SAP BI Analysis Authorization (Customer Exit Variables)

SAP BI Analysis Authorization (Customer Exit Variables)

Applies to: SAP BI 7.0/BW 3.5 consultants. For more information, visit EDW Homepage .

Summary Use analysis authorization for authorization relevant characteristic and restrict the query output based on the customer exit variable values (Based on Authorization relevant characteristic values stored in Custom Table for different users). Author:

Suraj Tigga

Company: Capgemini Consulting India Pvt. Ltd. Created on: 28 March 2011

Author Bio Suraj Tigga is a Senior SAP BI / ABAP consultant at Capgemini Consulting, India. Suraj joined Capgemini Consulting in 2008 and has worked on multiple SAP BI implementation and support projects.

SAP COMMUNITY NETWORK © 2010 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com


Table of Contents Scenario .............................................................................................................................................................. 3 Analysis Authorization ..................................................................................................................................... 3 Step-by-Step Solution ..................................................................................................................................... 4 Maintain Authorization .................................................................................................................................................5 Maintain Characteristic Values (Custom Table) ........................................................................................................... 6 Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) ......................................................7 Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) ..............................8 Execution .....................................................................................................................................................................9

Related Content ................................................................................................................................................ 10 Disclaimer and Liability Notice .......................................................................................................................... 11




Scenario Based on the Characteristic (Authorization-relevant) values stored in the Custom Table specific to different users, selection screen values would be populated. Apart from those values if any extra values would be fed to the selection screen for which authorization is not provided, then query execution should be ceased with an error message. Analysis Authorization Analysis Authorizations refer to the new authorization concept b y which data access is controlled. The philosophy behind Analysis Authorizations being that users are looking at SAP BI for data analysis and their authorizations should also be according to the data that they want and not b y the objects that they access / want to access. Concept where reporting of data using the authorization relevant characteristics is done, is called as Analysis Authorization in SAP BI 7.0.In SAP BW 3.x , there was no division in authorizations for Data Warehousing Workbench and Reporting. In SAP BI 7.0, Standard Authorization refers to concept where in the users are provided with access to the functionalities of Data Warehousing Workbench, such as modeling , monitoring,extraction,loading,data mining etc. Analysis Authorization in SAP BI 7.0 (Techniques)

Direct Assignment of Authorizations from RSECADMIN to Users

Assignment of Authorizations to Users with PFCG using S_RS_AUTH

Automatic Generations of Authorizations

Pre-requisites of Analysis Authorization: a) Activate all the objects of the technical BI Content for authorizations. Select all the InfoObjects and InfoProviders that start with 0TCA*. b) Define the InfoObjects 0TCAACTVT, 0TCAIPPROV, 0TCAVALID, and 0TCAKYFNM as authorization relevant. Special Characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validi ty) must be included in at least one authorization for a user, otherwise the user is not authorized to execute a query. 0TCAACTVT (activity): Can restrict the authorization for different activities. Read (03) is set as the default activity, one can also assign the activity change (02) for integrated planning. 0TCAIPROV (InfoProvider): Can restrict the authorization to Individual InfoProviders.The default is the all InfoProviders are authorized with the asterisk (*).




0TCAVALID (validity): Can restrict the validity of an authorization. Always valid (*) is set as default for validity. Can also specify a single value or an interval. -

-

Authorization is restricted to the 1 – 10 of each month for the year 2010 Including/Excluding

Operator

Technical Characteristic Value(From)

Technical Characteristic Value(To)

I(Including)

BT(Between)

01.++.2010

10.++.2010

Technical Characteristic Value(To)

Authorization is only valid until 12/31/2010 Including/Excluding

Operator

Technical Characteristic Value(From)

I(Including)

LT(Less or Equal)

31.12.2010

0TCAKYFNM : Characteristic for Key Figure authorization. Authorizations are created and checked for the special characteristic when key figure authorizations are required. Step-by-Step Solution To reduce the maintainability for assigning the authorization to users, customer exit variables can be used to read the authorization values at runtime from the custom table. Below are the steps mentioned to use the customer exit variable to read authorization values from custom table: Maintain Authorization: Use transaction RSECADMIN to create ‘Authorization’. Maintain Characteristic Values (Custom Table): Create Custom Table maintenance generator to maintain authorization values. Enhancement (RSR00001) - (I_STEP = 1): Code to populate the selection screen with the authorization values specific to users. Enhancement (RSR00001) – (I_STEP = 2): Check the validity of the authorization values for specific users.




Maintain Authorization Go to transaction ‘RSECADMIN’ and create authorization ‘YZPRODH1’:

Include InfoObject ‘ZPRODH1’ in the authorization ‘YZPRODH1’.Prior to this make the InfoObject ‘ZPRODH1’ as authorization-relevant.




Maintain Characteristic Values (Custom Table) Step1: Create a Customer Exit Variable ‘YC_ZPRODH1’ for the InfoObject ‘ZPRODH1’:

Step2: Create a Custom Table and alongwith its maintenance generator:

(Maintain the ‘Username’ and ‘World Wide Business’ Values.) Step3: Maintain the Values (Below):

(Maintain values for Username ‘CAPTIGGA’)




Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) Step1: Create a query ‘YZPRODH1’ to check for the authorization variable:

Step2: Go to enhancement ‘RSR00001’ (I_STEP = 1) and write the code for variable ‘YC_ZPRODH1’ to populate the query selection screen:

Code would retrieve the values from the custom table ‘YPRODH1’ and populate the query selection screen values.

After user executes the query with the above selection screen values, then the authorization of the values would be checked against username.




Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) Step1: Go to enhancement ‘RSR00001’ (I_STEP = 3) and write t he code for variable ‘YC_ZPRODH1’ to check

the authorization values stored in custom table:

Retrieve the values from custom table YPRODH1 based on the corresponding selection screen values. Use the Function Module ‘RRMS_MESSAGE_HANDLING’ to raise the exception, if authorization values are not stored for the username.




Execution Step1: Go to transaction RSRT and execute the query ‘ YZPRODH1’:

Values would be populated from the custom table ‘YPRODH1’. Enter one extra ‘World Wide Business’ value ‘104’ not maintained in Custom Table:

Execute the query:

Exception rose (Username ‘CAPTIGGA’ not authorized for World Wide Business ‘104’).




Related Content For more information, visit the EDW Homepage .




Disclaimer and Liability Notice This document may discuss sample coding or other information th at does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable f or any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any t ype with respect to the content of t his technical article or code sample, including any liability resulting from incompatibility between the content within this document and the m aterials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the con tent of this document.



SAP BI Analysis Authorization (Customer Exit Variables)

Recommend Documents