Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Another question on analysis authorizations

krysta_osborn
Active Participant
0 Kudos

Hi everybody!

We're trying to figure out a relatively straightforward way to secure people out of HR flavored data in BW. One option we're considering is analysis authorizations. I had high hopes of being able to exclude access to an infoarea, but it appears that that is not allowed.

Is that true? Are you only able to include infoareas? I'm trying to use characteristic 0TCTIFAREA for this and am finding that the only option I get is to include ... not so much on the exclude.

Thanks!

Krysta

4 REPLIES 4

Former Member
0 Kudos

Hi,

You can rather restrict at role level via auth object S_RS_COMP and S_RS_COMP1 (for author specific access). Field RSINFOAREA is the one you require to put the restriction. Corresponding Analysis authorizations can be restricted starting from Infoproviders and other auth relevant characteristics/key figures.

Thanks

Sandipan

krysta_osborn
Active Participant
0 Kudos

Hi Sandipan,

Thanks for your response. We do currently restrict on infoarea in the role. However, it has the same problem as what I was trying to solve by using analysis auths. You can't EXCLUDE values. You have to specifically list what the user can see vs. what they can't see.

It appears that for certain characteristics - infoprovider, infoarea, etc. - the analysis auths are coded not to allow you to exclude values. They only allow you to include values. Boo!!

Regards,

Krysta

0 Kudos

Hi Krysta,

I suppose you can maintain range of values with wildcard for infoarea field in S_RS_COMP so as to exclude the infoarea you want (although this could become a maintainence nightmare later on).

Alternately, if you are in design phase, I would suggest proper naming convention to be followed for queries and then restrict based on query naming convention via S_RS_COMP.

Thanks

Sandipan

krysta_osborn
Active Participant
0 Kudos

We are WAY past the design phase. : )

I guess we just need to pick which option we like better - restricting via the role or analysis auth - since neither one appears to be easier than the other from a maintenance standpoint .

Thanks again for your help!

Krysta