Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Source System security Model

Go to solution
Former Member

‎07-01-2011 8:48 PM

0 Kudos

HI,

We built a datastore object which gets data from two R3 systems. Even master data is loaded from both source systems and compounded with source system. We want to build a security model where each company cannot access other companyu2019s data. For that we built an authorization object with source system ID and created three separate roles. ( one for company A, one for company B and the other for all).

While building queries, if source system ID is not there in the query, it brings the data of both companies. We would like to model in such a way that other company cannot/should not see the data.

Can any one suggest a better security model for this scenario.

Thanks in advance.

Tony

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎07-01-2011 9:02 PM

0 Kudos

Hi Tony,

I've done this in the past by using data elements which are far more likely to be in most reports e.g. Company Code, Plant. Assuming that you have different Comp Code, Plant, Sales Org naming in the different systems, then this should be very straightforward to achieve

6 REPLIES 6

Go to solution
Former Member

‎07-01-2011 9:02 PM

0 Kudos

Hi Tony,

I've done this in the past by using data elements which are far more likely to be in most reports e.g. Company Code, Plant. Assuming that you have different Comp Code, Plant, Sales Org naming in the different systems, then this should be very straightforward to achieve

Go to solution
Former Member
In response to Former Member

‎07-01-2011 10:43 PM

0 Kudos

Hi Alex,

Appreciate your answer. Can you be please elaborate on Data elements. At the moment I am clueless where/what to start.

Thanks,

Tony

Go to solution
Former Member
In response to Former Member

‎07-04-2011 7:46 AM

0 Kudos

Hi Tony,

What I mean by data elements is things like company code, plant, sales org, etc. If you are pulling in data from 2 separate systems then these will be key bits of data which will be reported on. You can then do as Raghu has suggested and base your restrictions against them, assuming that that they are different (i.e. the naming convention for company code is not the same in your 2 source systems).

You can still have the concept of company1 role, company2 role and combined role, you just list the restriction elements in each role that will give you the segregation of data visibility.

Go to solution
Former Member
In response to Former Member

‎07-05-2011 7:03 PM

0 Kudos

@ Raghu. We have upgraded technically from 3.5 to 7.0 recently. We have not yet changed to analysis authorization concept. we are planning to do so in once functional upgrade is done.

Go to solution
Former Member
In response to Former Member

‎07-05-2011 7:07 PM

0 Kudos

@ Alex

Yes..your answer was helpful. we can create a new authorization objects for the key chars like company code, plant etc.

Thanks much

Go to solution
Former Member

‎07-02-2011 8:53 AM

0 Kudos

Hi,

Why are you not looking at Analysis authorizations? It is pretty easy to manage/restrict authorizations to users. All you have to do is to identify the infoobjects and make them authorization relevant. The same applies to key figures too.

This is the best approach and also helps you to easily manage the authorizations.

Regards,

Raghu