on 2008 Nov 20 8:30 AM
Hi
Ok I have looked through previous posts and nto quite found the answer
We are implementing the new authorisations in BW and we have done the following:
1: Made 0profitcenter authorisation relevant along with the special characteristics:
0TCAACTVT
0TCAIPROV
0TCAVALID
2: Creat Analysis Authorization (eg: IT) by executing transaction code RSECADMIN
3: Inserted the InfoObject 0profitcenter and given it a required value (95595 for example) and operator "EQ" (single value).
4. In PFCG created a role Z_USER_PC_95595
5: Put in authorization object S_RS_AUTH and added the IT analysis authorisation saved and generated
No when we exectue the report we get an non auhtorisation issue on subselection.
I ahve solved it by created a variable in the report on profit centre and selection it as an authorisation variable so the value 95595 for profit centre gets automatically filled.
The report now works.
HOWEVER,
Do I always need to create the variable in the report to compliment the work in PFCG and RSECADM or is there a way to do this without the variable so the restriction is automatic and not visible to the user???
If i do not need to create the authorisation variable then what other way is ther? Please give detailed steps
Regards
Hi there.
Here's some answers:
Do I always need to create the variable in the report to compliment the work in PFCG and RSECADM or is there a way to do this without the variable so the restriction is automatic and not visible to the user???
To automatically fill the values in the query by those the user has authorization you have to use variables. This is because when you're executing the query you have in there the profit center, the system doesn't know what values the user is executing has authorization and tries to send them all. After this the system checks all those values with the user authorization and fails if it don't find a match. So you have to use a variable to filter the values.
Now you could create several types of variables.
An authorization variable ready for input. This variable will automatically fill the values the user has authorization but allows the user to see those values and change those values. Imagine the user has authorization for 100 types of profit center. By default the system would fill those 100 profit centers, but the user could change those 100 to only 1 or 2.
An authorization variable not ready for input. In this case the system would automatically fill the values the user is authorized for but won't let the user see or change those values. This is good if you want transparency in your authorization. The user doesn't even has to know he/she will be checked for that authorization. In this case the system would always execute the query with authorization since all the values the user is authorized are always filled. You can put this characteristic with the variable in the filter or in the free char.
A normal variable, ready for input. In this case you allow the user to enter the values but don't pre fill them. You let the user insert whatever he/she wants. Off course in this case the user could insert an amount of values he/she is authorized and not, and the system will validate all of them. If the system encounters any value the user is not authorized will prompt an lack of authorization message if not it would execute the query just fine.
Diogo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
72 | |
10 | |
10 | |
10 | |
10 | |
8 | |
8 | |
7 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.