cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PS 50306 - Failed to retrieve the data source object tree for the exploration space

Go to solution
former_member598675
Explorer

on ‎09-19-2013 8:50 AM

0 Kudos
PostPosted: Wed Sep 18, 2013 7:51 am
Post subject: PS 50306 - Failed to retrieve the data source object tree

Dear all,

I need your help.
I'm trying to make Exploer Information Spaces available for BO users. I've created an Information Space and saved it in a public folder. But it doesnt work. I get the following message when I try to open it with my testuser:

It was not possible to open the information space.

Can't apply the object level security. (PS 50306)

Failed to retrieve the data source object tree for the exploration space { id: 45a553db-cc78-48fd-ab5a-2f46d4c03bc2, name: test_infospace, version: 2013-09-18_14.44.54.519 }.



I've given the user FULL CONTROL on universe, connection, explorer application and information space as well as the containing folder.
It does not work.
Though, when I add the user to admin group it works.

Anyone an idea?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member598675
Explorer
‎09-20-2013 6:51 AM
0 Kudos

Hello,

In fact, that it worked when I add the user to "Universe Designer" group, I've investigated a little further. It seem's the solution ist, the user, or user group needs "Full Control" on top level for universes.

I've now granted "Full control" on top level universes for my "All company users" group, but erased the access then on the subfolder universes, so every one see's just the universes his department-group is allowed to.

The "full control" is only on top level an inherited no further down. But this seems to work.

Show replies
Show replies
Former Member
‎09-20-2013 7:15 AM
0 Kudos

Hi Stefan,

I am glad that it is working now at yor end. That is the reason why I asked:

"Also, let me know if you have assigned rights Full Control at the Top Level for universe and connection or you have given rights explicitly to specific universe"

Regards,

Nakul Mehta

Former Member
‎09-20-2013 7:25 AM
0 Kudos

For Explorer, at a minimum you need "View" permission for your User or Group on the Top-Level Security for Universes.

former_member598675
Explorer
‎09-20-2013 7:29 AM
0 Kudos

We had view on demand before on top level, but it did only work having full control.

former_member393760
Explorer
‎10-01-2013 4:02 PM
0 Kudos

Hello Stefan,

How did you granted "Full control" on top level Universes for "All company users" group?

And have you erased full control for user on connection/application or....?

I like to hear from you.

Regards, Marco


former_member598675
Explorer
‎10-02-2013 6:27 AM
0 Kudos

Hi Marco,

In the CMC navigate to "Universes" and chose there "Manage" -> "Top-Level Security" -> "Universes". Then add the Group you want to and give full controll.

I've the deleted the group from every universe by assigning security and unchecking the "Inherit from parent" box.

That worked fore me.

Connection has "View" rights, too.

former_member393760
Explorer
‎10-04-2013 9:44 AM
0 Kudos

Hi Stefan,

I tried you're solution but it still doesn't work for us.

We're still on SP4.9. Maybe it's time to upgrade.....

Thanks anyway!

Regards, Marco

Answers (3)

Answers (3)

Former Member
‎11-01-2013 5:28 PM
0 Kudos

Hi Everyone,

Really interesting topic this. We're having the same problem, but with a twist.

We do not want Everyone to see all universes in BI Suite. We therefore have Everyone set to No Access on the top level Universes but we grant specific groups access to universe folders underneath. This works really well in Webi. People can only see what they are meant to see.

But this configuration doesn't work with Explorer. I get the error above, whether I go in as a Standard user or as a Pro licence holder.

To get it to work, I had to set Everyone to Full Control at the top level and let this be inherited downwards. Now for sure Explorer works, but within Webi, the same user can now see all universes and run reports against it!

I find it really hard to believe that it is not possible to provide granular access to both Webi and Explorer content at the same time.

Any ideas?

Show replies
Show replies
Former Member
‎09-25-2013 5:20 AM
0 Kudos

Hi

I had a similar problem.

Please try this...this worked for me.

CMC > click on Connections

Navigate to the connection object, right click on the connection name and choose "User Security"

Click Add Principle and either add the user or a group the user belongs to.  Click "Add and assign security"

Choose the "View" access level and move to the right side.  Choose OK.

Thanks

Sandeep

Show replies
Show replies
Former Member
‎09-19-2013 11:28 AM
0 Kudos

Hi,

Try after adding users "Universe Designer" group in CMC.If it doesnt work, can you explain your security mapping on folders level.

Utku Sancaktar

Show replies
Show replies
former_member393760
Explorer
‎09-19-2013 12:17 PM
0 Kudos

Hi Utku,

I got the same problem as Stefan describes. If I add the user to "Universe Designer-" or "Admin group", Explorer works fine.

But if I do the user gets to much rights.

Is there another way without changing authorization?

Regards,

Marco

Former Member
‎09-19-2013 12:31 PM
0 Kudos

Hi,

If you are using sap authentication and WinAD authentication both, you got same problem.You can not resolve it by changing security.You should disable connectionservers and add new ones.After that you will see that your security is working ok.I think your patch level is SP5.This is a kind of bug.You should try upgrading your system to SP6 patch4 or SP7.

Utku Sancaktar

former_member393760
Explorer
‎09-19-2013 1:10 PM
0 Kudos

Hi Utku,

Thanks for your quick reply!

We're only using the WinAD authentication. What do you mean with disable connection servers and add new ones? Sorry, not that technical. I created a new .UNX Universe because the current Explorer doesn't works with .UNV Universe formats.

We've installed service pack 4.x and are thinking about upgrading to service pack 6 or 7.

Regards,

Marco

former_member598675
Explorer
‎09-19-2013 1:31 PM
0 Kudos

Hello,

I've also tested it adding the user to universe-designer group. Then it works. The strange thing is, I had already granted the user directly FULL CONTROL on universe, connection, and information space as well as Explorer application.

We're on BO 4.0 SP6 Patch5.

But I also don't want to give them Universe Designer rights.

As for my security mapping on folders, its as following:

I've a group called all_company users which has view on top level folder and view on demand on Webi Application.

Then I have subdirectories, like Marketing or Controlling. On these folders I've erased the view for all_company group.

On each subfolder the according group like eg. marketing_group has view on demand rights.

What I would like to do is, give some users of the marketing group access to BO Explorer und let them see only the Information Spaces in the Marketing folder. The should be able to use WebI and Explorer but nothing else. And further see only their folders and universe they are granted by marketing_group.

But as discriped curretly I'm just trying to get access at all for an user without adding him to administrators.

Description of security mapping added. Message was edited by: Stefan Riegel

Former Member
‎09-19-2013 2:21 PM
0 Kudos

Hi,

What about the folder level security?Because all of the users are also member of "Everyone".So you have to be sure that your users doesnot get any role from Everyone group.If you say this is also ok, you should try to add new ConnectionServers.

Utku Sancaktar

former_member598675
Explorer
‎09-19-2013 2:36 PM
0 Kudos

I'm not sure if i undersand you right. All users are in the "everyone" group. But as I anderstand the BO security when there is nothin explicit denied for the everyone group, the higher permission should be effected the user gets from another group. right?

Former Member
‎09-19-2013 2:59 PM
0 Kudos

Hi Stefan,

Kindly mention the Explorer version.

Also, please have a look at:

http://service.sap.com/sap/support/notes/1808413

This SAP Note mentions one particular defect with user rights in Explorer. To confirm this, you can try indexing the InfoSpace with the same user and compare the error message which is mentioned in there.

Also, let me know if you have assigned rights Full Control at the Top Level for universe and connection or you have given rights explicitly to specific universe.

Regards,

Nakul Mehta

former_member598675
Explorer
‎09-19-2013 3:06 PM
0 Kudos

Hello Nakul,

Explorer Version is the same, Explorer 4.0, SP6P5.

For testing I've appllied full control to the used UNX universe, the inforamtion space, the used connection and also to explorer app.

The information space was created with admin user. Normal user should not be able to create spaces, just to explore.

Ask a Question