09-19-2009 8:08 PM
hi,
There are two SAP BW systems , one with component SAP_BW SAPKW70017 (say B1) , and other one with SAP_BW component SAPKW70103 ( say B2)
In B2 , When a user executes RRMX , it takes them to the Business explorer(excel sheet) , however it throws a message in the GUI that "No authorization to change role <role>
Message no. S#423"
This message is received as soon as you get the excel sheet opened .
When further looked into the situation , seems like in B2 , the follwing select statement is executed ,( as soon as u execute RRMX)for checking the change access for all the users "assigned roles" ( I wonder why all roles?) with the object S_USER_AGr and throws the message when there is no 02 activity for any of the roles present with the user .
SELECT agr_name FROM agr_users INTO l_agr_name WHERE uname = sy-uname.
CALL FUNCTION 'PRGN_AUTH_ACTIVITY_GROUP' -
> "this further throws the message"
EXPORTING
activity_group = l_agr_name
action_change = 'X'
EXCEPTIONS
not_authorized = 12
OTHERS = 13.
IF sy-subrc = 0.
e_s_system_info-can_change_pfcg_roles = rs_c_true.
Whereas in B1 (old release) no such message is thrown for the same user . seems there is no such change activity check in the begining?( not too sure) and only when the user clicks the Role option in Query dialog , S_USER_AGR is checked as per the ST01 trace.
Is this a bug in SAP_BW 701 release ? If so , do you the SAP notes for correcting the same ?please reply at the earliest .Thanks in advance
09-19-2009 9:13 PM
Some customers have S_USER_GRP actvt '02' in production environments for the RRMX "key" users who publish queries to be able to add them to the menu for the users. A change in authorization data might not be required, typically.
But this "change" authority gives more access than just the menu, and the user will need other authorizations for S_USER_TCD and VAL as well.
It has been replaced by the BEXWeb, which you should take a look into.
As SAP "owns" the authority-checks in their programs, they seemed to have felt it appropriate to add the same check to RRMX for "key" users.
> Is this a bug in SAP_BW 701 release ?
I don't think it is a bug in BW 7.01. Arguably they could have added it earlier.
There is an approach to control this via the sideinfo.dat file using the program ID of the query - but I guess few did that or even knew about it. It is not intuitive.
Cheers,
Julius
10-01-2009 12:54 AM
Hi,
SNOTE 1174779 solved this issue .:)
Regards
Edited by: gsapsdn on Oct 1, 2009 1:55 AM
10-01-2009 1:11 AM