Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

BI Workbook Authorizations

Former Member
0 Kudos

I have the following scenario and can not find an acceptable solution using Workbook Authorizations.

User 1 would like access to only display workbooks in role 1. User 2 is a super/power user and would like access to change, update, delete workbooks in Role 1. Role 1 is a workbook respository role, it only has S_USER_AGR authorizations.

The reason for this is that some super users shouldn't be placing or editing the workbooks/queries in the reporting folder, but they may need access to edit other workbook folders.

I have tried building a new role with S_USER_AGR 03 referencing to Role 1 (workbook role), but because it is display of another role, it does not appear in Bex. Has anyone come across this before?

1 ACCEPTED SOLUTION

arpan_paik
Active Contributor
0 Kudos

User1 need access to view workbook belongs to role1 ==> Simply assign this role to user1.

Point 2: Power user need access to edit workbook belongs to role1. Create a role2 with S_USER_AGR with 01, 02, 03, 06, 22 activity for role1 and assign this role2 to power user.

Basic understanding is in order to view role folder in Bex analyzer user must have access 01, 02 ACTVT for object S_USER_AGR

In order to display workbook or query belongs to a role user need to have access to that role

Arpan

4 REPLIES 4

Former Member
0 Kudos

Hi Bree,

Your requirement can be met using 2 roles.

Suppose Role-1 is your workbook repository role.

In Role-1, for S_USER_AGR maintain the fields as below ACTVT:Display & ACT_GROUP:Role-1.

In Role-2, for S_USER_AGR maintain the fields as below ACTVT:Change, Display, Delete & ACT_GROUP:Role-1 & Role-2.

Assign Role-1 to users who wants only display access.

Assign both Role-1 & Role-2 to users who wants change/Delete access also.

Let me know in case you need any further help.

Regards,

Jaya

0 Kudos

I tried as you said and unfortunately did not get the results we wanted.

It seems to me that when role 1 had display access to role 1 and role 2 had create, change, display access with S_USER_AGR set to role 1, the user assigned to the second role can not view folders.

When a trace is ran on these scenario, it seems that the trace is looking for the acutal role that is assigned in SU01, it is not looking for the authorization object S_USER_AGR for what roles the user has acces to.

A perfect example is with your security admin access, you have S_USER_AGR * but when you go to BeX you don't see any of the reporting folders unless you are assigned one of the roles.

Edited by: Bree Woodruff on Dec 18, 2009 11:52 PM

0 Kudos

Hi Bree,

I know that. For that reason i said "Assign both Role-1 & Role-2 to users who wants change/Delete access also" in my previous reply.

Unless you assign the folder role also he will not be able to see the folder role.

Regards,

Jaya

arpan_paik
Active Contributor
0 Kudos

User1 need access to view workbook belongs to role1 ==> Simply assign this role to user1.

Point 2: Power user need access to edit workbook belongs to role1. Create a role2 with S_USER_AGR with 01, 02, 03, 06, 22 activity for role1 and assign this role2 to power user.

Basic understanding is in order to view role folder in Bex analyzer user must have access 01, 02 ACTVT for object S_USER_AGR

In order to display workbook or query belongs to a role user need to have access to that role

Arpan