BI Security Implementation and restrictions at Infocube levels

Dear all,

I am trying to update myself on BI security and practical implementations. I read expert guide and other relevant documentation. We have BW security integrated with CRM and Portal.

Please explain or provide me some direction in understanding how BI security works at key figure level.

<b>Is it necessary to set the following InfoObjects as “authorization-relevant” . Is it MANDATORY to make the following settings as "Authorization-Relevant" before we start the BI Security

0TCAACTVT

0TCAIPROV

0TCAVALID

0TCAKYFNM</b>

and

Add 0TCAIFAREA as an external hierarchy characteristic to 0INFOPROV

When I changed above infoobjects to Authorization relevant, BI Portal Users are complaining that they have Access issues. I have to change this setting back.

Can someone explain me the implication of making the above objects as Authorization Relevant. What making these objects, Do I need to complete some steps to make it work.

All users have 0BI_ALL object defined in S_RS_AUTH. I don't know how 0BI_ALL works for users.

I greatly appreciate if anyone can explain how I can achieve the following scenarios:-

1. How Can I restrict user access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG.

2. How can I restrict User access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG (Sales Organization CRM) and Key Figure ZVOLSU.

3. How can I restrict User Access to all Infocubes EXCEPT ZEN_T001 infocube.

I tried using PFCG but it does not work. 3rd scenario worked fine. I really need help in resolving scenario 1 and 2.

please eMail me if I need to go thru any other step-by-step procedure.

I am trying my best to resolve and at the same time reading other documentation and experimentation.

Waiting for a Positive Reply

Kumar