on 10-26-2007 3:43 PM
Hello Experts,
I am trying to restrict a user from seeing the complete hierarchy. The user should only be able to see the text node "text1" and below.
I did the following:
1) Using Tcode RSECADMIN I created an Authorization Object ZTEST2 for 0COMP_CODE hierarchy at node level "text1".
2) I have assigned user "User1" to the Authorization object ZTEST2.
Now, when I click on the "Analysis" tab and click on "Execute As" as user "User1" and then I check the "RSRT" to execute a query that has Company Code hierarchy as a variable. When I click on the prompt for variable input for hierarchy i see the hierarchy name and then when i execute the query i get to see the complete hierarchy.
I would really appreciate if somebody could point me where I am wrong.
I see the following in the error log:
Buffering the Authorization Data
Buffering for InfoProvider 0FIGL_C10 and Users ABARAPATRE
InfoObject Properties Defined
Reading of Directly Assigned Authorizations
Direct Assignment Does Not Include Universal Authorization 0BI_ALL
Reading the Indirect Assignments with Authorization Object S_RS_AUTH
Does user have OBI_ALL?
Yes, the User Has Universal Authorization 0BI_ALL
Indirect Assignment Includes Universal Authorization 0BI_ALL
All Other Assignments Will Be Ignored
The Following Value Authorizations Were Found
TCTAUTH TCTIOBJNM TCTSIGN TCTOPTION TCTLOW TCTHIGH
0BI_ALL 0COMP_CODE I CP *
Thanks.
Regards,
bw_newbie
Hi,
0BI_ALL will include all the analysis authorization created on the infoobject level. So if a user have 0BI_ALL, by default he is authorized for all the analysis auth that you create, even if you donot asisgn these explicitly to the user. For your scenario, you need to remove 0BI_ALL auth.
Rgds,
Hari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
the reason is the assignment of 0BI_ALL to that user (see your authorization protocoll).
It includes all analysis authorizations..
KR
Felix
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.