cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hierarchy Authorization Aggregate (:)

Former Member

on ‎08-27-2014 4:05 PM

0 Kudos

I have successfully set up the Cost Center Hierarchy Node variable using authorization in our BI environment. One last issue I am facing is following.

When the data appears for a user who has access to 4 out of 10 cost centers in a hierarchy node, the summarized node data is showing the totals for all the cost centers included in the node. User would like to see the subtotal of only the cost centers they have authorization for. Of course the reason aggregated values are displayed is due to the : authorization provided for Cost Center in AA object, what I am wondering is if there are any other alternatives of ":" to force the query aggregate only the values from Authorization Hierarchy Node variable. Although SAP note 727354 suggests the following

  • A colon authorization is not taken into account when you use a
    variable of the type "Fill from authorization", since it is not known at the
    time of the variable processing whether or not the affected characteristic is in
    the drilldown.

I do have Authorization Hierarchy Node variable for Cost Centers in use but still the hierarchy node displays the summarized values for all the cost centers. I am hoping someone has run into this issue before me and there is a solution.

Any help will be highly appreciated.

Thanks!

-Aslam

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎09-18-2014 5:14 PM
0 Kudos

Following is what I received from SAP, although disappointing but it is I what I thought too.

Suggestion is not to use hierarchy node variable and replace with single values.

Well the reason of choosing the hierarchy node variable was a business requirement. So I have delivered the news to business and now it will be up to them to go ahead with what comes from SAP by default (Total for all cost centers in the node regardless of user authorization) with the usage of hierarchy node or go in another direction...

Thanks everyone to take the time and provide your input.

09/08/2014 - 16:30:39 EST - Reply by SAP     
Dear customer,

I believe this is your case. Let me know if I get this wrong.
Since the user is authorized for the TOP node, he's able to see the
aggregated values of non-authorized cost centers, although these nodes
are not authorized. Please notice that this is not an error. The
system behaviour is as designed.
If you don't want to have the aggregated values in the nodes, please
try to change your query-design and filter according to "single
values" instead of "nodes" in the authorization variable.

Show replies
Show replies
Former Member
‎09-05-2014 11:31 AM
0 Kudos

Hi Aslam,

Are you not clear about following point:

If you do not want to give the user authorization for aggregated values: Restrict the characteristic in the query to a certain selection (single value, interval, hierarchy nodes, and so on) and authorize this selection explicitly.

You must take one or other of these actions if the characteristic is authorization-relevant.


Regards,
Subhendu

Show replies
Show replies
Former Member
‎09-11-2014 9:33 PM
0 Kudos

Hi Subhendu,

    Thanks for the response. I sort of understood but wanted to make sure I got it correct. So assuming I don't want to provide access to aggregated values for hieararchy node but I have to use hieararchy node variable for authorirzation. I have provided expelcit authorization for individual cost center node..

In the query I have hierarchy variable and node authorization variables for user selection on the prompt screen. So I think I am doing what's described above but it's not working as aggregated values are still displayed.

What else do you suggest needs to be done here?

former_member182470
Active Contributor
‎08-28-2014 8:47 AM
0 Kudos

Hope you have analyzed your Authorization definition in RSECADMIN-->Execute as with the user id.

What does it say? I believe the definition is not exactly made as desired.

Show replies
Show replies
Former Member
‎08-28-2014 2:04 PM
0 Kudos

Here is the core of the issue.

Authorizations seem to be working as expected. For instance a Node contains 8 cost centers, the user is authorized for only 4. The report displays the user's 4 authorized cost centers based on Authorization correctly. The problem is with the node leve total value.

The Result row for the node includes the numbers from the cost centers user is not authorized to see. Is therre a way to change this behavior for summarized values. Please see attached file for details.

thanks!

former_member182470
Active Contributor
‎08-28-2014 6:14 PM
0 Kudos

What did you define in HIerarchy Auth tab in RSECADMIN of your screen shot?

You must define there.

Former Member
‎08-28-2014 6:32 PM
0 Kudos

We bring the user authorization data from ECC using custom Extract/DSO and then massage it to the format needed for the standard DSO 0CCA-O02 which in turn is used to generate the hierarchy authorizations for each user from rsecadmin-> Generate (Authorizations Tab). This process creates the hierarchy authorizations for each user in DSO 0CCA_O02.

Attached is the screen shot for Hierarchy authorizations  automatically generated from data in DSO 0CCA_O02 using rsecadmin. This part is certainly working but for some reason the authorizations filter does not seem to be applied for Hierarchy node level. It shows the total of all the cost centers which are part of the node, we would like to see the totals for only the cost centers user is authorized for. So in a sense, authorization is correctly working for detailed leve but is ignored for summare level.

I have also raised the issue with SAP, we will see what the responde with and when.

Thanks a bunch for looking into it, really appreciate it.

-Aslam

Sriram2009
Active Contributor
‎08-28-2014 7:03 PM
0 Kudos

Hi Aslam

Just go thru the authorization concept and then define the authorization object by using transaction code RSECADMIN.for this refer the SCN link

AUTHORIZATION FOR BI REPORTING - Business Intelligence (BusinessObjects) - SCN Wiki

Regards

SS

former_member182470
Active Contributor
‎08-28-2014 7:15 PM
0 Kudos

What if you don't set result authorization either : or +    ?

Just leave it blank and see how the result appears in the report.

Former Member
‎08-29-2014 5:56 PM
0 Kudos

I actually had the impression from a blog that it's required and would give an error. But surprisingly it keeps working after removing : or + from value autherization. So now cost center authorization is all explicit for the user profile without aggregation authorization; but still works the same way i.e. displaying the roll up total for the hierarchy node although user has access to fewer cost centers from within the hierarchy node. I am running out of things to try, think will just wait to hear SAP's official response from the ticket I raise. But appreciate your help though and will update when I hear back from SAP unless you have any other ideas for me to try.

The last bullet point on the following link from SAP Help is very relevant but not very clear.

http://help.sap.com/saphelp_nw70ehp2/helpdata/en/46/932b839c8019ade10000000a11466f/frameset.htm

thanks!

Ask a Question