Solved: S_RS_AUTH ?

Former Member · ‎02-08-2008

Hi,

Can anyone please explain in very simple terms exactly WHAT S_RS_AUTH is, WHY we use it and HOW we use it?

I've read various things relating to it, but I'm still unclear. A simple explanation would be most grateful.

Many thanks.

former_member74904 · ‎02-08-2008

the S_RS_AUTH object is used to store the analysis authorization objects in the role for which a user is authorized.

so every analysis auth. object you create in RSECADMIN will need to be in the S_RS_AUTH object.

former_member74904 · ‎02-08-2008

the S_RS_AUTH object is used to store the analysis authorization objects in the role for which a user is authorized.

so every analysis auth. object you create in RSECADMIN will need to be in the S_RS_AUTH object.

Former Member · ‎02-08-2008

From what I've read, every user should be assisgned S_RS_AUTH.

Do you just have one S_RS_AUTH or do you create multiple versions of S_RS_AUTH (with different names) depending on the different access required by different users?

If you just have one S_RS_AUTH which contains all the Auth Obj's, surely, this would provide too much access for some/all users.

former_member74904 · ‎02-08-2008

when using analysis authorization, every user should indeed have this S_RS_AUTH object assigned.

 Mark wrote:

Do you just have one S_RS_AUTH or do you create multiple versions of S_RS_AUTH (with different names) depending on the different access required by different users?

If you just have one S_RS_AUTH which contains all the Auth Obj's, surely, this would provide too much access for some/all users.

it doesn't really matter how many versions you create, as long as the role where S_RS_AUTH resides is assigned to the correct users. if you put al your analysis auth. objects in every instance of S_RS_AUTH, surely your endusers will end up with a way to broad access.

if you create several roles with S_RS_AUTH and specify the different analysis objects in each one, you should be on the right track.

Edited by: Dimitri van Heumen on Feb 8, 2008 1:51 PM

Former Member · ‎02-08-2008

Hi,

I will try to put it in a much simple manner ..

We assign S_RS_AUTH object to users through roles...

Lets say we have 2 analysis authorizations viz ZCOSTCNTR and ZPRCTR for cost center and profit center restrictions respt.....these are created using RSECADMIN where ZCOSTCNTR has 0COSTCENTER infoobject and ZPRCTR has 0PROFIT_CTR... with some specific values for each of these..lets say ZCOSTCNTR is restricted at C1000 and ZPRCTR is restricted at P1000 ...

Now you want to restrict User A to cost Center C1000 and User B to Profit Center P1000 for some queries...

For this we create two roles Z:COSTCNTR_REST and Z:PROFITCNTR_REST...add the object RSAUTH to both these roles.. add value ZCOSTCNTR to the field BIAUTH in the object S_RS_AUTH in the role Z:COSTCNTR_REST and add value ZPRCTR to the field BIAUTH in the object S_RS_AUTH in the role Z:PROFITCNTR_REST...

Now assign the role Z:COSTCNTR_REST to User A and role Z:PROFITCNTR_REST to User B...

Assuming all other authorizations are available to the users.. these users will be restricted at the values maintained in the analysis autho during query execution...

So basically you dont have to create multiple versions of S_RS_AUTH... u create multiple analysis authorizations and assign them to the users via S_RS_AUTH as per your requirement...

PS: Kindly note that you can also assign the analysis authorizations directly to the users using RSU01 .

Regards

Sachin