on 10-15-2008 4:51 PM
Hello,
I have an issue in figuring out the approach with my below scenario. I have checked notes 668520 but doesn't help.
Authorization 1 :
0Country - UK, USA
0 Material - *
Authorization 2 :
0Country - *
0Material - material a, material b
When I assign above two authorizations to a role(and then to a user), the user is now able to see all data which is not what I wanted. I just wanted them to see all of UK and USA AND all of material a and material b.
The way I interpreted is, its marking '*' against 0Country and 0Material (this is what the issue highlighted in note 668520 and 557924)
I couldn't find any solution from the suggested notes. I assume there must be a standard way for these sorts of scenarios.
Please advise.
Many thanks
Shanthi
Hi there,
That's nothing wrong, it's just the way the standard works.
The new Analysis Authorization is based on union for the same InfoProvider, therefore:
Authorization 1 :
0Country - UK, USA
0 Material - *
0tcaiprov - xpto
Authorization 2 :
0Country - *
0Material - material a, material b
0tcaiprov - xpto
If you assign the two roles for the user, and he/she executes the query built on InfoProvider xpto, then the user is able to see the union of both authorizations, therefore, UK, USA united with * gives all values and * united with material a, material b gives all values for material also, therefore all values for both InfoObjects in the same InfoProvider.
If you want to separate authorizations this is only relevant for different InfoProviders, for example:
Authorization 1 :
0Country - UK, USA
0 Material - *
0tcaiprov - xpto
Authorization 2 :
0Country - *
0Material - material a, material b
0tcaiprov - zzzz
In this case the user is authorized when executing a query over InfoProvider xpto to only the values UK, USA and all the material; and if the user executes a query over InfoProvider zzzz is authorized only to the values for all countries and for material a and material b.
If you want to have the authorizations you mentioned, then you should build only one authorization and assign
it to the user with the following values:
Authorization 2 :
0Country - UK, USA
0Material - material a, material b
0tcaiprov - (any which will be executed the query)
Diogo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Diogo,
Thanks for the reply. I did understand the standard analysis authorization concept. What I am after is the
workaround to implement my scenario. As you suggested, I can't implement a third authorization comibing the initial two. You have suggested :
Authorization 2 :
0Country - UK, USA
0Material - material a, material b
0tcaiprov - (any which will be executed the query)
This won't solve because this only gives me data for UK, USA specific to material a and material b.
Whereas I want,
-user should be able to see all the data for UK and USA(authorisatin 1) AND all the data for material a and material b(authorization 2).
Please advise.
Many thanks
Shanthi.
Hi there,
Ok, you could try to remove the * from both authorizations and therefore created two authorizations like this:
Authorization 1 :
0Country - UK, USA
0tcaiprov - (any which will be executed the query)
Authorization 2 :
0Material - material a, material b
0tcaiprov - (any which will be executed the query)
Therefore you still unify both queries, but I'm not sure if this won't be just like the second authorization that I mentioned before.
So what I'm understanding is that you want everything that is built on UK, and USA that is independent on the material and want everything from material a and b, independent of what country they are. So how are you manage to insert in the initial query?
I.e., if the user inserts UK and/or USA in the country in the query, than he/she should be able to see all the materials, and if the user inserts material a and/or b in the query, than he/she should be able to see all the countries right?
If so, you could manage this with exit variables reading authorization values from the user instead of restricting by authorizations, like this:
country:
variable x (ready for input and exit variable);
material:
variable y (ready for input and exit variable);
have a table in the system that by an user gives you the countries and materials he/she can have.
Now you check in user exit this:
If variable x not initial check system table by user and see if the countries are right, if not error message; If variable x is initial then read system table by user and append to the variable x the country(ies) the user is assigned.
Do the same for variable y:
If variable y not initial check system table by user and see if the materials are right, if not error message; If variable y is initial then read system table by user and append to the variable y the materials the user is assigned.
Diogo.
Does anyone know the "previous solution" referred to in the statement "You can manage that with my previous solution based on exit variables and database created table."?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great Diogo!, I think that this can help to Shanthi....
Edited by: Luis Benavides on Oct 16, 2008 5:08 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Diogo,
Thanks for the effort. With your two solutions, we only get material a and material b from only UK and USA which is not my requirement.
What we are after is user should be able to see all the data for countries UK and USA(not dependant on materials) and all the data for materials a and b(not dependant on country)
Many thanks
Shanthi
Dear Shanthi,
I'll try to help you,
Regarding you question that you have from of faced of combining authorization, more information in the link below:
http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
I hope this answer could be help you.
Luis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.