Hello BW Experts,
Approach 1) Reporting infobject level approach. create authorization object on the infobject. add the object in the role. assing the role to the user.
Approach 2) ???
There is another approach with respect to infocubes / infoarea. how is that implemented / effected.
1.InfoCube based approach
You can collect the requirements allowing or not allowing for specific InfoCubes. If its convenient, you can use the concept of InfoArea to allow or not for a group of InfoCubes belonging to the same InfoArea.
You can go in a more detail if you limit the accessability of a cube, allowing only for a part of it. We can name dataset the Sub-InfoCube which is limited by the authorizations assigned to a user. In BW a dataset can be defined according to characteristics, key figures, hierarchies and their combinations.
2.Query name based approach
For pure reporting users (not allowed to build new queries) you can use the query names to simplify the authorization design, creating specific queries for specific roles and allowing only certain query names. The disadvantage of this approach is that theres no relationship between query name and set of data, so new queries are potentially security dangers.
3.InfoCube independent dataset approach
Before the data model you dont know the InfoCubes, but you can express authorization requirements through data set, i.e. limitations on to characteristics, key figures, hierarchies and their combinations at various level of detail.
hope this helps.