Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Analysis Authorizations for SEM BCS consolidation matrix with hierarchies

Former Member

‎11-16-2011 7:38 PM

0 Kudos

Hi,

I'm trying to conceptualize the analysis authorization for our SEM BCS and I'm not sure if I have marked the right InfoObjects as authorization relevant.

In BCS we have a matrix structure with companies and profit centers as consolidation units. Both have hierarchies. And there are consolidation groups ( consolidation group company and consolidation group profit center ) which have also hierarchies. I'll use the example of companies to explain you my question, profit centers are customized similar.

The InfoObject company has a hierarchy which uses external characteristic consolidation group company for nodes. There are some users who are allowed to report only for one company but there are also user groups with authorizations for all companies of one node. Some nodes in the company hierarchy are of "type" company and others are part of the hierarchy of InfoObject consolidation group company. Do I have to mark the InfoObject consolidation group company as authorization relevant to authorize users on nodes of the company-hierarchy or is it enough to enter hierarchy authorizations for the characteristic company in analysis authorizations?

I'm just confused because on the one hand it's the hierarchy of object company but it consists of nodes with the "type" consolidation group company. It would be great if anyone could give me a hint what to do.

Thanks in advance!

Sabine

4 REPLIES 4

Former Member

‎11-17-2011 10:37 AM

0 Kudos

Hi,

You will have to make use of both Company and consolidation group company. Make both of them Auth relevant and provide Hierarchy auth full access to Company and on specific Node type for Consolidation group COmpany.

The result will be access of Co-JOIN.

Try it out and let me know if it works.

Thanks, Deb

Former Member
In response to Former Member

‎11-17-2011 11:01 AM

0 Kudos

Hi Deb,

thanks for your answer! Unfortunately our project is still in the conception stage and I'm not able to try it now (I don't have a test system where I can switch to analysis authorization concept) . But I will follow your advice and hope it will work.

There's another thing I'm not absolutely sure about: in our matrix organization every company is assigned to several profit centers. Can users access also data of all companies of the authorized profit center (and only of these companies) if I limit the authorizations for object profit center and use full authorizations for company ?

Regards,

Sabine

Former Member
In response to Former Member

‎11-17-2011 11:52 AM

0 Kudos

Hi Sabine,

As you said, it seems that there is 1 to many mapping between Company and Profit Centers. This means 1 company can have many Profit centers.

You need to understand the other way round logic for this, will a single profit center be ultimately mapped to many Companies?

Case1: If 1 company is mapped to many Profit Centers, however these profit centers would be specific to a company, then you then you can provide full access to COmpany and restrict to Profit Centers or restrict to Company and automatically users will be restricted to specific profit centers mapped to the Company. OR, you can restrict on both.

Case2: If Many Profit Centers are mapped to Many Companies, then the only option is to restrict on both Profit Centers and COmpanies.

Hope this helps.

Thanks Deb

Former Member
In response to Former Member

‎11-17-2011 4:01 PM

0 Kudos

Hi Deb,

in my case it's m:n - a company can be assigned to one or more profit centers and one profit center includes one or more companies.

I hoped that I could use only one characteristic ( company/cons group company or profit center/cons group profit center ). E.g. a determinated number of companies belong to a profit center X so if a user has authorizations for profit center X he is allowed to see data of all assigned companies without listing them in authorizations. The other way round it doesn't matter to which profit centers a company or a node in the company hierarchy belongs, if an user has authorizations for it he can see all data regardless of which profit center.

But if I would authorize it with only on one characteristic filling the others with * there could be cumulative effects if a user has more than one role, right? There are about 1000 possible combinations and I don't want to make a role for each. Does it make sense if I separate company authorizations from profit center authorizations and put the into two roles?

Thanks,

Sabine