Skip to Content
author's profile photo
Former Member

Problem authorizations in roles new concept BI

Hi developers,

I have a problem because after migration of the authorization have in a cube (FI area) two characteristic (Company Code and Controlling Area) relevant for the authorizations.

I wish control only the Company code but the system demands also the Controlling Area. I have insert the Controlling Area in authorization with EQ (😊 but no work because is insert in the free characteristic.

If I fixed the value of the Controlling Area associated to Company Code not work, if I insert a variable where the user enter the value the query work but not necessary for the user. If I insert CP () work but some users have queries of CO Area with controls on values of this characteristic. Insert CP () in FI Authorization means see all datas in CO.

Can help me for manage this situation where there are two areas FI / CO migrated where the old concept is different than BI

Thanks in advance


Add comment
10|10000 characters needed characters exceeded

2 Answers

  • author's profile photo
    Former Member
    Posted on Aug 22, 2007 at 03:52 PM

    Hi Domenico,

    Please correct me if I'm wrong , I see that you have two topic area like FI and CO. You need to create two Authorizations say 1 for FI and another one for CO. Let call them as YFI_CO_CC and YCO_CO_CC. Now in YFI_CO_CC you need to insert both Compnay code and Controlling area characteristic along with the special characteristic 0TCAACTVT,0TCAIPROV,0TCAVALID.Then enter the assign * to CO_AREA and for Company code assign the value which you want to restrict and in the 0TCAIPROV = FI infocube technical name for example ' YFI*'.

    similarly for YCO_CO_CC create authorization and assign CO_AREA value and company code = '' if there are no user resrtiction on company code and 0TCAIPROV = CO infocube example 'YCO' .

    Then create a role with S_RS_AUTH object with YFI_CO_CC and another with YCO_CO_CO_CC .Assign it to the users and check the user access.

    Hope it helps,



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Balaji,

      I had already create the authorization because we have effectued the migration after the upgrade of release.

      Some users can see queries of FI an CO areas, for example:

      User A (FI) can see only the Company Code XX but in the query there are also Controlling Area and if I insert Controlling Area XX the authorization don't work, the problem is resolved only I insert a variable also for Controlling Area not necessary for the user. If I insert (😊 or the value XX in CO Area the query do not work.

      The query work only with variables after the introduction of the value XX or if I insert (*).

      User A (CO) can see only the CO Area XX but if I insert in authorization precedent (*) the user can see all because the authorization are summarized.

      In this situation you know a method for manage two different authorization for the same users autonomously

      Thanks Domenico

  • Posted on Aug 23, 2007 at 09:39 AM

    Hi Domenico,

    you might want to use the special InfoObject 0TCAIPROV to restrict the respective InfoProvider.


    SAP NetWeaver BI Organisation

    Add comment
    10|10000 characters needed characters exceeded