on 08-04-2005 2:56 PM
Hi everybody,
I designed a query which contains in Rows a authorization relevant hierarchy named VENDOR and below that a character named APPLICATION with a character variable APP_VAR:
-- (hierarchy) VENDOR
|
-- (character) APPLICATION
|
-- (char. variable) APP_VAR
The rows are marked as "Display as hierarchy" so that APPLICATION is shown also as hierarchy.
A typical display is e.g.:
ROOT
|
-- VENDOR Group A result A
| |
| -- APPLICATION 1 figure 1
| -- APPLICATION 3 figure 3
| -- APPLICATION 4 figure 4
|
-- VENDOR Group B result B
|
-- APPLICATION 1 figure 1
-- APPLICATION 2 figure 2
-- ...
Do you have any idea how I could allow or disallow to drilldown APPLICATION for a special user for VENDOR Group B so that it looks like:
ROOT
|
-- VENDOR Group A result A
|
-- VENDOR Group B result B
|
-- APPLICATION 1 figure 1
-- APPLICATION 2 figure 2
-- ...
Thanks in advance for your help,
Marcus.
hi,
try this:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/g-i/how to work with hierarchy authorizations.pdf
good luck,
Andrzej
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Marcus,
You are looking for ':'!
Create the auth variable with Vendor and App_VAR as the fields. Assign to user twice,
Vendor= A
App_VAR= :
Vendor = B
APP_VAR = *
With this the user can drill down for vendor B but not for vendor A.
However, not sure how it will behave with display as hierarchy option. Try it out. Works well with normall drilldowns.
Cheers
Aneesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aneesh,
I created an authorization object with the fields VENDOR (which is a hierarchy), APP_VAR, and 0TCTAUTHH (because VENDOR is a hierarchy).
My authorizations look like this then
VENDOR = :
APP_VAR = :
Unique ID for Authorization = xyz
This doesn't work. I got an error message, that I lack the authorization for my auth object. Any idea?
I could imagine that your propsal works well without hierarchies. The "display as hierarchy" option shouldn't make problems.
However, if I get things working according to your way I worry about an inflationary amount of auth object and authorizations. Is there any alternative way?
Marcus,
This won't work. What you need is a * for the APP_VAR for the vendors for which a user should be able to drill down on. With the current setting you will not be able to drill down for any Vendor.
Are you able to run the query at all though with these settings? Did you get the no auth message on expanding Vendor or running the query? If it is the former, then it is working as expected. If on running the query, then we have a problem.
Cheers
Aneesh
Hi Ashwin.
Thank you for your replay.
Actually, I maintained authorizations for hierarchies. Because of that, I have to insert the name of the authorization for hierarchies in my authorization field "Unique ID for authorization".
I am very glad that I have found this forum and I really appreciate you trying to help me so much! However, I fear that we are talking not about the same thing or that I am simply not able to transfer your suggestions into my system due to the fact that I am new to SAP and BW. Anyway, maybe it helps if I give you more detailed information.
== The Problem ==
We have a list of vendors. There are people in our company who are allowed to see details for all of these vendors and there are people who are allowed to see details for all except one vendor. The details are key figures and drilldowns in "application", "country" and so on and so forth.
== My Solution (not-working) ==
Because we assume that in future there will be more than just one vendor for which details display is not allowed I created a vendor hierarchy (VENDOR), which looks like that:
ALL (text-node)
|
-- VENDOR Group A (text-node)
| |
| -- VENDOR-X (the one with restricted details display)
|
-- VENDOR Group B (text-node)
|
-- VENDOR 1 (details for everyone)
-- VENDOR 2 (details for everyone)
-- ... (details for everyone)
For the <b>restricted</b> users I created two authorizations for hierarchies:
HIER_AUTH_VENDOR_GROUP_A (the group with restricted vendors)
Hierarchy level 02
Type of authorization: 0 ("Only the node")
Area of validity: 3 ("complete hierarchy")
Node variable default value: yes
HIER_AUTH_RESTRICTED_VENDOR_GROUP_B (not restricted)
Hierarchy level 00
Type of authorization: 1 ("Subtree below nodes")
Area of validity: 3 ("Complete hierarchy")
Node variable default value: no
The VENDOR hierarchy should be drilled down by area of application, represented by the character APPLICATION. To allow the query user to sharpen the query result to a list of certain APPLICATIONs I created a character variable APP_VAR (Processing by user entry, Variable represents intervall, User entry optional, Ready for input, Can be changed in query navigation).
In the query designer the part "Rows" looks like this:
-- (hierarchy) VENDOR
|
-- (character) APPLICATION
|
-- (char. variable) APP_VAR
The rows are marked as "Display as hierarchy" so that APPLICATION is shown also as a (fake) hierarchy.
I created an authorization object AUTH_OBJ with InfoObjects VENDOR and 0TCTAUTHH and activated it for the needed InfoProvider(and ODS).
I gave one test user the following two authorizations:
VENDOR: ":"
Unique ID for Authorization: "HIER_AUTH_VENDOR_GROUP_A"
and
VENDOR: ":"
Unique ID for Authorization: "HIER_AUTH_VENDOR_GROUP_B"
What I got was the following display:
ROOT result TOTAL
|
-- VENDOR Group A result A
| |
| -- APPLICATION 1 figure 1
| -- APPLICATION 3 figure 3
| -- APPLICATION 4 figure 4
|
-- VENDOR Group B result B
|
-- VENDOR 1
| |
| -- APPLICATION 1 figure 1
| -- APPLICATION 2 figure 2
| -- APPLICATION 3 figure 3
|
-- VENDOR 2
|
-- APPLICATION 1 figure 1
-- APPLICATION 2 figure 2
-- ...
But what I wanted are no details (in this case no APPLICATION) for VENDOR GROUP A. That means for a restricted user viewing the query it should look like this:
ROOT result TOTAL
|
-- VENDOR Group A result A
|
-- VENDOR Group B result B
|
-- VENDOR 1
| |
| -- APPLICATION 1 figure 1
| -- APPLICATION 2 figure 2
| -- APPLICATION 3 figure 3
|
-- VENDOR 2
|
-- APPLICATION 1 figure 1
-- APPLICATION 2 figure 2
-- ...
I hope my problem is no clearer and you can understand that I have problems to implement your suggestions.
Thanks a lot!
Marcus.
Hi!
you can maintian heirarchy authorizations for nodes there you can restrict the users to access only a perticular node.
here are some links which can help you.
http://help.sap.com/saphelp_nw04/helpdata/en/8f/57f438114ee836e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/12/49f438cd2b7058e10000000a11402f/content.htm
with regards
ashwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.