Skip to Content
0
Former Member
Apr 10, 2007 at 12:06 AM

Security in BPS Planning Folders

21 Views

We are on BI 7.0 and SEM 6.0. When we create authorizations for a BPS planning folder, only the authorizations at the header level are checked but not the ones at the layout level of the folder. For example, we have authorizations for characteristic InfoObjects - Org Unit and Metric. Org unit is put in the header level and Metric is in the lead column of the layout. Say, in the transactional InfoCube, Org1 has records for metric1, metric2, metric3 and Org2 has records for metric1 and metric2. Say User1 has authorization to Org1 and metric1 combination only. If User1 opens the BPS planning folder and chooses any org unit, the authorization checks are successfully performed and only Org1 is allowed as the input. But after that the layout throws an error saying that the user is not authorized to see the values since (I guess) the data for Org1 contains metric2 and metric3 that are not authorized for User1.

I have tried different combinations in rsecadmin transaction like the following, but none of them solve the requirement.

Authorization Z1

ORGUNIT - Org1

METRIC - Metric1

Result - The planning folder throws an error "You have no authorization for the requested data"

Combination of Authorization Z2 and Authorization Z3

Authorization Z2

ORGUNIT - Org1

Authorization Z3

METRIC - Metric1

Result - The planning folder shows all the values including Metric2 and Metric3. And the user is able to change the data for Metric2 and Metric3.

Even if the folder shows Metric2 and Metric3, I want the authorizations to stop the users from "saving" the data against Metric2 and Metric3. Anyone has any ideas? I will assign points to all the helpful posts.