cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI 7.0 Analysis Authorization by specific query

Go to solution
Former Member

on ‎10-08-2007 12:15 PM

0 Kudos

We have been setting up Analysis Authorization in BI 7.0 and have most of it working correctly.

We have a particular requirement where we want a restriction by region, but only for a specific query. So this "restriction/authorization" should only occur for this 1 query. All other queries on this multiprovider should not bother with any "restriction".

We put 0TCTQUERY = to our query name, but this didn't work.

Has anyone else gotten analysis authorization to work at a query level like this?

Thanks

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member206112
Contributor
‎10-08-2007 2:38 PM
0 Kudos

Hey,

I would go on another solution:

if the authorization is supposed to be user specific (with several users with a small number of different authorizations) make no restrictions on the data - Just do it with queries.

Allow the access to the specific queries with authorization object S_RS_COMP.

If u have a lot of users, with many different authorization values, Create a multiprovider for the special query. The other queries will be created on top of the original infoprovider.

Build authorization for the new multiprovider with the special restrictions. On the other infoprovider - create an authorizations with the star sign - allowing data full data access.

Thanks,

Tomer.

Show replies
Show replies
Former Member
‎10-09-2007 4:24 PM
0 Kudos

Hi Tomer,

I am aware of your proposal and S_RS_COMP, but that isn't quite what I need.

Basically I have an analysis authorization where I have a restriction/authorization based on State. I only want this restriction/authorization to take place for 1 particular query. So can analysis authorizations be restricted by query, as in infoobject 0TCTQUERID?

My query doesn't show up when I perform a F4 in rsecadmin for this infoobject?

Thoughts...Thanks.

former_member206112
Contributor
‎10-10-2007 9:59 PM
0 Kudos

I don't think 0TCTQUERID could be authorization rellevant with the functions restricting the query.

I guess the simple solution is going for the multiprovider.

Thanks,

Tomer.

Former Member
‎10-12-2007 2:06 PM
0 Kudos

Hi Tomer,

I have figured out what we need to do and will post this below for others to learn from.

We have a MultiProvider. Within this, we have queries that display SAP (R3) data and EDI (ED) data. There is a characteristic that differenciates the type of data as either R/3 or EDI. Some queries are just R/3, others EDI while others are a combination of both. Now, the authorization comes into play in that any EDI data can be displayed by anybody, while R/3 is restricted to the particular sales managers Region. With this said, here is how I set this up and it works perfect:

1. One analysis authorization objects has: Source Data = R/3 and Region = PA, NJ and NY (for illustration purposes I will use one sales manager that has regions PA, NJ and NY assigned to him/her). Of course any other characteristics that are auth relevant have to be included in the analysis authorization as CP *.

2. Second analysis authorization objects has: Source Data = ED and Region = *

Both these analysis authorization objects are assigned to the user via RSECADMIN. In the auth profile we have S_RS_AUTH = Inactive. We want it to read analysis auth from RSECADMIN and manual assignement.

When the sales manager runs a query that only has SAP data in it, it only displays the regions he is authorized to see. When the sales manager runs queries for EDI data he/she can see all data for all regions.

Now, when running the query that has a combination of both SAP and EDI data he/she receives a message 'Not Authorized'. This is correct. Authorizations must be fully meet for data to be displayed. You can see this in the Error Log in RSECADMIN after running a failed authorization check on this combined data query (of SAP and EDI data).

In gathering requirments it was decided that only high level management would have visibility to these "combined reports". In other words, the sales managers will not be allowed to run these "combined reports".

So, for these "high level management" people, they would have an analysis authorization (only 1) that has all authorization relevant characteristics as CP *.

Hope this helps everyone.

former_member206112
Contributor
‎10-12-2007 3:21 PM
0 Kudos

Cool.

Answers (0)

Ask a Question