Академический Документы
Профессиональный Документы
Культура Документы
1. MODELING
Difference between rssm and rsecadmin
RSSM RSECADMIN
Old transaction: RSSM New transaction : RSECADMIN
Concept of authorization: 'Reporting Concept of authorization: 'Analysis
Authorization' Authorization'
Assignement of Reporting
authorization:* by pfcg: mass Assignement of Analysis authorization :* by
distribution of auth by using role pfcg: mass distribution of auth by using role,
by rssm: generation way (use with by rsecadmin: manual way -> Assignement ->
Business Content and flat files loading) Auth selection ->Insert,
by rsecadmin: generation way (use with
Business Content and flat files loading)
rssm enable to flag relevant An IO auth relevant is auth relevant for all the
infoprovider, cube he is used,
rssm are used to custom rsecadmin to define Analysis authorization with
Auhthorization object, sepcial IO : 0TCAACTVT, 0TCAIPROV,
Authorization variable are used in Bex 0TCAVALID,
Query, Authorization variable are used in Bex Query,
Pfcg to assign reporting authorization pfcg to assign analysis authorization through
trough the Object class: RSR, the object S_RS_AUTH (Object Class: RS),
Query access manage by object Query access manage by object
S_RS_COMP, S_RS_COMP1, S_RS_COMP, S_RS_COMP1,
Area Button/ Access : S_RS_FOLD, Area Button/ Access : S_RS_FOLD,
Authorization for Cube, ODS, Authorization for Cube and ODS for reporting
Hierarchy and infoset managed by: user are managed by the special authorization
o S_RS_ICUBE, characteristic 0TCAIPROV,
o S_RS_ODSO, S_RS_ICUBE, S_RS_ODSO, S_RS_HIER,
o S_RS_HIER, S_RS_ISET: are not checked anymoe for
o S_RS_ISET. reporting user.
-
New object authorization for Web application
Designer & Report Designer:* S_RS_BTMP,
S_RS_BITM,
S_RS_ERPT,
S_RS_EREL.
Step by Step
RSSM RSECADMIN
0. Pre-requisites -
Activate all business content
related to authorizations
before you get started:*
InfoObjects: 0TCA* and 0TCT*
InfoCubes: 0TCA*
Set the following InfoObjects
as "authorization relevant":*
0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM (optional, if key
figure restriction needed)
Add 0TCAIFAREA as an
external hierarchy
characteristic to 0INFOPROV
(optional)
3. Set Infoprovider RSSM -> Select: 'Check for The IO authorization relevant
InfoCubes' -> Change -> Flag the are authorization relevant for
related InfoCubes all cubes
4. Create BEX 1. Right click on the IO -> choose
variable for 'Restrict'
authorization 2. Choose 'Selection' = 'Single
Value' and 'from Hierarchy' = 'flat
list'
If a hierarchy exists, select the
hierarchy for the IO
3. Go on the variables tab ->
Right click -> 'New variable'
4. For a restriction without
hierarchy, the type of variable is
'Characteristic Value' and if you
have choose a hierarchy, the type
of variable is 'Hierarchy node'
5. Select a variable name & a
description
6. Choose 'Processing by': =
'Authorization' then check the
characteristic and click 'next'
7. Choose the display area for the
variable -> Variable represents: =
'Single Value' or 'Selection
Option'
8. Choose if the variable entry is
Optional or mandatory,
9. Don't select 'Ready for input'
and 'Can be changed in query
navigation
10. Next to the end
5. Insert
Authorization in
Role
6. Assign
Authorization/ Role
to Users
2. AUTHORIZATION
Reporting User: Authorization for End User
o S_RS_AUTH:
o Insert here the Analysis Authorization you customize in Rsecadmin.
o Allow right on IO marked as 'authorization relevant' (Data)
o S_RS_COMP : Query Accessibility
o Activity: 01 (Create or generate), 02 (Change), 03 (Display), 06 (Delete), 16 (Execute),
22 (Enter, Include, Assign)
o InfoArea: '*'
o InfoCube: <Selected infoprovider>
o Name (ID) of a reporting component: <Selected query>
o Type of a reporting component: CKF (Calculated key figure), QVW (Query View), REP
(Query), RKF (Restricted key figure), SOB (Selection object, New object !!!), STR
(Template structure), VAR (Variable)
o S_RS_COMP1 : Query for specific users
o S_RS_FOLD ( Hide 'Folder' Pushbutton): 'False' or 'True'
o S_USER_AGR: Role Name
S_RS_BITM : !!! NEW !!!
S_RS_BTMP : !!! NEW !!!
Developper
o S_DEVELOP
o S_RO_BCTRA in ECC side for activate (remote) Datasource
o S_RS_BC
o S_RS_BCS
o S_GUI
o S_RS_DS: Authorizations for working with the DataSource or its sub-objects (as of SAP
NetWeaver 2004s)
o S_RS_ISNEW: Authorizations for working with new InfoSources or their subobjects (as
of SAP NetWeaver 2004s)
o S_RS_DTP: Authorizations for working with the data transfer process and its subobjects
o S_RS_TR: Authorizations for working with transformation rules and their subobjects
o S_RS_CTT: Authorizations for working with currency translation types
o S_RS_UOM: Authorizations for working with quantity conversion types
o S_RS_THJT: Authorizations for working with key date derivation types
o S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings
o S_RS_RST: Authorization object for the RS trace tool
o S_RS_PC: Authorizations for working with process chains
o S_RS_OHDEST: Open Hub Destination
o S_RS_DAS: Authorizations for working with Data Access Services
o S_RS_BTMP: Authorizations for working with BEx Web templates
o S_RS_BEXTX: Authorizations for the maintenance of BEx texts Authorization objects for
the administration of analysis authorizations
o S_RSEC: Authorization for assignment and administration of analysis authorizations
o S_RS_AUTH: Authorization object to include analysis authorizations in roles
o S_RS_ADMWB: Changed Authorization Objects (Data Warehousing Workbench:
Objects)
General
Role (pfcg)
4. TECHNICAL
Tables
o RSEC_AUTHORITY_CHECK_IPROV
o RSEC_AUTH_GET_IOBJ_RELEVANT
o RSEC_CHECK_IPROV
o RSEC_CHECK_VALIDITY
o RSEC_COMPLETE_HIERAUTH
o RSEC_GET_AUTH_FOR_USER
o RSEC_GET_AUTH_HIER_FOR_USER
o RSEC_ASSIGN_AUTHS_TO_USERS
o RSEC_GET_ALL_GENERATED_AUTHS
o RSEC_READ_ODS_HIER
o RSEC_READ_ODS_USER_AUTH
o RSEC_READ_ODS_VAL
o RSEC_AUTHORIZATIONS_OF_USER
o RSEC_GET_AUTH_FOR_USER_RFC
Authority check
Here some links: