Symptom
User is not authorized to see any data that should have access when using Remote Data Access Control (DAC) with SAP BW/4HANA.
Environment
SAP Datasphere
Reproducing the Issue
- In Datasphere, import SAP BW∕4HANA Analysis Authorizations by following:
- SAP Help Portal Documentation: Import SAP BW and SAP BW∕4HANA Analysis Authorizations
- SAP Community Blog: Introducing Remote Authorizations from SAP BW/4HANA for SAP Datasphere
- Open the generated Permission Script (<table>_P) or Protected View (<table>_V)
- Preview it
=> No data shows which should have
Cause
In Datasphere, go to Data Builder > Data Access Controls, edit or create a new DAC, text message above the Identifier column selection saying "The permissions entity must include an identifier column providing user IDs recognized by your identity provider formed as follows: <BWUSERID>", but "USERIDENTIFIER" is email not BWUSERID. This means SAP Datasphere's User IDs are not defined as e-mails but BWUSERID.
Resolution
According to SAP Note 3062381 - Analysis authorization replication to SAP Data Warehouse Cloud :
If your SAP Data Warehouse Cloud User ID's are not defined as your key users' e-mails, then you must ensure that you implement BAdI RSDWC_DAC_RSEC_USER_UPDATE. In the BAdI implementation you shall fulfill the column "USERIDENTIFIER" with the user ID in Datasphere for the corresponding "BWUSER" in your BW/4 system.
Keywords
dwc, blank, missing, lost, block, no access , KBA , DS-SEC-DAC , Security – Data Access Control , Problem