Skip to Content
May 07, 2014 at 11:32 AM

Best practice for new analytical authorizations


Coming from old RSR concept, I'm currently trying to find a good solution for developing roles using the new authorization concept.

In BW 3.x, I just entered the activites directly into the authorization objects. Now, with the new analytical authorizations, I have to assign them via a single auth object. But what is the recommended way for the distribution of auth-relevant InfoObjects into single authorizations?

Example: let's say we have marked 0COSTCENTER as auth-relevant. In the old RSR concept, I just added the corresponding authobject to the role and entered the number of the cost center.

Now, with the new authorization concept, I first have to build an authorization for every cost center (CC1000, CC1001, ...) and then assign the corresponding CC authorization to the role using S_RS_AUTH.

That means, if I need to restrict the "usual" InfoObjects like cost center, company code, plant, etc., I have to prebuild thousands of AAs beforehand. Did I miss something? This new concept looks to me way more costly than the old concept.