cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_RS_COMP & S_RS_COMP1 Issue

Go to solution
Former Member

on ‎09-24-2012 2:31 PM

0 Kudos

Hi Gurus,

I wish to restrict my end users with access to BI content queries defined over the DSO 0LIV_DS01.

I created a role in PFCG and i have manually added the authorization Object S_RS_COMP & S_RS_COMP1 to my role.

I have included the following to S_RS_COMP

Activity                       Display, Execute

InfoArea                     0MMLIV

InfoCube                    0MMLIV*

Name (ID) of a reporting compo 0LIV_*

Type of a reporting component  Calculated key figure, Query View, Query, Restricted key figure       <...>

also added the following to my authorization object  S_RS_COMP1

Activity                                          Display, Execute

Name (ID) of a reporting compo  0LIV_DS01*

Type of a reporting component    Calculated key figure, Query View, Query, Restricted key figure       <...>

Owner (Person Responsible) for  *

When i execute the query, 0LIV_DS01_Q0001 neither the variable popup comes nor the report displays data.

But the same report displays data for the user with all of the authorizations.

Why so? am i missing something?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-25-2012 1:49 AM
0 Kudos

I am assuming you are using BW 7.0 version. If yes, you should be using analysis authorisations.

You need to use provide authorisations for the following objects through analysis authorisations(either directly to the user or through a role) and, in addition, to any infoobject that is part of your DSO, which is already marked as authorisation relevant.

-

0TCAACTVT

0TCAIPROV

0TCAKYFNM

0TCAVALID

Read up more about this concept here - http://help.sap.com/saphelp_nw70ehp2/helpdata/en/66/019441b8972e7be10000000a1550b0/content.htm

Show replies
Show replies
Former Member
‎09-26-2012 2:28 PM
0 Kudos

Hi sidharth,

You are right. i am in BI 7.3 version. I have started to use RSECADMIN t-code.

As you had mentioned earlier, "You need to use provide authorisations for the following objects through analysis authorisations(either directly to the user or through a role)"

1. In the RSECADMIN t-code i have copied, 0BI_ALL to ZBI_ALL and i have restricted the infoprovider 0TCAIPROV(infoprovider) to 0LIV_DS01 & 0TCAACTVT (Activity in Analysis Authorizations) to 3(display). But i am unable to restrict reports here, i need the user to access only the reports 0LIV_DS01_Q0001, 0LIV_DS01_Q0002 and 0LIV_DS01_Q0003. Do we have to use 0TCTELEMTYP & 0TCTSTATOBJ ? if yes, how to use them?

2. I have created a role and i have restricted the queries using S_RS_COMP and S_RS_COMP1. I have added the analysis authorization object ZBI_ALL via S_RS_AUTH. Now the user is able to access only the queries i have mentioned in the S_RS_COMP & S_RS_COMP1. Is this approach right?

3. How to find the authorization enabled infoobject used in the dso? do we have any table for it?

former_member182226
Contributor
‎09-27-2012 5:45 AM
0 Kudos

Hi,

Ans 2: You have to restrict queries in S_RS_COMP and S_RS_COMP1 with query names or pattern, this approach is right. If you want to restrict user with values of any infoobject then you have to maintain it in

analysis authorization object ZBI_ALL* (Your custom analysis authorization created using RESECADMIN)

Ans. 3:You can find authorization relevant infoobjects used in infoproviders in RESECADMIN T code

rsecadmin T code -> Maintain authorization -> Infocube authorization -> select infoprovider (DSO Cube etc)-> you will get list of authorization relevant infoobjects used in that infoprovider.

Regards,

Avinash

Answers (2)

Answers (2)

former_member182226
Contributor
‎09-25-2012 5:21 AM
0 Kudos

Hi,

Along with S_RS_COMP and S_RS_COMP1 include S_RS_AUTH in defined Role here you have to include Analysis auth. object (In BI 7.0, Create Analysis auth object using RSECADMIN and follow steps given in above post by Sidharth)

Note: 0BI_ALL analysis auth. object will have all the BI objects authorization which is generally used user with all of the authorizations in S_RS_AUTH.

Regards,

Avinash

Show replies
Show replies
Former Member
‎09-24-2012 6:52 PM
0 Kudos

any updates please?

Show replies
Show replies
esjewett
Active Contributor
‎09-24-2012 7:51 PM
0 Kudos

Please give it some time before bumping your thread. It might also help to post your thread in the correct space

Since this question is about BW, it belongs in the BW space. I have moved it, but please try to use the BW space for these types of questions in the future. For this particular question, one of the security spaces may also be a good option.

Thanks,

Ethan

(moderator)

Ask a Question