06-16-2010 2:38 PM
When I execute the query, the error is generated no data displays. OrgUnit is in the Row. If I right click on OrgUnit and turn off the Hierarchy Active flag, the report displays.
0ORGUNIT is marked as authorization relevant. When I look at the Error Log in RSECADMIN, I see the Hierarchy Authorizations and that looks correct. SU53 says authorization check successful.
My Hierarchy name is ORGEH, Hierarchy version is 01, Hierarchy date 99991231. Any ideas on what I'm missing?
06-16-2010 9:37 PM
Phate,
When 0ORGUNIT is authorization relevant it should be either hard coded or should be an input field in the query.
In Resecadmin check if it is asking for any aggregation?
Thanks,
Sri
06-16-2010 9:37 PM
Phate,
When 0ORGUNIT is authorization relevant it should be either hard coded or should be an input field in the query.
In Resecadmin check if it is asking for any aggregation?
Thanks,
Sri
06-17-2010 12:24 PM
Sri,
0ORGUNIT is an input variable on the query. I re-checked RSECADMIN and there is no mention of aggregation.
Thanks.
Phate
06-17-2010 1:20 PM
Hi,
In the log from rsecadmin you see some note numbers. In one of them is mentioned that the selection of data can be done is sub selections. When a part of the select is not needed but the authorization object is involved you need the object with a : in it. So make an analyses authorization with 0orgunit and a : in the values and assign it to the user.
have fun
Bye Jan van Roest
06-17-2010 1:42 PM
Jan,
I have the analysis authorization created for 0ORGUNIT with a : in it and its currently assigned to the user. I believe its some type of portal/java issue because I can run the report in RSRT as the user and I can also run the report in ABAP Web as the user. Its just when I try to run it through our portal or if I use Java Web that I'm seeing the error. Thanks.
Phate
06-17-2010 2:43 PM
Hi Phate,
It is possible to upload the authorization (just the name, the real ones are on the backend) to the Portal and add it to a group. You can also connect your Portal role to that group and with that your user. How did you make it clear to the portal what kind of rights the user have on the backend? Did you try sap_all and 0bi_all to exclude if it is an authorization problem?
have fun
bye
Jan van Roest
06-17-2010 5:18 PM
Jan,
The user has an Orgunit authorization assigned on her account. This ensures she only sees her agency when she runs a BI report, all our reports have OrgUnit as a mandatory variable. I tried the report with 0bi_all and it worked (backend, portal, ABAP Web, Java Web) so I'm back to looking a Security. Thanks.
Phate
06-17-2010 8:06 PM
Hi Phate,
What does the log show in RSECADMIN. Does it have a yellow remark and if so what are the remarks just below it. It should give info providers that are missing. When you look in the queries used by the report, you can see if the selection is OK or not. Is there maybe an analyses object direct added to the user, look in rsu01, perhaps there is a problem in the hierarchy. You also could put a * in the 0orgunit to try it out.
have fun
bye
Jan van Roest
06-24-2010 1:03 PM