Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Regarding Analysis Authorization

Go to solution
gaddam_vinaykumar
Explorer

‎2012 Oct 18 9:42 AM

0 Likes
752

Hello,

Currently we( Security team ) are trying to handle an authorization issue in our project, where the users having access to the role( in question ) are able to access all the org units through a BI query.

Ideally they should be able to access only their org unit...... I'm not referring to the summarized data here.

I checked the role; it contains,

S_rsec with * for each & every field, and

S_rs_auth with the analysis authorization having 0orgunit with I CP *.

I checked the query too, the variable Org Unit is of Hierarchy Node type & has Processing By=Manual Input.

Now can you please tell me, is this analysis authorization( in S_rs_auth ) causing the issue?

Thank you.

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2012 Oct 18 10:28 AM

0 Likes
718

Yes , remove * for characteristic 0ORGUNIT and maintain only those ourg units for which you want to give access to users via this AA.

Thanks

Amit

7 REPLIES 7
Read only

Go to solution
Former Member

‎2012 Oct 18 10:28 AM

0 Likes
719

Yes , remove * for characteristic 0ORGUNIT and maintain only those ourg units for which you want to give access to users via this AA.

Thanks

Amit

Read only

Go to solution
gaddam_vinaykumar
Explorer
In response to Former Member

‎2012 Oct 18 12:10 PM

0 Likes
718

Thanks for your reply Amit.

So can I say; AA containing value auth( I CP * ) can affect a variable, which is of Hierarchy Node type?

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Oct 18 9:39 PM

0 Likes
718

Hi Gaddam,

  Does this solution provided by Amit worked for you?

This is possible by restricting query also .

In query designer , restrict Org unit  for the Query XYZ you are looking for.

Thanks,

Varun Jain

Read only

Go to solution
Former Member
In response to Former Member

‎2012 Oct 19 6:08 AM

0 Likes
718

Yes, * will provide access to hierarchy nodes as well...

Read only

Go to solution
gaddam_vinaykumar
Explorer
In response to Former Member

‎2012 Oct 23 10:21 AM

0 Likes
718

Thanks Amit, for the confirmation.

My understanding was, hierarchy node variables get values only from hierarchy auths.

Read only

Go to solution
shivraj_singh2
Active Participant

‎2012 Oct 24 10:13 PM

0 Likes
718

Vinay,

Just adding one important point here, S_RSEC should not be assigned to reporting users. Reporting Users can get sufficient access from COMP, COMP1 & S_RS_AUTH objects.

Regards,

Shivraj

Read only

Go to solution
gaddam_vinaykumar
Explorer
In response to shivraj_singh2

‎2012 Oct 26 5:18 PM

0 Likes
718

Right, we are addressing that too.

Thanks for your reply Shivraj.