Question:
I have browsed through the userforums and seen that many have had the same problem as I. But have not been able to solve my problem.
I want to create a role with authorization to only see workbooks. I don't want the users to be able to open queries at all.
I have put in several of the objects suggested in other messages (S_RS_COMP, S_BDS_D, S_BDS_DS, S_RS_ICUBE) restriced to display, but it doesn't seem to help.
Can anyone help me with a list of minimum of authorization objects I need to do this?
We are on 2.1c
Best Regards,
Per Olav
Answer:
the objects you need are:
S_RFC
S_TCODE
S_USER_AGR with ACTVT 03; ACT_GROUP <name of the role>
S_BDS_DS
S_RS_COMP
S_RS_ICUBE
not sure what exactly you wish to accomplish
cheers,
El Belgio
Answer:
You have to specify InfoArea, InfoCube, etc. Put a * if you want to enable access to all areas and all infocubes.
_________________
Keep smiling
Answer:
Thanks for the list.
Let me rephrase the question: The role should be able to open and save workbooks, but not be able to change queries. So I am not sure which values the objects S_BDS_DS, S_RS_COMP and S_RS_ICUBE should have?
I have not been able to find documentation for these objects, so if I don't know what the activities does.
So there is two questions:
1: Where can I find documentation for BW auth. objects, so I am able to help myself?
2: Which activities must the role have for the objects
S_BDS_DS
S_RS_COMP
S_RS_ICUBE
so it is able to open and save workbooks, but no access to queries at all.
Best regards,
Per Olav
Answer:
1: Where can I find documentation for BW auth. objects, so I am able to help myself?
I believe I got all the information I know from OSS...
2: Which activities must the role have for the objects
S_BDS_DS
S_RS_COMP
S_RS_ICUBE
S_BDS_DS
ACTVT 01, 02, 03, 30
CLASSNAME BW_*
CLASSTYPE OT
S_RS_COMP
ACTVT 16
RSINFOAREA <your InfoArea>
RSINFOCUBE <your InfoCube>
RSZCOMID <report ID(s)>
RSZCOMPTP REP
S_RS_ICUBE
ACTVT 03
RSICUBEOBJ DATA
RSINFOAREA <your InfoArea>
RSINFOCUBE <your InfoCube>
cheers,
El Belgio
Answer:
The authorizations you described works perfect! Thank you.
Answer:
Is it possible to create a authorization object where the user can create new queries and only update these (their own queries).
Best regards,
Per Olav
Answer:
This was discussed/debated at the Denver ASUG conference in 'birds of a feather' lunch hour, and the answer was no. I also remember this being a hot topic for the Q&A session of one of the Knowhow-network conference calls last year.
_________________
Keep smiling