Skip to Content
0
Former Member
Dec 12, 2003 at 09:22 AM

Content autorisations buffered on cube/user level ?

42 Views

Hi,

For our HR-cubes we have configured several content authorizations based on e.g. cost center, personal area, organisational unit,...

We keep track of the authorized values per user-id in an ODS. These values are coming over R/3 and can change often. That's why we can't use "hard-coded" authorization roles.

Via user exits (I_STEP = 0 in combination with the $VAR trick in content roles) we fetch the right values for the right variables per user.

The special thing is that due to our functional concept a certain user can have different autorisations on the same cube. This is fully depending on the query (based on naming convention of the query name.)

Example :

On the same infocube Headcount we could have two queries :

1) HR_02AB : user should be restricted on pers. area 50, org unit *

2) HR_02AP : user has acces to pers area *, but restricted to several

organisational unit hierarchy nodes.

That's why we are checking the query's technical name in the user exit as well. So far we don't have any problems with that approach. The real problem is that i discovered that autorisations seem to be buffered on user/infocube level.

If a certain user calls up report HR_02AB on infocube headcount our user-exit (i_step=0) is processed and the user is correctly autorised. The ODs is read and the right values are send back.

If right after this the same user calls up report HR_02AP on the same cube the user exit is not processed anymore as it seems that the autorisations for org unit and pers are are already buffered since the previous query execution. The user exit I_STEP = 0 is not even called anymore

for this 2nd query ! (I put an endless loop in the code to verify this)

This is totally wrong in our case as this leads to false autorisations. We have different

autorisations for the same cube on individual query level. We want the user-exits to be executed

each time any report is launched. I think this is very logical and

makes sense.

Imagine that a user is logged on all day since 8 AM and that the ODS is updated 3 times a day. This user will then keep using the buffered values from the first ODS load. This is dangerous. Is this buffer standard behaviour or is this a bug ?

Is there anything we could do about this ? Is is possible to disable

this autorisation buffer ? By the way, via transaction code RSRT this problem

doesn't occur ! There doesn't seem to be buffering there. This problem occurs in the Bex Analyzer and webreporting. So there seems to be buffering there. I didn't find anything relevant on OSS for this.