- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
BI Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2009 4:24 PM
Hello Everone,
I am implementing BI security for a project where they want me to restrict around 100 queries by cost center and company code. I have created analysis authorizations based on 0COMP_CODE and 0COST_CENTER and assigned the values and aggregate authorizations to it. And given * authorization to info provider and made sure those objects are marked authorization relevant. Created roles based on those auth objects and assigned users to those roles. I have verified a few queries and found that the variables used in the query are not marked as authorization relevant, since security was not thought out when the queries are designed. I was able to implement restrictions to queries designed recently. My question is, can I implement security for queries designed with out keeping security in mind and expect it to work with all the required authorization restrictions I am trying to provide now. Is there anything a developer has to incorportae during query design that would overceed my authorizations? My developer does not seem to know that and thinks there is something wrong in my security set up, though I am confident that my set up is perfect and restrictions are working fine fand they are working for other queries that incorporated security during design.
Any help is much appreciated. Thanks in advance.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2009 5:57 AM
Hi,
In query design, querires should be restrcited too. Please check for company code and cost ctr charctestics in query then add variable " processing by authorization". Your BI developer need to do this.
Then once end user runs this query, system will check for company code and cost ctr values which is present in analysis authorization role.
Hope it helps.
Best Regards
Imran
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-31-2009 5:57 AM
Hi,
In query design, querires should be restrcited too. Please check for company code and cost ctr charctestics in query then add variable " processing by authorization". Your BI developer need to do this.
Then once end user runs this query, system will check for company code and cost ctr values which is present in analysis authorization role.
Hope it helps.
Best Regards
Imran
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2009 9:30 AM
Hello Manish,
I agree with Imran. But the system will not allow you or the BI developers to change the processing type of an already created variable which is getting used in your existing queries.Another foolproof option which you have is you can as the BI developers to make the necessary variables input value as MANDATORY.
When you will make those variables as mandatory the user will have to enter the values and system would automatically check for the available authorisations in the user master. Business can be skeptical of making the variables mandatory. Please follow the appropriate business approval process before making the varaibles mandatory.
Other option which you have is to ask your developer to create a new variable with appropriate characteristics and replace them in the existing queries as per the requirment. This would also definetly work.
Hope this helps. Let us know if you continue to face the problem.
Best Regds,
Suyog..
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2009 10:22 PM
Thank you both. I would have to agree with Suyog, because, the qurey is not behaving by the analysis authorizations given.Let's say I restrict a user to see only European company code data ( 2000X), and not North American company code data (1000X), user still see 1000X and 2000X. I am wondering there is something in the query that over rides my authorization and my developer is not ready to accept this. He thinks there is something wrong in my security set up. I even pointed out to him that 0COMP_CODE was not made processing by authorization. So, as you are saying if they made it after the fact, it would not work.....
Fool proofing the users and asking them to key in 200X in the variable input screen, does not work, because what if they type in 100X, they will see all the data, right?
So, the only choice is I have to go back to my developer and ask him to create a new variable and adjust teh query? How do I convince my developer?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2009 5:08 AM
Hi Manish,
In query designer(developement or test system, where data available), create new query(for ex. Test_manish) which is copied from main query.
Now in test_manish query, you add auth. variable as required.Then run this test query and show result to Developer.
This is how I convience every time to our BI developer...
Best Regards
Imran
Edited by: Imran Mulani on Nov 3, 2009 6:08 AM
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2009 6:20 AM
Hello Manish,
Even I would agree with Imran. This would be the best way to convince your developer. More than the developer, please also take the appropriate business approval and then go ahead.
Let us know if you continue to face any problem.
Best Regds,
Suyog..
- SAP Managed Tags:
- Security
