01-06-2016 8:43 PM
Hi Experts,
I am new to BI security.. I have a requirement where a query is run and it has a drop down which has a list of company codes and after selecting anyone of them the output is displayed. The issue is the user is only getting one company code in the drop down.. I have got the authorization check log.. While says not authorized.. I have tried to find out the missing info object in RSECVAL table but I am not able to find this. I also believe that it might be issue related to ':' aggregate. Could you please help me in resolving this. I have attached the log as well.
Regards
R.
01-07-2016 1:39 AM
why would you want a user to see company codes in a drop down if they do not have access to them? If they were to select an unauthorised company code then they will get the error on execute.
Limiting the list to choose from seems more user friendly
sounds like you need to check your analysis authorisation to add more company codes or the user is only meant to see one.
01-07-2016 5:42 AM
Hi Colleen,
Thanks for the response.
The requirement is as such that the user should be able to see other company codes in the drop down.
Could you please let me know the steps which should be followed irrespective of the authorization error received in BI.
I wish to find out how is this user getting access to only one company code (SE3) .
Regards,
R
01-07-2016 5:49 AM
without looking at it, I'm not sure. To me though it doesn't make sense to provide all values unless the users is authorised to all values.
as far as company code list, the two reasons I can see are whether user has the 0COMP_CODE value with the activity, multiprovider and validity combination in your analysis auth (this will appear in your trace file via rsecadmin). The other possibility is that there is no data for the other company codes so they do not appear in the list
Regards
Colleen
01-07-2016 6:18 AM
Hi Colleen,
Please find below the detailed trace file:
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider @3ZCLM_IS21:
Characteristic |
@3ZCLM_IS21@0COMP_CODE |
ZOPERCOMP |
Authorization Check Detail Check for InfoProvider @3ZCLM_IS21 Preprocessing: Selection Checked for Consistency, Preprocessed and Supplemented As Needed Subselection (Technical SUBNR) 1 Check Node Definitions and Value Authorizations... Node- and Value Authorizations Are OK End of Preprocessing Filling the Buffer... ...Buffer Filled Main Check: Subselection (Technical SUBNR) 1 Supplementation of Selection for Aggregated Characteristics Check Added for Aggregation Authorization: ZOPERCOMP Authorizations missing for aggregation (":")
The authorization check stops here as this selection is no longer needed Message EYE007: You do not have sufficient authorization Regards, R |
01-07-2016 6:29 AM
since this is custom, have you tried updating the analysis authorisation with the missing value of EQ : to see if this will show the rest of the company code values
01-07-2016 6:45 AM
Hi Colleen,
In our project we are not assigning the analysis authorisation directly, it has to be granted through S_RS_auth.
In that case do i have to create a new analysis auth with the colon characteristic and then assign in the role.
And also i would like to know if there is a way to find if there is any existing analysis authorization with the colon ,which i can find in a role and assign the role to the user.
Regards,
R
01-07-2016 7:00 AM
Hi,
I dont think that making appear all company codes visible in drop down and choosing some of them for query execution with respect to authorization is possible.
Displaying company codes in drop down is exactly respect to the values in user's AA.
Thanks, Krishna
01-07-2016 7:07 AM
Hi Krishna,
As you stated that Displaying company codes in drop down is exactly respect to the values in user's AA.
So could you please help me, how to find them out?
Regards,
R
01-07-2016 9:40 AM
Whatever values (companycodes) are displayed in drop down are assigned in user's AA , Collect all the AA's of user from RSU01 tcode and list out in RSECVAL(if BI system is not 7.4 version) table to see the values.
You may give * value to infoobjet(compnaycode) and look up the possible values in drop down.
Thanks,Krishna
01-07-2016 9:56 AM
HI Krishna,
I have checked the user has many AA's with (companycodes) some have * values and some have EQ : with a value.
So what should i do in such a case .
Also i have seen the below trace log:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: ZOPERCOMP
Authorizations missing for aggregation (":")
Char. | ZOPERCC_NSI |
ZOPERCOMP | I EQ NDI,... |
So i believe i have to add colon ':' characterstic .
Regards,
R
06-13-2016 11:54 AM
Hi Rohit,
The report will show you all those company codes which are maintained in the same AA which has the report's infoprovider (infocube/multiprovider).
this is under assumption that, in your BI security design you maintain infoprovider attribute and company code attribute in the same AA.
If a user is only able to see some CCodes in the report, that may be because the AA which contains the infocube of this report has less number of CCodes maintained in its infoobject Comp_code.
Thanks, Anish
06-09-2016 2:37 PM
Hello, You need to add colon authority to existing Analysis authorization. From the trace given above it seems colon authority is missing. But it is also true why to give access to other company code to user. A user should be able to execute company code to which he belongs.