09-28-2010 12:12 PM
Hi,
The user has two roles zrole1 and zrole2. When the user save workbook Analyzer suggests to choose a folder zrole1 or zrole2. The user saved workbook zworkbook1 in a role zrole1 and zworkbook2 in a role zrole2. When the user tries to open the workbooks the role zrole1 and zworkbook1 is displayed only. The role zrole2 was created under recommendations of the note 373979, and the role zrole1 has even no access on transaction RRMX.
If a role zrole1 to remove then the user can open zworkbook2.
Thanks,
Raf
09-28-2010 12:22 PM
Hello Ref,
You can check authorization object S_GUI with activity 60,61 in which role this authorization is present .
Thanks
Dheeraj
09-28-2010 12:22 PM
Hello Ref,
You can check authorization object S_GUI with activity 60,61 in which role this authorization is present .
Thanks
Dheeraj
09-28-2010 12:59 PM
Hello Dheeraj,
Thanks for the help. Object S_GUI is present at a role. There are still ideas?
Regards,
Raf
09-29-2010 6:36 AM
> There are still ideas?
hmmm....redundancy avoidance active?
With a certain SP the defautl of delete_double_tcodes has been set to YES.(SAP note 1246860 )
Its worth a try to enter explicitely a new entry into table SSM_CUST (with SM30) with
ID=DELETE_DOUBLE_TCODES
VALUE=NO
b.rgds, Bernhard
09-29-2010 7:24 AM
Hi Bernhard,
This note has helped. Have established the note on a server and now all folders (role) are displayed.
Thanks!
Regards,
Raf
09-28-2010 1:26 PM
Hi,
This is bit tricky. Main idea is: if you have two such roles and two folders then you will be able to see the Folder in analyzer which is "More" restricted and the other one will not be shown. Strange concept but it is the fact.
regards,
Dipanjan
09-28-2010 2:25 PM
09-28-2010 2:44 PM
Hi,
If you check the [BW security guides|http://help.sap.com/saphelp_nw70/helpdata/en/be/076f3b6c980c3be10000000a11402f/frameset.htm] in SAP Help or in SMP BI Area or [Collaboration Workplace|https://cw.sdn.sap.com/cw/docs/DOC-16439] you will be able to find out how the restriction of query is imposed. Based on the values you provide in the RS authorization Objects (specially S_RS_COMP, S_RS_FOLD and S_RS_COPM1) in the roles the security restriction is available. This part you need to judge from the values available in the different roles which refers to similar entities in terms of Queries of Same InfoArea.
regards,
Dipanjan