SAP BI Analysis Authorization (Customer Exit Variables)
Applies to: SAP BI 7.0/BW 3.5 consultants. For more information, visit EDW Homepage .
Summary Use analysis authorization for authorization relevant characteristic and restrict the query output based on the customer exit variable values (Based on Authorization relevant characteristic values stored in Custom Table for different users). Author:
Suraj Tigga
Company: Capgemini Consulting India Pvt. Ltd. Created on: 28 March 2011
Author Bio Suraj Tigga is a Senior SAP BI / ABAP consultant at Capgemini Consulting, India. Suraj joined Capgemini Consulting in 2008 and has worked on multiple SAP BI implementation and support projects.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Table of Contents Scenario .............................................................................................................................................................. 3 Analysis Authorization ..................................................................................................................................... 3 Step-by-Step Solution ..................................................................................................................................... 4 Maintain Authorization .................................................................................................................................................5 Maintain Characteristic Values (Custom Table) ........................................................................................................... 6 Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) ......................................................7 Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) ..............................8 Execution .....................................................................................................................................................................9
Related Content ................................................................................................................................................ 10 Disclaimer and Liability Notice .......................................................................................................................... 11
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Scenario Based on the Characteristic (Authorization-relevant) values stored in the Custom Table specific to different users, selection screen values would be populated. Apart from those values if any extra values would be fed to the selection screen for which authorization is not provided, then query execution should be ceased with an error message. Analysis Authorization Analysis Authorizations refer to the new authorization concept b y which data access is controlled. The philosophy behind Analysis Authorizations being that users are looking at SAP BI for data analysis and their authorizations should also be according to the data that they want and not b y the objects that they access / want to access. Concept where reporting of data using the authorization relevant characteristics is done, is called as Analysis Authorization in SAP BI 7.0.In SAP BW 3.x , there was no division in authorizations for Data Warehousing Workbench and Reporting. In SAP BI 7.0, Standard Authorization refers to concept where in the users are provided with access to the functionalities of Data Warehousing Workbench, such as modeling , monitoring,extraction,loading,data mining etc. Analysis Authorization in SAP BI 7.0 (Techniques)
Direct Assignment of Authorizations from RSECADMIN to Users
Assignment of Authorizations to Users with PFCG using S_RS_AUTH
Automatic Generations of Authorizations
Pre-requisites of Analysis Authorization: a) Activate all the objects of the technical BI Content for authorizations. Select all the InfoObjects and InfoProviders that start with 0TCA*. b) Define the InfoObjects 0TCAACTVT, 0TCAIPPROV, 0TCAVALID, and 0TCAKYFNM as authorization relevant. Special Characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validi ty) must be included in at least one authorization for a user, otherwise the user is not authorized to execute a query. 0TCAACTVT (activity): Can restrict the authorization for different activities. Read (03) is set as the default activity, one can also assign the activity change (02) for integrated planning. 0TCAIPROV (InfoProvider): Can restrict the authorization to Individual InfoProviders.The default is the all InfoProviders are authorized with the asterisk (*).
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
0TCAVALID (validity): Can restrict the validity of an authorization. Always valid (*) is set as default for validity. Can also specify a single value or an interval. -
-
Authorization is restricted to the 1 – 10 of each month for the year 2010 Including/Excluding
Operator
Technical Characteristic Value(From)
Technical Characteristic Value(To)
I(Including)
BT(Between)
01.++.2010
10.++.2010
Technical Characteristic Value(To)
Authorization is only valid until 12/31/2010 Including/Excluding
Operator
Technical Characteristic Value(From)
I(Including)
LT(Less or Equal)
31.12.2010
0TCAKYFNM : Characteristic for Key Figure authorization. Authorizations are created and checked for the special characteristic when key figure authorizations are required. Step-by-Step Solution To reduce the maintainability for assigning the authorization to users, customer exit variables can be used to read the authorization values at runtime from the custom table. Below are the steps mentioned to use the customer exit variable to read authorization values from custom table: Maintain Authorization: Use transaction RSECADMIN to create ‘Authorization’. Maintain Characteristic Values (Custom Table): Create Custom Table maintenance generator to maintain authorization values. Enhancement (RSR00001) - (I_STEP = 1): Code to populate the selection screen with the authorization values specific to users. Enhancement (RSR00001) – (I_STEP = 2): Check the validity of the authorization values for specific users.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Maintain Authorization Go to transaction ‘RSECADMIN’ and create authorization ‘YZPRODH1’:
Include InfoObject ‘ZPRODH1’ in the authorization ‘YZPRODH1’.Prior to this make the InfoObject ‘ZPRODH1’ as authorization-relevant.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Maintain Characteristic Values (Custom Table) Step1: Create a Customer Exit Variable ‘YC_ZPRODH1’ for the InfoObject ‘ZPRODH1’:
Step2: Create a Custom Table and alongwith its maintenance generator:
(Maintain the ‘Username’ and ‘World Wide Business’ Values.) Step3: Maintain the Values (Below):
(Maintain values for Username ‘CAPTIGGA’)
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) Step1: Create a query ‘YZPRODH1’ to check for the authorization variable:
Step2: Go to enhancement ‘RSR00001’ (I_STEP = 1) and write the code for variable ‘YC_ZPRODH1’ to populate the query selection screen:
Code would retrieve the values from the custom table ‘YPRODH1’ and populate the query selection screen values.
After user executes the query with the above selection screen values, then the authorization of the values would be checked against username.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) Step1: Go to enhancement ‘RSR00001’ (I_STEP = 3) and write t he code for variable ‘YC_ZPRODH1’ to check
the authorization values stored in custom table:
Retrieve the values from custom table YPRODH1 based on the corresponding selection screen values. Use the Function Module ‘RRMS_MESSAGE_HANDLING’ to raise the exception, if authorization values are not stored for the username.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Execution Step1: Go to transaction RSRT and execute the query ‘ YZPRODH1’:
Values would be populated from the custom table ‘YPRODH1’. Enter one extra ‘World Wide Business’ value ‘104’ not maintained in Custom Table:
Execute the query:
Exception rose (Username ‘CAPTIGGA’ not authorized for World Wide Business ‘104’).
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Related Content For more information, visit the EDW Homepage .
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
SAP BI Analysis Authorization (Customer Exit Variables)
Disclaimer and Liability Notice This document may discuss sample coding or other information th at does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable f or any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any t ype with respect to the content of t his technical article or code sample, including any liability resulting from incompatibility between the content within this document and the m aterials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the con tent of this document.
SAP COMMUNITY NETWORK © 2010 SAP AG
SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com