on 01-23-2013 6:30 AM
Hi colleagues,
please tell me
Given: a user with the role, in which the authorization object S_RS_ICUBE
This object has a field RSINFOCUBE, where you can set the mask, or the name of the cube, which will be relevant to these authorizations.
Q: Is it possible and how to make , that these values ( names of cubes or masks) moved up dynamically, for example, from any table?
Thank you all for your answers
Hello,
Please make use of analysis auhtorization objects. Inside it there is a field called 0TCAIPROV which is nothing but your infoprovider selections, where you will mention the necessary cubes. This can be dynamically selected/changed using ABAP exit variables and can be derived from external tables.
I hope you are aware about analysis authorization objects which is new concept replacing old role objects like S_RS_ICUBE etc.
Regards,
Arunan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks a lot about yours answers.
Sujit Mohanty:
You can write a program to modify this table depending on your requirement.
Where i can write it?(T-code)
Arunan C wrote:
Hello,
Please make use of analysis auhtorization objects. Inside it there is a field called 0TCAIPROV which is nothing but your infoprovider selections, where you will mention the necessary cubes. This can be dynamically selected/changed using ABAP exit variables and can be derived from external tables.
I hope you are aware about analysis authorization objects which is new concept replacing old role objects like S_RS_ICUBE etc.
Regards,
Arunan
I tryed to use alysis auhtorization objects.If i inderstand, it can't solve my problem - restrict access to all infoproviders, exclude providers,for example, begining from Z(Z*).What about exit variables, it use only in case with query designer/analyzer, isn't it, but i want to restrict accsess in warehouse.
Hi Victor,
For writing program you need to use SE38. But if you are asking this question that means you are not used to it. So take help from ABAP Professionals.
It seems you are on BI 7 system. In BI 7 customer exit variable option is available. The variable that you create in Query Designer can be used in Warehouse.
There is a nice document available which gives you step by step solution.
Regards,
Sujit.
Thank you a lot,
SUJIT MOHANTY wrote:
The variable that you create in Query Designer can be used in Warehouse.
and it will fill when the query executes(or else,depend on I_STEP).Is this right?But my task is to restrict access at warehouse, in spite of query, it execute, or run. Let's will think,there is no query!
Hi Victor,
This variable will be called whenever there is a call to the authorization program. It doesn't matter if there is a query or not. It doesn't depend on I_STEP or so.
But remember only Customer Exit or Sap Exit variables can be used here.
The authorization program can be called by any other query which doesn't contain your initial InfoObject and the variable.
Regards,
Sujit.
I'm sorry, but even with this document i can't imagine how to restrict processing of any (unknown) infoprovider or set of Iproviders,for examle,only infoproviders with name Z*(but keep access to all other providers!!!). So, i can create variable in designer(by the way, this variable will be on a specific provider!),then i can abap this variable in cmod.Tell me please the other steps, step by step..Thank you very much for your patience.
Hi Victor,
If your requirement is very simple like Z* AND 0* then you can directly put these values in Rsecauth-Analysis Authorization for the fields like 0TCTIFCUBE OR 0TCTIPROV.
But for more complex scenario and to answer your last few questions.
1. The variable is created on an infoobject, your IO is not InfoProvider specific. It is available for the whole system. So your variable is also available for the whole system.
E.g. To try this create a variable for an IO in Query D for one cube. Check in a query based on another cube for the same IO, you will find the previously created variable.
2. Next your variable is created and used in RSECAUTH. Then you write code for it. Follow the document for this.
If it is still not working for you let us know. Exactly where is it failing for you.
Regards,
Sujit.
Hi Victor,
The information you are talking about, gets stored in AGR_1251 table.
You can write a program to modify this table depending on your requirement.
Once ready you can either schedule this program or run it manually when you get some request.
Let me know if you need more information or details.
Regards,
Sujit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.