03-09-2007 5:57 AM
Hi,
Can any one explain the Steps to Implement InfoObject Security (field-level security) and also Create a Reporting Authorization Object
Bye
03-09-2007 6:21 AM
HI,
Pls check this out:
Steps to Implement InfoObject Security (field-level security):
1.Make the InfoObject authorization-relevant.
The Authorization Relevant setting for an InfoObject made in the InfoObject definition on the Business Explorer tab. The business needs will drive which InfoObjects should be relevant for security. Keep in mind that the people using SAP BWare running queries to help make strategic decisions on how to better run the business. The decision makers typically need to see more data on SAP BW than they would need to see in SAP R/3.
2.Create a custom reporting authorization object.
Since there are no reporting authorization objects provided for InfoObjects, you will have to create your own reporting authorization object for any InfoObject you decide to secure. This is done in transaction code RSSM. When creating your reporting authorization object, you select which fields to put in the authorization object from a list of authorization-relevant InfoObjects. Only InfoObjects that have been marked Authorization Relevant are eligible to be put in a reporting authorization object.
3.Add your new authorization object to a role.
Once you have created an new reporting authorization object and linked it to the appropriate InfoCube(s), users will need access to your reporting authorization object. You will need to manually insert your object into a role.
4.Add a variable to the query.
The reason the variable is required is sometimes unclear at first. If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable.
5.Link the reporting authorization object to an InfoProvider.
Linking your reporting authorization object to an InfoProvider is a very critical step. In this step, you will impact people currently executing queries for the InfoProvider that is now related to your reporting authorization object. This linkage forces your reporting authorization object to be checked when ANY query tied to the InfoProvider is executed.
Create a Reporting Authorization Object :
6.In the SAP Easy Access screen of the SAP Business Information
Warehouse choose Business Explorer >> Authorizations>> Reporting Authorization Objects.
7.Choose Authorization Object >> Create. Enter a technical name and a description for the reporting authorization object. Save your entries. On the right-hand side, you get an overview of all the InfoObjects indicated as authorization-relevant.
Caution: Only those characteristics that have previously been marked as authorization-relevant in InfoObject maintenance can be assigned to a reporting authorization object as fields.
8.Assign the InfoObject fields to the reporting authorization object:
Select the characteristics for which an authorization check of the selection conditions should be carried out.
Select the InfoObject key figure (1KYFNM) if you want to restrict the authorization to a single key figure.
Select the InfoObject (0TCTAUTHH) if you want to check authorizations for a hierarchy.
9.Save your entries
Thanks&Bye
*Pls give points if usefull
03-09-2007 6:21 AM
HI,
Pls check this out:
Steps to Implement InfoObject Security (field-level security):
1.Make the InfoObject authorization-relevant.
The Authorization Relevant setting for an InfoObject made in the InfoObject definition on the Business Explorer tab. The business needs will drive which InfoObjects should be relevant for security. Keep in mind that the people using SAP BWare running queries to help make strategic decisions on how to better run the business. The decision makers typically need to see more data on SAP BW than they would need to see in SAP R/3.
2.Create a custom reporting authorization object.
Since there are no reporting authorization objects provided for InfoObjects, you will have to create your own reporting authorization object for any InfoObject you decide to secure. This is done in transaction code RSSM. When creating your reporting authorization object, you select which fields to put in the authorization object from a list of authorization-relevant InfoObjects. Only InfoObjects that have been marked Authorization Relevant are eligible to be put in a reporting authorization object.
3.Add your new authorization object to a role.
Once you have created an new reporting authorization object and linked it to the appropriate InfoCube(s), users will need access to your reporting authorization object. You will need to manually insert your object into a role.
4.Add a variable to the query.
The reason the variable is required is sometimes unclear at first. If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable.
5.Link the reporting authorization object to an InfoProvider.
Linking your reporting authorization object to an InfoProvider is a very critical step. In this step, you will impact people currently executing queries for the InfoProvider that is now related to your reporting authorization object. This linkage forces your reporting authorization object to be checked when ANY query tied to the InfoProvider is executed.
Create a Reporting Authorization Object :
6.In the SAP Easy Access screen of the SAP Business Information
Warehouse choose Business Explorer >> Authorizations>> Reporting Authorization Objects.
7.Choose Authorization Object >> Create. Enter a technical name and a description for the reporting authorization object. Save your entries. On the right-hand side, you get an overview of all the InfoObjects indicated as authorization-relevant.
Caution: Only those characteristics that have previously been marked as authorization-relevant in InfoObject maintenance can be assigned to a reporting authorization object as fields.
8.Assign the InfoObject fields to the reporting authorization object:
Select the characteristics for which an authorization check of the selection conditions should be carried out.
Select the InfoObject key figure (1KYFNM) if you want to restrict the authorization to a single key figure.
Select the InfoObject (0TCTAUTHH) if you want to check authorizations for a hierarchy.
9.Save your entries
Thanks&Bye
*Pls give points if usefull
03-09-2007 7:06 AM
Hi Marata,
The following are the Steps to Implement InfoObject Security (field-level
security):
<u><b>1. Make the InfoObject authorization-relevant.</b></u>
The Authorization Relevant setting for an InfoObject made in the
InfoObject definition on the Business Explorer tab. The business needs
will drive which InfoObjects should be relevant for security. Keep in
mind that the people using SAP BWare running queries to help make
strategic decisions on how to better run the business. The decision
makers typically need to see more data on SAP BW than they would
need to see in SAP R/3.
<u><b>2. Create a custom reporting authorization object.</b></u>
Since there are no reporting authorization objects provided for
InfoObjects, you will have to create your own reporting authorization
object for any InfoObject you decide to secure. This is done in
transaction code RSSM. When creating your reporting authorization
object, you select which fields to put in the authorization object from
a list of authorization-relevant InfoObjects. Only InfoObjects that
have been marked Authorization Relevant are eligible to be put in a
reporting authorization object.
<u><b>3. Add your new authorization object to a role.</b></u>
Once you have created an new reporting authorization object and
linked it to the appropriate InfoCube(s), users will need access to
your reporting authorization object. You will need to manually insert
your object into a role.
<u><b>4. Add a variable to the query.</b></u>
The reason the variable is required is sometimes unclear at first.
If we want a query to only provide results based on the division,
for example, then the query itself needs the ability to filter specific
division values. Before we can secure on division, the query must be
able to restrict data by division. The only way the query can restrict
data dynamically is through a variable.
<u><b>5. Link the reporting authorization object to an InfoProvider.</b></u>
Linking your reporting authorization object to an InfoProvider is
a very critical step. In this step, you will impact people currently
executing queries for the InfoProvider that is now related to your
reporting authorization object. This linkage forces your reporting
authorization object to be checked when ANY query tied to the
InfoProvider is executed.
Please award points if it is useful.
Thanks & Regards,
Santosh