SAP provides a completely new authorization trace though the RSECADMIN transaction to troubleshoot analysis authorizations. The error log button gets us to the authorization trace screen.
- Execute tcode RSECADMIN
- Select Analysis tab
- Execute as ...
Enter Username and check "with log"
4.
5.
Start Transaction
Enter query name
Execute
After you see the output, click back twice and view log
The trace first displays the name of the InfoProvider and the query name that the user executed. Next, we have a list of characteristics in the cube for which user has non full (*) access as these need to be checked at a more detail level. Lastly we have the authorization checks for these characteristics with non-full authorizations. It’s this section of the trace that’s typically the most helpful in troubleshooting authorization issues.