07-22-2013 9:41 PM
Hi, in a BW 7.0 system we're moving from 3.5 security to 7.0 security. We have queries without variables or selection parameters that reference infoobjects that are defined as authorization relevant. Our security team believes that all queries without variables/parameter entry that have authorization relevant infoobjects will have to have variables added for the auth. relevant infoobjects. Is this correct or is there a way around this?
Thanks,
Chuck Jines
08-06-2013 10:08 AM
that is half right.
the authorization check for that auth relevant object will be checked during the query execution unless user has "*" access rights for that object.
during upgrade, you need to carefully design the auth concept. define different domains and data restrictions for each domain. the objects which does not need to be restriction in that specific domain, "*" access needs to be given to avoid the complexity to add auth relevant variables into all queries.
08-07-2013 2:12 PM
Thank you for your response A.
If possible we'd like to avoid a time consuming process of changing queries that do not prompt the user with a selection screen yet only allow them access to company code or cost centers they are authorized to.
3.5 security allowed this without a prompt screen. Is there any comparable functionality on 7.0?
Thanks again,
Chuck Jines