cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BW authorizations for universe connections

Go to solution
Former Member

on ‎01-28-2014 12:08 PM

0 Kudos

Hello experts,

Is it possible to use a universe without giving the user 0BI_ALL authorization? We want the same user to connect via BICS and universe and if we use 0BI_ALL for universe connections, the analysis authorizations for BICS doesn't work.

Any idea on how to have row security levels on both connections at same time?

We are using BW 7.0 and BO 4.0 SP5.

Many thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

IngoH
Active Contributor
‎01-28-2014 1:52 PM
0 Kudos

Hello David,

0BI_ALL is related to BI authorizations in BW and is related to data level based security.

So unless you configured BI Authorization in BW for data level security you won't need it, but in case you have objects with data level security then you will either have to assign 0BI_All for users that can see everything or other objects for limiting the access - regardless of how you access the data.

regards

Ingo Hilgefort, SAP

Show replies
Show replies
Former Member
‎01-28-2014 2:02 PM
0 Kudos

Hello Ingo,

That's the issue. We want to keep row level security from both, Bex Queries and universes. And tracing from st01 the authorities when you access to BW from a universe it requests 0BI_ALL.

tcode

BIAUTH     0BI_ALL

type       RF

name       RSDRI_INFOPROV_READ_DF

If we give the user 0BI_ALL for universe access(managed with profiles), the user will have access to all data through BICS.

Any idea whether it's possible or not to have both authorizations working at same time?

IngoH
Active Contributor
‎01-28-2014 2:06 PM
0 Kudos

Hello David,

using BI Authorizations in BW and then adding data level security in the Universe on top of that will only lead to situations like you have now.

Data Level security goes into BW alone or into the Universe alone, mixing both will lead to issues and remember that the Universe has far less capabilities in this area.

0BI_ALL is only related to data level security, so the fact that you see the request for 0BI_ALL in the trace clearly shows that your defined data level security entries contradict each other somehow and that BW then requires 0BI_ALL for the user to give the data that was requested.

like I said above, not a good idea to mix those data level security concepts. all data level security should be in BW already.

Also - why even use the Universe inbetween ?

regards

Ingo Hilgefort, SAP

Former Member
‎01-29-2014 8:44 AM
0 Kudos

Hello Ingo,

We don't want the user to use a universe in between. We want the user be able to use BO Explorer with universes and Webis or Crystals with BICS connections. So we need to use row level security on both.

I think we have found the answer in this post. At least something to try....

http://wiki.scn.sap.com/wiki/display/BOBJ/BW+With+RFC+JCO+Connections+In+Information+Design+Tool

We have to set up the RFC in the JCO connector and try it not to use 0BI_ALL.

Many thanks,

David

Former Member
‎01-29-2014 11:27 AM
0 Kudos

I've solved the issue using the information in the previous post. It's needed to change the JCO connector customizing using the Data Federation Administration tool and set the "authoritycheck" parameter to 0.

teuku_faruq
Participant
‎12-12-2014 7:51 AM
0 Kudos

Hello David,

Thank you so much for your insight, I created a blog for this

Let me know your comment.

Cheers,

Faruq

Answers (1)

Answers (1)

Former Member
‎01-28-2014 12:49 PM
0 Kudos

Hi,

Please check the following link:

Authorization in SAP NW BI - SAP NetWeaver Business Warehouse - SCN Wiki

Thanks and regards,

Wafa.

Show replies
Show replies
Former Member
‎01-28-2014 1:17 PM
0 Kudos

Hello Wafa,

Thanks for you answer, but this is just about BW authorizations. I don't have problems with that, the issue is with 0BI_ALL that is requested to get data from a BO universe. I need how to do that without giving 0BI_ALL to the user.

Regards,

David

Ask a Question