Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

BI Security

Former Member
0 Kudos

Hi Friends

I have come across a situation in BI security which I would like to share with you guys. Appreciate if you can share your expert opinion regarding the same...

We have a info object X & info object Y. Security applied through RSECADMIN restricts the user to view the data for info object X for specific values...

Based on the security access provided to the user, user is able to view the data of both X & Y as a info object .

Now the user has raised a requirement of viewing the data for info object X as an attribute of info object Y. Till the time the value of info object X is restricted to specific values, user is not able to add info object X as an attribute of info object Y. The moment we change the value of info object X to " * " in Analysis Authorization, user is able to add info object X as a attribute of info object Y.

Has anyone come across this situation. If yes do you know why this is happenning. Any clue.

We donot want to make info object X as a navigational attribute of info object Y.

Thanks

Anjan Pandey

2 REPLIES 2

Former Member
0 Kudos

Hi Anjan,

This is standard behavior for display attribute security and to my mind is justifiable to a large extent. When you add a field as display attribute of another characteristic to a query, any restriction if used, is on the base attribute. So the query can potentially return any value for the display attribute and is hence checking for * access makes sense.

Does your security requirements allow you to return any value of object X when its appearing as an attribute of Y? To me individual value level security for X and Y is contradictory to what you are trying to do for display attributes.

There is however a way to give full access to display attributes without opening up full access for it in the cube. Create a new analysis authorization for X with value * and 0TCAIPROV as ZTEST (you can use dummy value here). Use this with your existing authorizations. This will give access to X in any case where it appears as a display attribute of another characteristic.

Regards,

Aninda

0 Kudos

Thanks for your response.

> Does your security requirements allow you to return any value of object X when its appearing as an attribute of Y? To me individual value level security for X and Y is contradictory to what you are trying to do for display attributes.

As per the requirement only the recent most value for info object X should be displayed when viewed as an attribute. This conditioned is fulfilled only when value for info object X is maintained as " * " in the Analysis authorization.

> There is however a way to give full access to display attributes without opening up full access for it in the cube. Create a new analysis authorization for X with value * and 0TCAIPROV as ZTEST (you can use dummy value here). Use this with your existing authorizations. This will give access to X in any case where it appears as a display attribute of another characteristic.

I agree with the solution sugegsted, however as per standards this solution should not be used as there has to be a justification for new Analysis Authorization created.

I will still keep the thread open for few more days if someone else has some other opinion regarding the issue.

Thanks.

Anjan Pandey