11-24-2015 5:05 PM
Hi Team,
I cant find the Analysis authorization details in RSECVAL table ,but can find same in RSECVAL_CL.
Also one user not able to run the report due to missing authorization. Ran the report on behalf of user in RSECADMIN and checked the logs.
One info object is conflicting this issue. The error message says confiction of access and intersection. Will attached the error screen.
The Info object which is causing is not maintained as authorization relevant in RSD1. Does this cause the issue ?
Here i wonder one more thing,i cant find the analysis authorization details in the table RSECVAL. but can find the same details in RSECVAL_CL.
Please check and provide inputs/solution.
Regards,
Venu.
11-25-2015 2:10 AM
Hi Venu,
To answer your questions:
RSECVAL doesnt hold anymore the details of analysis auth. This was move to another table as per SAP version. Check this thread:
BW Table RSECVAL doesn't show data
For the infoObject, yes you need to tick before it became authorization relevant and for you to maintain specific values.
I would suggest you check SAP Documentations about BW/BI Authorization.
Thanks,
Santi
11-25-2015 2:10 AM
Hi Venu,
To answer your questions:
RSECVAL doesnt hold anymore the details of analysis auth. This was move to another table as per SAP version. Check this thread:
BW Table RSECVAL doesn't show data
For the infoObject, yes you need to tick before it became authorization relevant and for you to maintain specific values.
I would suggest you check SAP Documentations about BW/BI Authorization.
Thanks,
Santi
11-25-2015 4:30 AM
Hi Santi,
Thank you. Please check blow error. I am not able to attach the error screen shot. Hence pasted the error below.Here the problem is occurring due to characteristic 0PROFIT_CTR__PCATTR19 . When when i checked in RSD1 tcode this is not an info object...but the info object is " 0PROFIT_CTR "
Authorization Check Log
For a general description see the Note 1234567
Date and Execution Time (Local Server)
Execution Date: 24.11.2015
Execution Time: 12:57:50
Executed Query: XXXXXXXXXXXXXX
Transaction RSRT ( BW - output test )
Executed by User XXXXXXXXXXXXX
Executed with Analysis Authorizations of Another User XXXXXXXXXXXXX
Software Component | Release | Level | Support Package |
SAP_BASIS | 740 | 0006 | SAPKB74006 |
SAP_ABA | 740 | 0006 | SAPKA74006 |
SAP_BW | 740 | 0006 | SAPKW74006 |
InfoProvider Check
Building the Buffer...
...Building buffer
Are there authorizations for accessing InfoProvider ZBBP_GL with activity 03?
Authorization exists for general access to InfoProvider ZBBP_GL with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZBBP_GL:
Characteristic |
0PROFIT_CTR__PCATTR19 |
0TCAACTVT |
Authorization Check
Subselection (Technical SUBNR) 1
Value selection partially authorized. Check of remainder at end
All Authorizations Tested |
Also i can see the Info object
0PROFIT_CTR margin:0cm;margin-bottom:.0001pt'>Hi Santi,
Thank you. Please check blow error. I am not able to attach the error screen shot. Hence pasted the error below.Here the problem is occurring due to characteristic 0PROFIT_CTR__PCATTR19 . When when i checked in RSD1 tcode this is not an info object...but the info object is " 0PROFIT_CTR "is not maintained as authorization relevant in RSD1. But other roles which are using this info obejct working fine.
Please check it.
Regards,
Venu.
11-25-2015 1:18 PM
Hi Venu,
You don't need to do anything with authorization relevance of 0PROFIT_CTR. You need to focus on 0PROFIT_CTR__PCATTR19 which is navigational attribute of 0PROFIT_CTR. This navigational attribute must already be authorization relevant.
You can check this by opening 0PROFIT_CTR in RSD1. Then go to Attributes tab. There in the list, you will find attribute PCATTR19. Notice the AuthorizRelevant tab in front of this attribute. This would be checked.
Now about the log:
You must be knowing that in BW, you would get the result only if you have access for all the output. partial authorization doesn't work here. As per the log, user is running the report without any filter on 0PROFIT_CTR__PCATTR19. So system is expecting * access for this object. But user is given selective access. And hence he is getting the authorization error.
Solution:
1. Run the report with appropriate filter on this object, or
2. give full access to the user for info object.
Let me know if this works.
Thanks
Nitesh
11-26-2015 11:34 AM
Hi Nitesh,
I have checked the info object 0PROFIT_C in RSD1 under attributes tab. It has many Attributes, but no one is not mentioned as authorization relevant.
I tried the second point as you suggested.
When we give full access (*) to the info object 0PROFIT_CTR its working fine.But we should not give full access.
Can you please explain the first solution (Run the report with appropriate filter on this object,) bit more clear ?
Regards,
Venu.
11-26-2015 12:05 PM
Hi,
Same user able to run the other Reports which is built on 0PROFIT_CTR__PCATTR19 .
Other reports logs showing same info object.
11-26-2015 12:28 PM
Hi Venu,
For other reports, the user might have analysis authorization providing necessary access on the object. (analysis authorizations can be set up specific to info providers using 0TCAIPROV characteristic).
- Can you post screenshot from RSD1 for attritubte 0PROFIT_CTR__PCATTR19? This has to be authorization relevant, else you can't have it in the analysis authorizations.
- How are you maintaining * access in 0PROFIT_CTR? You mentioned that this object is not even authorizatin relevant. Did you maintain values for 0PROFIT_CTR__PCATTR19?
- As per the log, user has access for 0PROFIT_CTR__PCATTR19 for values (4000000.BB - 4999999.BB) AND (SDAA.BB - SDZZ.BB). So while running report, he should filter it for values in this range only.
Its pretty simple. Lets assume a user is given access for company code A and B. When he runs the report, if he runs it for company codes A, B and C; he will get authorization error. But if he runs report for company code A and B; the report will work fine.
I hope this is clear now.
Thanks
Nitesh
11-26-2015 6:12 PM
Hi Nitesh,
Yes,I have maintained * value in Info object attribute 0PROFIT_CTR__PCATTR19 but not in 0PROFIT_CTR..
I am unable to upload the screen shots (.jpg) as the site not allowing the format and size of it.
While running the report user is not giving any input on input screen.
As you said "So while running report, he should filter it for values in this range only."
You mean to say,needed to give input with in the range as value for the variable Profit centre ?
or this is because of issue with Query we need to make Characteristic variable with authorization as input instead of any other ?... when we give * its working fine. but when restrict Info object attribute 0PROFIT_CTR__PCATTR19 with range its not working.
will try to upload the screenshots once again.
Regards,
Venu.
11-27-2015 7:00 AM
Hi Venu,
Create a test user with same access as this end user (restricted access for info object 0PROFIT_CTR__PCATTR19). Login with this test user and access the info provider of the report via tcode LISTCUBE. Here you would see the info object 0PROFIT_CTR__PCATTR19 in the selection screen.
Play around with this filter, i.e. access with no filter on it, then filter for the allowed values, etc. You would easily how its working. Accordingly you can decide how to proceed for the report/analysis authorization.
Thanks.