Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI analysis authorisations direct assign to user in RSECADMIN

former_member727813
Explorer

‎04-07-2011 9:37 AM

0 Kudos

Hello,

In RSECADMIN it is possible to directly assign the 'analysis authorisations' to user-id's

It is also possible to assign the 'analysis authorisations' to a role via the authorisation object S_RS_AUTH

Can somebody tell me

- what are the pros and cons of directly assigning the analysis autorisations to the users in the RSECADMIN ?

- In which situation is direct assigning in RSECADMIN used ?

- IS dirtectly assigning to users in RSECADMIN in a production environment critical?

- what does SAP propose: directly assigning in analysis authorisations our via a role

In our case we have the situation of

BI system with a large number of analysis authorisations. The values of the analysis authorisations should be

maintainable in production environment.

We have also to take in mind:

- Roles are added to users via CUA ( RSECADMIN is not maintainable via CUA)

- Business Objects is coming. So set up the authorisations that they can be used for Business Objects

- Flexible ( new autorisation relevant info Objects) should be easy adeptable.

What we want to use is

- assigning analysis authorisations via a single role ( in a composite ) to the user

- a variable in the analysis authorisations as field value of a characteristic. In that case the values can be

assigned dynamically in production.

the data access role has the link to the analysis autorisations in the RSECADMIN.

this analysis authorisation contains variables instead of a fixed field value.

The values of the variables are maintained in a table in a production environment

Is using directly assigning analysis authorisations to users in the RSECADMIN in the production environment an alternative ?

Thanks for your answers

With Kind Regards,

Vincent

Edited by: Vincent Willems on Apr 7, 2011 10:37 AM

3 REPLIES 3

krysta_osborn
Active Participant

‎06-22-2011 4:12 PM

0 Kudos

Hi Willem,

You might want to look around on SAP's site to see if there are any white papers about the two ways to assign analysis auths to users.

We have quite a few analysis auths in production, and we have chosen to assign them manually. As a result, we have fewer roles to maintain and assign. The roles are used to give access to the tools, e.g. BEx. We then control what data the users can see with analysis auths.

We do not currently use the functionality that is available to look at change history for assignment of analysis auths. We do include analysis auths in access requests so the access is approved by the business before being assigned. We focus our control more on the role assignment right now. I expect that we will review analysis auth assignments in the future, though.

Not sure if this is what you were after, but I hope it helps!

Krysta

arpan_paik
Active Contributor

‎06-23-2011 6:46 AM

0 Kudos

If for the same set of query, access requires for different auth relevant characteristics, then you should use directly assiging AA to user. Which will reduce number of roles in your system. Now generally in BI system the number of users are less so by S_RS_AUTH the purpose can also be served for one type maintainance.

Regards,

Arpan Paik

Former Member
In response to arpan_paik

‎06-23-2011 8:52 AM

0 Kudos

Hello Vincent,

My way of working is to follow the structure you have in the providing systems. If you have created a role for a production employee then try to translate the roles for the production analysis the same way in BI. You can use the s_rs_auth object. In HR you can use structural authorizations, you can use some programs to set the structural authorizations in BI and that will be done by creating an analysis object and add this to the user involved. Also updates from structural authorizations will be done automatically by these programs. I should not add your own objects to single users, that is a lot of maintenance you do not want. Use in BI the same concept as in the providing systems, it is more clear for anyone who has to work with it.

Have fun

Bye

Jan van Roest

PS. Did you solve your problem? If so please close your question

Edited by: J. van Roest on Jul 7, 2011 12:51 PM