Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BW Analysis Authorization gut check.

Go to solution
former_member318517
Participant

‎06-22-2011 7:20 PM

0 Kudos

Hello all,

Just a gut check about how the AA strategy works. Take this scenario when executing a query:

The following InfoObjects are auth relevant:

0PLANT: Aggregated Data so only : is needed.

0WHSE_NUM: Needs specific value

0TCAACTVT: Default 03 given.

And then the following special characteristics:

0TCAIPROV: Infocube Z123

0TCAVALID: Default * given.

Now..if I were to put these 5 Characteristics in 5 seperate Analysis Authorizations and assign those 5 to a role with S_RS_COMP, the query can be executed. Not our design...testing purposes only.

I THOUGHT that some of these characteristics needed to exist together in 1 AA, like 0TCAACTVT and 0TCAIPROV in order to work properly. But apparently when the system is checking authorizations, it only treats each characteristic seperately and on it's own when checking the values.

Thoughts or insight?

Thanks,

Tom

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-23-2011 5:01 PM

0 Kudos

Hi Tommy,

BW 365 states that "Value authorizations are always combined from all valid authorizations for the info provider. This means that all values from all authorizations for this infoprovider are put together in to the list of authorized values"

This statement makes sense now as you have put different characterstics in different analysis authorization and the query still works becasue I think SAP combines all of them for that particular user, to which they are assigned.

Just like user buffers in ECC combining all authorizations of a user. They need not be in the same AA as you have tested.

2 REPLIES 2

Go to solution
krysta_osborn
Active Participant

‎06-22-2011 8:38 PM

0 Kudos

Hi Tom,

To be precise, you'd assign your analysis auths to a role with S_RS_AUTH. S_RS_COMP is to give access to BEx.

Check out the online documentation from SAP on analysis auths. I did a really quick look in there and found this gem that should help answer your question:

In addition to these generic dimensions, an authorization includes special dimensions. These consists of the characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validity). These special characteristics must be included in at least one authorization for a user; otherwise the user is not authorized to execute a query.We recommend that you include these special characteristics in every authorization. You do not have to include them in every authorization, but for reasons of clarity and analysis security, we recommend that you do this.

So it seems that you need those special dimensions in at least one analysis auth to be able to execute queries, but SAP recommends including them in all of them.

Krysta

Go to solution
Former Member

‎06-23-2011 5:01 PM

0 Kudos

Hi Tommy,

BW 365 states that "Value authorizations are always combined from all valid authorizations for the info provider. This means that all values from all authorizations for this infoprovider are put together in to the list of authorized values"

This statement makes sense now as you have put different characterstics in different analysis authorization and the query still works becasue I think SAP combines all of them for that particular user, to which they are assigned.

Just like user buffers in ECC combining all authorizations of a user. They need not be in the same AA as you have tested.