Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hierarchy authorization

former_member199630
Contributor

‎07-09-2011 2:47 AM

0 Kudos

Hi All,

We have upgraded our BI system to the new security approach 7. We created the corresponding roles/objects thru the RSECADMIN t-code for 0COUNTRY and some other infoObjects where the 0COUNTRY is navegational attribute, for example the 0COMP_CODE__0COUNTRY, and everything is workink fine.

The 0COUNTRY and (i.e.) the 0COMP_CODE__0COUNTRY are checked as Authorization Relevant.

Now, we want to create a hierarchy for the 0COUNTRY infoObject, and I would like to know if the security done at the value level is enought to restrict the data or we need to create some new roles/objects thru the RSECADMIN in order to do the same restriction done to the flat values now at the hierarchy.

We dont mind the intermediate nodes (regions), just the country values for the hierarchy.

For example, we need the following hierarchy:

World
|_ Europe
	|_ Germany
	|_ Italy
	|_ Spain
|_ Asia
	|_ China
	|_ Japan

With variable authorization we need:

If user has just Spain, show Spain.

World
|_ Europe
	|_ Spain

If user has Germany, Italy, Spain.

World
|_ Europe
	|_ Germany
	|_ Italy
	|_ Spain

If user has *.

World
|_ Europe
	|_ Germany
	|_ Italy
	|_ Spain
|_ Asia
	|_ China
	|_ Japan

Right now, without using hierarchy, the data is showing ok depending on the authorization that user has (allways using authorization variables in the query).

Regards, Federico

2 REPLIES 2

Former Member

‎07-09-2011 8:37 PM

0 Kudos

Hi Federico,

Yes, your approach is right. You can restrict the InfoObject 0COUNTRY and then maintain the country values in the Analysis Authorizations (its no more a hierarchy authorization).

The EQ can be used to maintain a single country (you need to add multiple EQs if you wish to add morethan 1 country in the same analysis authorization)

The CP can be used to maintain with a pattern such as A* countries etc

The BT can be used to give a range.

However, ensure that the user has authorization to all the Infoareas (bottom - up) and queries so that his/her authorization can be restricted.

Regards,

Raghu

Former Member
In response to Former Member

‎07-11-2011 1:43 PM

0 Kudos

Hi Federico,

If you want to use Hierarchy, It is possible in all ways you wanted in BI7.0 analysis authorization....

Please see below options...

0 Only the Selected Nodes

1 Subtree Below Nodes

2 Subtree Below Nodes to Level (Incl.)

3 Complete Hierarchy

4 Subtree Below Nodes to (and Incl.) Level (Relative)

Best Regards

Imran