Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Delimit authorizations in BW

Former Member

‎01-18-2007 12:16 AM

0 Kudos

Hi,

I have a problem, how can i delimit the InfoObject in a Cube for security in BW, the user can see the reports of the cube, but there are some fields that they shouldn't have permission.

Thanks.

2 REPLIES 2

ravindra_tumuluri
Contributor

‎01-18-2007 5:07 AM

0 Kudos

Hello,

You question is not clear to me.

Do you want to control the authorization on keyfigure display in the report?

If you are in BI 7.0, pls proceed as follows.

In RSECADMIN, you can include 0kyfnam ( Key figure name) as one of the filed and assign the technical name of the keyfigure.

Ravindra

Former Member

‎01-18-2007 6:57 AM

0 Kudos

Hi,

The question is not clear, but if you are speaking about Infoobject level security it can be done using Custom Report Auth object in Transaction RSSM.

The steps to implement Custom Auth Object is as follows:

1) Make the InfoObject authorization-relevant.

The Authorization Relevant setting for an InfoObject made in the InfoObject definition on the Business Explorer tab. The business needs will drive which InfoObjects should be relevant for security. Keep in mind that the people using SAP BWare running queries to help make strategic decisions on how to better run the business. The decision makers typically need to see more data on SAP BW than they would need to see in SAP R/3.

2) Create a custom reporting authorization object.

Since there are no reporting authorization objects provided for InfoObjects, you will have to create your own reporting authorization object for any InfoObject you decide to secure. This is done in transaction code RSSM. When creating your reporting authorization object, you select which fields to put in the authorization object from a list of authorization-relevant InfoObjects. Only InfoObjects that have been marked Authorization Relevant are eligible to be put in a reporting authorization object.

3) Add your new authorization object to a role.

Once you have created an new reporting authorization object and linked it to the appropriate InfoCube(s), users will need access to your reporting authorization object. You will need to manually insert your object into a role.

4) Add a variable to the query.

The reason the variable is required is sometimes unclear at first. If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable.

5) Link the reporting authorization object to an InfoProvider.

Linking your reporting authorization object to an InfoProvider is a very critical step. In this step, you will impact people currently executing queries for the InfoProvider that is now related to your reporting authorization object. This linkage forces your reporting authorization object to be checked when ANY query tied to the InfoProvider is executed.

Hope i have answere your question.

Please reward points if it does satisfy your requirement.

Regards

Santosh