After BW upgrading, the authorization way has changed a lot. Here are the changes:
- The following kind of perimeter roles ( for companies, plants, families, etc. ) will not be used any more.
Instead, security team will upload authorizations into DSO DPBWAU01 by excel.
The excel looks like:
User |
Info-object |
Value |
JLJI |
Company |
6526 |
JLJI |
Plant |
8160 |
And we can check user’s perimeters by checking table /BIC/ADPBWAU0100 in SE16.
2. The old way of checking authorization object by RSSM is no longer used. Instead, we use RSECADMIN to check.
3. We can also use RSECADMIN to “Execution as” a user’s account, and then check logs to troubleshoot.
+Important : before to do it, you have to add some breakpoint on the Class Builder (SE24) to change the actual user because if not the user tested it will be your and not the user entered (execution as)
After you can use the RSECADMIN
4. For some authorization objects ( Z_PS kind of things ), sometimes a dimension might be missing. For example, CPFCTR1_2 was missing for PS. Then when we troubleshoot with a user’s account, it prompts “No authorization” and in the log, it shows CPFCTR1_2 is empty. Then we add the dimensions in Z_PS and it’s ok.
5. For dimensions with [] as below, if they exist in a query, we need to add filters for them in the Query Designer. The filters can be one of the three kinds:
- User selection filters
- Authorization filters
- Customer exit filters
