Skip to Content
author's profile photo Former Member
Former Member

Bex Authorization issue

Hi all !

We are using BI 7.01 (new authorization concept) and we are facing an issue.

We've setup variables for the authorization values management in RSECADMIN with specific ABAP code to fill these values.

This part works perfectly.

In the Bex, we've defined variables with type "Authorization" and ready for input, optional.

If the user enter a value he's allowed to, it works.

But, we are expecting the system to automatically display only the authorized values when the user leaves the variable empty.

But it's not the case in our system. He's facing "No authorization".

It's the same when he's entering an interval. For example, he's allowed to display company code A and D. If he enters A - D (A to D), he receives "No authorization" message. But if he enters A;D (A and D), it works.

We were not able to find any explanation neither in SAP help nor in SDN.

We'are thinking about a bug or a missing OSS note. But we've no clue.

If someone is able to help us, it would be really appreciated.

Best regards.

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Sep 16, 2010 at 12:29 PM

    If you use authorization variable with ready for input it populates user authorized values in the selection screen then if user go with those values then it works fine, but when user removes those auto populated values then system try to consider all values of that characteristic and compares against the authorized values and it fails as user doent have authorization for all values.

    When user enters range in authorization variable it checks for all values within that ragnge ex: A - D, it check for A,B, C, D then if user got authorization only for A & D ultimately authorization fails as user does not have authorization for B and C.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Sep 24, 2010 at 06:38 AM

    Hello Emmanuel,

    I would like to explain to you how the authorization check works.

    The authorization check does NOT find out the authorized part and display the authorized part.

    What it does is: compare the requested data and authorized data.

    When the authorized data covers the requested data, the query result is shown. When not, "no authorization" error occurs.

    The "requested data" is decided by query restriction. Fixed filter, customer exit, authorization variable, or user input value.

    Anyway, the "requested data" is what you have to take care of instead of expecting the system to do it automatically.

    (There is only one exception to this. Sometime hierarchy can do a auto-filter.)

    When the user manually removes the restriction which is gotten by authorization variable, then the requested data is more

    than authorization data, so no authorization.

    So the question for you is that, user should not be given the chance to manually remove the restriction.

    For this, as Brian said, you have to put this variable to "characteristic restriction" area.

    But then the workbook cannot call the authorization variable. This only works for "default values" area.

    I think you can tell the user not to remove the restriction completely. If you don't like the values filled from authorization variable,

    they can pick values from F4 help. F4 help only shows the authorized values.

    When they pick from F4 help, the query would work.

    When they manually type in a value which is out of the range of F4 help, it is fair that they should get "no authorization" message.

    Best regards,

    Patricia

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Patricia.

      Thank you very much for your extremelly detailled answer.

      Now I understand how the authorization mecanism is working.

      I put in place the double restriction given by Brian (one in restricted characteristic and the other in free characteristics) and it works perfectly.

      Again, thanks a lot to all of you.

      Points distributed... 😉

      Best regards,

      Emmanuel

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.