04-23-2009 1:13 AM
Hi,
I have question regarding BW security. I want to restrict users access based on profit center ie i mean to ask is there any authorization object in BW, where i can specify Profit Center values and create role, where i can further assign this role ans restrict authorization to that particulat profit center.
I already have authorization on profit center hierarchy which is old. Now we have new hierarchy, how can I use those authorization object, profiles, and roles to this new hierarchy. If there is quick work around please advise or can tell me how to create authorization object in BW, where i can specify Profit Center values and create role.
Thanks
Robert Courtney
04-23-2009 12:15 PM
Hi Robert,
You have to create the authorization object using the tcode RSSM in BW 3.5 (the procedure is available in BW365 ) and then add the manualy created authorization object in a role via PFCG.
You cannot use analysis authorization for BW 3.5 as the concept is available in BI7.
Regards,
Nilanjan
04-23-2009 8:51 AM
Hi Robert
The authorization concept in SAP BI is somewhat different from the Concept in Standard R/3 ECC. You want find any standard authorization object where you can specify Profit center.
To control access based on your profit center hierarchy try to take a look at the analysis authorization concept [here |https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a6c54319-0e01-0010-20a4-fb81ad32f330] or [here|https://www.sdn.sap.com/irj/scn/wiki?path=/display/bi/authorizationinSAPNWBI&showChildren=false]
Regards
Morten Nielsen
04-23-2009 12:15 PM
Hi Robert,
You have to create the authorization object using the tcode RSSM in BW 3.5 (the procedure is available in BW365 ) and then add the manualy created authorization object in a role via PFCG.
You cannot use analysis authorization for BW 3.5 as the concept is available in BI7.
Regards,
Nilanjan
04-23-2009 4:06 PM
Hi Nilanjan/Morton,
Thanks for your response. We already setup authorizations to the old profit center hierarchy. But now we have another which is updated one from SAP R/3 Source system. And I would like to change all this authorization objects to the updated hierarchy. Old hierarchy is uploaded from flat file.
Please advise me what changes I need to do to assign new hierarchy to the existing authorization. Already we have authorization object in RSSM.
Thanks
Robert Courtney.
04-24-2009 5:33 PM
Hi,
Please some one tell me how to see which profit centers are assigned to particuluar user. Because when I check particular profile in PFCG I can see only one profit center for all profiles. But I know they have more than one profit centers. When I login with different used id in the Bex I can see more than one profit center which is correct.
For example I have a user who is head of one branch in chicago and he assigned three different profit centers but in profiles I can only see one. I know there must some table or transaction to see complete list of particular user or profile.
Your help is really appreciated.
Thanks
Robert Courtney.
04-26-2009 2:30 PM
Hi Robert,
As you have informed that authorization object is already maintained in RSSM, you can include the same authorization object manually in the role via PFCG (if this is not maintained).
Also, Maintain authorization of 0TCTAUTHH (u201CAuthorization for hierarchyu201D) in the old role via PFCG. Fill in
the technical description of the new hierarchy authorization created (I assume a new separate Hierarchy authorization has been created for the updated hierarchy).
Regards,
Nilanjan
04-26-2009 2:51 PM
Hi Robert,
To find which profit centers are assigned to particular user, you can use SUIM tocode, select users by complex selection criteria, In the Authorization object, enter the name of the authorization object(which is inserted manually in one of the role via PFCG) related to the profit center.
Regards,
Nilanjan
04-26-2009 11:10 PM
Hi Nilanjan,
Thanks for your response, I found the solution. Like I was expecting what profit centers are assigned in which TCode.
In RSSM select your authorization object, in authorization tab select AUTHORIZATION OBJECT FOR HIERARCHIES and click on display you can see list of all authorizations which are assigned to different users.
Thanks for you positive response.
Robert.
Edited by: Robert Courtney on Apr 27, 2009 12:10 AM