I am doing field level security In BI reporting. Now, I have a scenario where customer is concerned about one Query which has to follow field level security. Rest of the Queries on that cube can be viewed by everyone. I have enabled country key as authorization relevant and country key is part of all queries under the cube.
My question is will country key restrict only one report which I want or all the queries under the infoprovider.
How should I implement this scenario ?
and are these steps which I am following is correct
1- change required characteristics as authorization relevant.
2-create authorization and assign required values for authorization object in it.
3- assign authorization to role and user.
4- filter query with authorization variable of the authorization object.
Luis Benavides Andrade replied
I'd like to try to give you an alternative for your question, before that, it is important to be clear that all reporting authorization systems are compound by Queries, InforProviders and characteristic relevant of authorization. You can manage execution's "queries" through the reporting roles where include S_RS_COMP authorization object. Other hand, you can manage value of each characteristic relevant of authorization through the analysis authorization wher inlude characteristic relevant of authorization by specific value. In both component you define what InfoProvider you need to display. To answer your question "My question is will country key restrict only one report which I want or all the queries under the infoprovider" the base of restric is in InfoProviders, in other word if the characteristic "Country" is relevant of authorization and it is in one o more InfoProvider, those of them need authorization to be show data. The first level of value restriction is in each characteristic relevan of authorizatin in InfoProviders. For this reason you need to do all of your step that you mention in your question, you need to create analysis authorization for specific value by "Country" and "InfoProviders" through standar characteristic that should be active from business content (0TCAACTVT, 0TCAIPROV, 0TCAVALID) and set up as relevant authorization and join to role or user. Also, you need to include in the each queries where be the characteristic relevan of authorization a authorization variable, as such as "Country". Other hand, you need to create a reporting role that give you authorization to execute BEx analyzer and queries. Each part compoud the authorization system.
I hope this suggestion join the rest can help you resolve your question