Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI security

Former Member

‎03-25-2008 3:31 PM

0 Kudos

All,

I have assigned two auth.objects namely s_rs_comp and s_rs_comp1 for the reporting role.For s_rs_comp I have restricted in the place for Info cube,query name and Info area but in s_rs_comp1 I have assgined full access to the query owner name which means the user can access queries created by all the users for the restricted info cube and in place of name of ID component I assigned the same query name like in s_rs_comp.Now what type of access will the user get??

According to my understanding whether the user gets access to all the queries created by all the query owner name for that info cube no matter whether you restrict the user with query name in s_rs_comp and s_rs_comp1??

Pls some body help me out...

4 REPLIES 4

Former Member

‎03-25-2008 4:00 PM

0 Kudos

Kevin,

Here in this case the S_RS_COMP1 object will give the same access as your S_RS_COMP object. So it is similar to looking at two different sentences that has the same meaning.Hope this answers your question.

Naveen

Former Member
In response to Former Member

‎03-25-2008 4:46 PM

0 Kudos

then there is no need of s_rs_comp1 for the role rite.?giving full access to the query owner name and restricting only the queries for same the info cube means the same??

Former Member
In response to Former Member

‎03-25-2008 6:25 PM

0 Kudos

You need to include S_RS_COMP1 in your role. You are actually giving access to users to be able to work on Queries created by others.even if he has to manipulate his/her own query they should have S_RS_COMP1. Ownership of a reporting component gets checked when you try access one.

S_RS_COMP and S_RS_COMP1 are checked in conjunction for all reporting components except QVW. so You need to include it in your role.

Edited by: Keerti Vemulapalli on Mar 25, 2008 2:28 PM

Former Member
In response to Former Member

‎03-25-2008 6:46 PM

0 Kudos

I agree with keerti. S_rs_comp1 & s_rs_comp are evaluated together.

User must have access to both of these objects.

Also, in BI when you create a authorization using RSECADMIN, you have to include

the authorization in S_RS_AUTH object in a role. This is little different from BW 3.5

where you create a RSR custom auth object and include it directly in your role.