cancel
Showing results for 
Search instead for 
Did you mean: 

Infoobject Authorisation in a Report

Former Member
0 Kudos

Hi all,

I have an issue where in I need to restrict the amount of data being pulled by a BW report. The restriction should be on 0Calday (Range variable) , except a few users all others should not be able to run the report with the Day range more than 1 month.

Pls suggest a good way to approach this. Will an authorization object achive this, i know it does for Fixed values, but here the difference betweeen the dates entered by the user should not exceed 1 month.

I am a little sceptic to mess with 0Calday infooject.

thanks

Raj

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi

You are correct, IO security will work for Hier, fixed values etc.

I think the best way for you is to implement a User Exit variable where you can manipulate the range according to the role (or roles) the user has.

Thanks Edan

Former Member
0 Kudos

Thanks Edan,

I am not good at abap. Can someone give me the line of abap code that i can use in the User Exit, which checks whether the User who executed the report is assigned to the Role

this in abap: If(user assigned to ROLE_X) then

thanks

Raj

Former Member
0 Kudos

i think a simple way would be to create another varient of same report(copies). multiple copies of report won't have any effect on performance of system

assign one with range variable

other

single value

Answers (1)

Answers (1)

Former Member
0 Kudos

Hello Raj,

Please go to BW system and get to Transaction Code CMOD. Check if the Component RSR00001 BW: Enhancements for global variables in reporting is already assigned to a project if not create a project and assign component RSR00001.

Maintain a table with the users who can view data beyond 30 days.

Create a new Variable of processing type Customer exit in Bex. Then the following code should be written in the below given include..

  • Include ZXRSRU01

DATA: L_S_RANGE TYPE RSR_S_RANGESID,

T_VAR_RANGE TYPE RRRANGEEXIT.

CASE I_VNAM. " Variable name

WHEN 'ZCALDAY'. " New Variable

Populate the date Range, that the users are allowed to view. This date Range * will appear as default.

IF I_STEP = 1.

CLEAR L_S_RANGE.

L_S_RANGE-LOW = sy-datum.

L_S_RANGE-High = sy-datum + 30.

L_S_RANGE-SIGN = 'I'.

L_S_RANGE-OPT = 'EQ'.

APPEND L_S_RANGE TO E_T_RANGE.

ENDIF.

ENDCASE.

Once the user enters the values you again validate the date range the user has entered. At this point check the user who is running the Query. If the user is part of the table entry he is exempted, if not read the user entries using the code READ TABLE I_T_VAR_RANGE INTO T_VAR_RANGE WITH KEY VNAM = ' ZCALDAY'. Check the date range and if it does not fall the criteria either you can pop up error message or change the values to default values and display a message that values are modified to default.

CASE I_VNAM. " Variable name

WHEN OTHERS.

Here you can validate the user entries

IF I_STEP = 3.

L_S_RANGE-LOW = sy-datum.

L_S_RANGE-High = sy-datum + 30.

L_S_RANGE-SIGN = 'I'.

L_S_RANGE-OPT = 'EQ'.

APPEND L_S_RANGE TO E_T_RANGE.

ENDIF.

ENDCASE.

Hope this helps..

Sridhar.

Former Member
0 Kudos

Sridhar Bankuru,

I think this is one of the best explanation I heard till date. Very impressive.

Can you give me your ID

satishmuppala@yahoo.com

Former Member
0 Kudos

Thanks Sridhar,

That definitely is a solution.

Is there a way i can assign users to a Role_X and check in the user exit as you suggested instead of a Table. Mainintaining a table might be an overhead later on.

thanks, points assigned

Raj

Former Member
0 Kudos

Raj,

Looks at this FM ESS_USERS_OF_ROLE_GET may be this will help...

Good luck..

Sridhar.