https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096207#M1615926 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>We have upgraded our BI system to the new security approach 7. We created the corresponding roles/objects thru the RSECADMIN t-code for 0COUNTRY and some other infoObjects where the 0COUNTRY is navegational attribute, for example the 0COMP_CODE__0COUNTRY, and everything is workink fine.</P><P>The 0COUNTRY and (i.e.) the 0COMP_CODE__0COUNTRY are checked as Authorization Relevant.</P><P></P><P>Now, we want to create a hierarchy for the 0COUNTRY infoObject, and I would like to know if the security done at the value level is enought to restrict the data or we need to create some new roles/objects thru the RSECADMIN in order to do the same restriction done to the flat values now at the hierarchy.</P><P>We dont mind the intermediate nodes (regions), just the country values for the hierarchy.</P><P></P><P>For example, we need the following hierarchy:</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain |_ Asia |_ China |_ Japan</CODE></PRE><P></P><P>With variable authorization we need:</P><P>If user has just Spain, show Spain.</P><PRE><CODE>World |_ Europe |_ Spain</CODE></PRE><P></P><P>If user has Germany, Italy, Spain.</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain</CODE></PRE><P></P><P>If user has *.</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain |_ Asia |_ China |_ Japan</CODE></PRE><P></P><P>Right now, without using hierarchy, the data is showing ok depending on the authorization that user has (allways using authorization variables in the query).</P><P></P><P>Regards, Federico</P></BODY></HTML> Sat, 09 Jul 2011 01:47:24 GMT Former Member 2011-07-09T01:47:24Z https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096207#M1615926 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>We have upgraded our BI system to the new security approach 7. We created the corresponding roles/objects thru the RSECADMIN t-code for 0COUNTRY and some other infoObjects where the 0COUNTRY is navegational attribute, for example the 0COMP_CODE__0COUNTRY, and everything is workink fine.</P><P>The 0COUNTRY and (i.e.) the 0COMP_CODE__0COUNTRY are checked as Authorization Relevant.</P><P></P><P>Now, we want to create a hierarchy for the 0COUNTRY infoObject, and I would like to know if the security done at the value level is enought to restrict the data or we need to create some new roles/objects thru the RSECADMIN in order to do the same restriction done to the flat values now at the hierarchy.</P><P>We dont mind the intermediate nodes (regions), just the country values for the hierarchy.</P><P></P><P>For example, we need the following hierarchy:</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain |_ Asia |_ China |_ Japan</CODE></PRE><P></P><P>With variable authorization we need:</P><P>If user has just Spain, show Spain.</P><PRE><CODE>World |_ Europe |_ Spain</CODE></PRE><P></P><P>If user has Germany, Italy, Spain.</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain</CODE></PRE><P></P><P>If user has *.</P><PRE><CODE>World |_ Europe |_ Germany |_ Italy |_ Spain |_ Asia |_ China |_ Japan</CODE></PRE><P></P><P>Right now, without using hierarchy, the data is showing ok depending on the authorization that user has (allways using authorization variables in the query).</P><P></P><P>Regards, Federico</P></BODY></HTML> Sat, 09 Jul 2011 01:47:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096207#M1615926 Former Member 2011-07-09T01:47:24Z https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096208#M1615927 <HTML><HEAD></HEAD><BODY><P>Hi Federico,</P><P></P><P>Yes, your approach is right. You can restrict the InfoObject 0COUNTRY and then maintain the country values in the Analysis Authorizations (its no more a hierarchy authorization). </P><P></P><P>The EQ can be used to maintain a single country (you need to add multiple EQs if you wish to add morethan 1 country in the same analysis authorization)</P><P>The CP can be used to maintain with a pattern such as A* countries etc</P><P>The BT can be used to give a range.</P><P></P><P>However, ensure that the user has authorization to all the Infoareas (bottom - up) and queries so that his/her authorization can be restricted.</P><P></P><P>Regards,</P><P>Raghu</P></BODY></HTML> Sat, 09 Jul 2011 19:37:13 GMT https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096208#M1615927 Former Member 2011-07-09T19:37:13Z https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096209#M1615928 <HTML><HEAD></HEAD><BODY><P>Hi Federico,</P><P></P><P>If you want to use Hierarchy, It is possible in all ways you wanted in BI7.0 analysis authorization....</P><P></P><P>Please see below options...</P><P></P><P>0 Only the Selected Nodes</P><P>1 Subtree Below Nodes</P><P>2 Subtree Below Nodes to Level (Incl.)</P><P>3 Complete Hierarchy</P><P>4 Subtree Below Nodes to (and Incl.) Level (Relative)</P><P></P><P>Best Regards</P><P>Imran</P></BODY></HTML> Mon, 11 Jul 2011 12:43:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/hierarchy-authorization/m-p/8096209#M1615928 Former Member 2011-07-11T12:43:35Z