Solved: BI Variable Authorizations.

Former Member · ‎01-25-2011

Hello experts,

I need your help in implementing the BI Variable authorizations to restrict cost centers. I have followed the following steps but user getting analysis authorization error for cost center.

1) I have marked Cost Center info object as Auth relevant.

2) Created custom table zcostcenter with cost center and user name fields

3) Created a global Variable ZCOST and added in the query and changed the Processing type as u201CCustomer Exit u201C.

4) Created analysis authorization for the info object 0cost center and added value as $ ZCOST.

5) Analysis authorization has been added to auth object S_RS_AUTH in the PFCG role.

6) Created the include program ZSECTEST in the user exit with the below code.

&----

*& Include ZSECTEST

&----

if i_step = '0'. " Authorization

if i_vnam = 'ZFINAL'.

data: itab like zcostcenter occurs 0 with header line.

clear l_s_range.

select * from zcostcenter into table itab where bname = sy-uname.

loop at itab.

l_s_range-sign = 'I'.

l_s_range-opt = 'CP'.

CALL FUNCTION 'CONVERSION_EXIT_ALPHA_OUTPUT'

EXPORTING

INPUT = itab-kostl

IMPORTING

OUTPUT = l_s_range-low.

l_s_range-low = itab-kostl.

concatenate '' l_s_range-low '' into l_s_range-low.

append l_s_range to e_t_range.

clear l_s_range.

endloop.

endif.

In my query I have fieldu2019s company code, Cost area. Do I need to mark all of them auth relevant?

Thanks,

Kumar.

Former Member · ‎01-25-2011

Hi Neha,

Thanks for your response. I have created only one Variable in query called ZFINAL with processing type u201CCustom exitu201D . I have added the same variable to the analysis auth as value $ZFINAL. Do I have create another variable with processing type "authorization" in the query ??

Hi Sandipan,

Thanks for your response. Please find the rsecadmin trace log below.

u201Cu201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201D

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

0TCAACTVT = '03'

AND 0COSTCENTER LIKE *

Characteristic Content in SQL Format

0COSTCENTER I EQ $ZFINAL

0TCAACTVT I EQ 03

Partially or Fully Authorized (Intersection) Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

NOT 0COSTCENTER = '21001'

AND 0TCAACTVT = '03'

Value selection partially authorized. Check of remainder at end

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

NOT 0COSTCENTER = '21001'

AND 0TCAACTVT = '03'

Characteristic Content in SQL Format

0COSTCENTER I EQ $ZFINAL

0TCAACTVT I EQ 03

Not Authorized

Thanks,

Kumar

Former Member · ‎01-25-2011

Kumar wrote:-

I have followed the following steps but user getting analysis authorization error for cost center

Hi,

Can you provide more details about what the error is? If you have ran a RSECADMIN trace already, can you specify the authorization failure details please?

Thanks

Sandipan

Former Member · ‎01-25-2011

Hi,

The variable you are using in the query should be of processing type "Authorization" . The customer exit variable should be used in the analysis authorization, which gets filled from the code in the customer exit.

Thanks.

Former Member · ‎01-25-2011

Hi Neha,

Thanks for your response. I have created only one Variable in query called ZFINAL with processing type u201CCustom exitu201D . I have added the same variable to the analysis auth as value $ZFINAL. Do I have create another variable with processing type "authorization" in the query ??

Hi Sandipan,

Thanks for your response. Please find the rsecadmin trace log below.

u201Cu201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201Du201D

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

0TCAACTVT = '03'

AND 0COSTCENTER LIKE *

Characteristic Content in SQL Format

0COSTCENTER I EQ $ZFINAL

0TCAACTVT I EQ 03

Partially or Fully Authorized (Intersection) Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

NOT 0COSTCENTER = '21001'

AND 0TCAACTVT = '03'

Value selection partially authorized. Check of remainder at end

Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set

Characteristic Content in SQL Format

0TCAACTVT

0COSTCENTER

NOT 0COSTCENTER = '21001'

AND 0TCAACTVT = '03'

Characteristic Content in SQL Format

0COSTCENTER I EQ $ZFINAL

0TCAACTVT I EQ 03

Not Authorized

Thanks,

Kumar

Former Member · ‎01-25-2011

Well customer exit processing type can process all variable types (characteristic value variables, hierarchy node variables, hierarchy variables, formula variables and text variables). Hence I don't think you would need to change the processing type.

From, the trace it seems user is not authorized to one cost center. Are you allowing user to change the value of field during query navigation or is it just passing value of cost center as determined by your exit's logic for auth check?

Can you please ellaborate the exact requirement of this customer exit for cost center?

Thanks

Sandipan

Former Member · ‎01-25-2011

I agree that customer exit processing type can process all variable types, but in the query I think we will have to use variable with processing type "Authorization" since you want to fill the variable from the authorizations. It is in the analysis authorization where we give the customer exit variable and fill it using the logic in the customer exit implementaion.

Thanks.

Former Member · ‎01-25-2011

Neha wrote:

will have to use variable with processing type "Authorization" since you want to fill the variable from the authorizations

Sorry! Here the variable used in query is being filled as per logic of the exit used (from custom table zcostcenter) and the value of 0costcenter within AA is also derived from the same variable i.e ZFINAL.

I suspect the problem is, variable is being correctly populated with values from custom table (as per logic of the exit) by checking against username but it is also allowing the value to be changed by user during query navigation (there is a checkbox option for the same in BW variables editor) and hence the error encountered since the AA again fetches its value for 0costcenter from the customer exit logic (from table zcostcenter) which might not contain the value of cost center input by user.

Edited by: Sandipan Choudhury on Jan 26, 2011 3:59 AM

Former Member · ‎01-25-2011

Hi Neha,

Following your suggestion, I think variable with processing type 'authorization' in query and variable with processing type 'customer exit' in analysis will also work fine, provided user is not allowed to change the variable value in query during navigation otherwise the cost center value entered by user might not be found in the AA which is fetched using the custom exit.

@Kumar: can you check if user is allowed to change the variable value during navigation of the query please and let us know.

Thanks

Sandipan

Former Member · ‎01-26-2011

+ Sorry! Here the variable used in query is being filled as per logic of the exit used (from custom table zcostcenter) and the value of 0costcenter within AA is also derived from the same variable i.e ZFINAL. +

@ Sandeep: Calling the customer exit twice to fill the same variable once in query and again in the AA. Doesn't this cause preformance issue due to redundancy.

In any case, as you said the user must not be able to enter or modify the cost center value. However it depends on the business requirement whether they want the end user to enter it and they are ok to see the no authorization erroe message when the user enters the cost center they are not authorized to.

Thanks.

Former Member · ‎01-26-2011

Neha and Sandi,

Thanks a lot for your quick response. My issue is resolved.

As per your suggestion I have created two variables one with processing type" Customexit" and other with "authorization"

Second variable was marked for input. I ran the query and progam is populatiing the cost center values back to the selection screen by picking from custom table.

Issue is earlier I have only created one variable with processig type "custom exit "and not marked for input and I was getting error. In this case I am not entering any cost center values in the selction screen.

Thanks,

Kumar

Former Member · ‎03-31-2011

Hello Experts,

Please help me with the below issue. I have implemented Variable authorizations as below.

1)I have marked Cost Center and Profit Center info objects as Auth relevant.

2) Created a global Variables for CC and PC with processing by authorization & user exit.

3) Created analysis authorization for the info object 0cost center and Profit Center and added value as $ ZCOST.

4) Created the include program ZSECTEST in the user exit to check the Variables.

I have created only one analysis authorization with both CC and PC fields and restricted to Variables.

Scenario 1: If the Query that was built on the Cube has only CC data authorizations are working fine by picking the values from the table. u2013 Working

+Scenario 2+ : I have a query that was created on MP which has cube A with CC and cube B with PC data.

(system checks if the user has access both info objects since both were auth relevant fields)

When user ran the query u2013 custom code checks the table and gets the CC and PC values to the query variable screen.

Issue: If the query has both CC and PC data for the given date it was showing results fine.

If the query has only CC data and no PC data then query is giving message saying no data available.

My requirement is even there is not PC data for that date I want to display the CC data.

Thanks in Advance.

Thanks,

Kumar.

Former Member · ‎03-31-2011

I have another similar issue