cancel
Showing results for 
Search instead for 
Did you mean: 

Allow and disallow drilldowns for different users

0 Kudos

Hi everybody,

I designed a query which contains in Rows a authorization relevant hierarchy named VENDOR and below that a character named APPLICATION with a character variable APP_VAR:


-- (hierarchy) VENDOR
|
-- (character) APPLICATION
    |
    -- (char. variable) APP_VAR

The rows are marked as "Display as hierarchy" so that APPLICATION is shown also as hierarchy.

A typical display is e.g.:


ROOT
|
-- VENDOR Group A      result A
|  |
|  -- APPLICATION 1    figure 1
|  -- APPLICATION 3    figure 3
|  -- APPLICATION 4    figure 4
|
-- VENDOR Group B      result B
   |
   -- APPLICATION 1    figure 1
   -- APPLICATION 2    figure 2
   -- ...

Do you have any idea how I could allow or disallow to drilldown APPLICATION for a special user for VENDOR Group B so that it looks like:


ROOT
|
-- VENDOR Group A     result A
|
-- VENDOR Group B     result B
   |
   -- APPLICATION 1   figure 1
   -- APPLICATION 2   figure 2
   -- ...

Thanks in advance for your help,

Marcus.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

hi,

try this:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/g-i/how to work with hierarchy authorizations.pdf

good luck,

Andrzej

Answers (2)

Answers (2)

Former Member
0 Kudos

Marcus,

You are looking for ':'!

Create the auth variable with Vendor and App_VAR as the fields. Assign to user twice,

Vendor= A

App_VAR= :

Vendor = B

APP_VAR = *

With this the user can drill down for vendor B but not for vendor A.

However, not sure how it will behave with display as hierarchy option. Try it out. Works well with normall drilldowns.

Cheers

Aneesh

Ashwin
Active Contributor
0 Kudos

Hi Aneesh!

it works better with heirarchy authorizations and its easier to maintain..

with regards

ashwin

0 Kudos

Aneesh,

do you really mean auth variable? Or do you mean authorization object with the fields and the corresponding values in the authorizations itself?

Regards,

Marcus.

Ashwin
Active Contributor
0 Kudos

Hi!

i think he ment the authorization object values.

aneesh correct me if i am wron..

Former Member
0 Kudos

Authorization objects. Variables never work on more than one characteristic.

0 Kudos

Hi Aneesh,

I created an authorization object with the fields VENDOR (which is a hierarchy), APP_VAR, and 0TCTAUTHH (because VENDOR is a hierarchy).

My authorizations look like this then

VENDOR = :
APP_VAR = :
Unique ID for Authorization = xyz

This doesn't work. I got an error message, that I lack the authorization for my auth object. Any idea?

I could imagine that your propsal works well without hierarchies. The "display as hierarchy" option shouldn't make problems.

However, if I get things working according to your way I worry about an inflationary amount of auth object and authorizations. Is there any alternative way?

Ashwin
Active Contributor
0 Kudos

Hi!

it looks like there is nothing maintined for authorizations for heirarchy. just specifiy the

nodes for which user needs to access under each one. just a s suggested by aneesh

Vendor = B(or)A

APP_VAR = *

with regards

ashwin

Former Member
0 Kudos

Marcus,

This won't work. What you need is a * for the APP_VAR for the vendors for which a user should be able to drill down on. With the current setting you will not be able to drill down for any Vendor.

Are you able to run the query at all though with these settings? Did you get the no auth message on expanding Vendor or running the query? If it is the former, then it is working as expected. If on running the query, then we have a problem.

Cheers

Aneesh

0 Kudos

Hi Ashwin.

Thank you for your replay.

Actually, I maintained authorizations for hierarchies. Because of that, I have to insert the name of the authorization for hierarchies in my authorization field "Unique ID for authorization".

I am very glad that I have found this forum and I really appreciate you trying to help me so much! However, I fear that we are talking not about the same thing or that I am simply not able to transfer your suggestions into my system due to the fact that I am new to SAP and BW. Anyway, maybe it helps if I give you more detailed information.

== The Problem ==

We have a list of vendors. There are people in our company who are allowed to see details for all of these vendors and there are people who are allowed to see details for all except one vendor. The details are key figures and drilldowns in "application", "country" and so on and so forth.

== My Solution (not-working) ==

Because we assume that in future there will be more than just one vendor for which details display is not allowed I created a vendor hierarchy (VENDOR), which looks like that:


ALL (text-node)
|
-- VENDOR Group A (text-node)
|  |
|  -- VENDOR-X (the one with restricted details display)
|
-- VENDOR Group B (text-node)  
   |
   -- VENDOR 1 (details for everyone)
   -- VENDOR 2 (details for everyone)
   -- ...      (details for everyone)

For the <b>restricted</b> users I created two authorizations for hierarchies:

HIER_AUTH_VENDOR_GROUP_A (the group with restricted vendors)

Hierarchy level 02

Type of authorization: 0 ("Only the node")

Area of validity: 3 ("complete hierarchy")

Node variable default value: yes

HIER_AUTH_RESTRICTED_VENDOR_GROUP_B (not restricted)

Hierarchy level 00

Type of authorization: 1 ("Subtree below nodes")

Area of validity: 3 ("Complete hierarchy")

Node variable default value: no

The VENDOR hierarchy should be drilled down by area of application, represented by the character APPLICATION. To allow the query user to sharpen the query result to a list of certain APPLICATIONs I created a character variable APP_VAR (Processing by user entry, Variable represents intervall, User entry optional, Ready for input, Can be changed in query navigation).

In the query designer the part "Rows" looks like this:


-- (hierarchy) VENDOR
|
-- (character) APPLICATION
    |
    -- (char. variable) APP_VAR

The rows are marked as "Display as hierarchy" so that APPLICATION is shown also as a (fake) hierarchy.

I created an authorization object AUTH_OBJ with InfoObjects VENDOR and 0TCTAUTHH and activated it for the needed InfoProvider(and ODS).

I gave one test user the following two authorizations:

VENDOR: ":"

Unique ID for Authorization: "HIER_AUTH_VENDOR_GROUP_A"

and

VENDOR: ":"

Unique ID for Authorization: "HIER_AUTH_VENDOR_GROUP_B"

What I got was the following display:


ROOT                   result TOTAL
|
-- VENDOR Group A      result A
|  |
|  -- APPLICATION 1    figure 1
|  -- APPLICATION 3    figure 3
|  -- APPLICATION 4    figure 4
|
-- VENDOR Group B      result B
   |
   -- VENDOR 1
   |  |
   |  -- APPLICATION 1    figure 1
   |  -- APPLICATION 2    figure 2
   |  -- APPLICATION 3    figure 3
   |
   -- VENDOR 2
      |
      -- APPLICATION 1    figure 1
      -- APPLICATION 2    figure 2
      -- ...

But what I wanted are no details (in this case no APPLICATION) for VENDOR GROUP A. That means for a restricted user viewing the query it should look like this:


ROOT                   result TOTAL
|
-- VENDOR Group A      result A
|
-- VENDOR Group B      result B
   |
   -- VENDOR 1
   |  |
   |  -- APPLICATION 1    figure 1
   |  -- APPLICATION 2    figure 2
   |  -- APPLICATION 3    figure 3
   |
   -- VENDOR 2
      |
      -- APPLICATION 1    figure 1
      -- APPLICATION 2    figure 2
      -- ...

I hope my problem is no clearer and you can understand that I have problems to implement your suggestions.

Thanks a lot!

Marcus.

Ashwin
Active Contributor
0 Kudos

hi!

I think after creating these authorizations. You got to use these authorizations in your report to get the effect. I mean create a variable with processing type authorization. then use this to fill your heirarch nodes.

this should solve the issue.

hope it helps

with regards

ashwin

Ashwin
Active Contributor
0 Kudos

Hi!

you can maintian heirarchy authorizations for nodes there you can restrict the users to access only a perticular node.

here are some links which can help you.

http://help.sap.com/saphelp_nw04/helpdata/en/8f/57f438114ee836e10000000a114084/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/12/49f438cd2b7058e10000000a11402f/content.htm

with regards

ashwin