Hi,
I have an Internal Order Cube (ZOPA_C11) for which I would like to control access to data using authorisation based on Responsible Cost Centres.
The characteristic 0RESP_CCTR inherits it's Master Data and hierarchies from the characteristic 0COSTCENTER.
I am wondering if it is possible to define a hierarchical authorisation based on 0RESP_CTR?
I have performed the following steps (which work for characteristic 0COSTCENTER but not for 0RESP_CCTR):
1. Transaction RSSM - Created Authorisation Object Z_RCSTCTRH with the following InfoObjects selected: 0RESP_CCTR, 0TCTAUTHH.
2. Transaction RSSM - Authorisation Object Z_RCSTCTRH is switched on for InfoProvider ZOPA_C11.
3. Transation RSSM - Maintain Authorisation for Hierarchy
- I have selected InfoObject 0RESP_CCTR;
- Hierarchy (one that is associated with 0COSTCENTER) (E.g HIER)
- Nodes (within the 0COSTCENTER Hierarchy) (e.g DIV_FIN)
- Type of Authorisation = 1 (Subtree below nodes)
- Validity Period = 2 (Name identical)
(Note: When I insert the definition, it changes the InfoObject from 0RESP_CCTR to 0COSTCENTER)
4. Transaction PFCG - I have created a role (e.g CTR_DIV_FIN) for limits access to the node DIV_FIN within the HIER hierarchy.
- Added manually authorisation object 0RESP_CCTR
with values:
Responsible Cost Center :
Unique ID for Authorisation HIER-DIV_FIN
5. I have assigned the user to this role, however when I run a query on this cube, the authorisation is not working.
Note: My role CTR_DIV_FIN also has the authorisation object 0COSTCENTER with values
Responsible Cost Center :
Unique ID for Authorisation HIER-DIV_FIN
and this is working as expected for data in the Cost Center Accounting cube.
Can anyone suggest what might be going wrong? I suspect it relates to 0RESP_CCTR not having master data and hierarchies in it's own right. Do I need include the characteristic 0COSTCENTER in my Internal Order cube in order for this to work?
Many thanks
Adrian