Skip to Content
author's profile photo Former Member
Former Member

authorization for multiple nav attributes

Hi Experts,

I have 2 doubts that I need to confirm with you:

Scenario :

an aggregation level has nav attributes A__C and B__C.

A__C is restricted by authorization variable in the filter section of the query.

A__C is shown in the rows as well.

B__C is not defined anywhere in the aggregation level and the query.

Authorization is created for the user on A__C and B__C and assigned to user via the BI7 auth admin tcode(s).

The requirement is to control such that user cannot access certain values of Both A__C values and B__C values found in records. In this case, user is set to access only :

A__C : 1111

B__C : 2222

A record exist like this :

-


A__C **** B__C **** KF

-


1111 **** 3333 **** $1000

Question:

1. when the query is executed, authorization check is ok for A__C and the query should execute.

But given that this user is not authorized to B__C = 3333, will the KF value of $1000 be displayed by the query at runtime assuming the query only is selecting A__C and the KF?

If it does not show results or shows 'not authorized' , can I say its due to B__C = 2222 is granted and not B__C = 3333 was granted?

Else if it does show the $1000, can I say that even if B__C is set = 2222 in the user profile / authorization object assigned, there is no effect of authorization in this case and the record having B__C = 3333 will be displayed with the KF value (B__C value still will not be shown as its not in the query definition).

2. Assuming char C is defined in the query and aggregation level, must this be individually restricted (i.e set auth of C = value1, value2 .....) in authorization object or roles in order that the effect of A__C is achieved where authorization values for A__C is defined by setting auth of A__C = value 1, value2 ...?

Scenario A: char C is in the aggregation level but not used in the query definition in the rows and filter.

Scenario B : char C is in the aggregation level and used in the query definition in the rows.

What would the result be in the above 2 scenarios ?

Hope to get enlightened about this aspects.

Thanks in advance.

Best regards

PRex

Edited by: pointes rexiproca on Apr 3, 2008 6:21 PM

Edited by: pointes rexiproca on Apr 3, 2008 6:22 PM

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Apr 03, 2008 at 05:12 PM

    Dear Pointes,

    For management authorization by navigational attribute, I suggest the following steps:

    1. Should check the attribute setup of “A” and “B” InfoObject in Tcode RSD1, and be sure if they are relevant of authorization. Remember, in BI2004s the attribute navigational are different component authorization.

    2. Then, you should check your analysis authorization in Tcode RSECADMIN Authorization and verify which these attributes navigational A__C and B__C are included in analysis authorization, and what value do they have? Be careful which logical sing “<, >, =…”. Also, remember include colum “:” value in each attribute navigational for avoid problem.

    3. Before that, you should check the queries structure and be sure if theses attribute is like a entry variable authorization.

    I hope that can help you,

    Luis

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.