07-10-2014 4:48 PM
Hi Experts,
I am trying to setup Structural Authorization from HCm in BW. I am using 0HR_PA_2 and 0HR_PA_3 extractors to pull the data from HCM in 0TCA_DS01 and 0TCA_DS02. I am able to load the data for both DSO's and Authorizations are generated also via RSECADMIN.
The auth relevant info objects are
0ORGUNIT
0HRPOSITION
0EMPLOYEE
But when i run the query for test user it is giving the error "You do not have the sufficient authorization". Our security guy setup everything for the test user at the back end. Can anyone help me out to fix this problem?
07-10-2014 6:03 PM
Hi Folks,
Please this is urgent. I am stuck here from longtime and do not know what to do because there are no guidelines available. I have checked so many threads but nothing provides any solid help.
Thanks.
07-11-2014 3:59 AM
Hi,
did you try to setup trace in RSECADMIN ? if not please follow below steps to get exact authorization trace which will help you to analyze authorization error.
1) go to tcode - rsecadmin
2) go to tab - Analysis
3) Click on "Authorization Log"
4) Click on "Configure Log Recording"
4) Add user ID to be traced
once done inform user to log out once and try again. now you can read trace data under "Authorization Log"
Regards,
Satyajit
07-11-2014 3:28 PM
Hi Shehzad
Kindly check the below details and confirm.
1. Check auth objects S_RS_COMP, S_RS_COMP1, S_RS_AUTH and S_RS_DSO as you mentioned data is coming from DSO.
2. Now check the value maintained in S_RS_AUTH and copy that value and go to RSECADMIN and in maintenance screen put that value click on display and check whether these relevant auth is maintained (this you can also check in rsecval table).
3. If every thing is fine then go to tcode - rsecadmin-> Analysis-> Check "Authorization Log" ID and put test user Id there and click on run RSRT this will take you to RSRT scrren and there you can Simple RUN or run with debug also.
Now If error came of No authorization go back and check log in that you will get to know the auth obj which is missing in analysis object.
Suggestion: Simultaneously run ST01, so that you will also get auth obj if any is missing as there may be possibilty of multi-cube so for that there is requirement of some other object.
Hope this will help.. Else please share trace results and role objects which is maintained.
One more IMP point if new query or report is created. it will take some time to synch for other users even 0BI_ALL will not work for that user, need to pass that particular values in analysis object which is required.
Thanks
Bhupinder Singh Arora