Skip to Content
avatar image
Former Member

Analysis assignment

Hi

I have seen security documents and couple of links and tested with dircect analysis authorization to user and also checked with Pfcg role with s_rs_authobject assginment both are working . i have seen some docs assign users via role is more flexible to maintain is it correct .

Analysis authorizations can be assigned

Directly to users

To users via roles

what will be best to design and maintain the analysis role ? any suggestions will be appreciate

Thanks rao

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Jun 17, 2010 at 10:32 PM

    I have found that assigning analysis auths to users via roles is generally a much cleaner solution.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 17, 2010 at 11:00 PM

    Ram,

    You have flagged characteristics that you want to protect as authorization-relevant in InfoObject maintenance.

    In principle, all authorization-relevant characteristics are checked for existing authorizations if they occur in a query or in an InfoProvider that is being used. For this reason, you should avoid flagging too many characteristics as authorization-relevant so you keep the administrative efforts to a minimum and keep performance good.

    We recommend that you include a maximum of 10 authorization-relevant characteristics in a query, since performance is otherwise negatively impacted. Authorization-relevant characteristics with asterisk (*) authorization are an exception to this; you can include more authorization-relevant characteristics of this type in a query.

    These are the option; In this best option will be to users vis role.

    Analysis authorizations can be assigned

    Directly to users

    To users via roles

    Thanks,

    Sri

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 18, 2010 at 04:36 AM

    Hi Rao,

    Even I would recommend to go for assignment by role, because in this case you can take help of SE16 standard table for e.g agr_1251 or SUIM for pulling out reports from SAP. Also you will have a better control over the security issues as the trouble shooting would be quite easy 😊)

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 18, 2010 at 03:39 PM

    hi

    thanks for your suggestions, it is good toassign with role assignment . is there any pros and cons that we should not do .

    as sri mentioned it is easy to track through se16/agr_1251, but we also have a tables where we can track analysis assigned to user s

    RSECBIAU Changes to Authorization (Last Changed By

    RSECUSERAUTH BI Analysis authorization ? assignment to users

    RSECUSERAUTH_CL BI Analysis authorization ? assignment to users

    any ideas or suggestions please

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Rao,

      I would say, its basically your choice to go about it and also how much you are comfortable with BW tables/ R3 tables.

      There doesn't seems to be any pros and cons as such neither I have found any mentioned by SAP. However if you want to compare the access of two users , or roles etc, you can use SUIM more effectiviely if you have used role based methodology.

      Also you might miss good and meaningful reports from SUIM:-))

  • avatar image
    Former Member
    Jun 18, 2010 at 04:28 PM

    Hi Rao,

    Assigning the Analysis Authorizations via roles is advantageous over directly assigning them as per my experience due to the following reasons:

    1. Consistent design through out the system.

    2. Less confusion for the end users. They might have to keep track of roles and analysis authorizations if you have both ways.

    3. Less maintenance when there are large number of users. If you are changing or renaming the analysis authorizations you do not have to reassign all the users but just change the role and the user assignments will be still fine.

    Overall assigning via roles will be a cleaner design and will be much easier for your reports.

    Thanks,

    Karthik.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 10, 2010 at 01:52 AM

    answered

    Add comment
    10|10000 characters needed characters exceeded