Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

BI Security Implementation and restrictions at Infocube levels

Former Member
0 Kudos
105

Dear all,

I am trying to update myself on BI security and practical implementations. I read expert guide and other relevant documentation. We have BW security integrated with CRM and Portal.

Please explain or provide me some direction in understanding how BI security works at key figure level.

<b>Is it necessary to set the following InfoObjects as “authorization-relevant” . Is it MANDATORY to make the following settings as "Authorization-Relevant" before we start the BI Security

0TCAACTVT

0TCAIPROV

0TCAVALID

0TCAKYFNM</b>

and

Add 0TCAIFAREA as an external hierarchy characteristic to 0INFOPROV

When I changed above infoobjects to Authorization relevant, BI Portal Users are complaining that they have Access issues. I have to change this setting back.

Can someone explain me the implication of making the above objects as Authorization Relevant. What making these objects, Do I need to complete some steps to make it work.

All users have 0BI_ALL object defined in S_RS_AUTH. I don't know how 0BI_ALL works for users.

I greatly appreciate if anyone can explain how I can achieve the following scenarios:-

1. How Can I restrict user access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG.

2. How can I restrict User access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG (Sales Organization CRM) and Key Figure ZVOLSU.

3. How can I restrict User Access to all Infocubes EXCEPT ZEN_T001 infocube.

I tried using PFCG but it does not work. 3rd scenario worked fine. I really need help in resolving scenario 1 and 2.

please eMail me if I need to go thru any other step-by-step procedure.

I am trying my best to resolve and at the same time reading other documentation and experimentation.

Waiting for a Positive Reply

Kumar

1 ACCEPTED SOLUTION

Former Member
0 Kudos
70

Hi,

I don't know how 0BI_ALL works for users?

>> This profile work as SAP_ALL but it is for the charactetistic authorization relevant you define. 0BI_ALL in S_RS_AUTH give all authorization for the the IO atuho relevant.

1. How Can I restrict user access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG.

>>> you mark 0CRM SALORG autho relevant, you create a variable type autho in your query, you design 2 Analysis authorization : one for all char and one for all char except 0CRMSALORG. You define on your authorization the infoprovider for wich this run and you insert the 2 autho in 2 roles.

2. How can I restrict User access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG (Sales Organization CRM) and Key Figure ZVOLSU.

>>> Same for the 1 answer but you insert the <infoprovider + the Keyfig in the autho.

3. How can I restrict User Access to all Infocubes EXCEPT ZEN_T001 infocube.

>>> you can create 2 autho one for all cube and one for all cube except ZEN_T001.

Use RSECADMIN to assign your role in your user.

hope it help's

1 REPLY 1

Former Member
0 Kudos
71

Hi,

I don't know how 0BI_ALL works for users?

>> This profile work as SAP_ALL but it is for the charactetistic authorization relevant you define. 0BI_ALL in S_RS_AUTH give all authorization for the the IO atuho relevant.

1. How Can I restrict user access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG.

>>> you mark 0CRM SALORG autho relevant, you create a variable type autho in your query, you design 2 Analysis authorization : one for all char and one for all char except 0CRMSALORG. You define on your authorization the infoprovider for wich this run and you insert the 2 autho in 2 roles.

2. How can I restrict User access to all the Characteristics and Key Figures of Infocube ZEN_XXX1 except for Characteristic 0CRM_SALORG (Sales Organization CRM) and Key Figure ZVOLSU.

>>> Same for the 1 answer but you insert the <infoprovider + the Keyfig in the autho.

3. How can I restrict User Access to all Infocubes EXCEPT ZEN_T001 infocube.

>>> you can create 2 autho one for all cube and one for all cube except ZEN_T001.

Use RSECADMIN to assign your role in your user.

hope it help's