cancel
Showing results for 
Search instead for 
Did you mean: 

Authorizations approaches

Former Member
0 Kudos

Hello BW Experts,

Approach 1) Reporting infobject level approach. create authorization object on the infobject. add the object in the role. assing the role to the user.

Approach 2) ???

There is another approach with respect to infocubes / infoarea. how is that implemented / effected.

Thanks,

BWer

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

hi BWer,

3 approaches

1.InfoCube based approach

You can collect the requirements allowing or not allowing for specific InfoCubes. If it‘s convenient, you can use the concept of InfoArea to allow or not for a group of InfoCubes belonging to the same InfoArea.

You can go in a more detail if you limit the accessability of a cube, allowing only for a part of it. We can name dataset the Sub-InfoCube which is limited by the authorizations assigned to a user. In BW a dataset can be defined according to characteristics, key figures, hierarchies and their combinations.

2.Query name based approach

For pure reporting users (not allowed to build new queries) you can use the query names to simplify the authorization design, creating specific queries for specific roles and allowing only certain query names. The disadvantage of this approach is that there‘s no relationship between query name and set of data, so new queries are potentially security dangers.

3.InfoCube independent dataset approach

Before the data model you don‘t know the InfoCubes, but you can express authorization requirements through data set, i.e. limitations on to characteristics, key figures, hierarchies and their combinations at various level of detail.

hope this helps.

Answers (0)