Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI 7.0 authorization issue

Former Member

‎01-05-2011 3:03 PM

0 Kudos

Dear Experts,

This is regarding BI query access.

User is trying to acces a query from browser and he is gettin authorization proble.

I have checked resecadmin log and found out that aggregation is being checked for a characteristic (nothing else in the log)

I have checked all the custom auth objects and in some objects that characteristic has * and in one of the object characteristic has EQ = :(composite role)

That means user has aggregation authorization. Then why is the user facing the issue. Please help in resolving the issue.

Please note that it is a composite role. In one of the single role access to queries are defined and in rest of the single roles custom auth objects are assigned.

Thanks in advance.

Raj

6 REPLIES 6

Former Member

‎01-05-2011 3:28 PM

0 Kudos

Hi Raj,

Did you check the below authorization object:

S_RS_ALVL: Authorizations for working with aggregation levels

Apart from the authorization @ the analysis authorization level, user should have access to the respective Infoarea/Infocube and also for the aggregation level at the S_RS_ALVL authorization object.

Correcting this should resolve the issue.

Regards,

Raghu

arpan_paik
Active Contributor

‎01-05-2011 3:29 PM

0 Kudos

What is the error says? Any specific hint or generic? Try with RSSM trace. Make sure that as per query user has proper authorization to analysis authorization. User also need to have access to query via S_RS_COMP and S_RS_COMP1

Regards,

Arpan Paik

Former Member
In response to arpan_paik

‎01-05-2011 3:59 PM

0 Kudos

Hi Arpan,

RSSM Trace is obsolete in BI 7.0. Raj is correct in using RSECADMIN trace. The current issue is at the aggregation levels, where S_RS_COMP, and S_RS_COMP1 check is successful. After checking these two objects, system will check for the aggregation levels.

Regards,

Raghu

Former Member

‎01-05-2011 4:28 PM

0 Kudos 
I have checked all the custom auth objects and in some objects that characteristic has * and in one of the object characteristic has EQ = :(composite role)

Hi,

If you are on BI 7.0 , you should be checking if the analysis authorization ( included under object S_RS_AUTH in the role) has aggregate or full authorization to the characteristics which the user is failing upon as per RSECADMIN trace.

Possibly the custom auth objects you are looking at are from the era of BW 3.x which were never removed from the role.

@Raghu: auth object S_RS_ALVL is relevant to BI-Integrated planner tool and is not required as per my knowledge in normal BI reporting. Just my 2 cents:) Correct me please if I am missing on anything.

Cheers!

Sandipan

Former Member

‎01-06-2011 1:40 PM

0 Kudos

Dear Sandipan,

Hi,

If you are on BI 7.0 , you should be checking if the analysis authorization ( included under object S_RS_AUTH in the role) has aggregate or full authorization to the characteristics which the user is failing upon as per RSECADMIN trace.

User has access to required infocubes/provides/areas.

Check is failing for a character PGMRU.

In a composite role we have 5 single roles. In 1 role, access to query's are give in menu and in authorization data as well.

In other 4 roles access to Analysis authorizations are given.

In those analsys auth objects, some has PGMRU = * and in object PGMRU = :

this composite role assigned to the user( for PGMRU.

But user has access to PGMRU= * and PGMRU=:

Hope you got the clear picture.

I appreciate your reply.

Thanks,

Raj

Former Member
In response to Former Member

‎01-06-2011 3:25 PM

0 Kudos

Can you check from the trace for which infocube the characteristics is checking for : ?

After that, get the list of all infocubes (which your user is assigned access to) that have PGMRU marked as authorization relevant (use table RSDCUBEIOBJ) and ensure all analysis authorization built for those infocubes have PGMRU included in them with value * or :

Then ask the users to check if the queries work now. Possibly some analysis authorization won't have PGMRU included even though it is auth relevant for a infocube within the analysis authorization and when the query hits upon that infocube it fails.

SAP doesnt support BW 3.5 auth concept in BI 7. RSR Authorization objects might not be considered in authorization checks of BI 7 (unless tcode RSCUSTV23 is used to change the setting) and hence object PGMRU=: doesn't suffice the requirement.

Thanks

Sandipan

Edited by: Sandipan Choudhury on Jan 6, 2011 9:05 PM