on 04-10-2006 10:51 PM
Hi!
We have implemented the BW/HR Structural Authorization. When run program rrsb_generate_authorizations to generate the authorizations. It's generating security for everyone, those that were defined on the R/3 side & those that are not being passed in from R/3 also. For those that are NOT being passed from R/3 the 0TCTAUTHH is generating a 1KYFNM with '*' as the value & 0TCTAUTHH for the 'Root_H'. Is there anyway to NOT generate the 1KYFNM?
If we have limited their security with other authorization objects, this is overriding that security & allowing them to see information they should not.
I have also noticed, even when this 0ORGUNITS authorization object is NOT turned on for a cube, it's being checked. Is there a way to turn that off?
Many thanks!
Jackie Zugg
Thank you Lauri for your response. Unfortunately, we could not eliminate them, they were suppose to have security for '' all Org units, just not all the key figures. In solving this, I did code in the start routine a process that checks the HR object type and if it's blank & the HR Object is also blank, change it to 'O' for the org unit. That way, we get the '' generated for the Org Unit but not the '*' for 1KYFNM.
LOOP AT DATA_PACKAGE.
IF DATA_PACKAGE-HR_OTYOBJ IS INITIAL.
IF DATA_PACKAGE-HR_OBJTYPE = ' '.
DATA_PACKAGE-HR_OBJTYPE = 'O'.
MODIFY DATA_PACKAGE.
CONTINUE.
ENDIF.
ENDIF.
ENDLOOP.
Thanks again for your response!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just some additional information.
The authorization object I created is ZORGUNITS, it contains: 0ORGUNITS & 0TCTAUTHH.
We are filling both ODS's with data: 0PA_DS02 & 0PA_DS03.
When the Authorization object is generated it looks like the following:
ZORGUNITS
RSR_00009999
0ORGUNIT
From *
To ___
0TCTAUTHH
1KYFNM
From *
To ___
0TCTAUTHH
From ROOT_H ORGEH/99991231/000/0ORGUNIT
When the user has a profile associated to them on the R/3 side & it's brought over, it looks like the following:
ZORGUNITS
RSR_00009999
0ORGUNIT
From 10026650
To ___
0TCTAUTHH
0TCTAUTHH
From 10026650
Is there any place I can look for documentation on how object 0TCTAUTHH is generated differently?
Thanks again!
Jackie Zugg
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jackie,
We ran into the same problem in our implementation: All the user-id's from R/3 were extracted to BW if there was the same use-id in bw and they got * authorisations unless there were existing structural authorisations in R/3.
Those user-id's, which don't have any structural authorisations in R/3 will get * authorisations, because in the standard bc update rules system checks, if the are no values, then * is substituted.
Example: (Update for 0TCTLOW)
if COMM_STRUCTURE-HR_OTYOBJ is initial.
RESULT = '*'. " authorizations for all objects of this type
else.
RESULT = COMM_STRUCTURE-HR_OTYOBJ.
endif.
What we did, we created a start routine, which eliminated all the user-id's that did not have a value for HR_OTYOBJ with the following code:
delete DATA_PACKAGE where HR_OTYOBJ is initial.
For us this worked well for both ODS extractions.
Regards,
Lauri
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.