Skip to Content
Author's profile photo Kodanda Pani KV

Reporting Authorizations in SAP BW

Creating Authorization in BW System

Steps for creating authorization

RSD1-To maintain info object authorization relevant.

PFCG – To maintain roles

RSECADMIN – To maintain analysis authorization and role assignment to user

1. Make a variable authorization relevant.

2. Create roles.

3. Create BI Analysis Authorization.

1. Make a variable authorization relevant

Go to RSA1 select info object target and go to business Explorer and check the box for authorization relevant 

2. Create BI Analysis Authorization

Use transaction RSECADMIN

Select AUTHORIZATION Tab

Select MAINTENANCE

 

Give the name for the authorization and click create

Give the short text

Below characteristics are mandatory while creating authorization object.

1. 0TCAACTVT: This characteristic handles the general activity like create, change, display etc.

2. 0TCAVALID: This characteristic handles the authorization for Info Provider by default it gives access to all the Info Providers i.e. full access. We can restrict authorizations for particular Info Providers using this characteristic.

3. 0TCAVALID:  This characteristic handles the validity of an authorization. Always valid (*) is set as the default for validity. You can restrict this validity. You can also specify a single value or an interval.

Insert new row and add the dimension and give a value

  1. For giving values double click the intervals cell

 

Add a row and give the value depending upon the requirement

Save the authorization

3. Creating the role

Select user tab

Select Role maintenance

Give the role name and select either single role or composite role (in my case I selected single role)

Select menu tab

Select transaction

Give the transaction to be allowed

Ex- RSRT – Query monitor

Select Authorization Tab

Add the authorization created to S_RS_AUTH

Generate then Save

Select the user tab

Add the users which has the role

Then do user comparison

Creating Authorization variable

Open query designer

Creating authorizing variable

In Query Designer Put the authorization variable under filter panel.

Checking the authorization

Go to the analysis tab -> select execute as -> give the user (EX – RETUSER1) -> select with log

Select start transaction -> select the authorization query -> execute

Then run as the user to which role was assign then run the query

Query display as HTML

Now check the below out only for the RUKSHAYA

Thanks,

Phani.

Assigned Tags

      15 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi,

       

      Thanks for sharing and useful.

      Author's profile photo Leslaw Piwowarski
      Leslaw Piwowarski

      Hi,

      Very useful indeed.

       

      I would add some words about transporting authorizations/rules. Improper usage can lead to overwritting querries in PROD system.

       

      One small mistake an authorization should be written to S_RS_AUTH (not to S_RU_AUTH).

       

      Regards, Leszek

      Author's profile photo Phani KV
      Phani KV
      Blog Post Author

      Hi Leszwek,

       

      Thanks for you comment and feed back

      how to do the role transportation

      Role Transportation in SAP BI 7.3

       

      check the authorization obejct S_RS_AUTH.

       

      Thanks,

      Phani.

      Author's profile photo Former Member
      Former Member

      Nice one.

      Author's profile photo Phani KV
      Phani KV
      Blog Post Author

      Hi,

       

      Thanks for your comment Giri.

      Author's profile photo Former Member
      Former Member

      Good concept on authorization..

      Author's profile photo Phani KV
      Phani KV
      Blog Post Author

      Thanks for your comment Pal.

      Author's profile photo Former Member
      Former Member

      thanks alot nice document

      Author's profile photo Former Member
      Former Member

      Nice document Kodanda, do you have any idea about how to add  "SAP_BW_WORKSPACE_DESIGNER" this role in BW.

       

      Regards,

      Mithun.

      Author's profile photo Former Member
      Former Member

      Hi,

      very useful, thanks ...

      Author's profile photo Former Member
      Former Member

      Hi,

      very useful, thanks ...

      Author's profile photo Former Member
      Former Member

      geate thanks

      Author's profile photo Pradeep Gupta
      Pradeep Gupta

      Hi,

      Nice Doc!

      But where does the authorization "Z_TEST_RE" gets assigned to the Role "Z_TEST_SANDY" ?

      Thanks

      Author's profile photo Former Member
      Former Member

      Hello Phani KV,

      Thanks very much for your post. It helped me a lot.

      The authorisation is working fine for me.

      However, I am having a small issue, the infoobject on which I have added the authorisation is an attribute of a master data. When I executed the query, and I add the authorisation infoobject as a display attribute of the master data, the authorisation infoobject do not appear in the result of the query but if I add the same infoobject as a navigational attribute of the master data it appears.

      Can someone please advise if there is somethoing which I missed in the authorisation?

      Thanks.

      Author's profile photo Snehal Shewalkar
      Snehal Shewalkar

      Very Useful. Thanks Pani.