on 10-15-2014 8:15 AM
Hi All,
We have created an authorisation object in the system which apply to all BW queries / reports. The authorisation object restricts a field / infoobject 0COMP_CODE to a particular range of values.
The BW reports in the roles use this field 0COMP_CODE and restricts to an authorization variable which brings in the restrictions applied in the roles.
The above scenario works fine for users currently.
Now there is a new requirement that I need help with.
Suppose there are 10 BW queries assigned in the roles. We now want to remove the authorization variable / restriction from 5 out of the 10 BW queries.
When we do that by simply removing the variable from BW query and run the reports it gives us an authorization error message. I suppose this is because at the role level there is a restiction and at the BW query level there is no authorization variable to pick this.
If we move the 5 queries to a new role where there is no Authorization object applied and the 5 queries don't have an Authorization variable it still gives as an Authorization error.
So now we have the below scenario
Role 1: 5 Queries with Authorization variable and Authorization object restriction
Role 2: 5 Queries with no Authorization variable / Authorization object
Role 2 queries do not work because the same user is assigned Role 1 and Role 2 and the Authorization restrictions get pulled in from there !
Any suggestions on how to proceed here and make Role 2 work without any restrctions?
Thank you.
Hi,
If a user has wider priviligies on given authorisation object in one role the narrower priviliges from another role on the same authorization object will not work.
Regards, Leszek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Leslaw,
In this case
Role 1 : Has narrower privileges because of authorization object restriction on 0COMP_CODE
Role 2: Has no restrictions or authorization object applied.
User has access to both role 1 and role 2 which have separate queries assigned .
However reports from Role 2 do not work and give an authorization error when including 0COMP_CODE in the report output
Is that the expected behaviour?
Thank you for your responses.
Raghav
Leszek, That is expected and we have the queries in Role 1 working fine with restrictions like you said.
The queries in role 2 are the ones which are not working at the moment even though there is no restriction on the authorisation object there.
I am unable to find a logical explanation for that. Any clue why this could be happening and can be fixed?
Thanks.
Hi Raghav,
In role 2 you have to use that query restriction variable for those queries also because you have 0COMP_CODE as authorization relevant.
For that particular Analysis authorization object provide value as * for 0COMP_CODE that you are using in role 2.
Regards,
Abdullah
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.