cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI authorization - S_RS_COMP, S_RS_COMP1

Former Member

on ‎11-21-2011 1:24 PM

0 Kudos

Hi,

Do you have anybody experience with authorization for BI object (queries) like this:

Analyst, who can change queries, which was created by him and can execute all queries.

How to set authorization objects S_RS_COMP and S_RS_COMP1?

I have problem when I set S_RS_COMP1 fot RSZOWNER - $USER, than I see only queries that I created but I can ´t execute another queries, but when I add another role only for executing (without change activitiy) than I can change all queries.

thanks for advice.

Petr

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎11-21-2011 1:50 PM
0 Kudos

Hi

This is because Role 1 has Display/Execute authorizations and Role 2 has all authorizations. Role 2 is overwriting (just like read access and write access).

If you want the user to restrict the queries , ask the user to create queries with naming convention starting from C(can do Save as) and create a new role and restrict the access Change /Display and execute but restrict the Name of reporting component to C., which provides access to his queries for Change/Display and Execute. Also assign him Role 1 which only has display and Execute access, providing access for exectuing all the queries.

Hope this helps,

Aparna Duvvuri

Show replies
Show replies
Former Member
‎11-21-2011 2:04 PM
0 Kudos

Hi Aparna,

I have problem, that a lot of queries already exist, so It s problem to ask user for changing name of query that has already existed...

In my first idea I want to create only one role for this - where user can change only his queries but execute all, do you think that it s possible?

Thanks

petr

Former Member
‎11-22-2011 8:33 AM
0 Kudos

Hi Petre,

The standard approach is as you stated,

to assign S_RS_COMP1

with owner $USER,

activity *

S_RS_COMP

with the desired activity for the rest of the queries, in your case 03, 16

Make sure to state at S_RS_COMP the appropriate InfoCube (You need to set here your multiprovider technical names)

from my understanding this should be sufficient for you to have.

I would also consider adding the following authorization objects:

S_USER_AGR

S_RS_AUTH

Please come back to me if it's not working as it should, we can sure come up with a solution.

Best regards,

Miro

Former Member
‎11-23-2011 10:46 AM
0 Kudos

Hi Miro,

I set the role as you wrote:

S_RS_COMP - act. 03, 16, RSZCOMPID *, RSZCOMPTP - REP

S_RS_COMP1 - act *, RSZCOMPID *, RSZCOMPTP *, RSZOWNER $USER

But now I cant create any new queries, and also I have problem with executing qeury in BEx analyzer - because I don t see the screen for input values for variables (input screen).

thanks for your help.

Díky

Petr

Former Member
‎11-23-2011 12:30 PM
0 Kudos

Hi Petr,

The problem that you are facing while running the reports is most probably that you need to include more objects for RSZCOMPTP

I would suggest (as the activity is display, to include all objects here)

S_RS_COMP - act. 03, 16, RSZCOMPID *, *RSZCOMPTP - * *

As for creating queries,

Do you have any other roles assigned to the user?

EDIT: I'm sorry I kind of misunderstood the actual issue S_RS_COMP1 can't be used as a starting point for the ability to create reports, it can be used as an enhancement to the already available activity. (from S_RS_COMP)

As you want to give him the ability to create a query, but to edit just his, this can be done by having 2 S_RS_COMP elements,

One as in my previous post,

the second one with the (i would suggest) RSZCOMPID ~ prepare a naming concept for the user to follow in order to have a distinct way on how to determine the queries (for easier further maintenance)

And also the actv 1

So to sum up:

S_RS_COMP - act. 03, 16, RSZCOMPID *,RSINFOAREA *, RSINFOCUBE *, *RSZCOMPTP - * *

S_RS_COMP - act. 1, RSZCOMPID Z_* ,RSINFOAREA *, RSINFOCUBE *, RSZCOMPTP - *

S_RS_COMP1 - act. *, RSZCOMPID Z_, *RSZCOMPTP - QVW, REP, SOB, STR, VAR

State this RSZCOMPID also in S_RS_COMP1 and you are ready to go.

Best regards,

Miro

Edited by: Miroslav Ruzsinszky on Nov 23, 2011 1:34 PM

Edited by: Miroslav Ruzsinszky on Nov 23, 2011 1:42 PM

Edited by: Miroslav Ruzsinszky on Nov 23, 2011 1:45 PM

Former Member
‎11-23-2011 2:27 PM
0 Kudos

Hi Miro,

when I use this settings:

S_RS_COMP - act. 03, 16, RSZCOMPID *,RSINFOAREA *, RSINFOCUBE *, *RSZCOMPTP - * *

S_RS_COMP - act. 1, RSZCOMPID Z_* ,RSINFOAREA *, RSINFOCUBE *, RSZCOMPTP - *

S_RS_COMP1 - act. *, RSZCOMPID Z_, *RSZCOMPTP - QVW, REP, SOB, STR, VAR

than I see only queries starting with Z_, so I can t execute any from other user, which use another prefix - because I don t see it. Also I try add act 2 (change) to second S_RS_COMP, because, when the user create query than could also change his query, but when I add this activity 2, than I can change all queries (also created by another user).

I m not sure if my wish is possible in BW authorization...

Thanks for your time

Petr

Former Member
‎11-23-2011 3:12 PM
0 Kudos

Hi Petr,

The Z_* is not mandatory, it's up to you if you want to specify a naming conventions for your queries or not.

Currently I cant test it, but i would suggest to leave the RSZCOMPID specification in order to simplify things, Leave it as * in all roles.

As for the act 2, donu2019t include it to the second S_RS_COMP, as you want the user to be able to change only his own queries.

Explanation ~ In the S_RS_COMP you allow the user to access (display) all the queries, just as creating (only)

and in S_RS_COMP1 you just add to this authorization under the condition that he's the owner of the report (he created it)

the ability to edit, change ect.

If you add more authorization (2) to S_RS_COMP, he would be able to edit also queries hes not the owner of.

Please let me know how it work out,

Best regards,

Miro

Former Member
‎11-23-2011 3:56 PM
0 Kudos

Hi Miro,

maybe I find the problem. S_RS_COMP1 is not direct under the node S_RS_COMP (2) in the tree, so maybe it s problem I don t really know. Is it possible to hang up S_RS_COMP1 direct under S_RS_COMP (2)? No I have it in the independent node ind Business information Warehouse node.

thanks

Petr

Ask a Question