on 07-18-2018 2:50 PM
Dear All,
we have a requirement where we need to restrict users to fetch data from Bex query reports.
Users are extracting the other countries data unauthorized,.
So we need to restrict users globally.
We followed the below process:
1. Created an authorized object AUTH1 with country = IN
2. added this object to the role.
When we have Country as a variable or restriction in the query = IN, data is been displayed. But if the query doesn't have country variable/restriction, it throwing message
User is not authorized
My aim to get the output even users wont have restriction on country info object.
Users should get restricted to specif country for all the reports in the system/for all Bex queries he created.
Regards,
Jack
Hello ALL,
Any inputs?
My issue is users are creating adhoc queries by their own and extracting the data for all the other countries. They are not aware of the variable creation. Still unknowingly they need to be restricted even they do not enter any selections.
Also many queries/reports are in production. Now adding a variable/ editing the queries in them is not possible to implement this authorization.
Hope you can understand my concern. Please do the needful if there is any alternative method to implement with out adding variable at query.
Its bit urgent.
Regards,
Jack
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
Thanks for the reply.
I need to set up this authorization with out restricting the object or thru a variable. With out variable or direct restriction, the authorization should work.
Suppose I have a query with Customer, Region (both are not authorize relevant). I do not have variable/restriction country = IN.
In RSECADMIN, i have authorized with Country = IN.
But still if I run the query I should get data only for country = India.
Regards,
Jack
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jack,
I tested here on an internal system and it is possible via an authorization variable.
So, you will need the following :
1- Create an Analysis Authorization Object and add to it 0County and add the value. For example : I EQ Brazil
2- Now add this Authorization Object to the user that will have access only to Brazil
3- In your query designer, at the filter tabs, in Default Values, you add the 0Country and restrict it with a variable.
4- In the variable properties set it to :
Processing By Authorization
Reference Characteristic 0Country
Now, when you execute the query it will check the variable and will fill it with the value from the analysis authorization object that the user has.
For more information about the authorization variables, please check the link I sent before.
Thank you for the attention
Hi Jack,
What you mean by no variable in the query ? You don't want a variable screen or you don't want any kind of variable in the query ?
If you don't want variable screen the way I mentioned will not present any variable screen.
If you don't want any kind of variable in the query then it is not possible.
Thank you for the attention
Hi Jack,
I think what you want to have is not possible.
If you want to limit the data a user sees, you need to do it via a variable in the query.
As Bruno already wrote - use an authorization variable.
If you do not use country in a query, not even as filter, the users will only be able to see data when they are authorized with * (all values) or : (cumulation) for country.
regards
Cornelia
Hi Cornelia,
My issue is users are creating adhoc queries by their own and extracting the data for all the other countries. They are not aware of the variable creation. Still unknowingly they need to be restricted even they do not enter any selections.
Also many queries/reports are in production. Now adding a variable/ editing the queries in them is not possible to implement this authorization.
Hope you can understand my concern. Please do the needful if there is any alternative method to implement with out adding variable at query.
Its bit urgent.
Regards,
Jack
Hello,
I would recommend you to check the authorization log in transaction RSECADMIN.
There you will be able to see why this No authorization message appear. If it was because the query is requesting colon authorization or some other reason.
You can also check this wiki here for more authorization information :
https://wiki.scn.sap.com/wiki/x/P4c2FQ
Thank you for the attention
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My issue is users are creating adhoc queries by their own and extracting the data for all the other countries. They are not aware of the variable creation. Still unknowingly they need to be restricted even they do not enter any selections.
Also many queries/reports are in production. Now adding a variable/ editing the queries in them is not possible to implement this authorization.
Hope you can understand my concern. Please do the needful if there is any alternative method to implement with our adding variable at query (like Badi or some other option).
Its bit urgent.
Regards,
Jack
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.