Note 846839 - Types of Authorizations in BW

Note 846839 - Types of Authorizations in BW

 

Header
Version / Date1 / 2007-02-07
PriorityRecommendations/additional info
Primary Component BW-BEX-OT-OLAP-AUT Authorizations
Secondary Components  BW-BEX-ET-AUT Authorizations
Summary

 - See more at: http://www.stechno.net/sap-notes.html?view=sapnote&id=846839#sthash.R5Pngfkk.dpuf

 

Symptom

This note explains the different types of authorizations used in the Business Intelligence authorization concept.

Business Warehouse Authorizations can be categorized into two types:

1) Reporting BW-Authorizations - so called RSR authorizations

• With this type of authorization, a user is restricted to viewing data in a BW report.

(NOTE: Data in web templates are authorized exactly the same as the data  in the query, i.e. if a user gets a "no authorization" message when  executing a web template, the user gets a "no authorization" message  when running the corresponding query.  Therefore always analyze the query.)

• For errors of this type and more information regarding, refer to the notes under the component BW-BEX-OT-OLAP-AUT

• RSR authorizations are not delivered by SAP. They are maintained and created individually, using transaction RSSM.

2) General predefined BW-Authorizations - so called RS authorizations

• All RS authorizations are maintained with pre-defined authorization objects like S_RS_ICUBE, S_RS_HIER

• All other BW authorizations fall under this category and they can be grouped into 2 subcategories:

1. 1. Authorizations for Working with the Administrator Workbench

• For errors of this type and more information regarding, refer to the notes under the component BW-WHM-DST-AUT

1. 2. Authorizations for Working with the Business Explorer

• For errors of this type and more information regarding, refer to the notes under the component BW-BEX-ET-AUT

Other terms

ST01, SU53, RS, RSR

Reason and Prerequisites

Regardless of whether RSR authorizations or RS authorizations are  involved, all authorization problems and issues can be seen as:

1) A user receieves a "no authorization" message in some form or a user cannot execute / see something.
2) A user sees too much; This can be data, a query, a role, etc.

Solution

When faced with one of the above problems, it should first be determined which type of authorization is involved.

All authorizations in BW can in most cases be categorized as either RSR  authorizations or RS authorizations.  The one exception to this is the  authorization of documents.  In regards to this see the online documentation.

The simplest way to identify if an authorization problem is due to RSR  authorizations or RS authorizations is to answer the question: Is the  problem reproducible with transaction RSSMQ (or RSRT)?  If yes, then  this is type RSR.  If no, then this is type RS.  Please note that it is
possible that a standard RSR authorization message is erroneously  delivered in the front-end but is still a problem of type RSR.  This is
however very rare and for the most part you can use this method to distinguish between RSR and RS authorization problems.

Analyzing RSR authorizations - Trace the problem using transaction RSSM or RSSMQ (see note 846957).

Analyzing RS authorizations - Trace the problem using transaction ST01 (see note 584726).

- See more at: http://www.stechno.net/sap-notes.html?view=sapnote&id=846839#sthash.R5Pngfkk.dpuf