cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to grant access to report by 0GL_ACCOUNT

former_member381836
Participant

on ‎09-07-2018 1:06 AM

0 Kudos

Hi, experts,

I have a requirement in which I have a report in Analysis for Office which cotains a query with 10 accounts.

I want to restrict that report so that USER1 can see only half those accounts and USER2 can see the other half.

Whenever I try restricting access via TCODE RSECADMIN, I restrict 0GL_ACCOUNT to CP * (Contains Pattern = all) I am able to edit all of the accounts.

If I try to restrict to a single account 7000123456, I am unable to edit every account, including that one.

I tried using CP 7* to grant access to edit all accounts begging with a 7, but that was unsuccesful as well.

I have configured ALL Data Access Profile to allow access to all accounts. But that was unsuccesful as well.

Bottom line is, I'm doing all this because DAP's seem to not be working.

I do not know if there's an authorization object that I shouldn't be assigning to the user.

Or more specifically, I do not know how to make Data Access Profiles work. My characteristics are selected as relevant for authorization in the HCPR.

This is the configuration in PFCG

This is the configuration we have in transaction RSECADMIN

I would appreciate any help or guidance.

Thank you so much!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

gregor_dieckmann
Advisor
Advisor
‎09-07-2018 9:46 AM
0 Kudos

Hi Nidia,

some additions to the information given by Sheldon:

It seems that you are working in BPC Embedded since you mentioned DAPs that are not relevant in BW-IP/PAK.

To understand the concept used in BPC Embedded I recommend to read the following:

https://blogs.sap.com/?p=133100

https://blogs.sap.com/?p=144939

In addition, you have to set enviroment/model in the UI you use (Analysis Office, Design Studio, it is called Planning Model there), without this information BW-IP/PAK engine will ignore DAPs. You can test this also in:

- RSRT BICS: you have to set environment/model via "environment=FOO&model=BAR", cf. also note 2656627

- RSPLAN: check notes 2476459, 2685236

There exist notes about DAP: note search with 'DAP' and component: BW-BEX-OT-OLAP-AUT

Regards,

Gregor

Show replies
Show replies
former_member381836
Participant
‎09-12-2018 6:00 PM
0 Kudos

Hi, Gregor,

Thanks for your help. I had already stumbled upn the notes you share, but haven't been able to set up the DAP's anyway.

I already set the enviroment in the UI (Analysis Office) but that hasn't worked out either.

Quick question? I do not understand what to do in RSRT_BICS. I understand that I can execute my queries there, but what do I do or where do I enter "environment=FOO&model=BAR"?

I deeply appreciate your help and will start looking into RSRT_BICS anyway

Thank you.

gregor_dieckmann
Advisor
Advisor
‎09-13-2018 9:40 AM
0 Kudos

Hi Nidia,

in RSRT BICS below the input fields 'Query' and 'Query Display' is a text editor where you can add parameters: there you use:

environment=your_BPC_enviroment&model=your_BPC_model

(where 'your_BPC environment ' is the technical name of the BPC Envrionment etc.)

then the query run time knows that BPC work status, DAP has to be considered.

Regards,

Gregor

sheldon_piao
Advisor
Advisor
‎09-07-2018 1:15 AM
0 Kudos

Hi Nidia,

Can you record an authorization log in both ST01 and RSECADMIN first? I assume it will give you some more hits about what authorization is missing. In addition, there are some known corrections listed in KBA 2652716. You may try implementing all of them according to your system support package level.


Best Regards,

Sheldon

Show replies
Show replies
Ask a Question