https://community.sap.com/t5/application-development-and-automation-discussions/authorization-characteristics-level-using-colon/m-p/11924868#M1964170 <P>Please see the documentation below and verify if this applies to your scenario.</P><P>If your query uses the colon check and the query leads to the display of message <EM>"You do not have sufficient authorization"</EM>, you have only two options:</P><OL> <LI>grant colon authorization to the user. (not applicable here)</LI><LI>if you do not want to grant the user colon authorization: restrict the characteristic in the query to a certain selection (single value, interval, hierarchy node, and so on) and authorize this selection explicitly. In the case of structural components, <STRONG>all</STRONG> structural components must have an explicit restriction.</LI></OL><P>You <STRONG>must </STRONG>perform <STRONG>one of the above </STRONG>actions if the characteristic is authorization-relevant.</P><P><STRONG>References </STRONG></P><P><STRONG></STRONG><A href="http://help.sap.com/saphelp_nw70ehp1/helpdata/en/46/932b839c8019ade10000000a11466f/content.htm" target="_blank">Authorization for Aggregated Values</A></P><P><A href="https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea" target="_blank">An Expert Guide to New SAP BI Security Features</A></P><P><A href="https://wiki.scn.sap.com/wiki/display/BOBJ/AUTHORIZATION+FOR+BI+REPORTING" target="_blank">AUTHORIZATION FOR BI REPORTING</A></P><P><STRONG>SAP Notes</STRONG></P><P><A href="https://launchpad.support.sap.com/#/notes/1140831">Note 1140831 - Colon authorization during query execution</A> <BR /><A href="https://launchpad.support.sap.com/#/notes/1337102">Note 1337102 - Aggregation authorization (colon) incorrectly displayed</A></P> Thu, 14 Mar 2019 21:26:29 GMT LukaszL 2019-03-14T21:26:29Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-characteristics-level-using-colon/m-p/11924867#M1964169 <P>Hi All,</P> <P>I am try to test a authorization cenario, but it doesn´t work. </P> <P>I want to restrict the user from drillig down through the CUSTOMER field in the CUBE_TST1 infoprovider, but I want to allow him to drill down through the CUSTOMER field in the CUBE_TST2 infoprovider. </P> <P>So I created the bellow cenario in BW authorization. </P> <P>I created a user. This user have 2 profiles. Each profile have a Authorization Object with diffent cubes, but, with a same InfoObject to restrict in a object level</P> <PRE><CODE>USER_TEST ---&gt; PROFILE_TST_1 ------&gt; OBJ_AUTH_TST_1 ==INFOPROV: CUBE_TST1 ==CUSTOMER: (:) (*) ---&gt; PROFILE_TST_2 ------&gt; OBJ_AUTH_TST_2 ==INFOPROV: CUBE_TST2 ==CUSTOMER: (*)</CODE></PRE> <P>But I getting a problem with this cenario. In both Data Model (CUBE_TST1 and CUBE_TST2) the user is not allow to drill down through CUSTOMER infoobject. </P> <P>How I can solve my problem?</P> <P>Thanks</P> Thu, 14 Mar 2019 20:35:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-characteristics-level-using-colon/m-p/11924867#M1964169 former_member235648 2019-03-14T20:35:46Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-characteristics-level-using-colon/m-p/11924868#M1964170 <P>Please see the documentation below and verify if this applies to your scenario.</P><P>If your query uses the colon check and the query leads to the display of message <EM>"You do not have sufficient authorization"</EM>, you have only two options:</P><OL> <LI>grant colon authorization to the user. (not applicable here)</LI><LI>if you do not want to grant the user colon authorization: restrict the characteristic in the query to a certain selection (single value, interval, hierarchy node, and so on) and authorize this selection explicitly. In the case of structural components, <STRONG>all</STRONG> structural components must have an explicit restriction.</LI></OL><P>You <STRONG>must </STRONG>perform <STRONG>one of the above </STRONG>actions if the characteristic is authorization-relevant.</P><P><STRONG>References </STRONG></P><P><STRONG></STRONG><A href="http://help.sap.com/saphelp_nw70ehp1/helpdata/en/46/932b839c8019ade10000000a11466f/content.htm" target="_blank">Authorization for Aggregated Values</A></P><P><A href="https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea" target="_blank">An Expert Guide to New SAP BI Security Features</A></P><P><A href="https://wiki.scn.sap.com/wiki/display/BOBJ/AUTHORIZATION+FOR+BI+REPORTING" target="_blank">AUTHORIZATION FOR BI REPORTING</A></P><P><STRONG>SAP Notes</STRONG></P><P><A href="https://launchpad.support.sap.com/#/notes/1140831">Note 1140831 - Colon authorization during query execution</A> <BR /><A href="https://launchpad.support.sap.com/#/notes/1337102">Note 1337102 - Aggregation authorization (colon) incorrectly displayed</A></P> Thu, 14 Mar 2019 21:26:29 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-characteristics-level-using-colon/m-p/11924868#M1964170 LukaszL 2019-03-14T21:26:29Z