cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization object for roles affecting BW reports

Former Member
0 Kudos

Hi All,

We have created an authorisation object in the system which apply to all BW queries / reports. The  authorisation object restricts a field / infoobject 0COMP_CODE to a particular range of values.

The BW reports in the roles use this field 0COMP_CODE and restricts to an authorization variable which brings in the restrictions applied in the roles.

The above scenario works fine for users currently.

Now there is a new requirement that I need help with.

Suppose there are 10 BW queries assigned in the roles. We now want to remove the authorization variable / restriction from 5 out of the 10 BW queries.

When we do that by simply removing the variable from BW query and run the reports it gives us an authorization error message. I suppose this is because at the role level there is a restiction and at the BW query level there is no authorization variable to pick this.

If we move the 5 queries to a new role where there is no Authorization object applied and the 5 queries don't have an Authorization variable it still gives as an Authorization error.

So now we have the below scenario

Role 1: 5 Queries with Authorization variable and Authorization object restriction

Role 2: 5 Queries with no Authorization variable / Authorization object

Role 2 queries do not work because the same user is assigned Role 1 and Role 2 and the Authorization restrictions get pulled in from there !

Any suggestions on how to proceed here and make Role 2 work without any restrctions?

Thank you.

Accepted Solutions (1)

Accepted Solutions (1)

shivraj_singh2
Active Participant
0 Kudos

Raghav,

1) As long as 0COMP_CODE is authorization-relevant, and its access to a user is restricted based on analysis authorization (I assume you are on BW 7.X) assigned to the user, any query executed by the user that has 0COMP_CODE will need authorization variable.

2) As long as 0COMP_CODE is authorization-relevant, and its access to a user is NOT restricted based on analysis authorization (I assume you are on BW 7.X) assigned to the user i.e. 0COMP_CODE (*) assigned, any query executed by the user that has 0COMP_CODE will NOT need authorization variable.

3) If all your 10 queries are based on same InfoProvider and supposed to be assigned to the same user, then your scenario is not workable. you will need to move your Role 2 queries to a separate InfoProvider and assign the user 0COMP_CODE (*) only for the new InfoProvider. Then role 2 queries will work without authorization variable.

Additional Point: there is a scenario where instead of (*), you just need to assign (:) but I think what you are looking for is detailed access so you will need (*).

Adding an authorization variable to a query does not take considerable effort, so I am not sure why you would like to skip this step. Because even if you don't want to restrict the user today, but in future requirement may change so that you have to restrict the user, then it will be an additional effort to rework the queries.

Regard

Shivraj Singh

Former Member
0 Kudos

Hi Shivraj,

We are currently on BeX 3.X and BW 7.0 so we wanted to leave the field 0COMP_CODE unrestricted for the moment.

Thank you for feedback. Will update the thread with the final solution.

Regards,

Raghav

shivraj_singh2
Active Participant
0 Kudos

Raghav,

You can either assign everyone (*) access or you can remove authorization relevancy from 0COMP_CODE in RSD1.

Regards,

Shivraj Singh

Answers (0)