on 04-10-2006 8:54 AM
Hi mates,
I intend to create a Role 'FINANCEONLY' where this role will only allow it`s user to view the InfoArea " Enterprise Controlling - 0ECPCA" belonging to Finance only and not other InfoArea's like HR and so forth.
The following are the Authorization Objects and it`s settings which I have implied :-
S_RS_COMP
Activity : 03,16
InfoArea : 0ECPCA
InfoCube : 0PCA_C01
Name : *
Type : *
Activity : 03,16
InfoArea : 0ECPCA
InfoCube : 0PCA_C01
Name : *
Type : *
However, the other InfoArea's still appears and this authorisation still allows the execution of queries from other InfoArea's
Please advice promptly mates!
Hi John,
occurs to me that there is a competing role with Object INFOArea '*' somewhere as well.
Check the objects for InfoCubes, ODS and so on. I assume that one of the basic settings contain an '*' and overrules your settings.
Perform a Trace or else check the roles assigned to your test-user.
Please let me know the result.
Cheers
Sven
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The following are the Profile's assigned to my 'OnlyFinance' User
SAP_NEW : New authorization checks
SAP_NEW_40C : New developments for Release 4.0C from HR and Logistics
S_BI-WHM_RFC : Business Information Warehouse, RFC user in the Warehouse
T-BD620049 : Profile for role ONLYFINANCE
This user contains only a Single Role 'ONLYFINANCE'
====================================================
Now, to ease things, I have only a SINGLE Authorisation Object
<b>S_RS_COMP</b> with the following settings
Activity : 03,16
InfoArea : 0ECPCA
InfoCube : 0PCA_C01
Name : *
Type : *
Activity : 03,16
InfoArea : 0ECPCA
InfoCube : 0PCA_C01
Name : *
Type : *
================================================
Although, this works! WHAT I ACTUALLY need is this 'ONLYFINANCE' user should only be able to Display(03)/Execute(06) Queries from <b>InfoArea 0ECPCA</b> and <b>InfoCube 0PCA_C01</b>
This 'ONLYFINANCE' user should NOT be able to Display/Execute queries from other InfoAreas or InfoCubes, but this is clearly not happening
I would really really appreciate some urgent help on this mates !
Thanking everyone in advance !
Message was edited by: John Mcluskey
Hello John,
You are defining what users can do but not what users can not do, Try doing it other way around.
I suppose You need to look into S_RS_ICUBE as well.
Go to PFCG
insert the name of your Role
Go to Authorisation Tab and Click "Display authorisation Data"
Go to S_RS_COMP , S_RS_COMP1 and S_RS_ICUBE
Change it accordingly.
San.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
Thanks for "user comparison" note! I will use it each time I exercise some restriction now in PFCG
But, Anil I still don`t think I`m doing it rite !
Because, what I seem to be doing is telling the system to only restrict 'Execute and Display' for Queries belonging to InfoArea 0ECPCA and InfoCube 0PCA_C01
BUT, I`m not telling the system to BLOCK AUTHORIZATION for other InfoArea's or other Infocubes
Please explain how can I achieve this ?
P/S: The intention for this role is simply to block the user to build queries from OTHER InfoAreas apart from Financial ones. Please advice if you have a better approach to achieving this ?
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.