Skip to Content
0
Former Member
Feb 21, 2007 at 08:23 PM

Necessary Authorizations while migrating auhorization objects

29 Views

Hello all,

let's assume (BI 3.5 authorization concept) that there are

- 6 InfoCubes containing an authorization relevant characteristic.

- 1 Authorization object was built upon this characteristic and

- 3 of those Cubes were flagged for the authorization check. The other

- 3 are not authorization restriced on this characteristic. Finally,

- 2 roles with different values (VAL 1 and VAL2) were created and assigned to different users.

For BI 7.0 authorization concept, my assumption to reflect ALL authorizations the following analysis authorizations are mandatory:

- 2 Analysis authorizations for VAL1 and VAL2::

<i><0CHARACTERISTIC></i>EQ VAL1

0TCAIPROV EQ <i>INFOCUBE1</i>

0TCAIPROV EQ <i>INFOCUBE2</i>

0TCAIPROV EQ <i>INFOCUBE3</i>

0TCAACTVT EQ 03

0TCAVALID EQ *

<i><0CHARACTERISTIC></i>EQ VAL2

0TCAIPROV EQ <i>INFOCUBE1</i>

0TCAIPROV EQ <i>INFOCUBE2</i>

0TCAIPROV EQ <i>INFOCUBE3</i>

0TCAACTVT EQ 03

0TCAVALID EQ *

What happens if no analysis authorization was created for the other 3 Cubes (authorizations are checked in 7.0 on characteristic level)?

- Does the user get an authorization error and thus has no access to these cubes

any more?

Is it necessary to setup an analysis authorization like this to grant unrestricted access to the other 3 InfoCubes:

<i><0CHARACTERISTIC></i> EQ *

0TCAIPROV EQ <i>INFOCUBE4</i>

0TCAIPROV EQ <i>INFOCUBE5</i>

0TCAIPROV EQ <i>INFOCUBE6</i>

0TCAACTVT EQ 03

0TCAVALID EQ *

If so, we will be forced to establish 2 Analysis Authorizations for 7.0 instead of one single used in 3.5. And further, would it then be necessary to create variables for the 3 Cubes that formerly were not authorization restricted?