Start of Content Area

Procedure documentation Assigning Authorizations to Users  Locate the document in its SAP Library structure

Use

Before an authorization for an activity can be checked, it has to be assigned to one or more users.

Prerequisites

You have authorizations for authorization object S_RSEC. You have already created or generated an authorization.

Procedure

You have two options for assigning an authorization to a user:

Directly Assigning an Authorization to a User

       1.      On the SAP Easy Access screen, choose Business Explorer Management of Analysis Authorizations.

       2.      On the User tab page, choose Analysis Authorizations Assignment.

       3.      Select a user and choose This graphic is explained in the accompanying text Edit.

       4.      You have two options:

       Under Authorization Selections, choose one or more previously created authorizations. Using Insert, you can add the authorization to the list of assigned authorizations.

       Using This graphic is explained in the accompanying text Node, you can select nodes for a hierarchy that you created previously for characteristic 0TCTAUTH in hierarchy maintenance. The authorizations are available as virtual master data for characteristic 0TCTAUTH and can be grouped hierarchically to create thematic arrangements.

Note

The authorizations that were just inserted are selected. This allows you to undo incorrect entries immediately.

       5.      Save your entries.

Assigning an Authorization Using Profiles

The analysis authorizations can be (but do not have to be) assigned using roles. To assign an authorization to a user, it is sufficient to proceed as described above.

Alternatively, authorizations can also be assigned using profiles for authorization object S_RS_AUTH, the entries of which are analysis authorization names. In this way, you can also use roles to assign authorizations to a user; you can do this in general role maintenance and in general user maintenance in SAP NetWeaver.

The input help in the role maintenance for this authorization object provides all existing, defined BI analysis authorizations.

Mixed scenarios, that is, assignments from roles in addition to directly assigned authorizations, are also possible.

Special Authorization for Everything: 0BI_ALL

An authorization for all values of all authorization-relevant characteristics is created automatically in the system. This authorization is automatically assigned the name 0BI_ALL. It can be viewed, but not changed. Every user that receives this authorization can access all the data at any time. Each time an InfoObject is activated and the Authorization-Relevant property has changed for the characteristic or a navigation attribute, 0BI_ALL is adjusted. A user who has a profile with the authorization object S_RS_AUTH and has entered 0BI_ALL there (or has included it, for example, using an asterisk (*)), has complete access to all data.

Note

Using this authorization is the easiest way to grant authorization for everything. For example, you can adjust standard profiles for certain user groups.

Result

On the Manual/Generated tab page, the manually created and generated authorizations in this transaction are displayed for this user. They are differentiated using icons.

On the From Roles/Profiles tab page, the authorizations for this user that originate from roles are displayed. They cannot be changed here. You can create this type of authorization in role maintenance.

 

End of Content Area