We are going to migrate our authorizations from 3.x concept to BI-7.
With the new concept we are compelled to respect certain requirements like to include into the single user profile every InfoObject AuthorizationRelevant (that are also built-in into the InfoProvider, indented for the future analysis).
- Certain users had only one dynamic role. In such a case we are able to restrict for instance:
o 0CO_AREA = a value;
o every other InfoObject AuthorizationRelevant = * (every single values)
- Certain users had two or more dynamic roles; in such a case we are supposed to:
o ROLE 1: 0CO_AREA = a value; every other InfoObject AuthorizationRelevant, for instance 0COMANY_CODE = * (every single values)
o ROLE 2: 0COMANY_CODE = a value; every other InfoObject AuthorizationRelevant, for instance 0CO_AREA = * (every single values)
In this particular case though we expect that the system will ignore our restrictions because it is adding the two roles in fact:
ROLE 1 is set: 0CO_AREA = a value;
ROLE 2 is set: 0CO_AREA = *.
Base on what we just described above, here they are our questions:
1. Does exist a symbol (for instance : >) that we can assigned to every InfoObject AuthorizationRelevant in order to cheat the system making it understand that it is there but not relevant for the authorizations (instead using *)?
2. If not can you please suggest us another way to cope with the problem of having for a user more dynamic roles assigned.
Thank you very much