04-26-2010 10:40 AM
Hi All,
If I give a : for a particular infoobject in an anlaysis authorisation and in another analysis authorisation the value of that same info object is * then will we have full authorisation or intersection where : will be effective and hence we will not get the detailed result.
Regards
Wajid
04-26-2010 3:36 PM
Hi Wajid,
As per my view systemwill check the restriction on aggrefation level first and then populate the report on aggregation level.
Better if you check this with test case.
04-26-2010 6:13 PM
Wajid,
Is the restrictions on the InfoObject for the same InfoProvider? If they are for the same InfoProvider but in different analysis authorizations they will merge and consolidate on run-time per SAP optimization. Additionally if the InfoObject is shared between MasterData objects it will have the same behavior. (ie 0ETHC_ORGIN used in 0EMPLOYEE and 0VENDOR) since its a shared master data object giving someone access to 0ETHC_ORGIN anywhere will grant access to both 0EMPLOYEE/0VENDOR if user has authorization to either.
Hope that helps or provide more details if still stuck.
Thanks.
Matt
05-14-2010 11:56 AM
Hi Wajid
It is indeed a interesting question as in R3 it access provided will be the intersection of two auth objects. However in BI it is the other way around.
If one Analysis Authrization(AA1) has a " : " for a particular infoobject and in another Analysis Authorisation(AA2) the value of that same info object is " * ". If both analysis authrization objects are assigned to the same user then user will be able to view the entire data for the Infoobject. I am already using a similar scenario which provides full access for the info object to the users.
Thanks.
Anjan
05-14-2010 12:39 PM
Hi Wajid,
This is the key difference in the earlier concepts of BW3.0 and BI . In BW, the authorization was provided as an "intersection" of Authorizations but in BI the union of the "authorizations" is provided .
Hope this helps.
Regards,
Manisha