on 08-26-2020 4:24 PM
Hi guyz,
I would just like to check if this is possible in BW authorization? I already tried several testing but I wasn't able to achieve my desired report.
Here is my transaction data:
These are my users and I need to limit them in accessing the following:
It means that even if company code BBB and CCC has the plant Z, USER1 should only see the plant Z under company code AAA.
RESULTS:
Is there a way to achieve this?
Thank you.
Loed
I must admit that if I have to implement this I will serioulsy investigate the alternative solution that would be to manage a concatenation of both infoObjects into a new characteristic (company code + plant). This allowing the use of an authorization variable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you seen my previous comment ? This is what I was explaining.
But you're right, the user will be able to get the data for one combination only (selection on one company and one plant) and will send an error message if you try to display more (no authorization).
This behavior is described in note 557924 (old one and for authorization variables but whose principles are still valid and valid also for classical variables).
You can have a look to the following wiki for possible solutions : here (though I never implemented it).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried it. I created 2 AAs for AAA/Z and BBB/X, but got the NO AUTHORIZATION error.
Were you able to try it on your side ?
Which filters did you use for company code and plant ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You have to create 3 AA with both infoObjects (company and plant):
And you have to filter on the company code and the plant at the query level.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But you're right, the user will be able to get the data for one combination only (selection on one company and one plant) and will send an error message if you try to display more (no authorization).
This behavior is described in note 557924 (old one and for authorization variables but whose principles are still valid and valid also for classical variables).
You can have a look to the following wiki for possible solutions : here (though I never implemented it).
If you create an AA with both infoObjects with the values AAAA/Z and BBBB/X the user should only have access to this data (even if plant Z exist for the company BBBB.
Regards,
Frederic
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Loed,
Sure, just create an AA with both company code and plant. Then, only the combination will be authorized. This is called multi-dimensional authorization (you will find blogs and posts on the subject).
The difficulty, here, is more a selection issue than an authorization one, As authorization variable does not work with more than one infoObject, the users have to select the right combination (or you have to find a way to select for them).
Regards,
Frederic
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.