on 04-16-2014 5:23 PM
Hi All,
User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .
Back ground work:
I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.
Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.
Autho_Objet | Role | UserID |
---|---|---|
ZTEST_MAIN (which includes all - 23 compny codes) | ZMain_Role | All users have to access this role |
ZTEST_1111 (which includes only CC- 1111 | Z1111_Role | Test1111 |
ZTEST_2222 (Which Includes only CC - 2222) | Z2222_Role | Test2222 |
ZTEST_3333 (Which Includes only CC - 3333) | Z3333_Role | Test3333 |
ZTEST_4444 (Which Includes only CC - 4444) | Z4444_Role | Test4444 |
To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.
The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!
BR
Venkat...
Hello,
You can use 2 different queries. In the main overview query dont use any analysis authorization. Hence complete data can be displayed. Give RRI link of that query to drill down BEx Query. In this drill down Query, use the analysis authorization.
Hope this mite satisfy the requirement.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In the role ZTEST_MAIN,
You need to remove all company codes as this is overriding the rest
Then add aggregate authorization, ie "0COMP_CODE" = ":"
This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.
The rest of your design is fine.
You should then use RSECADMIN to check any authorization issue you have.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.