Skip to Content

Creating Authorization in BW System

Steps for creating authorization

RSD1-To maintain info object authorization relevant.

PFCG – To maintain roles

RSECADMIN – To maintain analysis authorization and role assignment to user

1. Make a variable authorization relevant.

2. Create roles.

3. Create BI Analysis Authorization.

1. Make a variable authorization relevant

Go to RSA1 select info object target and go to business Explorer and check the box for authorization relevant 

2. Create BI Analysis Authorization

Use transaction RSECADMIN

Select AUTHORIZATION Tab

Select MAINTENANCE

 

Give the name for the authorization and click create

Give the short text

Below characteristics are mandatory while creating authorization object.

1. 0TCAACTVT: This characteristic handles the general activity like create, change, display etc.

2. 0TCAVALID: This characteristic handles the authorization for Info Provider by default it gives access to all the Info Providers i.e. full access. We can restrict authorizations for particular Info Providers using this characteristic.

3. 0TCAVALID:  This characteristic handles the validity of an authorization. Always valid (*) is set as the default for validity. You can restrict this validity. You can also specify a single value or an interval.

Insert new row and add the dimension and give a value

  1. For giving values double click the intervals cell

 

Add a row and give the value depending upon the requirement

Save the authorization

3. Creating the role

Select user tab

Select Role maintenance

Give the role name and select either single role or composite role (in my case I selected single role)

Select menu tab

Select transaction

Give the transaction to be allowed

Ex- RSRT – Query monitor

Select Authorization Tab

Add the authorization created to S_RS_AUTH

Generate then Save

Select the user tab

Add the users which has the role

Then do user comparison

Creating Authorization variable

Open query designer

Creating authorizing variable

In Query Designer Put the authorization variable under filter panel.

Checking the authorization

Go to the analysis tab -> select execute as -> give the user (EX – RETUSER1) -> select with log

Select start transaction -> select the authorization query -> execute

Then run as the user to which role was assign then run the query

Query display as HTML

Now check the below out only for the RUKSHAYA

Thanks,

Phani.

To report this post you need to login first.

14 Comments

You must be Logged on to comment or reply to a post.

  1. Leslaw Piwowarski

    Hi,

    Very useful indeed.

     

    I would add some words about transporting authorizations/rules. Improper usage can lead to overwritting querries in PROD system.

     

    One small mistake an authorization should be written to S_RS_AUTH (not to S_RU_AUTH).

     

    Regards, Leszek

    (0) 
  2. Kunal Bhunjun

    Hello Phani KV,

    Thanks very much for your post. It helped me a lot.

    The authorisation is working fine for me.

    However, I am having a small issue, the infoobject on which I have added the authorisation is an attribute of a master data. When I executed the query, and I add the authorisation infoobject as a display attribute of the master data, the authorisation infoobject do not appear in the result of the query but if I add the same infoobject as a navigational attribute of the master data it appears.

    Can someone please advise if there is somethoing which I missed in the authorisation?

    Thanks.

    (0) 

Leave a Reply