Generating Reporting Authorizations 

Use

With the generation of reporting authorizations, you can load authorized values from other systems into DataStore objects and generate authorizations from them.

In this way, necessary authorizations from the data for an application (for example, HR) can be generated so that users are able to see or not see the same data in the BI system as in the transactions of the application, even when the authorization concepts are different.

You can use the generation of authorizations to generate either single authorizations or mass authorizations.

Prerequisites

An extractor must be available for authorizations (up to now, for HR and Controlling).

For HR:

You must copy DataStore objects 0TCA_DS01 to 04 from the BI Content. These DataStore objects should be copied for each application for which you want a complete load. For more information about the BI Content objects, see BI Content → Human Resources → Organizational Management → DataStore Objects → Structural Authorizations – Hierarchy and Structural Authorizations – Values

For controlling:

A complete scenario is available. Transfer the BI Content objects: 0CO_OM_CCA_USER1 (DataSource and InfoSource), as well as the DataStore objects including update rules 0CCA_001, 0CCA_002, 0CCA_003.

Features

You can call this function from the reporting authorization maintenance routine at Authorizations → Generation of Authorizations (Transaction RSSM).

The DataStore objects for generating authorizations have an analogous structure to the authorizations and contain the following authorization values:

·        Authorization data (values) (0TCA_DS01)

·        Authorization data (hierarchy) (0TCA_DS02)

·        Description texts for authorizations (0TCA_DS03)

·        Assignment of authorization users (0TCA_DS04)

·        Generation of users for authorizations (0TCA_DS05)

You define from which DataStore objects profiles are to be generated for which authorization objects. You then load your authorization data into these. You can generate the authorizations under Authorizations → Generation of Authorizations in the transaction RSSM. The report RSSB_GENERATE_AUTHORIZATIONS starts or schedules generation.

The profiles generated in this way are deleted again when the next generation takes place. New profiles are then generated from the current data. A user for whom no new data is available loses his/her profile after this new generation.

Generating Single Authorizations:

Maintain the user in the DataStore object 0TCA_DS01. It is assigned to the user when the authorization is generated. It can be used for assigning authorizations that are very user specific.

Generating Mass Authorizations:

Leave the User key field empty in the DataStore object 0TCA_DS01 and generate the authorizations. A profile appears that can be assigned to any number of users. Its text contains the profile from the DataStore object 0TCA_DS03. You maintain the user in the DataStore object 0TCA_DS04. This generates your mass authorizations.

Deleting Authorizations:

If a data record with the user name ‘D_E_L_E_T_E’ is loaded into the DataStore object OTCA_DS01, the system first deletes the generated authorizations for all users (!) for the authorization object in the BI system. This usually only happens for users for whom data is available in the DataStore object. Afterwards, authorizations are generated using the data in the DataStore objects in the usual way.

Example

The following image illustrates the generation of authorizations from HR data already in the system.