cancel
Showing results for 
Search instead for 
Did you mean: 

Data Access Profile migration to BI Analysis Authorization

Former Member
0 Kudos

Hi ,

Is it possible to create BI Analysis Authorization from BPC Data Access Profile?

Thanks.

Andrea

Accepted Solutions (0)

Answers (2)

Answers (2)

rodolfo_bermudezneubauer3
Active Participant
0 Kudos

Andrea:

I am in the process of attempting to mirror BPC Data Access Profiles access rights (Dimension Members) in BW Analysis Authorizations by using a User-exit BEx Variable that determines the according values by going through the backend BW and BPC tables (UJE_MEMACCESS, UJE_TEAM_AGR, USR04, etc.).  My requirement is to control access rights on the BW InfoProvider (0COMPANY is authotization relevant) that feeds actual data to BPC using the same logic and values assigned on the BPC side (ENTITY is secured and mapped from 0COMPANY) in order to simplify security administration leaving it entirely on the BPC side (BW should inherit rights from the DAP defined and assigned in BPC). My proposed solution would require a single Analysis Authorization on the BW that dynamically determines the allowed members for every user through logic defined in the User-exit variable.  

If I manage to come up with a straightforward and simple solution I will post it here.

Cheers

rodolfo_bermudezneubauer3
Active Participant
0 Kudos

For the time being, I've come up with the following logic that should de coded into the Include for BEx variable User-exit:

1. Read current USER from system variable (use function module RSEC_GET_USERNAME as SY-USER will not work with Analysis Authorizations when debugging with tx RSUDO)

     call function 'RSEC_GET_USERNAME' 

           importing 

                e_username = l_username. 

2. Determine ABAP Backend AUTH PROFILES assigned to l_username through table USR04


3. Determine corresponding ABAP ROLES for assigned AUTH PROFILES through table AGR_1016

4. Determine BPC Data Access Profiles (field CAPTION) for assigned ABAP ROLES through table UJE_PROFILE_AGR (optionally can filter APPSET_ID through through roletype ZBPC_xxUnnnnn ABAP Role in table UJE_USR_AGR)

5. Use BPC PROFILE_ID from table UJE_USR_AGR to determine allowed members for secured BPC Dimension (ENTITY) from table UJE_MEMACCESS

6. Fill e_t_range internal table in BEx Variable user-exit with member values read from UJE_MEMACCESS (optionally, check list of member values against BW Master Data table for 0COMPANY)

Any suggestions are appreciated.

Regards

former_member200327
Active Contributor
0 Kudos

Hi Andrea,

Right now it's a manual process. If you have 1:1 mapping between Standard Dimensions and Embedded InfoObjects then it should be straightforward.

Regards,

Gersh