https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236005#M1525536 <HTML><HEAD></HEAD><BODY><P>Hi Anjan,</P><P></P><P>This is standard behavior for display attribute security and to my mind is justifiable to a large extent. When you add a field as display attribute of another characteristic to a query, any restriction if used, is on the base attribute. So the query can potentially return any value for the display attribute and is hence checking for * access makes sense.</P><P></P><P>Does your security requirements allow you to return any value of object X when its appearing as an attribute of Y? To me individual value level security for X and Y is contradictory to what you are trying to do for display attributes.</P><P></P><P>There is however a way to give full access to display attributes without opening up full access for it in the cube. Create a new analysis authorization for X with value * and 0TCAIPROV as ZTEST (you can use dummy value here). Use this with your existing authorizations. This will give access to X in any case where it appears as a display attribute of another characteristic.</P><P></P><P>Regards,</P><P>Aninda</P></BODY></HTML> Sat, 25 Sep 2010 17:30:38 GMT Former Member 2010-09-25T17:30:38Z https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236004#M1525535 <HTML><HEAD></HEAD><BODY><P>Hi Friends</P><P></P><P>I have come across a situation in BI security which I would like to share with you guys. Appreciate if you can share your expert opinion regarding the same...</P><P></P><P>We have a info object X &amp; info object Y. Security applied through RSECADMIN restricts the user to view the data for info object X for specific values... </P><P>Based on the security access provided to the user, user is able to view the data of both X &amp; Y as a info object . </P><P>Now the user has raised a requirement of viewing the data for info object X as an attribute of info object Y. Till the time the value of info object X is restricted to specific values, user is not able to add info object X as an attribute of info object Y. The moment we change the value of info object X to " * " in Analysis Authorization, user is able to add info object X as a attribute of info object Y. </P><P></P><P>Has anyone come across this situation. If yes do you know why this is happenning. Any clue.</P><P></P><P>We donot want to make info object X as a navigational attribute of info object Y.</P><P></P><P>Thanks </P><P>Anjan Pandey</P></BODY></HTML> Fri, 24 Sep 2010 08:26:51 GMT https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236004#M1525535 Former Member 2010-09-24T08:26:51Z https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236005#M1525536 <HTML><HEAD></HEAD><BODY><P>Hi Anjan,</P><P></P><P>This is standard behavior for display attribute security and to my mind is justifiable to a large extent. When you add a field as display attribute of another characteristic to a query, any restriction if used, is on the base attribute. So the query can potentially return any value for the display attribute and is hence checking for * access makes sense.</P><P></P><P>Does your security requirements allow you to return any value of object X when its appearing as an attribute of Y? To me individual value level security for X and Y is contradictory to what you are trying to do for display attributes.</P><P></P><P>There is however a way to give full access to display attributes without opening up full access for it in the cube. Create a new analysis authorization for X with value * and 0TCAIPROV as ZTEST (you can use dummy value here). Use this with your existing authorizations. This will give access to X in any case where it appears as a display attribute of another characteristic.</P><P></P><P>Regards,</P><P>Aninda</P></BODY></HTML> Sat, 25 Sep 2010 17:30:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236005#M1525536 Former Member 2010-09-25T17:30:38Z https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236006#M1525537 <HTML><HEAD></HEAD><BODY><P>Thanks for your response. </P><P></P><P>&gt; Does your security requirements allow you to return any value of object X when its appearing as an attribute of Y? To me individual value level security for X and Y is contradictory to what you are trying to do for display attributes.</P><P>As per the requirement only the recent most value for info object X should be displayed when viewed as an attribute. This conditioned is fulfilled only when value for info object X is maintained as " * " in the Analysis authorization. </P><P></P><P>&gt; There is however a way to give full access to display attributes without opening up full access for it in the cube. Create a new analysis authorization for X with value * and 0TCAIPROV as ZTEST (you can use dummy value here). Use this with your existing authorizations. This will give access to X in any case where it appears as a display attribute of another characteristic.</P><P>I agree with the solution sugegsted, however as per standards this solution should not be used as there has to be a justification for new Analysis Authorization created. </P><P></P><P>I will still keep the thread open for few more days if someone else has some other opinion regarding the issue.</P><P></P><P>Thanks.</P><P>Anjan Pandey</P></BODY></HTML> Mon, 27 Sep 2010 08:29:21 GMT https://community.sap.com/t5/application-development-and-automation-discussions/bi-security/m-p/7236006#M1525537 Former Member 2010-09-27T08:29:21Z