on 06-10-2009 11:42 AM
Hi,
We are designing the roles in our BI system. where the requirement is using analysis auth. we have to restrict in the characteristics object level. we created two roles naming role1 and role2.
role1: consists only the auth. object(KFHQ) having following fields:
0CALYEAR Calendar Year - *
0DIVISION Division - *
0SALESORG Sales Organization - *
0TCAACTVT Activity in Analysis Authorizations - I EQ 03
0TCAIPROV Authorizations for InfoProvider - I EQ ZMKTSH and ZI_IN_RV
0TCAKYFNM Key Figure in Analysis Authorizations - *
0TCAVALID Validity of an Authorization - *
ZORDT_H Order Type (H) - *
ZPLANT_O Order Plant - *
ZPLANT_O__ZBRAN - *
ZPLANT_O__ZDEPT - I EQ KFHQ
ZPLANT_O__ZREGION - *
ZPLANT_O__ZSUB_REG - *
ZWORK_GR Workshop Group - *
role 2: consists of field rscomp, rscomp1, s_rfc and S_BDS_D
we have given two queries in this like inflow revenvue and market share(ZMKTSH and ZI_IN_RV).
when we execute the querie ZI_IN_RV, it runs properly and shows the result specfic to dept in auth.object.
when we try to execute the querie ZMKTSH, it is not restricting in the Dept value instead it shows all the departments.
our requirement is it has to inherit the restriction given, instead it takes all values.
in my knowledge if a Infoprovider is containing auth relevant char and it is not asked in query...it should work actually.
Kindly help me with this in resolving the issue.
Regards, Krish
Hi,
Hope you are using the varible for Authorization Processing (for DEPT) in the query.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"we have not tried settig variable" I think this will be the main problem.
The processing type Authorization enables variables to be filled with values automatically from the authorization of a user. You have to use the Query Designer. Right click you InfoObject in QD build up a new variable for the InfoObject with processing type authorization.Then assign this variable in filter of the query.
Variable of processing type authorization
http://help.sap.com/saphelp_nw04s/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm
Defining Variables
http://help.sap.com/saphelp_nw04s/helpdata/en/ac/789b3c4d4d8d15e10000000a114084/frameset.htm
Regards
Andreas
Hi,
I am testing it through rsecadmin as you have mentioned, it is not showing any missing authorization.
my issue here is, i am getting all the dept. instead of my restricted dept.
so, i need to find why the restriction is not applied and how to do it.
Regards, Krish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi.
I see that the authorization have the infoobjects:
ZPLANT_O Order Plant - *
ZPLANT_O__ZBRAN - *
ZPLANT_O__ZDEPT - I EQ KFHQ
ZPLANT_O__ZREGION - *
ZPLANT_O__ZSUB_REG -
Are you sure that in the infocube this attributes are Navigational ? And, in the Infoobjects ZPLANT_O his attributes are Relevant for Authorization ?
Regards !!!!
When i see rsecadmin error log i get the following message.
Subselection (Technical SUBNR) 0
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: ZPLANT_O__ZDEPT
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
ZPLANT_O__ZDEPT
0TCAACTVT
SQL Format:
/BIC/ZPLANT_O/BIC/ZDEPT = ':'
AND TCAACTVT = '03'
Characteristic Contents
ZPLANT_O__ZDEPT I EQ KFHQ
0TCAACTVT I EQ 03
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
305 ( ZPLANT_O__ZDEPT )
Authorization Check Complete
Hi.
If you are using the new concept the authorization in BI 7.0 you can test the authorization using the transaction RSECADMIN. The steps are:
RSECADMIN --> tab Analysis --> Execute As --> Execute User (give a user with the authorization that you want to test) --> Select With Log --> Posible Transaction select RSRT --> Start Transaction.
A new dialog is WILL open with the transaction RSRT, you select your query and execute it. When the query finished, you back a RSECADMIN and select the option "Display Log". You can review the validations between the query and the authorizations of your user.
Regards
Leonardo Restrepo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.