Entering content frame

Procedure documentation Assigning Authorization to a User Locate the document in its SAP Library structure

Use

Before an authorization for an activity can be checked, it has to be assigned to one or more users.

Prerequisites

You have authorizations for authorization object S_RSEC. You have already created or generated an authorization.

Procedure

You have two options for assigning an authorization to a user:

Direct Assignment of an Authorization to a User

       1.      In the SAP Easy Access menu, choose Business Explorer ® Management of Analysis Authorizations.

       2.      On the User tab page, choose Analysis Authorizations ® Assignment.

       3.      Select an iView and choose This graphic is explained in the accompanying text Edit.

       4.      You have two options:

¡        Under Authorization Selections, choose one or more previously created authorizations. With Insert you can add the authorization to the list of assigned authorizations.

¡        With This graphic is explained in the accompanying text Node, can select nodes for a hierarchy that you created previously for the characteristic 0TCTAUTH in hierarchy maintenance. The authorizations are available as virtual master data for the characteristic 0TCTAUTH and can be grouped hierarchically in order to create thematic arrangements.

Note

The authorizations that were just inserted are marked. This allows you to undo incorrect entries immediately.

       5.      Save your entries.

Assigning an Authorization Using Profiles

The analysis authorizations can be (but do not have to be) assigned by roles. To assign an authorization to a user, it is sufficient to proceed as described above.

As an alternative, authorizations can also be assigned using profiles for the authorization object S_RS_AUTH, the entries of which are analysis authorization names. In this way, you can assign authorizations to a user using roles as well using the general role maintenance and the general user maintenance for SAP NetWeaver.

The input help in the role maintenance for this authorization object provides all existing, defined BI analysis authorizations.

Mixed scenarios, which mean assignments from roles in addition to the directly assigned authorizations, are also possible.

Special Authorization for Everything: 0BI_ALL

An authorization for all values of all authorization-relevant characteristics is created automatically in the system. It has the name 0BI_ALL. It can be viewed, but not changed. Every user that receives this authorization can access all the data at any time. Each time an InfoObject is activated and the property authorization relevant is changed for the characteristic or a navigation attribute, 0BI_ALL is changed. A user that has a profile with the authorization object S_RS_AUTH and has entered 0BI_ALL there (or has included it, for example with the pattern *) has complete access to all data.

Note

This authorization is the simplest way for you to assign authorization for everything. It does make sense to change standard profiles for specific user groups.

Result

On the Manual/Generated tab page, you see the manually created and generate authorizations in this transaction for this user. They are differentiated with icons.

On the From Roles/Profiles tab page, the authorizations for this user that originate from roles are displayed. They cannot be changed here. You can create this type of authorization in role maintenance.

 

Leaving content frame