Solved: BI HR Structural Authorizations

Former Member · ‎04-12-2010

Dear SAP Security Gurus,

We are trying to setup HR Structural Authorizations on our BW system (BI 7.0). The data load is complete . We have generated the data sources 0PA_DS02 and 0PA_DS03 using RSECADMIN. This has automatically created some analysis authorizations. Can you please let us know what is the next step? We tried the follwoing :

1. Made 0ORGUNIT auth relevant.

2. Created an Analysis authorizations with the following infoobjets and values

>0ORGUNIT --- hirarchical authorizations to a node

>0TCAACTVT --- 01 to 03

>0TCAIPROV --- 0PA_DS03

>0TCAKYFNM --- *

>0TCAVALID --- *

>YHRSBMOD --- *

3. Assigned this authorization to the test id. We are getting the error for orgunit. Please help.

Thanks,

Karthik Kiran.

Former Member · ‎12-09-2011

Thanks All for the help.

We found the solution for this issue. To setup structural authorizations on BI 7.0 , the procedure is as follows:

1. Extract the table OOSB (structural authorzations) from ECC to BW.

2. Generate the data sources 0PA_DS02 and 0PA_DS03.

This will automatically create Analysis authorizations (hirarchy) in BI for each structural authorization on ECC system.

Also the same users (as in ECC) will be automatically assigned with these analysis auths on BI. However the user have to be setup manually in BI system.

sandi_ward2 · ‎04-12-2010

What is the auth error you are getting?

Have used transaction RSECADMIN to analyse the auth check?

Former Member · ‎04-12-2010

Hi,

Yes I checked the Authorization log and its seems like its checking for * in the 0ORGUNIT.

Thanks,

Karthik.

Former Member · ‎04-12-2010

> Yes I checked the Authorization log and its seems like its checking for * in the 0ORGUNIT.

It might be performance optimized coding (after the '*' the SQL clauses are modified to make it faster).

Then it is slightly slower and dependent on your data.

I would suspect a config or masterdata error as a wild guess. HR is very dependent on the data and the conventional tools are of little use if that is conceptually wrong or inconsistent with the expected behaviour.

Cheers,

Julius

Former Member · ‎04-12-2010

Hi Julius,

It would not work even when i give * for 0ORGUNIT. Is there any documentation for setting up structural authorizations in BI 7.0?

Thanks,

Karthik.

Former Member · ‎04-12-2010

> BI 7.0

Have you migrated to the new concept?

If you do not have all AA auths, then the query returns nothing.

Where are the AA auths coming from?

Cheers,

Julius

Former Member · ‎04-14-2010

Hi Julius,

Yes we migrated to the new concept 2 years ago when we upgraded from BW 3.5 to BI 7.0. So far we never had issues. We are using analysis authorizations successfully since then. We have data restricted on infoprovidors by company code, credit control area, etc. However now we are trying to implement the HR Structural authorizations and we are not able to figure out how to make them work.Please let us know if you have any input.

Thanks,

Karthik.

Former Member · ‎04-15-2010

Hi,

You should look for the document Implementation Guide for BW?HR structural authorizations. This document is from June 2002 but is very handy. When you use the steps in this document you must take care that the users which it concerns are already in the BI system. Also the table t77uu must be filled with the user names. The program makes analyses object for the user and connect them directly to the user, so not in the roles. We made a program chain with the different steps which also select the users that should be on the BI system and it works fine.

Have fun

Bye Jan van Roest

Former Member · ‎12-09-2011

Thanks All for the help.

We found the solution for this issue. To setup structural authorizations on BI 7.0 , the procedure is as follows:

1. Extract the table OOSB (structural authorzations) from ECC to BW.

2. Generate the data sources 0PA_DS02 and 0PA_DS03.

This will automatically create Analysis authorizations (hirarchy) in BI for each structural authorization on ECC system.

Also the same users (as in ECC) will be automatically assigned with these analysis auths on BI. However the user have to be setup manually in BI system.