Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can't see good variables in Query Designer BW 7.0

Former Member

‎03-26-2007 10:10 AM

0 Kudos

Hello,

The technical name of our caracteristic variables in the Query Designer are prefixed by "OR_" or "SV_". I try to make a filter in this variables (for example: a user must be able to see only "SV_" variable) with the authorization objects S_RS_COMP and S_RS_COMP1. But this filter does not work, even if the ST01 trace shows me a Return Code = 4 for the test in the variable technical name.

Have I made something wrong ? is it a bug ? (we are in BW 7.0 SPS9 with Sapgui 6.40 SP 19 and BEx SP 12).

Thank you for your help

6 REPLIES 6

Former Member

‎03-26-2007 10:39 AM

0 Kudos

Hi Paul,

If iam not worng, are you asking about Infoobject level security in BW?

If it is, the following are the steps need to be implemented:

<u><b>Steps to Implement InfoObject Security (field-level security)</b></u>

1) Make the InfoObject authorization-relevant.

The Authorization Relevant setting for an InfoObject made in the InfoObject definition on the Business Explorer tab. The business needs will drive which InfoObjects should be relevant for security. Keep in mind that the people using SAP BWare running queries to help make strategic decisions on how to better run the business. The decision makers typically need to see more data on SAP BW than they would need to see in SAP R/3.

2) Create a custom reporting authorization object.

Since there are no reporting authorization objects provided for InfoObjects, you will have to create your own reporting authorization object for any InfoObject you decide to secure. This is done in transaction code RSSM. When creating your reporting authorization object, you select which fields to put in the authorization object from a list of authorization-relevant InfoObjects. Only InfoObjects that have been marked Authorization Relevant are eligible to be put in a reporting authorization object.

3) Add your new authorization object to a role.

Once you have created an new reporting authorization object and linked it to the appropriate InfoCube(s), users will need access to your reporting authorization object. You will need to manually insert your object into a role.

4) Add a variable to the query.

The reason the variable is required is sometimes unclear at first. If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable.

5) Link the reporting authorization object to an InfoProvider.

Linking your reporting authorization object to an InfoProvider is a very critical step. In this step, you will impact people currently executing queries for the InfoProvider that is now related to your reporting authorization object. This linkage forces your reporting authorization object to be checked when ANY query tied to the InfoProvider is executed.

Hope it helps, please revert back if you are asking for something else.

Please reward points if it is sueful.

Thanks & Regards,

Santosh

Former Member
In response to Former Member

‎03-26-2007 1:31 PM

0 Kudos

Hello,

Thank you for your reply but it is absolutely not the response of my problem.

Let me explain it differently : in the Query Designer, after opening a Query, you can restrict the value of a caracteristic by choosing a VARIABLE. My problem is that I have some variables with a technical name beginning with "SV_", others beginning with "OR_", and I want a user only be able to see one of this kind of variables ("SV_" or "OR_"). In my point of view this is possible by using the authorization objects S_RS_COMP and S_RS_COMP1, but it does not work.

Thank you very much for your help.

Former Member
In response to Former Member

‎03-26-2007 2:39 PM

0 Kudos

Hi Paul,

I dont think if S_RS_COMP & S_RS_COMP1 objects will fulfil your requirment.

Please vist the following link to know more on these objects:

http://www.sapsecurityonline.com/bw_security/bw_security_auth_obj_2.htm

Hope it helps.

Thanks & Regards,

santosh

Former Member
In response to Former Member

‎03-26-2007 2:48 PM

0 Kudos

And so how can I do to make what I want ? thank you for your response.

Former Member
In response to Former Member

‎03-27-2007 7:28 AM

0 Kudos

Hi Paul,

Probably you might have to approach Query Designer for this.

What ever the Infoobjects that are present in query Designer part i.e., Rows, Columns, Free Characteristics will be displayed after query execution. So in your case if the variables are dragged and dropped into query designer part, than i dont think there is way to hide the data, if iam not wrong.

Hope it helps.

Thanks 7 Regards,

Santosh

Former Member
In response to Former Member

‎03-27-2007 8:44 AM

0 Kudos

Hello,

My problem happens before launching the Query to have its result. The issue occurs in the Query Designer : when a user try to restrict a characteristic with a variable in the Query Designer (in the filter tab of the Query Designer, right-click on a characteristic, use "restrict..." in the menu, shows "variables"), he can see variables beginning with "SV_" and with "OR_" (and with "0" for the standard variables), and I just want him to see only one type of these variables.

Thank you for your response.