Skip to Content
0
Former Member
Apr 03, 2008 at 04:19 PM

authorization for multiple nav attributes

28 Views

Hi Experts,

I have 2 doubts that I need to confirm with you:

Scenario :

an aggregation level has nav attributes A__C and B__C.

A__C is restricted by authorization variable in the filter section of the query.

A__C is shown in the rows as well.

B__C is not defined anywhere in the aggregation level and the query.

Authorization is created for the user on A__C and B__C and assigned to user via the BI7 auth admin tcode(s).

The requirement is to control such that user cannot access certain values of Both A__C values and B__C values found in records. In this case, user is set to access only :

A__C : 1111

B__C : 2222

A record exist like this :

-


A__C **** B__C **** KF

-


1111 **** 3333 **** $1000

Question:

1. when the query is executed, authorization check is ok for A__C and the query should execute.

But given that this user is not authorized to B__C = 3333, will the KF value of $1000 be displayed by the query at runtime assuming the query only is selecting A__C and the KF?

If it does not show results or shows 'not authorized' , can I say its due to B__C = 2222 is granted and not B__C = 3333 was granted?

Else if it does show the $1000, can I say that even if B__C is set = 2222 in the user profile / authorization object assigned, there is no effect of authorization in this case and the record having B__C = 3333 will be displayed with the KF value (B__C value still will not be shown as its not in the query definition).

2. Assuming char C is defined in the query and aggregation level, must this be individually restricted (i.e set auth of C = value1, value2 .....) in authorization object or roles in order that the effect of A__C is achieved where authorization values for A__C is defined by setting auth of A__C = value 1, value2 ...?

Scenario A: char C is in the aggregation level but not used in the query definition in the rows and filter.

Scenario B : char C is in the aggregation level and used in the query definition in the rows.

What would the result be in the above 2 scenarios ?

Hope to get enlightened about this aspects.

Thanks in advance.

Best regards

PRex

Edited by: pointes rexiproca on Apr 3, 2008 6:21 PM

Edited by: pointes rexiproca on Apr 3, 2008 6:22 PM