cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_RS_IOBJ - authorization problem

Go to solution
Former Member

on ‎03-06-2009 10:19 AM

0 Kudos

Hi

How in Nw2004s implement this problem:

Query have characteristic 0material, 0comp_code and 0customer.

User A must see only 0material and user B 0comp_code and 0customer.

Create 2 query isn't good solution.

Best Regards

Piotr

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-10-2009 8:46 AM
0 Kudos

Dear Piotr,

Iu2019m going to try helping you,

When you work the authorization object like S_RS_IOBJ, your are managing access by object, for example display, chanced, create, delete, ect. Furthermore, You are managing access by technical name, for example 0* (you can display all characteristic that begin with u201C0u201D value).

If you need create a specific authorization regarding 0MATERIAL, 0COMP_CODE and 0CUSTOMER, you should create roles with authorization object and specific values.

For example:

Tcode: PFCG

Role 1 for User A

Authorization Object S_RS_IOBJ

Activity: 03 Display

Object: 0MATERIAL

Role 2 for User B

Authorization Object S_RS_IOBJ

Activity: 03 Display

Object: 0COMP_CODE, 0CUSTOMER

I hope this suggestion can help you to answer your question,

Luis

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎03-10-2009 9:37 AM
0 Kudos

Thank Luis

I will test it.

Piotr

Show replies
Show replies
Former Member
‎03-10-2009 8:58 AM
0 Kudos

Hi

I know this

But when we use new authorization concept in Bw 7 (NW2004s) it dosn't work.

I work in NW2004s about a week.

In BW 3,5 it works good.

Best Regards.

Piotr

Show replies
Show replies
Former Member
‎03-10-2009 9:30 AM
0 Kudos

Dear Piotr,

Sorry but a donu2019t understand you question,

Regarding the authorization system in BI 2004s, you have two levels. First, you restrict access by object (authorization object, mange through tcode: pfcg); second, you restrict access by characteristic and navigational attribute values (analysis authorizacion, manage through tcode: rsecadmin).

If BW 3.5 it works good, the problem must be in the reporting authorization object 3.5, now analysis authorization in 7.0. Because the authorizations object has the same behaviour in both versions.

According explanation give above, you should be focus in the analysis authorization, but I need more details. For example the User A and User B what do they do?, they can create query, or only execute query. In case of, they only need execute query and display data. The authorization by focus in analysis authorization, and we need have to check, the query structure, and what characteristics (0MATERIAL, 0COMP_CODE, 0CUSTOMER) in InfoProvider are joined and which characteristic are relevant of authorization.

For example, in your scenario, you need that user A should display 0MATERIAL value,

In this case you need to create an analysis authorization (through tcode: RSECAUTH), where have to the following design:

0MATERIAL: specific values that you need

0COMP_CODE: u201C:u201D aggregate value

0CUSTOMER: u201C:u201D aggregate value

For the user B, the design must be:

0MATERIAL: u201C:u201D aggregate value

0COMP_CODE: specific values that you need

0CUSTOMER: specific values that you need

I hope this suggestion can help you to answer your question,

Luis

Former Member
‎03-10-2009 8:53 AM
0 Kudos

To achieve this you need to create two roles in the first role you give 0material as the value for S_RS_IOBJ and assign to user A. In the second role you give 0comp_code and 0customer as the values of S_RS_IOBJ and assign to user B

Show replies
Show replies
Ask a Question