08-30-2011 1:15 AM
HI,
I am trying to restrict the IT team's access in our BI7.0 system for some access which have been found to be critical.
For eg: the BI team has access to go to Manage a DSO and there after follow the path below and delete the change log of that DSO.
DSO --> manage(right click) -> Environment -> Delete change log data option
I want to be able to give access to 'manage' DSO but they should not delete the change log. I tried to trace the authorization check and I could not see any useful checks at the 'delete' level. It indicated that when I give access for manage DSO; user naturally gets 'change log delete' access also. which sounds absurd to me, considering 'mange DSO' is an access they need on regular basis ...and deletion of change log through this path should not be allowed for all users.
this is the only object that got checked:
S_RS_ODSO RC=0 RSINFOAREA=ZPA_INTL;RSODSOBJ=ZPA_S02;RSODSPART=DATA;ACTVT=23;
Has any one here come across this issue? any help on how to solve this will be helpful.
08-30-2011 9:17 AM
Hi Soumya,
It is not possible to enable restriction on change log deletion in RSA1. The fact is that the BW Developers who has access to transactions such as RSA1, RSD1 will get almost all the BW Workbench authorization and restriction at the micro level is not possible.
Regards,
Raghu
08-30-2011 9:17 AM
Hi Soumya,
It is not possible to enable restriction on change log deletion in RSA1. The fact is that the BW Developers who has access to transactions such as RSA1, RSD1 will get almost all the BW Workbench authorization and restriction at the micro level is not possible.
Regards,
Raghu