Hi
I hope someone can help clarify.
I am interested to understand more about the way that Analysis Authorisation merge when a user has access to more than one role/ authorisation.
Just to point out that I have searched the foum, help.sap, my SAP training material and very little info is available. This link is the closest I have found but not enough with another dead end link.
bi-analysis-authorisation-ip-security-restriction-
Business Requirement:
HR Reporting. A user is authorised to access the entire Org hierarchy in reports 1 and 2. The user is restricted to a lower level 2 Org node for reports 3 to 10.
I have created 2 BI Analysis Auth objects.
HR_001 and the hierarchy authorisation is for the top node of the hierarchy.
HR_002 and the hierarchy authorisation is for a level 2 node.
2 Roles have been created
ZBEX_HR_001 with reports 1 and 2 and BI Analysis Auth object HR_001.
ZBEX_HR_002 with reports 3 to 10 and BI Analysis Auth object HR_002.
The HR user has been assigned to the above 2 roles.
When the user executes any of the reports 1 through to 10 the user has access to the full org hierarchy.
Reports 3 to 10 are not restricted to the level 2 node even though the role has BI Analysis Auth object HR_002 assigned.
I have used RSECADMIN and generarted an authorisation log. It appears as though the 2 authorisations are merged.
If this is the correct behavoiur can anyone shed any light on how to restrict the user as per my business requirement explained above.
Thanks in advance
Cheers
Ian