Hi,

you don't have to use:

S_RS_ICUBE

S_RS_ICUBE

S_RS_ISET

S_RS_MPRO

S_RS_ODSO

Because you have to set at less one authorization with the following authorization IO:

0TCAACTVT

0TCAIPROV

0TCAVALID

Don't forget:

S_DEVELOP

S_RO_BCTRA in ECC side for activate (remote) Datasource

S_RS_BITM NEW

S_RS_BTMP NEW

S_USER_AGR

S_RS_BC

S_RS_BCS

S_RS_AUTH (Data)

S_RS_IOBJ

S_GUI

S_RS_DS: Authorizations for working with the DataSource or its sub-objects (as

of SAP NetWeaver 2004s)

�� S_RS_ISNEW: Authorizations for working with new InfoSources or their subobjects

(as of SAP NetWeaver 2004s)

�� S_RS_DTP: Authorizations for working with the data transfer process and its subobjects

�� S_RS_TR: Authorizations for working with transformation rules and their subobjects

�� S_RS_CTT: Authorizations for working with currency translation types

�� S_RS_UOM: Authorizations for working with quantity conversion types

�� S_RS_THJT: Authorizations for working with key date derivation types

�� S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings.

�� S_RS_RST: Authorization object for the RS trace tool

�� S_RS_PC: Authorizations for working with process chains

�� S_RS_OHDEST: Open Hub Destination

�� S_RS_DAS: Authorizations for working with Data Access Services

�� S_RS_BTMP: Authorizations for working with BEx Web templates

�� S_RS_BEXTX: Authorizations for the maintenance of BEx texts

�� Authorization objects for the administration of analysis authorizations:

�� S_RSEC: Authorization for assignment and administration of analysis

authorizations

�� S_RS_AUTH: Authorization object to include analysis authorizations in

roles

�� Changed Authorization Objects:

�� S_RS_ADMWB (Data Warehousing Workbench: Objects)

hope it helps

I needed to get clarification on a point you said:

"

you don't have to use:

S_RS_ICUBE

S_RS_ICUBE

S_RS_ISET

S_RS_MPRO

S_RS_ODSO

"

You still need these objects in order to change the infoCube definition (for example) so don't just delete them from your roles otherwise developers will not be able to maintain these objects.

SAP only refers to no longer using these objects for checking from Analysis Authorizations. I also read the following on analysis authorizations but I think it is confusing. Can we get confirmation on what this statement means from SAP Labs?

"The authorization objects S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and S_RS_ODSO will no longer be checked during query processing. Instead, the check is performed using special characteristics 0TCAIPROV, 0TCAACTVT and 0TCAVALID."

So does that mean you no longer need the following defined in any roles?

S_RS_ICUBE

Activity= 03 (Display)

Object = DATA

Because the Display of data is now controlled through an analysis authorization object containing 0TCAIPROV, 0TCAACTVT and 0TCAVALID. Is that what that statement means???

I got the info I required.

"The authorization objects S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and S_RS_ODSO will no longer be checked during query processing. Instead, the check is performed using special characteristics 0TCAIPROV, 0TCAACTVT and 0TCAVALID."

You no longer need the following defined in any roles!

S_RS_ICUBE

Activity= 03 (Display)

Object = DATA

Because the Display of data is now controlled through an analysis authorization object containing 0TCAIPROV, 0TCAACTVT and 0TCAVALID.

Factors like Activity 03, Object = Definition are still required in order to access the object from a developers perspective.