we have a problem regarding Authorisations in BW.
Some of our users have different rights on different queries e.g. for the Info-Object 0PLANT. For the query ABC he should see data to more plants than for the query XYZ.
Our idea was to build an Authorisation-Object containing 0PLANT, TCTQUERY, TCTIFAREA and TCT ICUBE and to set the authorization for 0PLANT regarding the detailled name of the query (TCTQUERY). But this doesn't work because when starting the query SAP doesn't check the name of the Query. And so the user can always see the sum of plants set in both authorisations.
Maybe someone of you has useful hints.
In your case you need to use hierarchical authorizaton object to provide data restriction on the queries. Thus everyone can have the same query and they view what ever they are supposed to. Please find the how to document called: "How To Work With Hierarchy Authorizations" You will find detalied information and businees scenario about the topic. Please let me know if I can assist you further
Hi Serkan, Hi Arun,
thanks for your replies. I think both of your answers are possible but to act like this we have too many scenarios and roles.
We decided that we have to live with this problem and implemented single roles for the reporting-authorization objects. In this way it's anyhow easier have the overview about the authorisations every single user has.
To act in your way maintaining of 1500 roles is to complex.
Welcome to SDN ...
What you could try is to create roles for the various combinations , attach the roles to the queries and then assign the same to the user. That might do the trick , but then do not do this if you have too many roles to create , makes maintaining the authorization schema a big pain...
Assign points if useful