RS objecs in question.

    However, I still need some clarity on "The authorization objects S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and S_RS_ODSO will no longer be checked during

    query processing. Instead, the check is performed using special

    characteristics 0TCAIPROV, 0TCAACTVT and 0TCAVALID."

    If these objects are no longer checked during query processing and we restrict via these objects (and of course S_RS_COMP and S_RS_COMP1, which are still relevant) and do not have any reporting objects, how do the restrictions in the S_RS objects get converted to analysis auths?

    Do we just manually create them and provide the specific infoproviders in each analysis auths? Or do we not need any analysis authorizations because we don't have any reporting authorizations (we have separate landscapes due to other requirements)?

    Thanks

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.