https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913464#M1597897 <HTML><HEAD></HEAD><BODY><P>Hi Alex,</P><P>Appreciate your answer. Can you be please elaborate on Data elements. At the moment I am clueless where/what to start.</P><P></P><P>Thanks,</P><P>Tony</P></BODY></HTML> Fri, 01 Jul 2011 21:43:32 GMT Former Member 2011-07-01T21:43:32Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913462#M1597895 <HTML><HEAD></HEAD><BODY><P>HI,</P><P>We built a datastore object which gets data from two R3 systems. Even master data is loaded from both source systems and compounded with source system. We want to build a security model where each company cannot access other companyu2019s data. For that we built an authorization object with source system ID and created three separate roles. ( one for company A, one for company B and the other for all). </P><P>While building queries, if source system ID is not there in the query, it brings the data of both companies. We would like to model in such a way that other company cannot/should not see the data. </P><P>Can any one suggest a better security model for this scenario.</P><P></P><P>Thanks in advance.</P><P>Tony</P></BODY></HTML> Fri, 01 Jul 2011 19:48:10 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913462#M1597895 Former Member 2011-07-01T19:48:10Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913463#M1597896 <HTML><HEAD></HEAD><BODY><P>Hi Tony,</P><P></P><P>I've done this in the past by using data elements which are far more likely to be in most reports e.g. Company Code, Plant. Assuming that you have different Comp Code, Plant, Sales Org naming in the different systems, then this should be very straightforward to achieve</P></BODY></HTML> Fri, 01 Jul 2011 20:02:14 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913463#M1597896 Former Member 2011-07-01T20:02:14Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913464#M1597897 <HTML><HEAD></HEAD><BODY><P>Hi Alex,</P><P>Appreciate your answer. Can you be please elaborate on Data elements. At the moment I am clueless where/what to start.</P><P></P><P>Thanks,</P><P>Tony</P></BODY></HTML> Fri, 01 Jul 2011 21:43:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913464#M1597897 Former Member 2011-07-01T21:43:32Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913465#M1597898 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Why are you not looking at Analysis authorizations? It is pretty easy to manage/restrict authorizations to users. All you have to do is to identify the infoobjects and make them authorization relevant. The same applies to key figures too.</P><P></P><P>This is the best approach and also helps you to easily manage the authorizations.</P><P></P><P>Regards,</P><P>Raghu</P></BODY></HTML> Sat, 02 Jul 2011 07:53:23 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913465#M1597898 Former Member 2011-07-02T07:53:23Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913466#M1597899 <HTML><HEAD></HEAD><BODY><P>Hi Tony,</P><P></P><P>What I mean by data elements is things like company code, plant, sales org, etc. If you are pulling in data from 2 separate systems then these will be key bits of data which will be reported on. You can then do as Raghu has suggested and base your restrictions against them, assuming that that they are different (i.e. the naming convention for company code is not the same in your 2 source systems). </P><P></P><P>You can still have the concept of company1 role, company2 role and combined role, you just list the restriction elements in each role that will give you the segregation of data visibility.</P></BODY></HTML> Mon, 04 Jul 2011 06:46:15 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913466#M1597899 Former Member 2011-07-04T06:46:15Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913467#M1597900 <HTML><HEAD></HEAD><BODY><P>@ Raghu. We have upgraded technically from 3.5 to 7.0 recently. We have not yet changed to analysis authorization concept. we are planning to do so in once functional upgrade is done.</P></BODY></HTML> Tue, 05 Jul 2011 18:03:07 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913467#M1597900 Former Member 2011-07-05T18:03:07Z https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913468#M1597901 <HTML><HEAD></HEAD><BODY><P>@ Alex</P><P>Yes..your answer was helpful. we can create a new authorization objects for the key chars like company code, plant etc.</P><P></P><P>Thanks much</P></BODY></HTML> Tue, 05 Jul 2011 18:07:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/source-system-security-model/m-p/7913468#M1597901 Former Member 2011-07-05T18:07:38Z