Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Securing Info object Attributes

Former Member
0 Kudos

Hi All,

We have loaded Employee Master Data 0EMPLOYEE from ERP to BI. The employee master data contains sensitive critical info like Annual Salary, Pay level etc.

The requirement is "How to prevent the data of certain attributes of the Employee Master from being displayed in the report and allow the rest of the attributes to be shown."

The object S_RS_IOBJ has a sub object called 'DATA'.

Will it block all the master data and also the texts?

Do we need a custom Auth Object?

Please suggest. Any suggestion is appreciated.

Thanks

Vishno

1 ACCEPTED SOLUTION

manohar_kappala2
Contributor
0 Kudos

Hi,

Please refer to the following info regarding how Object S_RS_IOBJ is used.

Definition

You use this authorization object to restrict how users work with InfoObjects and their sub-objects.

Defined fields

The object has four fields:

InfoObjectCatalog: This is where you specify the key of the InfoObject catalog that a user is authorized to work with.

InfoObject: A user is authorized to work with the InfoObjects that you

specify here.

Sub-object of the InfoObject: You use the sub-object to specify the parts of the InfoObject that a user is permitted to work with.

There are the following sub-objects:

Definition

UpdateRule

Activity: Determines whether a user is allowed to display, delete, maintain, or update a sub-object.

Display InfoObject-Definition (Activity = 03)

Maintain InfoObject-Definition (Activity = 23)

Display InfoObject-Update Rules (Activity = 03)

Maintain InfoObject-Update Rules (Activity = 23)

This authorization object is checked only if the user is not authorized to maintain or display InfoObjects (authorization object: S_RS_ADMWB-InfoObject, activity: maintain/display)

Now the scenario u are looking at,

Can be accomplished by making the infoobjects corresponding to the critical fields as Authorization Relevation in Transaction RSA1 or RSD1 to perform this and then create custom Analysis Authorizations and add them in the S_RS_AUTH

Hope this helps

Regards,

Manohar

I

4 REPLIES 4

manohar_kappala2
Contributor
0 Kudos

Hi,

Please refer to the following info regarding how Object S_RS_IOBJ is used.

Definition

You use this authorization object to restrict how users work with InfoObjects and their sub-objects.

Defined fields

The object has four fields:

InfoObjectCatalog: This is where you specify the key of the InfoObject catalog that a user is authorized to work with.

InfoObject: A user is authorized to work with the InfoObjects that you

specify here.

Sub-object of the InfoObject: You use the sub-object to specify the parts of the InfoObject that a user is permitted to work with.

There are the following sub-objects:

Definition

UpdateRule

Activity: Determines whether a user is allowed to display, delete, maintain, or update a sub-object.

Display InfoObject-Definition (Activity = 03)

Maintain InfoObject-Definition (Activity = 23)

Display InfoObject-Update Rules (Activity = 03)

Maintain InfoObject-Update Rules (Activity = 23)

This authorization object is checked only if the user is not authorized to maintain or display InfoObjects (authorization object: S_RS_ADMWB-InfoObject, activity: maintain/display)

Now the scenario u are looking at,

Can be accomplished by making the infoobjects corresponding to the critical fields as Authorization Relevation in Transaction RSA1 or RSD1 to perform this and then create custom Analysis Authorizations and add them in the S_RS_AUTH

Hope this helps

Regards,

Manohar

I

0 Kudos

Hi Manohar,

Main Info Obj = 0EMPLOYEE; Attributes = 0PAYSCALELV (Pay level) which is a characteristic and 0ANSAL (Annual salary) which is a Key Figure. The data for these two fields need to be blocked.

Going by your explanation - make 0PAYSCALELV as auth relevant and in the S_RS_IOBJ all the Activity items (Display & Maintain) should be checked off.

One of the Sub objects of an Info Object is 'DATA'.

If the 'DATA' sub object is checked on with all the Activities (03 & 23) checked off - Will it block the data for this field?

Also for the Key Fig authorization, I assume the 1KYFNM object has to be used and then 0ANSAL has to be added to it.

My concern is how do I block the 0ANSAL since for custom auth object I dont see any Activity.

Any thought is welcome.

Thanks

Vishno

0 Kudos

Resurrecting an old post.

I am having similar issue. We are on BI 7.0.

InfoObject 0EMPLOYEE has some sensitive attributes such as salary, ssn, pay grade, etc. Most of the users should not be allowed to view the sensitive attributes when they execute queries.

Can someone please provide any insightful suggestions on how we can hide the sensitive attributes in 0EMPLOYEE

Thanks,

Jay

Former Member
0 Kudos

This message was moderated.