cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hierarchy Authorization doesn't work for MDX but works for BEx Query.

Go to solution
Former Member

on ‎02-09-2010 12:20 PM

0 Kudos

Hi Experts,

I'm experiencing some issues during testing the importing of SAP authorization in B.O.

For simple characteristic seems to work fine but for hierarchy authorization I'm in stuck.

I'm testing a webi report and corresponding universe is based on BEx Query.

BEx query have authorization variable on 0PLANT and 0PLANT__COUNTRY (that have hierarchical display activated). Both auth variables are in "Chracteriscic Restrictions"panel and are not input enabled.

In rows I have only 0PLANT__COUNTRY and in columns two key figures.

Authorization settings for my test user are "*" for 0PLANT and "Only selected node" for the node FR (France),Hierarchy Level 0, Validity Range 2 for 0PLANT__COUNTRY.

Testing BEx query with that user, I get expected result (Only a row for France).

Corresponding webi report have only dimension Level 04 of Country hierarchy (corresponding to country level) and the two key figure as measures. Then running report with corresponding test user I get only header of the report (so logon works), without any row.

Then I tried to run corresponding MDX through "Execute As" Analysis of transaction RSECADMIN. Also here I get only header. Comparing Authorization Checks Log that I get from running MDX with the one obtainbed by running BEx query, they are different.

Hope someone of you guys can help.

Kind regards.

Roberto.

Edited by: Roberto G. on Feb 9, 2010 1:21 PM

Edited by: Roberto G. on Feb 9, 2010 1:29 PM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

IngoH
Active Contributor
‎02-09-2010 3:10 PM
0 Kudos

Hi,

the fact that a simple MDX in RSECADMIN doesn't bring the expected results clearly shows that the problem is on the BW side. Use the trace for the Authorization to see which elements are missing and which elements are failing - that should give you the indication of which you need to fix on the BW side.

Ingo

Show replies
Show replies
Former Member
‎02-09-2010 4:19 PM
0 Kudos

Hi Ingo,

thank you for reading my post, from the trace file seems related to 0BI_ALL authorization:


Client:     100 User:        XXX_XX_XXX Transaction  MDXTEST               
Work Process               0 PID          Date: 09.02.2010                 Start:16:36:10:820.467Finish:16:36:10:951.664
Subsequent Block in Dialog Step           Last Block in Dialog Step
Block Version:          204290 No. of Records:             469 File Version:  1

hh:mm:ss:ms  Type  Lasts(us) Object           Text

16:36:10:828 AUTH    - - -   S_RS_COMP  RC=0  RSINFOAREA=F_SCM_XXXXXXX;RSINFOCUBE=XX_XXXX;RSZCOMPTP=REP;RSZCOMPID=SCM_XXXXX_XX
16:36:10:828 AUTH    - - -   S_RS_COMP1 RC=0  RSZCOMPID=SCM_XXXXX_XX_XXXX_XX_XXX;RSZCOMPTP=REP;RSZOWNER=YYY_YY_YYY;ACTVT=16
16:36:10:933 AUTH    - - -   S_RS_AUTH  RC=12 BIAUTH=0BI_ALL;

Well, I don't want give to everyone 0BI_ALL authorization...

Moreover I don't understand why corresponding BEx query doesn't check same authorization.

It looks like this thread: , but I also tried to create a new universe on same BEx Query and I'm still getting same result.

Thanks.

Roberto.

Edited by: Roberto G. on Feb 9, 2010 5:20 PM

IngoH
Active Contributor
‎02-09-2010 9:04 PM
0 Kudos

HI,

you already have the issue without involvement from Businessobjects in transaction MDXTEST so pretty sure it is not the same as the other entry.

If you don't want to add 0BI_ALL then you need to configure the necessary authorization objects in RSECADMIN and assign them to the users.

Ingo

Answers (3)

Answers (3)

IngoH
Active Contributor
‎03-09-2010 3:04 PM
0 Kudos

Hi,

so do you see the expected result yes or no ?

Ingo

Show replies
Show replies
Former Member
‎03-09-2010 3:13 PM
0 Kudos

Hi Ingo,

for test I've done until now,after adding authorization on root node, MDX results are the same as BW Query results.

Kind regards.

Roberto.

Former Member
‎04-27-2010 2:58 PM
0 Kudos

Hello Roberto

As I mentioned above the WeBI is not able to read authorized values (flat values) out of an hierarchy ( authorization granted to the user by a hierarchy)

So per 23.04.2010 we have go an OSS , where this should be corrected --> 1462013 ( so fare only in german)

Please review according the correction instruction the mentioned class/method in the system. Thus according the correction we assume, that any authorization granted to the user through hierarchies have been excluded or not considered at all.

Perhaps it helps also for your issue.

Best regards

Christian

Former Member
‎03-09-2010 8:42 AM
0 Kudos

Hello Roberto

It is confusing your issue.

However we had the issue that the user can't select (prompt-variable - variable typ of characteristic single value) values in the WEBI-Report, whereas in Bex analyser it works perfectly. Or in other words the prompt is empty.

On the other hand once the user gets authorization 0BI_ALL, the prompt variable is filled with all values (in our case 0COMPANY).

Reason:

In SAP BW authorization (we use the new analysis authorization) on hierarchiy nodes grants access to the hierarchy nodes and also to the flat values!! (leaves) assigned to that node. However it seems, that the univers and MDX can not handle this and does not interpret the flat values properly ( which in SAP BW is derived from the leaves assigned to the authorized node).

Solution:

We have to create additional authorization objects on flat values/characteristics.

So I hope it helps or you had the same issue.

Best regards

Christian

Show replies
Show replies
Former Member
‎03-09-2010 9:03 AM
0 Kudos

Hi Christian,

thank you for the hint. After some test I noticed that adding authorization on root node, it works as expected. Anyway it's just a workaround, I'm still searching a clear solution .

Kind regards.

Roberto.

Former Member
‎02-09-2010 1:00 PM
0 Kudos

Following are Authorization checks (on MDX) I think could be relevant for the issue: 


Value Authorization
InfoProvider XX_XXX 
Value Authorization <b>for</b> Characteristic 0PLANT__0COUNTRY 
Building the Buffer... 
Building the Buffer... 
The following values are authorized: 
SIGN  OPT  LOW  HIGH  SIDLOW  SIDHIGH  LOWFLAG  HIGHFLAG  KEYFL  
I     EQ   FR         0       0        0         0   
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Value Authorization   
InfoProvider XX_XXXX 
Value Authorization <b>for</b> Characteristic 0PLANT 
Building the Buffer... 
Building the Buffer... 
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
  Hierarchy Authorizations (Node Authorizations)   
Users I54_BO_TEST3 
Characteristic 0PLANT__0COUNTRY 
Name of Hierarchy XXX_CNTR_2 
Hierarchy Version 
Hierarchy Date 00000000 
Cross-InfoProvider Result 
The Following Nodes Are Authorized <b>for</b> This Query Combination: 
TLEVEL  SID  FROM_TLEVEL  TO_TLEVEL  
5       34   5            5  
 
There Are Finite Triangles (Lower Limit Less Than 99) 
Following Hierarchy Authorizations Exist <b>for</b> This Characteristic 
IOBJNM  	  HIENM      VERSION  DATETO    NIOBJNM  NODE  AUTHTYPE  COMPMODE  TLEVEL  HDATE  
0PLANT__0COUNTRY  XXX_CNTR_2   	      99991231           FR    0         2         00      00000000

Edited by: Roberto G. on Feb 9, 2010 2:00 PM

Show replies
Show replies
Ask a Question