cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

In Analysis authorization restricting to characteristic value have problem

former_member315608
Explorer

on ‎06-10-2009 11:42 AM

0 Kudos

Hi,

We are designing the roles in our BI system. where the requirement is using analysis auth. we have to restrict in the characteristics object level. we created two roles naming role1 and role2.

role1: consists only the auth. object(KFHQ) having following fields:

0CALYEAR Calendar Year - *

0DIVISION Division - *

0SALESORG Sales Organization - *

0TCAACTVT Activity in Analysis Authorizations - I EQ 03

0TCAIPROV Authorizations for InfoProvider - I EQ ZMKTSH and ZI_IN_RV

0TCAKYFNM Key Figure in Analysis Authorizations - *

0TCAVALID Validity of an Authorization - *

ZORDT_H Order Type (H) - *

ZPLANT_O Order Plant - *

ZPLANT_O__ZBRAN - *

ZPLANT_O__ZDEPT - I EQ KFHQ

ZPLANT_O__ZREGION - *

ZPLANT_O__ZSUB_REG - *

ZWORK_GR Workshop Group - *

role 2: consists of field rscomp, rscomp1, s_rfc and S_BDS_D

we have given two queries in this like inflow revenvue and market share(ZMKTSH and ZI_IN_RV).

when we execute the querie ZI_IN_RV, it runs properly and shows the result specfic to dept in auth.object.

when we try to execute the querie ZMKTSH, it is not restricting in the Dept value instead it shows all the departments.

our requirement is it has to inherit the restriction given, instead it takes all values.

in my knowledge if a Infoprovider is containing auth relevant char and it is not asked in query...it should work actually.

Kindly help me with this in resolving the issue.

Regards, Krish

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-12-2009 9:30 PM
0 Kudos

Hi,

Hope you are using the varible for Authorization Processing (for DEPT) in the query.

Show replies
Show replies
former_member315608
Explorer
‎06-14-2009 12:08 PM
0 Kudos

Hi,

we have not tried settig variable, How to setup the variable part for zplant_0?

what need to be setup in variable.

in the Infoobjects ZPLANT_O his attributes are Relevant for Authorization ? yes it is.

Thnx

Former Member
‎06-14-2009 2:59 PM
0 Kudos

"we have not tried settig variable" I think this will be the main problem.

The processing type Authorization enables variables to be filled with values automatically from the authorization of a user. You have to use the Query Designer. Right click you InfoObject in QD build up a new variable for the InfoObject with processing type authorization.Then assign this variable in filter of the query.

Variable of processing type authorization

http://help.sap.com/saphelp_nw04s/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm

Defining Variables

http://help.sap.com/saphelp_nw04s/helpdata/en/ac/789b3c4d4d8d15e10000000a114084/frameset.htm

Regards

Andreas

former_member315608
Explorer
‎06-10-2009 2:55 PM
0 Kudos

Hi,

I am testing it through rsecadmin as you have mentioned, it is not showing any missing authorization.

my issue here is, i am getting all the dept. instead of my restricted dept.

so, i need to find why the restriction is not applied and how to do it.

Regards, Krish

Show replies
Show replies
Former Member
‎06-10-2009 4:34 PM
0 Kudos

Hi.

I see that the authorization have the infoobjects:

ZPLANT_O Order Plant - *

ZPLANT_O__ZBRAN - *

ZPLANT_O__ZDEPT - I EQ KFHQ

ZPLANT_O__ZREGION - *

ZPLANT_O__ZSUB_REG -

Are you sure that in the infocube this attributes are Navigational ? And, in the Infoobjects ZPLANT_O his attributes are Relevant for Authorization ?

Regards !!!!

former_member315608
Explorer
‎06-14-2009 1:55 PM
0 Kudos

When i see rsecadmin error log i get the following message.

Subselection (Technical SUBNR) 0

Supplementation of Selection for Aggregated Characteristics

Check Added for Aggregation Authorization: ZPLANT_O__ZDEPT

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Contents

ZPLANT_O__ZDEPT

0TCAACTVT

SQL Format:

/BIC/ZPLANT_O/BIC/ZDEPT = ':'

AND TCAACTVT = '03'

Characteristic Contents

ZPLANT_O__ZDEPT I EQ KFHQ

0TCAACTVT I EQ 03

Not Authorized

All Authorizations Tested

Message EYE007: You do not have sufficient authorization

No Sufficient Authorization for This Subselection (SUBNR)

Following CHANMIDs Are Affected:

305 ( ZPLANT_O__ZDEPT )

Authorization Check Complete

Former Member
‎06-10-2009 2:36 PM
0 Kudos

Hi.

If you are using the new concept the authorization in BI 7.0 you can test the authorization using the transaction RSECADMIN. The steps are:

RSECADMIN --> tab Analysis --> Execute As --> Execute User (give a user with the authorization that you want to test) --> Select With Log --> Posible Transaction select RSRT --> Start Transaction.

A new dialog is WILL open with the transaction RSRT, you select your query and execute it. When the query finished, you back a RSECADMIN and select the option "Display Log". You can review the validations between the query and the authorizations of your user.

Regards

Leonardo Restrepo.

Show replies
Show replies
Ask a Question