10-27-2010 10:06 AM
Hi, is there any table I can use to determine the content of analysis authorisations assigned to users rather than look individually in each user via RSECADMIN? Thanks, Mark.
10-27-2010 10:30 AM
yes, may be create query.
go to AGR_USERS, copy all roles assigned to user and paste these in AGR_1251
You got the desired list
however this will be one user at a time
may be i am wrong...... this is related to BI........ please post this query in security forum.........
Edited by: Surpreet Singh Bal on Oct 27, 2010 3:03 PM
10-27-2010 10:30 AM
yes, may be create query.
go to AGR_USERS, copy all roles assigned to user and paste these in AGR_1251
You got the desired list
however this will be one user at a time
may be i am wrong...... this is related to BI........ please post this query in security forum.........
Edited by: Surpreet Singh Bal on Oct 27, 2010 3:03 PM
10-27-2010 10:46 AM
Hi Mark,
I hope you have posted the question in multiple areas. Please post all the BI related questions in BI forums. However, you can refer all the RSEC* tables. Below are the tables that stores analysis authorizations information:
RSECHIE - Status of hierarchy authorizations
RSECTXT - Authorization text
RSECVAL - Authorization Value Status
RSECBIAU - Changes to Authorization (Last Changed By]
RSECUSERAUTH - BI Analysis authorization u2013 assignment to users
Change log tables:
RSECUSERAUTH_CL - Assignment of users
RSECHIE_CL - Change log of hierarchy authorizations
RSECTXT_CL - Authorization texts
RSECVAL_CL - Authorization Value Status
Hope this helps!!
Rgds,
Raghu
10-27-2010 7:35 PM
Hi Mark
Since you are posting in the GRC Forum I'm guessing you want to verify the data produced at permission level for user level reports?
Those reports will give the roles which are creating the SoD issues at user level so that you can concentrate on only those and ignore the rest assigned to the users. Opening AGR_1251 and also AGR_1252 reports for multiple users will probably give you plenty to read but little in value.
If you've run the user level report at action level in RAR then you won't be getting the offending roles.
Please could you confirm the spec/scope of the report you need out of SAP?
Cheers
David
10-28-2010 10:05 AM
Hi David, the report I have been asked to produce is to show analysis authorisations and the characteristic values per user for our HR application. We load hierarchy and value data into the DSO and generate authorisations via RSECADMIN to further restrict the access provided by the roles assigned. we have approx 1000 users that we need to report on for audit purposes.
Thanks,
Mark.
06-14-2021 5:23 PM
Hello Forum, I have got a similar question. Is it possible to read BW Analysis Authorization tables to read a list of Company Codes a User is authorized to see. If so, can someone please advise the list of tables that is required to be looked into.
Thanks