07-11-2007 10:39 AM
Hi All,
I am currently facing an issue with BW Authorization in query. Following are the steps that we have gone through. FYI, the characteristic has been setup as 'Authorization Relevant'. RSECADMIN is the transaction code that we are using. Currently we are in BI 7.0 Support Level 12.
1. Create an authorization with the following objects in the authorization.
ZDISGEO is the characteristic that we need to filter in our query.
0TCAACTVT
0TCAIPROV
0TCAKYFNM
0TCAVALID
ZDISGEO1
2. Create role with the above authorization.
Profile was also generated.
3. Added the role in user maintenance for a particular user.
4. Created a query with a variable for ZDISGEO1.
The variable is set to processing by: Authorization.
This variable is also added into the Restrict panel.
When we run in RSECADMIN by simulating the user that we have added. It seems that the query is still displaying all data.
Help needed urgently.
Thanks.
07-11-2007 12:33 PM
Hi David,
Try to add S_RS_AUTH object in the role and enter the Authorization object that you created in RSECADMIN.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
07-11-2007 10:55 AM
Hi,
after change run this report to validate your change:
PFCG_TIME_DEPENDENCY
Hope it helps
07-11-2007 11:07 AM
07-11-2007 12:33 PM
Hi David,
Try to add S_RS_AUTH object in the role and enter the Authorization object that you created in RSECADMIN.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
07-11-2007 3:57 PM
Hi Santosh,
Thanks for your reply. I think that was already added in the role in RSECADMIN.
Thanks.
07-11-2007 12:34 PM
Hi,
you have to execute the transaction SE38 and then the report PFCG_TYME_DEPENDANCY.
Hope it helps
07-11-2007 3:58 PM
Hi Grevaz,
I have run the job but still when I tried to impersonate the user using RSECADMIN interface it does not work.
Thanks.
07-19-2007 4:06 AM
07-19-2007 4:15 AM
Hi All,
I have found that in the user maintenance, the profile and the role do not seem to be synchronised. It seems the profile contains an additional global profile that allows the user to view all data. We have removed it and it is working now. I am not too sure how this profile exists for the user. It could be that we added the role previously and when we removed the role the profile does not get reflected.
Thanks.