02-01-2007 6:02 AM
Hi,
Can any one tell me the importance of using : , # and $ as an authorization value in BIW?
Thanks
02-01-2007 6:06 AM
Once you associate your custom reporting authorization object with an InfoCube, every query that executes against that InfoCube will check your custom reporting authorization object, even though the query definition may not contain the secured InfoObjects. In general, for each authorization for your custom reporting authorization object, you should include a colon ( as a field authorization value. Without the colon value in the authorization, the user will fail the authorization check on any queries against the InfoCube that do not use the secured InfoObject(s). If the InfoCube has sensitive data, it could be that you do not want the user to see any summarized data.
For example, let us assume you have an InfoCube that has sensitive forecasting data. In this business scenario you have chosen to secure by InfoObjects (for example, Company Code). If you do not want a user with access to Company Code 1000 to see ANY data from other company codes, then you might not give this user the colon ( value in the authorization. This would mean that ANY queries on your InfoCube that do not use the Company Code InfoObject will fail for this user.
Using a Pound Sign (#) as an Authorization Value
When data is loaded into SAP BW, some fields may be marked as no value assigned (posted with INITIAL). If you have secured an InfoObject that has data that is unassigned in the InfoCube, you may choose to give the user a pound sign (#) in order to avoid an authorization error at runtime. The #character is interpreted as authorization for the display of the value Not assigned (posted with INITIAL).
Using $ as an Authorization Value
Lets assume that , we are using the authorization value to fill the variable for the division at query runtime. This means that we will need as many roles as there are different divisions. Using the $ as the value for division would eliminate the need for so many roles. When you use the $ as an authorization value, you must provide code that will check to verify the division being used.
I have taken the above info from www.sapsecuritiesonline.com. May be you can find more answers there
Please avoid points if find usefull
Bye
02-01-2007 6:06 AM
Once you associate your custom reporting authorization object with an InfoCube, every query that executes against that InfoCube will check your custom reporting authorization object, even though the query definition may not contain the secured InfoObjects. In general, for each authorization for your custom reporting authorization object, you should include a colon ( as a field authorization value. Without the colon value in the authorization, the user will fail the authorization check on any queries against the InfoCube that do not use the secured InfoObject(s). If the InfoCube has sensitive data, it could be that you do not want the user to see any summarized data.
For example, let us assume you have an InfoCube that has sensitive forecasting data. In this business scenario you have chosen to secure by InfoObjects (for example, Company Code). If you do not want a user with access to Company Code 1000 to see ANY data from other company codes, then you might not give this user the colon ( value in the authorization. This would mean that ANY queries on your InfoCube that do not use the Company Code InfoObject will fail for this user.
Using a Pound Sign (#) as an Authorization Value
When data is loaded into SAP BW, some fields may be marked as no value assigned (posted with INITIAL). If you have secured an InfoObject that has data that is unassigned in the InfoCube, you may choose to give the user a pound sign (#) in order to avoid an authorization error at runtime. The #character is interpreted as authorization for the display of the value Not assigned (posted with INITIAL).
Using $ as an Authorization Value
Lets assume that , we are using the authorization value to fill the variable for the division at query runtime. This means that we will need as many roles as there are different divisions. Using the $ as the value for division would eliminate the need for so many roles. When you use the $ as an authorization value, you must provide code that will check to verify the division being used.
I have taken the above info from www.sapsecuritiesonline.com. May be you can find more answers there
Please avoid points if find usefull
Bye
02-01-2007 6:12 AM
Hi,
Thanks a lot .The web site which you have provided was very usefull.
Bye.