Show TOC

Assigning Authorizations to UsersLocate this document in the navigation structure


Before an authorization for an activity can be checked, it has to be assigned to one or more users.


You are authorized to use the authorization object S_RSEC. You have already created an authorization.


There are two ways of assigning an authorization to a user:

Assigning an Authorization to a User Directly

  1. Open the SAP Easy Access menu and choose Start of the navigation path Business Explorer Next navigation step Manage Analysis Authorizations End of the navigation path.

  2. Select the User tab and under Start of the navigation path Analysis Authorizations Next navigation step Assignment End of the navigation path.

  3. Select a user and choose Edit.

  4. You have two options:

    • Under Authorization Selections, choose one or more previously created authorizations. Using Insert, you can add the authorization to the list of assigned authorizations.

    • Choose Node to select nodes for a hierarchy that you created previously for characteristic 0TCTAUTH in hierarchy maintenance. The authorizations are available as virtual master data for characteristic 0TCTAUTH and can be grouped hierarchically to create thematic arrangements.


      The inserted authorizations are selected. This allows you to undo incorrect entries immediately.

  5. Save your entries.

Assigning an Authorization using Profiles

Analysis authorizations can be assigned using roles. However the use of roles is not mandatory. To assign an authorization to a user, it is sufficient to proceed as described above.

Alternatively you can using the authorization object S_RS_AUTH to assign authorizations. The entries in this object are analysis authorization names. This means you can use roles (general role maintenance and general SAP NetWeaver user maintenance) to assign authorizations to a user.

The input help for this authorization object in role maintenance contains all the defined BI analysis authorizations.

Mixed scenarios, in other words, assignments from roles in addition to directly assigned authorizations, are also possible.

Special Authorization for Everything: 0BI_ALL

An authorization for all values of all authorization-relevant characteristics is created automatically in the system. This authorization has the name 0BI_ALL. It can be displayed but not changed. Every user with this authorization can access all the data at any time. Each time an InfoObject is activated and the Authorization-Relevant property has changed for the characteristic or a navigation attribute, 0BI_ALL is adjusted. If this automatic adjustment does not always work, you can perform the adjustment manually. On the administration of analysis authorizations screen, choose Start of the navigation path Extras Next navigation step Update Authorization 0BI_ALL. End of the navigation path

Every user who has a profile containing the authorization object S_RS_AUTH and who has entered 0BI_ALL (or has included it using an asterisk (*), for example), has complete access to all data.


This authorization is the simplest way to assign authorization for everything to a user. It is very useful for modifying standard profiles for specific user groups.


On the Manual/Generated tab page, the manually created authorizations in this transaction are displayed for this user. Icons are used to distinguish between the different authorizations.

On the From Roles/Profiles tab page, the authorizations for this user that originate from roles are displayed. They cannot be changed. You can create authorizations of this type on the role maintenance screen.