on 10-11-2006 3:56 AM
Hi Dears,
I need to implement a new authorization object to restrict values of characteristics per USERS.
I am using BW 7.0 version and RSECADMIN transaction.
I created an authorization object "ZTEST" with characteristics following related:
- 0SALESORG = 1122
- 0TCAIPROV = *
- 0TCAACTVT = 03
- 0TCAVALID = *
But, When I run the query appear the message error:
"The user have no authorization to access"
Using SU53 Transaction I saw more details about the authorization error:
"Authorization Object S_RS_AUTH BI Analysis Authorizations in Role
BI Analysis Authorizations: Name of an Authorization 0BI_ALL"
After this, I did another tests:
1) I assigned the authorization "0BI_ALL" in the ZTEST object, But the authorization doesn't work yet.
2) I created another authorization object, copy of 0BI_ALL. But, the problems occurs again.
"The user have no authorization to access"
Despite, it is only working when I use the 0BI_ALL authorization object.
But, The 0BI_ALL provide access to everythings and it´s impossible for us.
Please, I would like to create a new authorization object with specifics characteristics. Can you help me?
Thanks a lot.
Best Regard,
Caio Galantini.
São Paulo - Brazil
All,
Has anyone resolved this error? I am having the exact same error as described by several people on this thread. I have tried everything mentioned in the thread and read all the OSS Notes referenced and I still get the same error message.
Are there any steps I would have missed?
-- I have created the new authorization via RSECAUTH. The new object ZEMPLOYEE is restricted to only 1 employee number (just to test). InfoObject 0EMPLOYEE is marked as auth-relevant.
-- I also included the 3 special objects 0TCAACTVT = 03, 0TCAIPROV = *, 0TCAVALID = *. The 3 objects are also marked as auth-relevant
-- I added the new object ZEMPLOYEE to user via RSU01. Also tried creating a brand new role with just S_RS_AUTH = ZEMPLOYEE and assigned to user.
-- When user executes report, it gets the "You do not have sufficient authorization" message.
-- I tried creating an authorization BEx variable for the InfoObject as suggested and that didn't work either.
-- As per oss note 820183, I also regenerated 0BI_ALL and ran $SYNC in the system. None of these corrected the problem.
Have I missed any steps? Is there something special I am missing?
Thanks.
Jose
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I had the same issue and after a lot of research, i found out the following solution. I am not sure if this is the standard way. But the restriction works for me anyway.
Lets say, you are trying to restrict "plant" using RSECADMIN.. This plant should be a part of the selection screen in the BI report. Then only the restriction works. Otherwise, it keeps on giving you this authorization error.
In the initial state, our report did not have "plant" as part of the selection screen. But when i restrict, it was not working even through i marked the object as "authorization relevant". But the same was working fine for SD report when i try to restrict using "distribution channel". I compared both the reports and found the onl difference was : Plant was not there in the selection screen of the PM report where as "Distribution channel" was part of the selection screen in the SD report. I asked the BI consultant to include "plant" as part of the selection screen in the report and then restricted using RSECADMIN and It worked perfectly!! .. Im not sure if this is the standard and if its because it checks the selection screen during run time. But my issue was solved anyway.
Hope this helps. Award points if this solve your problem.
Regards,
Jazz
Hi All.
I faced the same problem and I think I found a solution.
Try to proceed this way:
1. Make a copy of 0BI_ALL in RSECADMIN
2. Edit new created authorization object (copy 0BI_ALL)
3. Make a restriction for characterictics you want to use for authorization
4. Assign your authorization object to the user. You don't need any other auth. objects.
In may case it works. I have a user without sap_all profile and with suppressed R_SR_AUTH in a role.
Hope it helps.
Regards
Maciej
Edited by: Maciej Garecki on Nov 16, 2008 2:42 PM
To use RSUDO for interactive planning you need to turn on the authorization and hit execute and on the next screen hit execute and let the system tell you that no query exists. Then, go do the transcation and it WILL record the authorization and you can review it via the log.
The reason why the input products wasn't working was because the SAP functionality for DP-PPM performs an aggregation for the components (even when you are on the output) and aggregation requires the concept of colon authorization.
Within the authorization object in RSCEADMIN add a new line for the characteristics and add a new line with the value of ":"
You need to include the 0TCA characteristics esp. 0TCAIPROV (with the value of the infoproviders) in the analysis authorization that you've built.
I had the same issue and unfortunately the trace wouldn't give much clues.
I know that the thread is rather old but hope this helps those folks who are looking for assistance on this issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
0BI_ALL need to be updated just like SAP_ALL.
You can update 0BI_ALL thru RSECADMIN -> Extra -> Update 0BI_ALL Authorization.
For SAP_ALL, you uses SU21.
Hope this help.
Thanks,
Lye
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
I had the same problem and i resolve in this way:
1) Also if the user has to be restrained to <u>only one characteristic</u> (ES: Costelement = 1000*) you have to put in the authorization built in RSECADMIN all authorization relevant infoobjects that you have in your infocube (the value in RSCEDADMIN will be = *)
2) You have to make an authorization relevant variable in BEX for 0costelement that will be not ready for input if the user don't have to select the values in pop up; if the user has to select values you make it ready for input but it is mandatory to make the variable.
3) Add also the infoobject 0tcakyfnm in authorization RSECADMIN and make the value = *
In this way it works great.
Hope this help.
Alessandro Baiocchi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am also facing the same issue. I am trying to restrict at Compnay code level/Region level. When I have * in S_RS_AUTH then I can see all the data for all the regions. When I put specific region authorization in S_RS_AUTH then I get error message "insufficent Authorizations" Any help would be appreciated.
Gurpreet Mann
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Put the name of the authorization object you created in RSECADMIN in the s_rs_auth and remove 0bi_all. Your have 3 ways of working. add your authorization object created with RSECADM direct to the user, work with a user group or when you uses functional authorizations with the PFCG add the object to s_rs_auth. You can see rsecadmin which objects are added in s_rs_auth.
Bye Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
did you add S_RS_COMP and S_RS_COMP1 to the user
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I'm sorry for jumping into this conversation, but I'm having the same exact problem. I'm trying to restrict to a specific fund center, but the SU53 comes back stating I need to grant 0BI_ALL which defeat the purpose of restricting. I've applied the suggested RFC, S_RS_COMP and S_RS_COMP1 but still doesn't work. Any other suggestion? Thanks in advance for your help.
did you assign , infocube object/ods object too
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, when I execute the query appear the message error.
"No authorization"
When I acess the SU53 transaction, I see the log:
"Authorization Object S_RS_AUTH BI Analysis Authorizations in Role"
"BI Analysis Authorizations: Name of an Authorization 0BI_ALL"
If I assigned the autorization "0BI_ALL" in object authorization "S_RS_AUTH" the query works. But I need to restricted the values of characterirtic 0SALESORG.
Thank's
you also need to give the user access to S_RFC, infocube/ODS and type is REP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.