I think it is possible with ECC6.0 & BW 3.5 as both uses same SAP standard authorization concept.

But in BI7.0 it uses analysis authorization roles. So if anybody can advise that Whatever access is there for user in ECC, authomatically same access will be deplyed in analysis authorization in BI for that user.

Edited by: Imran Mulani on Jan 28, 2009 9:03 AM

So now you ahve changed your requirements?? You don't want to "map" the access, you want to know if there is a way that your analysis roles are automatically created? Please clarify as they are very different things you are asking for

Apologise for creating confusion. my requirement is same. Let me elaborate the scenario

We are using new analysis authorization concept for BI7.0. As we are replicating same access as of ECC. We follow below steps

1. Analyse users access in ECC (for ex. user XYZ is having access to which company code, plant etc and save in excel sheet)

2. create Analysis authorization in BI based on execel sheet ( for ex. this AA contains company code, plant for user XYZ)

3. assign analysis authorization in BI for user.

We are loosing much time in analyzing access of user in ECC system and then create AA in BI and assign to user.

As same access of ECC we are replicating in BI. I dont want to waste time in analysis.

So I was thinking like that

a)system will read user XYZ access in ECC and same access will be provided in BI through some role mapping .

or b) system will read user XYZ access in ECC and create analysis authorization automatically based on access in ECC.

I assume you have the mapping of all the ECC roles corresponding to BI roles.

That is role X in ECC will have to mapped to role XBI in BI.

The only thing that is common between the two would be the Org levels. Correct me if I am wrong. I do not see any other authorization or authorization object to be same, as a t-code in ECC is some custom report in BI and they do not presummably has same authorization object.

So if it is only the Org level get the org values for all the roles in ECC from AGR_1252 and then map it to the BI roles.

But I understand what you are saying, you want this activity to be done automatically and not manually role by role. So I suggest you go for some SCAT script and get atleast the org levels maintained in all your BI roles. The other auth values you have to maintain manually as they are specific to individual roles.

Let me know if it makes sense.

Hi Imran,

That's a bit more clear now thanks. This sounds like the perfect use for using variables.

To summarise, you can use enhancement RSR00001 to allow values to be automatically passed into auth checks.

For example you could have a daily extract of plant data for a user (either via role contents from AGR_1252, role naming convention, manually maintained lookup data) into your BI system. This gets maintained in a table which lists the plants (and/or other org levels) for the user. You can then create an analysis authorisation for plant, where you maintain the variable value e.g. $PLANT. You code the variable to look in the BI lookup table (or whatever data structure you want) for the values to supply for the user.

There is a bit more info here:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/59069d90-0201-0010-fd81-d5e11994...

https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f2...

Thanks