- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Authorization characteristics level using colon
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Authorization characteristics level using colon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2019 8:35 PM
Hi All,
I am try to test a authorization cenario, but it doesn´t work.
I want to restrict the user from drillig down through the CUSTOMER field in the CUBE_TST1 infoprovider, but I want to allow him to drill down through the CUSTOMER field in the CUBE_TST2 infoprovider.
So I created the bellow cenario in BW authorization.
I created a user. This user have 2 profiles. Each profile have a Authorization Object with diffent cubes, but, with a same InfoObject to restrict in a object level
USER_TEST
---> PROFILE_TST_1
------> OBJ_AUTH_TST_1
==INFOPROV: CUBE_TST1
==CUSTOMER: (:) (*)
---> PROFILE_TST_2
------> OBJ_AUTH_TST_2
==INFOPROV: CUBE_TST2
==CUSTOMER: (*)But I getting a problem with this cenario. In both Data Model (CUBE_TST1 and CUBE_TST2) the user is not allow to drill down through CUSTOMER infoobject.
How I can solve my problem?
Thanks
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2019 9:26 PM
Please see the documentation below and verify if this applies to your scenario.
If your query uses the colon check and the query leads to the display of message "You do not have sufficient authorization", you have only two options:
- grant colon authorization to the user. (not applicable here)
- if you do not want to grant the user colon authorization: restrict the characteristic in the query to a certain selection (single value, interval, hierarchy node, and so on) and authorize this selection explicitly. In the case of structural components, all structural components must have an explicit restriction.
You must perform one of the above actions if the characteristic is authorization-relevant.
References
Authorization for Aggregated Values
An Expert Guide to New SAP BI Security Features
AUTHORIZATION FOR BI REPORTING
SAP Notes
Note 1140831 - Colon authorization during query execution
Note 1337102 - Aggregation authorization (colon) incorrectly displayed
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2019 9:26 PM
Please see the documentation below and verify if this applies to your scenario.
If your query uses the colon check and the query leads to the display of message "You do not have sufficient authorization", you have only two options:
- grant colon authorization to the user. (not applicable here)
- if you do not want to grant the user colon authorization: restrict the characteristic in the query to a certain selection (single value, interval, hierarchy node, and so on) and authorize this selection explicitly. In the case of structural components, all structural components must have an explicit restriction.
You must perform one of the above actions if the characteristic is authorization-relevant.
References
Authorization for Aggregated Values
An Expert Guide to New SAP BI Security Features
AUTHORIZATION FOR BI REPORTING
SAP Notes
Note 1140831 - Colon authorization during query execution
Note 1337102 - Aggregation authorization (colon) incorrectly displayed
- SAP Managed Tags:
- Security
