Beruflich Dokumente
Kultur Dokumente
Applies to:
SAP BI 7.0/BW 3.5 consultants. For more information, visit EDW Homepage .
Summary
Use analysis authorization for authorization relevant characteristic and restrict the query output based on the
customer exit variable values (Based on Authorization relevant characteristic values stored in Custom Table
for different users).
Author Bio
Suraj Tigga is a Senior SAP BI / ABAP consultant at Capgemini Consulting, India. Suraj joined
Capgemini Consulting in 2008 and has worked on multiple SAP BI implementation and support
projects.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 1
SAP BI Analysis Authorization (Customer Exit Variables)
Table of Contents
Scenario .............................................................................................................................................................. 3
Analysis Authorization ..................................................................................................................................... 3
Step-by-Step Solution ..................................................................................................................................... 4
Maintain Authorization ................................................................................................................................................. 5
Maintain Characteristic Values (Custom Table) ........................................................................................................... 6
Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) ...................................................... 7
Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) .............................. 8
Execution ..................................................................................................................................................................... 9
Related Content ................................................................................................................................................ 10
Disclaimer and Liability Notice .......................................................................................................................... 11
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 2
SAP BI Analysis Authorization (Customer Exit Variables)
Scenario
Based on the Characteristic (Authorization-relevant) values stored in the Custom Table specific to different
users, selection screen values would be populated. Apart from those values if any extra values would be fed
to the selection screen for which authorization is not provided, then query execution should be ceased with
an error message.
Analysis Authorization
Analysis Authorizations refer to the new authorization concept by which data access is controlled. The
philosophy behind Analysis Authorizations being that users are looking at SAP BI for data analysis and their
authorizations should also be according to the data that they want and not by the objects that they access /
want to access.
Concept where reporting of data using the authorization relevant characteristics is done, is called as Analysis
Authorization in SAP BI 7.0.In SAP BW 3.x , there was no division in authorizations for Data Warehousing
Workbench and Reporting. In SAP BI 7.0, Standard Authorization refers to concept where in the users are
provided with access to the functionalities of Data Warehousing Workbench, such as modeling ,
monitoring,extraction,loading,data mining etc.
Analysis Authorization in SAP BI 7.0 (Techniques)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 3
SAP BI Analysis Authorization (Customer Exit Variables)
0TCAVALID (validity): Can restrict the validity of an authorization. Always valid (*) is set as default for
validity. Can also specify a single value or an interval.
- Authorization is restricted to the 1 – 10 of each month for the year 2010
Including/Excluding Operator Technical Technical
Characteristic Characteristic
Value(From) Value(To)
0TCAKYFNM: Characteristic for Key Figure authorization. Authorizations are created and checked for the
special characteristic when key figure authorizations are required.
Step-by-Step Solution
To reduce the maintainability for assigning the authorization to users, customer exit variables can be used to
read the authorization values at runtime from the custom table. Below are the steps mentioned to use the
customer exit variable to read authorization values from custom table:
Maintain Authorization: Use transaction RSECADMIN to create ‘Authorization’.
Maintain Characteristic Values (Custom Table): Create Custom Table maintenance generator to maintain
authorization values.
Enhancement (RSR00001) - (I_STEP = 1): Code to populate the selection screen with the authorization
values specific to users.
Enhancement (RSR00001) – (I_STEP = 2): Check the validity of the authorization values for specific users.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 4
SAP BI Analysis Authorization (Customer Exit Variables)
Maintain Authorization
Go to transaction ‘RSECADMIN’ and create authorization ‘YZPRODH1’:
Include InfoObject ‘ZPRODH1’ in the authorization ‘YZPRODH1’.Prior to this make the InfoObject ‘ZPRODH1’
as authorization-relevant.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 5
SAP BI Analysis Authorization (Customer Exit Variables)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 6
SAP BI Analysis Authorization (Customer Exit Variables)
Step2: Go to enhancement ‘RSR00001’ (I_STEP = 1) and write the code for variable ‘YC_ZPRODH1’ to
populate the query selection screen:
Code would retrieve the values from the custom table ‘YPRODH1’ and populate the query selection screen
values.
After user executes the query with the above selection screen values, then the authorization of the values
would be checked against username.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 7
SAP BI Analysis Authorization (Customer Exit Variables)
Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values)
Step1: Go to enhancement ‘RSR00001’ (I_STEP = 3) and write the code for variable ‘YC_ZPRODH1’ to check
the authorization values stored in custom table:
Retrieve the values from custom table YPRODH1 based on the corresponding selection screen values. Use
the Function Module ‘RRMS_MESSAGE_HANDLING’ to raise the exception, if authorization values are not
stored for the username.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 8
SAP BI Analysis Authorization (Customer Exit Variables)
Execution
Step1: Go to transaction RSRT and execute the query ‘YZPRODH1’:
Exception rose (Username ‘CAPTIGGA’ not authorized for World Wide Business ‘104’).
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 9
SAP BI Analysis Authorization (Customer Exit Variables)
Related Content
For more information, visit the EDW Homepage .
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 10
SAP BI Analysis Authorization (Customer Exit Variables)
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 11