Hi,

In order secure hierarchies, there are several steps:

<b>1. Make the InfoObject for the hierarchy authorization-relevant.</b>The InfoObject you are marking as authorization-relevant is the InfoObject on which the hierarchy is based. Additionally,the InfoObject 0TCTAUTHH must also be marked as authorization-relevant.

<b>2. Create a reporting authorization object.</b>

When creating the reporting authorization object, you must include

at least two fields: the InfoObject for the hierarchy (such as

0COSTCENTER), and the InfoObject 0TCTAUTHH. The InfoObject

0TCTAUTHH protects the hierarchy node.

<b>3. Use transaction RSSM to create an authorization for the hierarchy

node you wish to secure.</b>This is the step that is most unique to hierarchies. In RSSM, you

create an authorization that is used to determine the exact node of

the hierarchy the user should be able to access. You must enter the

InfoObject, Hierarchy, and Nodes.

<b>4. Create a role that uses the authorization you created in transaction

RSSM</b>.

Use role maintenance to create a role that includes the authorization

object you created in Step 2. Once you bring in your authorization

object, the field value will be the authorization you created in Step 4.

5<b>. Link your authorization object to the appropriate InfoProvider(s).</b>Linking your authorization object to an InfoProvider is a very critical

step. In this step, you will impact people currently executing queries

for the InfoProvider that is now related to your authorization object.

This linkage forces your authorization object to be checked when

ANY query tied to the InfoProvider is executed.

When setting up security for hierachies in transaction code RSSM you can

grant access to the Top of the hierarchy. In the field Type of Authorization you

can grant access to subtree below the nodes, only the nodes, the complete

hierarchy.

Please reward points if useful.

Thanks & Regards,

Santosh