Skip to Content
0
Former Member
Mar 01, 2007 at 01:33 PM

Authorizations: Dynamic roles

19 Views

Hello everybody,

We are going to migrate our authorizations from 3.x concept to BI-7.

With the new concept we are compelled to respect certain requirements like to include into the single user profile every InfoObject “AuthorizationRelevant” (that are also built-in into the InfoProvider, indented for the future analysis).

- Certain users had only one dynamic role. In such a case we are able to restrict for instance:

o 0CO_AREA = a value;

o every other InfoObject “AuthorizationRelevant” = “*” (every single values)

- Certain users had two or more dynamic roles; in such a case we are supposed to:

o ROLE 1: 0CO_AREA = a value; every other InfoObject “AuthorizationRelevant”, for instance 0COMANY_CODE = “*” (every single values)

o ROLE 2: 0COMANY_CODE = a value; every other InfoObject “AuthorizationRelevant”, for instance 0CO_AREA = “*” (every single values)

In this particular case though we expect that the system will ignore our restrictions because it is adding the two roles in fact:

ROLE 1 is set: 0CO_AREA = a value;

ROLE 2 is set: 0CO_AREA = “*”.

Base on what we just described above, here they are our questions:

1. Does exist a symbol (for instance “:” “>”) that we can assigned to every InfoObject “AuthorizationRelevant” in order to cheat the system making it understand that it is there but not relevant for the authorizations (instead using “*”)?

2. If not can you please suggest us another way to cope with the problem of having for a user more dynamic roles assigned.

Thank you very much

Matteo Mariniello