cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization issue regarding Bex Query

Former Member

on ‎04-16-2014 5:23 PM

0 Kudos

Hi All,

User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .

Back ground work:

I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.

Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.

Autho_Objet
Role
UserID
ZTEST_MAIN (which includes all - 23 compny codes)ZMain_RoleAll users have to access this role
ZTEST_1111 (which includes only CC- 1111Z1111_RoleTest1111
ZTEST_2222 (Which Includes only CC - 2222)Z2222_RoleTest2222
ZTEST_3333 (Which Includes only CC - 3333)Z3333_RoleTest3333
ZTEST_4444 (Which Includes only CC - 4444)Z4444_RoleTest4444

To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.

    The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!

BR

Venkat...

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎04-17-2014 1:22 PM
0 Kudos

Hello,

You can use 2 different queries. In the main overview query dont use any analysis authorization. Hence complete data can be displayed. Give RRI link of that query to drill down BEx Query. In this drill down Query, use the analysis authorization.

Hope this mite satisfy the requirement.

Show replies
Show replies
brian_keenan
Contributor
‎04-16-2014 5:52 PM
0 Kudos

In the role ZTEST_MAIN,

You need to remove all company codes as this is overriding the rest

Then add aggregate authorization, ie "0COMP_CODE" = ":"

This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.

The rest of your design is fine.

You should then use RSECADMIN to check any authorization issue you have.

Show replies
Show replies
Former Member
‎04-17-2014 12:29 PM
0 Kudos

Hi Brian, thank you so much for your reply.

If I do the same to that main autho.object, then the power users may not able to drill down to comp.code wise data. Am I correct?

BR

Venkat...

brian_keenan
Contributor
‎04-17-2014 1:16 PM
0 Kudos

Well then you can leave ZTEST_MAIN with "*" for the power user

, but dont assign this to other users.

Create ZTEST_AGG which just has ":" and assign this to all the other user

Ask a Question