cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem authorizations in roles new concept BI

Former Member

on ‎08-22-2007 9:27 AM

0 Kudos

Hi developers,

I have a problem because after migration of the authorization have in a cube (FI area) two characteristic (Company Code and Controlling Area) relevant for the authorizations.

I wish control only the Company code but the system demands also the Controlling Area. I have insert the Controlling Area in authorization with EQ ( but no work because is insert in the free characteristic.

If I fixed the value of the Controlling Area associated to Company Code not work, if I insert a variable where the user enter the value the query work but not necessary for the user. If I insert CP () work but some users have queries of CO Area with controls on values of this characteristic. Insert CP () in FI Authorization means see all datas in CO.

Can help me for manage this situation where there are two areas FI / CO migrated where the old concept is different than BI

Thanks in advance

Domenico

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member192700
Active Contributor
‎08-23-2007 10:39 AM
0 Kudos

Hi Domenico,

you might want to use the special InfoObject 0TCAIPROV to restrict the respective InfoProvider.

Cheers

SAP NetWeaver BI Organisation

Show replies
Show replies
Former Member
‎08-22-2007 4:52 PM
0 Kudos

Hi Domenico,

Please correct me if I'm wrong , I see that you have two topic area like FI and CO. You need to create two Authorizations say 1 for FI and another one for CO. Let call them as YFI_CO_CC and YCO_CO_CC. Now in YFI_CO_CC you need to insert both Compnay code and Controlling area characteristic along with the special characteristic 0TCAACTVT,0TCAIPROV,0TCAVALID.Then enter the assign * to CO_AREA and for Company code assign the value which you want to restrict and in the 0TCAIPROV = FI infocube technical name for example ' YFI*'.

similarly for YCO_CO_CC create authorization and assign CO_AREA value and company code = '' if there are no user resrtiction on company code and 0TCAIPROV = CO infocube example 'YCO' .

Then create a role with S_RS_AUTH object with YFI_CO_CC and another with YCO_CO_CO_CC .Assign it to the users and check the user access.

Hope it helps,

Cheers,

Balaji

Show replies
Show replies
Former Member
‎08-23-2007 9:36 AM
0 Kudos

Hi Balaji,

I had already create the authorization because we have effectued the migration after the upgrade of release.

Some users can see queries of FI an CO areas, for example:

User A (FI) can see only the Company Code XX but in the query there are also Controlling Area and if I insert Controlling Area XX the authorization don't work, the problem is resolved only I insert a variable also for Controlling Area not necessary for the user. If I insert ( or the value XX in CO Area the query do not work.

The query work only with variables after the introduction of the value XX or if I insert (*).

User A (CO) can see only the CO Area XX but if I insert in authorization precedent (*) the user can see all because the authorization are summarized.

In this situation you know a method for manage two different authorization for the same users autonomously

Thanks Domenico

Ask a Question