Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BW rssb_generate_authorizations not working.

former_member318517
Participant

‎12-12-2011 3:41 PM

0 Kudos

Hello all,

We have a few BW reports that use structural authorizations from ECC to execute. I believe the jobname that extracts the structural auths from ECC and generates the RSR profiles is rssb_generate_authorizations. Here is the problem:

Users are having RSR profiiles added to their ID in the profile tab in SU01 however this isn't enough to actually execute the report. They also need to have a single RSR profile assigned to them which can be seen if you navigate in RSECADMIN...User...Analysis Authorizations...Assignment. That profile contains the two InfoObjects 0HRPOSITION and 0ORGUNIT. This profile is NOT getting created and assigned to the User by this job.

Question: Is the job rssb_generate_authorizations the job that is supposed to create and assign that single RSR profile to the user in the RSECADMIN section as I described above? If so, then I suppose there is something wrong with the job.

Thanks,

Tom

6 REPLIES 6

shivraj_singh2
Active Participant

‎12-12-2011 7:41 PM

0 Kudos

Tommy,

rssb_generate_authorizations - is used in Bw 3.x settings

RSECADMIN is used in BW 7.0 Settings

rssb_generate_authorizations - is not for extraction : Extraction is done using InfoPackage - This job is for generating authorizations from the data extracted in 0PA_DS02 or 03.

In 7.0 settings rsec_generate_authorizations is used, rest of the process is pretty much the same

and generation is done for 3 objects - Position, Orgunit and 0Employee

So first thing you should do is to check if these objects are properly maintained, you mentioned Position and Orgunt but not Employee.

Before going to generated profile - make sure the user is assign proper Infoprovider access through the standard authorization objects i.e. S_RS_COMP and S_RS_COMP1 etc.

In 7.0 settings, generated profiles will contain Orgunit, Position and Employee InfoObject but, for analysis authorizations to work, user must have access to 0TCA objects also. If the users are getting assigned RSR_ profiles as you mentioned, then the error is not with the generation job. Most likely you are missing 0TCA* objects in your analysis authorizations.

Regards,

Shivraj

former_member318517
Participant
In response to shivraj_singh2

‎12-12-2011 8:55 PM

0 Kudos

Shivraj,

Thank you for the response. Yes..I meant generating the RSR profiles. I have everything else in place to run the HR reports...S_RS_COMP access and a Analysis Auth I created which grants access to the InfoProviders the reports run off of (The OTCA objects you spoke of).

I think something strange is happening with the program in that all the users are getting 4 RSR profiles assigned to their ID in the profile tab of SU01 (every 7 days it swaps them out)...which aren't enough to actually execute the report because they contain custom InfoObjects and not 0ORGUNIT and 0HRPOSITION which is required to fully execute the report. 0EMPLOYEE doesn't appear to be required for their reports. However only about half the users are getting one single RSR profile assigned to their ID which can only be viewed via RSECADMIN and of course table RSECUSERAUTH. That single RSR profile contains 0ORGUNIT and 0HRPOSITION which enables them to run the reports.

So...one, I'm not sure the purpose of of those 4 RSR profiles getting assigned to their ID in SU01 is for, Two, I don't know why that one single RSR profile viewed via RSECADMIN is not showing up for a user in SU01D and three, not sure why half the people have that single profile and half don't. Perhaps the background job stopped working at one point. I'll have to talk to the BW Team.

Thanks,

Tom

shivraj_singh2
Active Participant
In response to shivraj_singh2

‎12-13-2011 1:05 AM

0 Kudos

Tommy,

The GENERATION job reads and generate from the DSOs, please check the tables /BI0/APA_DS0300 and/or /BI0/APA_DS0200 and see what are the entries under TCTNIOBJNM, My guess is that you will see the custom objects in there and not 0HRPSOITION & 0ORGUNIT for users with 4 profiles.

You can solve this problem at extraction, in the InfoPackage filter in only the values for O S P, i.e. Orgunit, Position and Employee.

You may not need Employee for this query but it may be needed for other structural authorization based query.

Once you have filtered the extraction for O S P, the user who are properly maintained in ECC for PD profiles will get proper profiles and will be able to run queries.

You may see some users not getting any RSR profiles, then you will have to repeat the process again - check /BI0/APA_DS0200 & /BI0/APA_DS0300 tables, see what values are there for the user, if there are no values then check the ECC for T77 tables to confirm what values are user authorized for.

Regards,

Shivraj

former_member318517
Participant
In response to shivraj_singh2

‎12-13-2011 2:32 PM

0 Kudos

Thank you Shivraj. You've provided a lot of information for me to bring to the BW Team so I've awarded 10 points. Hopefully we can get it all working.

Regards,

Tom

shivraj_singh2
Active Participant
In response to shivraj_singh2

‎12-13-2011 5:41 PM

0 Kudos

Tommy,

Thanks for the points, appreciate it, but please post the final outcome - the issues you faced and the solution you came up with, I am sure it will be helpful for many others.

Regards,

Shivraj

former_member318517
Participant
In response to shivraj_singh2

‎01-24-2012 10:45 PM

0 Kudos

Job in BW 7.0 is RSEC_GENERATE_AUTHORIZATIONS. That did the trick.