Skip to Content

Unable to grant access to report by 0GL_ACCOUNT

Hi, experts,

I have a requirement in which I have a report in Analysis for Office which cotains a query with 10 accounts.

I want to restrict that report so that USER1 can see only half those accounts and USER2 can see the other half.

Whenever I try restricting access via TCODE RSECADMIN, I restrict 0GL_ACCOUNT to CP * (Contains Pattern = all) I am able to edit all of the accounts.

If I try to restrict to a single account 7000123456, I am unable to edit every account, including that one.

I tried using CP 7* to grant access to edit all accounts begging with a 7, but that was unsuccesful as well.

I have configured ALL Data Access Profile to allow access to all accounts. But that was unsuccesful as well.

Bottom line is, I'm doing all this because DAP's seem to not be working.

I do not know if there's an authorization object that I shouldn't be assigning to the user.

Or more specifically, I do not know how to make Data Access Profiles work. My characteristics are selected as relevant for authorization in the HCPR.

This is the configuration in PFCG

This is the configuration we have in transaction RSECADMIN

I would appreciate any help or guidance.

Thank you so much!

captura-1.png (70.7 kB)
captura-2.png (44.6 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Sep 07, 2018 at 08:46 AM

    Hi Nidia,

    some additions to the information given by Sheldon:

    It seems that you are working in BPC Embedded since you mentioned DAPs that are not relevant in BW-IP/PAK.

    To understand the concept used in BPC Embedded I recommend to read the following:

    https://blogs.sap.com/?p=133100

    https://blogs.sap.com/?p=144939

    In addition, you have to set enviroment/model in the UI you use (Analysis Office, Design Studio, it is called Planning Model there), without this information BW-IP/PAK engine will ignore DAPs. You can test this also in:

    - RSRT BICS: you have to set environment/model via "environment=FOO&model=BAR", cf. also note 2656627

    - RSPLAN: check notes 2476459, 2685236

    There exist notes about DAP: note search with 'DAP' and component: BW-BEX-OT-OLAP-AUT

    Regards,

    Gregor

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Nidia,

      in RSRT BICS below the input fields 'Query' and 'Query Display' is a text editor where you can add parameters: there you use:

      environment=your_BPC_enviroment&model=your_BPC_model

      (where 'your_BPC environment ' is the technical name of the BPC Envrionment etc.)

      then the query run time knows that BPC work status, DAP has to be considered.

      Regards,

      Gregor

  • Sep 07, 2018 at 12:15 AM

    Hi Nidia,

    Can you record an authorization log in both ST01 and RSECADMIN first? I assume it will give you some more hits about what authorization is missing. In addition, there are some known corrections listed in KBA 2652716. You may try implementing all of them according to your system support package level.


    Best Regards,

    Sheldon

    Add comment
    10|10000 characters needed characters exceeded