cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multi-dimensional analysis authorizations in BI 7

Go to solution
Former Member

on ‎10-15-2008 4:51 PM

0 Kudos

Hello,

I have an issue in figuring out the approach with my below scenario. I have checked notes 668520 but doesn't help.

Authorization 1 :

0Country - UK, USA

0 Material - *

Authorization 2 :

0Country - *

0Material - material a, material b

When I assign above two authorizations to a role(and then to a user), the user is now able to see all data which is not what I wanted. I just wanted them to see all of UK and USA AND all of material a and material b.

The way I interpreted is, its marking '*' against 0Country and 0Material (this is what the issue highlighted in note 668520 and 557924)

I couldn't find any solution from the suggested notes. I assume there must be a standard way for these sorts of scenarios.

Please advise.

Many thanks

Shanthi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-15-2008 5:07 PM
0 Kudos

Hi there,

That's nothing wrong, it's just the way the standard works.

The new Analysis Authorization is based on union for the same InfoProvider, therefore:

Authorization 1 :

0Country - UK, USA

0 Material - *

0tcaiprov - xpto

Authorization 2 :

0Country - *

0Material - material a, material b

0tcaiprov - xpto

If you assign the two roles for the user, and he/she executes the query built on InfoProvider xpto, then the user is able to see the union of both authorizations, therefore, UK, USA united with * gives all values and * united with material a, material b gives all values for material also, therefore all values for both InfoObjects in the same InfoProvider.

If you want to separate authorizations this is only relevant for different InfoProviders, for example:

Authorization 1 :

0Country - UK, USA

0 Material - *

0tcaiprov - xpto

Authorization 2 :

0Country - *

0Material - material a, material b

0tcaiprov - zzzz

In this case the user is authorized when executing a query over InfoProvider xpto to only the values UK, USA and all the material; and if the user executes a query over InfoProvider zzzz is authorized only to the values for all countries and for material a and material b.

If you want to have the authorizations you mentioned, then you should build only one authorization and assign

it to the user with the following values:

Authorization 2 :

0Country - UK, USA

0Material - material a, material b

0tcaiprov - (any which will be executed the query)

Diogo.

Show replies
Show replies
Former Member
‎10-16-2008 1:45 PM
0 Kudos

Hi Diogo,

Thanks for the reply. I did understand the standard analysis authorization concept. What I am after is the

workaround to implement my scenario. As you suggested, I can't implement a third authorization comibing the initial two. You have suggested :

Authorization 2 :

0Country - UK, USA

0Material - material a, material b

0tcaiprov - (any which will be executed the query)

This won't solve because this only gives me data for UK, USA specific to material a and material b.

Whereas I want,

-user should be able to see all the data for UK and USA(authorisatin 1) AND all the data for material a and material b(authorization 2).

Please advise.

Many thanks

Shanthi.

Former Member
‎10-16-2008 2:52 PM
0 Kudos

Hi there,

Ok, you could try to remove the * from both authorizations and therefore created two authorizations like this:

Authorization 1 :

0Country - UK, USA

0tcaiprov - (any which will be executed the query)

Authorization 2 :

0Material - material a, material b

0tcaiprov - (any which will be executed the query)

Therefore you still unify both queries, but I'm not sure if this won't be just like the second authorization that I mentioned before.

So what I'm understanding is that you want everything that is built on UK, and USA that is independent on the material and want everything from material a and b, independent of what country they are. So how are you manage to insert in the initial query?

I.e., if the user inserts UK and/or USA in the country in the query, than he/she should be able to see all the materials, and if the user inserts material a and/or b in the query, than he/she should be able to see all the countries right?

If so, you could manage this with exit variables reading authorization values from the user instead of restricting by authorizations, like this:

country:

variable x (ready for input and exit variable);

material:

variable y (ready for input and exit variable);

have a table in the system that by an user gives you the countries and materials he/she can have.

Now you check in user exit this:

If variable x not initial check system table by user and see if the countries are right, if not error message; If variable x is initial then read system table by user and append to the variable x the country(ies) the user is assigned.

Do the same for variable y:

If variable y not initial check system table by user and see if the materials are right, if not error message; If variable y is initial then read system table by user and append to the variable y the materials the user is assigned.

Diogo.

Answers (3)

Answers (3)

Former Member
‎10-29-2008 7:20 PM
0 Kudos

Does anyone know the "previous solution" referred to in the statement "You can manage that with my previous solution based on exit variables and database created table."?

Show replies
Show replies
Private_Member_101989
Contributor
‎11-03-2008 6:37 PM
0 Kudos

Hello,

The previous solution is the 6 post of this thread.

Regards,

Jorge Diogo

Former Member
‎10-16-2008 4:08 PM
0 Kudos

Great Diogo!, I think that this can help to Shanthi....

Edited by: Luis Benavides on Oct 16, 2008 5:08 PM

Show replies
Show replies
Former Member
‎10-17-2008 3:45 PM
0 Kudos

Hi Diogo,

Thanks for the effort. With your two solutions, we only get material a and material b from only UK and USA which is not my requirement.

What we are after is user should be able to see all the data for countries UK and USA(not dependant on materials) and all the data for materials a and b(not dependant on country)

Many thanks

Shanthi

Former Member
‎10-17-2008 4:29 PM
0 Kudos

Hi there,

You can manage that with my previous solution based on exit variables and database created table.

Diogo.

Former Member
‎10-16-2008 2:03 PM
0 Kudos

Dear Shanthi,

I'll try to help you,

Regarding you question that you have from of faced of combining authorization, more information in the link below:

http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm

I hope this answer could be help you.

Luis

Show replies
Show replies
Former Member
‎10-16-2008 2:47 PM
0 Kudos

Hi,

Thanks for the reply. I have seen this before. All I need is a workaround that someone has implemented.

Please note that I am using only one infoprovider for all the data.

Many thanks

Shanthi.

Ask a Question