Dear Aditya

1) Please explain the below

Why there has to be 3 roles for each of the tabs for each section. IF all the users are going to have 6 section you can have one single role comprising all.

2) Now if you have 2 hierarchies and 20 node in each hierarcy you end up having 40 Analysis components. And if you have one to one mapping for each analsysis componenet you have 40 roles.

Also in some cases for top hierarchies for eg supersales head you can create one more analysis component providing the highlevel hierarhy authorisation.

3) You will have to then assign the roles to the user using these 40 + roles. Donot mix the composite roles (for 6 section) with the authorisation roles. They are independent and has to be provided seperately. You do not end up in creating 500 odd roles for your authorisation

Regards

Gajesh

Dear Gajesh,

I meant -> For a single plant, where in there is currently value authorization implemented, below are the roles for a single tab AB.

Single Role -> A (Authorization role with plant value)

Single Role -> B (RRMX Read)

Single Role -> C (RRMX Write) 

Composite role D -> A+B+C

Similarly, there are 5 other composite roles with different single roles.

Each of these composite roles differ in the S_COMP role with different set of reports.

Eg for tab CV, Composite role H consists of E,F,G like D is to A,B,C respectively.

Hope am clear.

My query is now regarding the hierarchy nodes for 2 new plants with 2 different hierarchies...how to implement above design...different users might exist for these tabs.

Dear Gajesh,

Please check this if possible and suggest

Dear Aditya,

1) I understood about the Composite Roles, and as you said it comes to 18.

2) Let me know what is the input selection in your report. Is the hierarchy variable getting used in the input selection. If yes then

3) Total no of Roles that you need to create will be if  1 Hierachy has 10 nodes = 30 roles ( let us name it as N1to N30). Also for top level authorisation ( for a user who has all hierarchy authorisation  eg supersales head ) you can create one additional roles (let us name it as H1)

4.1) So if suppose a user has AB and he has authorisation to all the nodes in that case,

he will have 3 roles of AB (A+B+C) . + H1

4.2) For a user who has all 6 tabs will have 18 Roles + (No of Nodes he is authorised for ( eg. N1 to N10 - 10 roles )

you will have to  keep the composite roles and the hierarhy level roles seperately.

Hope this helps

Regards

Gajesh

Dear Gajesh,

Regarding the existing composite roles and 18 single roles for a single plant say DR01, it is value authorization concept used in production. No hierarchies as such.

My question of roles currently is regarding new hierarchies for 2 new plants to be live in production.

Hence these are different and not to be clubbed with.

All the reports need to be authorized through nodes.

Each hierarchy got 10 nodes as said.

Hence if I need to give the roles based on existing design, we have 6 tabs.

Each tab might have different set of reports or as required.

Different users authorized to different tabs but not necessarily.

Hence, Is it like, for each tab say AB,

We need 20 single analysis node roles (H1 to H20) + B (RRMX Read) + C (RRMX Write)?

Which means, 20 composite roles for each tab with 22 single roles?

Dear Aditya

Yes you would require 20 composite roles for one tab  if for each node you are going to create a composite Role.

I think you will have to try to manage without using composite roles. Please read the below link to get a better picture on the same

https://scn.sap.com/thread/1458498

Regards

Gajesh

Hi Gajesh,

Sorry for I was not able to follow up. Gone through that document but not helped me.

I can give a more clear picture now. Its Client requirement that they want to view separate reports in separate categories as mentioned in BI Channel. Hence, the repeated composite roles for same plane but with different single roles. All users are mapped to all roles in current value authoriations for existing plant

| AB | CV | PD | HP | HQ | BE |

In this scenario, I mean for a tab since there are 3 hierarchies, there are a minimum of 20 single single roles for 20 nodes. Hence we require 20 composite roles for each node of all 3 hierarchies with no other option for each tab. Hope you agree,

Dear Aditya

I agree with you. You will have to use that many composite roles

Regards

Gajesh

Hi Gajesh,

Need your help in this thread:

http://scn.sap.com/message/14934487#14934487

Hi Gajesh,

Need your help in below thread:

Hi Martin,

Please check the below response where in I attached my 2 hierarchies.

Am clear that we need to create 7 roles for each hierarchy here, which means 21 roles.

But my question is related to the additional roles that are created for each tab in portal.

Issue:

Below is the current structure for an existing single plant value authorization

Users view the reports in portal (BI Channel).

Portal has 6 sections/categories/tabs AB, CV, PD, HP, HQ, BE

Hence currently users got 6 composite roles created for these with different analysis objects and RRMX read/write roles.

Each composite role consists of one analysis object role, one RRMX read role, one RRMX write role.  Hence total single roles are 18!

Question: If this is the case for existing plant value authorization, how can I do it for current nodes?

For each tab/category above, and for a single hierarchy of one division, it would be 7 composite roles as there are 7 unique nodes/values. This means total of 7 composite roles for a tab. For all tabs, this mean total of 42 composite roles and  126 single roles!

If this is the case, for other 2 pictures below, this would mean total 126 composite roles and 378 single roles!

Am convinced this is not correct.

Can I try avoiding the RRMX read/write separately for each composite role separately?