Multiprovider and Authorizations

Multiprovider and Authorizations:

The challenge is to ensure you do not have more access trough the multiprovider then you have trough the sourcecubes.

example:

Multiprovider, Joining sourcecube 1 + 2 ( Heterogeneous MP combining data from different infoareas)

Sourcecube 1: Authorizations for company code X+Y

Sourcecube 2: Authorizations for company code Y+Z

What company codes in which source cubes will you have access to report on trough the multiprovider?

1) XYZ from both cubes ?

2) X from cube 1 , Y from cube 1+2, Z from cube 1

3) only the common Y from cube 1 +2

The expected results is scenario 2. Basically the same access/restriction you would get, if reporting directly on the sourcecube's.

This can of course be tested with a test user with limited authorizations. The obstacle here though is that the authorization setup is defined with roles and a business unit hierarchy authorization object (consisting of several company codes) that is not fully in place yet. Hence the test will not give you a 100 % liable verification.

Has anyone else faced the same question, or can verify the expected results? I have not found any good documentation on authorization and multiprovider .

(PS, With Support package 2 for BW 3.0B a new authorization object is available used to define authorizations on a Multiprovider level. S_RS_MPRO - Multiprovider. This gives more flexibility , but is not the answer to the general question)

Best regards Per Roar