05-23-2007 11:23 PM
Hi All,
We have loaded Employee Master Data 0EMPLOYEE from ERP to BI. The employee master data contains sensitive critical info like Annual Salary, Pay level etc.
The requirement is "How to prevent the data of certain attributes of the Employee Master from being displayed in the report and allow the rest of the attributes to be shown."
The object S_RS_IOBJ has a sub object called 'DATA'.
Will it block all the master data and also the texts?
Do we need a custom Auth Object?
Please suggest. Any suggestion is appreciated.
Thanks
Vishno
05-24-2007 6:18 AM
Hi,
Please refer to the following info regarding how Object S_RS_IOBJ is used.
Definition
You use this authorization object to restrict how users work with InfoObjects and their sub-objects.
Defined fields
The object has four fields:
InfoObjectCatalog: This is where you specify the key of the InfoObject catalog that a user is authorized to work with.
InfoObject: A user is authorized to work with the InfoObjects that you
specify here.
Sub-object of the InfoObject: You use the sub-object to specify the parts of the InfoObject that a user is permitted to work with.
There are the following sub-objects:
Definition
UpdateRule
Activity: Determines whether a user is allowed to display, delete, maintain, or update a sub-object.
Display InfoObject-Definition (Activity = 03)
Maintain InfoObject-Definition (Activity = 23)
Display InfoObject-Update Rules (Activity = 03)
Maintain InfoObject-Update Rules (Activity = 23)
This authorization object is checked only if the user is not authorized to maintain or display InfoObjects (authorization object: S_RS_ADMWB-InfoObject, activity: maintain/display)
Now the scenario u are looking at,
Can be accomplished by making the infoobjects corresponding to the critical fields as Authorization Relevation in Transaction RSA1 or RSD1 to perform this and then create custom Analysis Authorizations and add them in the S_RS_AUTH
Hope this helps
Regards,
Manohar
I
05-24-2007 6:18 AM
Hi,
Please refer to the following info regarding how Object S_RS_IOBJ is used.
Definition
You use this authorization object to restrict how users work with InfoObjects and their sub-objects.
Defined fields
The object has four fields:
InfoObjectCatalog: This is where you specify the key of the InfoObject catalog that a user is authorized to work with.
InfoObject: A user is authorized to work with the InfoObjects that you
specify here.
Sub-object of the InfoObject: You use the sub-object to specify the parts of the InfoObject that a user is permitted to work with.
There are the following sub-objects:
Definition
UpdateRule
Activity: Determines whether a user is allowed to display, delete, maintain, or update a sub-object.
Display InfoObject-Definition (Activity = 03)
Maintain InfoObject-Definition (Activity = 23)
Display InfoObject-Update Rules (Activity = 03)
Maintain InfoObject-Update Rules (Activity = 23)
This authorization object is checked only if the user is not authorized to maintain or display InfoObjects (authorization object: S_RS_ADMWB-InfoObject, activity: maintain/display)
Now the scenario u are looking at,
Can be accomplished by making the infoobjects corresponding to the critical fields as Authorization Relevation in Transaction RSA1 or RSD1 to perform this and then create custom Analysis Authorizations and add them in the S_RS_AUTH
Hope this helps
Regards,
Manohar
I
05-24-2007 7:34 PM
Hi Manohar,
Main Info Obj = 0EMPLOYEE; Attributes = 0PAYSCALELV (Pay level) which is a characteristic and 0ANSAL (Annual salary) which is a Key Figure. The data for these two fields need to be blocked.
Going by your explanation - make 0PAYSCALELV as auth relevant and in the S_RS_IOBJ all the Activity items (Display & Maintain) should be checked off.
One of the Sub objects of an Info Object is 'DATA'.
If the 'DATA' sub object is checked on with all the Activities (03 & 23) checked off - Will it block the data for this field?
Also for the Key Fig authorization, I assume the 1KYFNM object has to be used and then 0ANSAL has to be added to it.
My concern is how do I block the 0ANSAL since for custom auth object I dont see any Activity.
Any thought is welcome.
Thanks
Vishno
09-26-2007 6:39 PM
Resurrecting an old post.
I am having similar issue. We are on BI 7.0.
InfoObject 0EMPLOYEE has some sensitive attributes such as salary, ssn, pay grade, etc. Most of the users should not be allowed to view the sensitive attributes when they execute queries.
Can someone please provide any insightful suggestions on how we can hide the sensitive attributes in 0EMPLOYEE
Thanks,
Jay
06-17-2013 2:04 AM