Solved: Cant find the Analsysis authorizaiton details in R...

Former Member · ‎11-24-2015

Hi Team,

I cant find the Analysis authorization details in RSECVAL table ,but can find same in RSECVAL_CL.

Also one user not able to run the report due to missing authorization. Ran the report on behalf of user in RSECADMIN and checked the logs.

One info object is conflicting this issue. The error message says confiction of access and intersection. Will attached the error screen.

The Info object which is causing is not maintained as authorization relevant in RSD1. Does this cause the issue ?

Here i wonder one more thing,i cant find the analysis authorization details in the table RSECVAL. but can find the same details in RSECVAL_CL.

Please check and provide inputs/solution.

Regards,

Venu.

santiobejero · ‎11-25-2015

Hi Venu,

To answer your questions:

RSECVAL doesnt hold anymore the details of analysis auth. This was move to another table as per SAP version. Check this thread:

BW Table RSECVAL doesn't show data

For the infoObject, yes you need to tick before it became authorization relevant and for you to maintain specific values.

I would suggest you check SAP Documentations about BW/BI Authorization.

Thanks,

Santi

santiobejero · ‎11-25-2015

Hi Venu,

To answer your questions:

RSECVAL doesnt hold anymore the details of analysis auth. This was move to another table as per SAP version. Check this thread:

BW Table RSECVAL doesn't show data

For the infoObject, yes you need to tick before it became authorization relevant and for you to maintain specific values.

I would suggest you check SAP Documentations about BW/BI Authorization.

Thanks,

Santi

Former Member · ‎11-25-2015

Hi Santi,

Thank you. Please check blow error. I am not able to attach the error screen shot. Hence pasted the error below.Here the problem is occurring due to characteristic 0PROFIT_CTR__PCATTR19 . When when i checked in RSD1 tcode this is not an info object...but the info object is " 0PROFIT_CTR "

Authorization Check Log

For a general description see the Note 1234567

Date and Execution Time (Local Server)
Execution Date: 24.11.2015
Execution Time: 12:57:50
Executed Query: XXXXXXXXXXXXXX
Transaction RSRT ( BW - output test )
Executed by User XXXXXXXXXXXXX
Executed with Analysis Authorizations of Another User XXXXXXXXXXXXX

Software Component	Release	Level	Support Package
SAP_BASIS	740	0006	SAPKB74006
SAP_ABA	740	0006	SAPKA74006
SAP_BW	740	0006	SAPKW74006

InfoProvider Check

Building the Buffer...
...Building buffer
Are there authorizations for accessing InfoProvider ZBBP_GL with activity 03?
Authorization exists for general access to InfoProvider ZBBP_GL with activity 03

Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZBBP_GL:

Characteristic

0PROFIT_CTR__PCATTR19

0TCAACTVT

Authorization Check
Detail Check for InfoProvider ZBBP_GL

Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing

Filling the Buffer...
...Buffer Filled
Main Check:

Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required

Following Set Is Checked

Comparison with Following Authorized Set

Result

Remaining Set

Characteristic	Content in SQL Format
0PROFIT_CTR__PCATTR19 0TCAACTVT	0TCAACTVT = '03' AND 0PROFIT_CTR__PCATTR19 LIKE *

Characteristic	Content in SQL Format
0PROFIT_CTR__PCATTR19	I BT 4000000.BB 4999999.BB I BT SDAA.BB SDZZ.BB I EQ #
0TCAACTVT	I EQ 03

Partially or Fully Authorized (Intersection)

Characteristic	Content in SQL Format
0PROFIT_CTR__PCATTR19 0TCAACTVT	( 0PROFIT_CTR__PCATTR19 < '4000000.BB' OR 0PROFIT_CTR__PCATTR19 > '4999999.BB' AND 0PROFIT_CTR__PCATTR19 < 'SDAA.BB' OR 0PROFIT_CTR__PCATTR19 > 'SDZZ.BB' ) AND NOT 0PROFIT_CTR__PCATTR19 = '#' AND 0TCAACTVT = '03'

Value selection partially authorized. Check of remainder at end

Following Set Is Checked

Comparison with Following Authorized Set

Result

Remaining Set

Characteristic	Content in SQL Format
0PROFIT_CTR__PCATTR19 0TCAACTVT	( 0PROFIT_CTR__PCATTR19 < '4000000.BB' OR 0PROFIT_CTR__PCATTR19 > '4999999.BB' AND 0PROFIT_CTR__PCATTR19 < 'SDAA.BB' OR 0PROFIT_CTR__PCATTR19 > 'SDZZ.BB' ) AND NOT 0PROFIT_CTR__PCATTR19 = '#' AND 0TCAACTVT = '03'

Characteristic	Content in SQL Format
0PROFIT_CTR__PCATTR19	I BT 4000000.BB 4999999.BB I BT SDAA.BB SDZZ.BB I EQ #
0TCAACTVT	I EQ 03

Not Authorized

All Authorizations Tested
Message EYE007: You do not have sufficient authorization

No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
3685 ( 0PROFIT_CTR__PCATTR19 )
Authorization Check Complete

Also i can see the Info object

0PROFIT_CTR margin:0cm;margin-bottom:.0001pt'>Hi Santi,

Thank you. Please check blow error. I am not able to attach the error screen shot. Hence pasted the error below.Here the problem is occurring due to characteristic 0PROFIT_CTR__PCATTR19 . When when i checked in RSD1 tcode this is not an info object...but the info object is " 0PROFIT_CTR "is not maintained as authorization relevant in RSD1. But other roles which are using this info obejct working fine.

Please check it.

Regards,

Venu.

niteshgupta87 · ‎11-25-2015

Hi Venu,

You don't need to do anything with authorization relevance of 0PROFIT_CTR. You need to focus on 0PROFIT_CTR__PCATTR19 which is navigational attribute of 0PROFIT_CTR. This navigational attribute must already be authorization relevant.

You can check this by opening 0PROFIT_CTR in RSD1. Then go to Attributes tab. There in the list, you will find attribute PCATTR19. Notice the AuthorizRelevant tab in front of this attribute. This would be checked.

Now about the log:

You must be knowing that in BW, you would get the result only if you have access for all the output. partial authorization doesn't work here. As per the log, user is running the report without any filter on 0PROFIT_CTR__PCATTR19. So system is expecting * access for this object. But user is given selective access. And hence he is getting the authorization error.

Solution:

1. Run the report with appropriate filter on this object, or

2. give full access to the user for info object.

Let me know if this works.

Thanks

Nitesh

Former Member · ‎11-26-2015

Hi Nitesh,

I have checked the info object 0PROFIT_C in RSD1 under attributes tab. It has many Attributes, but no one is not mentioned as authorization relevant.

I tried the second point as you suggested.

When we give full access (*) to the info object 0PROFIT_CTR its working fine.But we should not give full access.

Can you please explain the first solution (Run the report with appropriate filter on this object,) bit more clear ?

Regards,

Venu.

Former Member · ‎11-26-2015

Hi,

Same user able to run the other Reports which is built on 0PROFIT_CTR__PCATTR19 .

Other reports logs showing same info object.

niteshgupta87 · ‎11-26-2015

Hi Venu,

For other reports, the user might have analysis authorization providing necessary access on the object. (analysis authorizations can be set up specific to info providers using 0TCAIPROV characteristic).

- Can you post screenshot from RSD1 for attritubte 0PROFIT_CTR__PCATTR19? This has to be authorization relevant, else you can't have it in the analysis authorizations.

- How are you maintaining * access in 0PROFIT_CTR? You mentioned that this object is not even authorizatin relevant. Did you maintain values for 0PROFIT_CTR__PCATTR19?

- As per the log, user has access for 0PROFIT_CTR__PCATTR19 for values (4000000.BB - 4999999.BB) AND (SDAA.BB - SDZZ.BB). So while running report, he should filter it for values in this range only.

Its pretty simple. Lets assume a user is given access for company code A and B. When he runs the report, if he runs it for company codes A, B and C; he will get authorization error. But if he runs report for company code A and B; the report will work fine.

I hope this is clear now.

Thanks

Nitesh

Former Member · ‎11-26-2015

Hi Nitesh,

Yes,I have maintained * value in Info object attribute 0PROFIT_CTR__PCATTR19 but not in 0PROFIT_CTR..

I am unable to upload the screen shots (.jpg) as the site not allowing the format and size of it.

While running the report user is not giving any input on input screen.

As you said "So while running report, he should filter it for values in this range only."

You mean to say,needed to give input with in the range as value for the variable Profit centre ?

or this is because of issue with Query we need to make Characteristic variable with authorization as input instead of any other ?... when we give * its working fine. but when restrict Info object attribute 0PROFIT_CTR__PCATTR19 with range its not working.

will try to upload the screenshots once again.

Regards,

Venu.

niteshgupta87 · ‎11-27-2015

Hi Venu,

Create a test user with same access as this end user (restricted access for info object 0PROFIT_CTR__PCATTR19). Login with this test user and access the info provider of the report via tcode LISTCUBE. Here you would see the info object 0PROFIT_CTR__PCATTR19 in the selection screen.

Play around with this filter, i.e. access with no filter on it, then filter for the allowed values, etc. You would easily how its working. Accordingly you can decide how to proceed for the report/analysis authorization.

Thanks.

Cant find the Analsysis authorizaiton details in RSECVAL table ,but can find in RSECVAL_CL