SAP BI Analysis Authorization (Customer Exit Variables)

SAP BI Analysis Authorization
(Customer Exit Variables)
Applies to:
SAP BI 7.0/BW 3.5 consultants. For more information, visit EDW Homepage .
Summary
Use analysis authorization for authorization relevant characteristic and restrict the query output based on the
customer exit variable values (Based on Authorization relevant characteristic values stored in Custom Table
for different users).
Author: Suraj Tigga

Company: Capgemini Consulting India Pvt. Ltd.
Created on: 28 March 2011
Author Bio
Suraj Tigga is a Senior SAP BI / ABAP consultant at Capgemini Consulting, India. Suraj joined
Capgemini Consulting in 2008 and has worked on multiple SAP BI implementation and support
projects.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 1
SAP BI Analysis Authorization (Customer Exit Variables)
Table of Contents
Scenario .............................................................................................................................................................. 3
Analysis Authorization ..................................................................................................................................... 3
Step-by-Step Solution ..................................................................................................................................... 4
Maintain Authorization ................................................................................................................................................. 5
Maintain Characteristic Values (Custom Table) ........................................................................................................... 6
Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table) ...................................................... 7
Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values) .............................. 8
Execution ..................................................................................................................................................................... 9
Related Content ................................................................................................................................................ 10
Disclaimer and Liability Notice .......................................................................................................................... 11
© 2010 SAP AG 2
Scenario
Based on the Characteristic (Authorization-relevant) values stored in the Custom Table specific to different
users, selection screen values would be populated. Apart from those values if any extra values would be fed
to the selection screen for which authorization is not provided, then query execution should be ceased with
an error message.
Analysis Authorization
Analysis Authorizations refer to the new authorization concept by which data access is controlled. The
philosophy behind Analysis Authorizations being that users are looking at SAP BI for data analysis and their
authorizations should also be according to the data that they want and not by the objects that they access /
want to access.
Concept where reporting of data using the authorization relevant characteristics is done, is called as Analysis
Authorization in SAP BI 7.0.In SAP BW 3.x , there was no division in authorizations for Data Warehousing
Workbench and Reporting. In SAP BI 7.0, Standard Authorization refers to concept where in the users are
provided with access to the functionalities of Data Warehousing Workbench, such as modeling ,
monitoring,extraction,loading,data mining etc.
Analysis Authorization in SAP BI 7.0 (Techniques)
Direct Assignment of Authorizations from RSECADMIN to Users
Assignment of Authorizations to Users with PFCG using

S_RS_AUTH
Automatic Generations of Authorizations
Pre-requisites of Analysis Authorization:

a) Activate all the objects of the technical BI Content for authorizations. Select all the InfoObjects and
InfoProviders that start with 0TCA*.
b) Define the InfoObjects 0TCAACTVT, 0TCAIPPROV, 0TCAVALID, and 0TCAKYFNM as
authorization relevant.
Special Characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validity) must
be included in at least one authorization for a user, otherwise the user is not authorized to execute a query.
0TCAACTVT (activity): Can restrict the authorization for different activities. Read (03) is set as the default
activity, one can also assign the activity change (02) for integrated planning.
0TCAIPROV (InfoProvider): Can restrict the authorization to Individual InfoProviders.The default is the all
InfoProviders are authorized with the asterisk (*).
© 2010 SAP AG 3
0TCAVALID (validity): Can restrict the validity of an authorization. Always valid (*) is set as default for
validity. Can also specify a single value or an interval.
- Authorization is restricted to the 1 – 10 of each month for the year 2010
Including/Excluding Operator Technical Technical
Characteristic Characteristic
Value(From) Value(To)
I(Including) BT(Between) 01.++.2010 10.++.2010
- Authorization is only valid until 12/31/2010

Including/Excluding Operator Technical Technical
Characteristic Characteristic
Value(From) Value(To)
I(Including) LT(Less or Equal) 31.12.2010
0TCAKYFNM: Characteristic for Key Figure authorization. Authorizations are created and checked for the
special characteristic when key figure authorizations are required.
Step-by-Step Solution
To reduce the maintainability for assigning the authorization to users, customer exit variables can be used to
read the authorization values at runtime from the custom table. Below are the steps mentioned to use the
customer exit variable to read authorization values from custom table:
Maintain Authorization: Use transaction RSECADMIN to create ‘Authorization’.
Maintain Characteristic Values (Custom Table): Create Custom Table maintenance generator to maintain
authorization values.
Enhancement (RSR00001) - (I_STEP = 1): Code to populate the selection screen with the authorization
values specific to users.
Enhancement (RSR00001) – (I_STEP = 2): Check the validity of the authorization values for specific users.
© 2010 SAP AG 4
Maintain Authorization
Go to transaction ‘RSECADMIN’ and create authorization ‘YZPRODH1’:
Include InfoObject ‘ZPRODH1’ in the authorization ‘YZPRODH1’.Prior to this make the InfoObject ‘ZPRODH1’
as authorization-relevant.
© 2010 SAP AG 5
Maintain Characteristic Values (Custom Table)

Step1: Create a Customer Exit Variable ‘YC_ZPRODH1’ for the InfoObject ‘ZPRODH1’:
Step2: Create a Custom Table and alongwith its maintenance generator:
(Maintain the ‘Username’ and ‘World Wide Business’ Values.)

Step3: Maintain the Values (Below):
(Maintain values for Username ‘CAPTIGGA’)
© 2010 SAP AG 6
Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table)

Step1: Create a query ‘YZPRODH1’ to check for the authorization variable:
Step2: Go to enhancement ‘RSR00001’ (I_STEP = 1) and write the code for variable ‘YC_ZPRODH1’ to
populate the query selection screen:
Code would retrieve the values from the custom table ‘YPRODH1’ and populate the query selection screen
values.
After user executes the query with the above selection screen values, then the authorization of the values
would be checked against username.
© 2010 SAP AG 7
Enhancement (RSR00001) – (I_STEP = 2: Check the authorization for selection screen values)
Step1: Go to enhancement ‘RSR00001’ (I_STEP = 3) and write the code for variable ‘YC_ZPRODH1’ to check
the authorization values stored in custom table:
Retrieve the values from custom table YPRODH1 based on the corresponding selection screen values. Use
the Function Module ‘RRMS_MESSAGE_HANDLING’ to raise the exception, if authorization values are not
stored for the username.
© 2010 SAP AG 8
Execution
Step1: Go to transaction RSRT and execute the query ‘YZPRODH1’:
Values would be populated from the custom table ‘YPRODH1’.

Enter one extra ‘World Wide Business’ value ‘104’ not maintained in Custom Table:
Execute the query:
Exception rose (Username ‘CAPTIGGA’ not authorized for World Wide Business ‘104’).
© 2010 SAP AG 9
Related Content
For more information, visit the EDW Homepage .
© 2010 SAP AG 10
Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not
supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document,
and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or
code sample, including any liability resulting from incompatibility between the content within this document and the materials and
services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this
document.
© 2010 SAP AG 11

SAP BI Analysis Authorization (Customer Exit Variables)

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

SAP BI Analysis Authorization (Customer Exit Variables)

Hochgeladen von

Copyright:

Verfügbare Formate

SAP BI Analysis Authorization

(Customer Exit Variables)

Author: Suraj Tigga

Direct Assignment of Authorizations from RSECADMIN to Users

Assignment of Authorizations to Users with PFCG using

Automatic Generations of Authorizations

Pre-requisites of Analysis Authorization:

I(Including) BT(Between) 01.++.2010 10.++.2010

- Authorization is only valid until 12/31/2010

I(Including) LT(Less or Equal) 31.12.2010

Maintain Characteristic Values (Custom Table)

Step2: Create a Custom Table and alongwith its maintenance generator:

(Maintain the ‘Username’ and ‘World Wide Business’ Values.)

(Maintain values for Username ‘CAPTIGGA’)

Enhancement (RSR00001) – (I_STEP = 1: Populate Values from Custom Table)

Values would be populated from the custom table ‘YPRODH1’.

Execute the query:

Disclaimer and Liability Notice

Das könnte Ihnen auch gefallen