cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI Authorization Issue

Former Member

on ‎08-07-2007 1:11 AM

0 Kudos

Hi,

Though we restricted the authorizations of a user to specific cost center data, he is still able to see all data in the query. The steps we followed:

Activated 0COSTCENTER and the 3 special auth. Char. as authorization relevant.

1. Created a user (su01).

2. Created Analysis Authorizations (rsecadmin) - Included 0COSTCENTER, 0TCAACTVT, 0TCAIPROV and 0TCAVALID. 0COSTCENTER was restricted on few char. values and a hierarchy node.

3. Created Role (PFCG) - Included the User, Generated Auth. Profile (SAP_ALL and S_RS_AUTH with the value for BIAUTH - Authorization created in RSECADMIN).

4. User Assignment ((rsecadmin) - Assigned the authorization to the user.

In the query, we created an authorization variable on '0COSTCENTER'. On the selection screen during query execution, when looking up for cost center values for selection, the user is able to see all cost center master data values and not just the authorized ones.

Please advise.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

udayabhanupattabhiram_cha
Active Contributor
‎08-08-2007 6:12 PM
0 Kudos

Hi:

In the same Analysis Auth where the COst Center is retricted, use 0TCAIPROV to give the name of the InfoProvider.

If this doesn't work, then check the Cost Center poece more carefully. You have have accidentally given ROOT of COst Center hierarchy.

U.P.Ram Chamarthy

Show replies
Show replies
Former Member
‎10-18-2007 10:59 PM
0 Kudos

You can try to change the filter on the query. Instead of Master Data, filter on Infoprovider.

Former Member
‎08-07-2007 9:05 PM
0 Kudos

It is B'cos SAP ALL role have access to 0BI_ALL Authorization which will contain all the infoobject that are marked for Authorization in you BI system. And all these IO will have '*" . that is why the user is able to see all Cost center in the query.

Delete SAP_ALL role and it should work.

Hope it helps.

Cheers,

balaji

Show replies
Show replies
Former Member
‎08-07-2007 10:29 PM
0 Kudos

Hi Guys,

1. We removed SAP_ALL from the user profile in SU01.

2. In the Authorizations of the user's role, I included the following Auth. Objects and assigned relevant values for each of them.

S_RFC, S_TCODE, S_GUI, S_USER_AGR, S_BDS_D, S_RS_AUTH, S_RS_BITM, S_RS_BTMP, S_RS_COMP, S_RS_COMP1, S_RS_EREL, S_RS_ERPT, S_RS_FOLD and S_RS_IOBJ.

In the query, we restricted 'Cost Center' on an SAP delivered 'Cost Center Hierarchy Node Variable'. In selection screen during query execution, the user is now able to see only the authorized hierarchy node and the nodes below.

The problem now is, in the query if we restrict 'Cost Center' on an SAP delivered 'Char. variable'. In selection screen during query exectuion, when the user tries to select the authorized data for Cost Center (F4 on cost center selections), he is not able to see any data (blank).

We tried the same in LISTCUBE, the user is able to see only authorized master data (F4 on cost center selections). So, the problem seems to be with characteristic variable usage.

Please advise.

Regards.

Former Member
‎08-08-2007 1:33 AM
0 Kudos

Hi,

I think you create another authorization variable on costcenter value and add it to your query.Also check your authorization on costcenter , whether you have values both for costcenter and costcenter hierarchy.

Hope it helps,

Cheers,

Balaji

Former Member
‎08-08-2007 2:42 AM
0 Kudos

Balaji,

It looks like it has something to do with the setting in the query against the InfoObject.I make this point after observing the fact that when I ran my reporting query it is showing only one value from CCTR master data while the other planning query that is using the same variable is showing all of the authorized values for CCTR.

Authorizations itself are defined correctly with both master data and hierarchies, hence it works as expected in the listcube for master data and in any query with a hierarchy variable.The issue come when I use a characteristic variable..like I said even this seems to be working fine. Any ideas ?? CCTR settings and variable setting in both queries are the same.

Cheers

RT

Former Member
‎08-08-2007 3:06 PM
0 Kudos

RT,

what are setting yoou have done in your queries? Could you remove the old variable on your reporting query and replace it with the new one that you have in your Plan query.

If you are using the same variable then it should show you only the authorized values for CCTR.

Also could you do user comparision on the role that contain S_RS_AUTH object.

Hope it helps,

Blaji

Former Member
‎08-08-2007 5:17 PM
0 Kudos

Balaji,

Both Reporting query and Plan query are using the same variable as mentioned in my earlier post. Any other ideas !!

Cheers

RT

Former Member
‎08-08-2007 6:05 PM
0 Kudos

Could u send me the screen shot of your query definations.My Id is balaji@eastman.com.

regards,

Balaji

Former Member
‎08-07-2007 2:46 PM
0 Kudos

Has your specific user a SAP_ALL profile (for transaction SU01)?. If this user has a SAP_ALL profile he can see and do anything in the system.

Show replies
Show replies
Ask a Question