07-01-2011 8:48 PM
HI,
We built a datastore object which gets data from two R3 systems. Even master data is loaded from both source systems and compounded with source system. We want to build a security model where each company cannot access other companyu2019s data. For that we built an authorization object with source system ID and created three separate roles. ( one for company A, one for company B and the other for all).
While building queries, if source system ID is not there in the query, it brings the data of both companies. We would like to model in such a way that other company cannot/should not see the data.
Can any one suggest a better security model for this scenario.
Thanks in advance.
Tony
07-01-2011 9:02 PM
Hi Tony,
I've done this in the past by using data elements which are far more likely to be in most reports e.g. Company Code, Plant. Assuming that you have different Comp Code, Plant, Sales Org naming in the different systems, then this should be very straightforward to achieve
07-01-2011 9:02 PM
Hi Tony,
I've done this in the past by using data elements which are far more likely to be in most reports e.g. Company Code, Plant. Assuming that you have different Comp Code, Plant, Sales Org naming in the different systems, then this should be very straightforward to achieve
07-01-2011 10:43 PM
Hi Alex,
Appreciate your answer. Can you be please elaborate on Data elements. At the moment I am clueless where/what to start.
Thanks,
Tony
07-04-2011 7:46 AM
Hi Tony,
What I mean by data elements is things like company code, plant, sales org, etc. If you are pulling in data from 2 separate systems then these will be key bits of data which will be reported on. You can then do as Raghu has suggested and base your restrictions against them, assuming that that they are different (i.e. the naming convention for company code is not the same in your 2 source systems).
You can still have the concept of company1 role, company2 role and combined role, you just list the restriction elements in each role that will give you the segregation of data visibility.
07-05-2011 7:03 PM
@ Raghu. We have upgraded technically from 3.5 to 7.0 recently. We have not yet changed to analysis authorization concept. we are planning to do so in once functional upgrade is done.
07-05-2011 7:07 PM
@ Alex
Yes..your answer was helpful. we can create a new authorization objects for the key chars like company code, plant etc.
Thanks much
07-02-2011 8:53 AM
Hi,
Why are you not looking at Analysis authorizations? It is pretty easy to manage/restrict authorizations to users. All you have to do is to identify the infoobjects and make them authorization relevant. The same applies to key figures too.
This is the best approach and also helps you to easily manage the authorizations.
Regards,
Raghu