cancel
Showing results for 
Search instead for 
Did you mean: 

BW authorisations levels

Former Member
0 Kudos

Hi

Just wondered if you can assist me understand somthing in

BW security and I will be gratful either way.

How do you go about blocking user from seeing parts of a cube (Characterstics).I mean there are infoobject we do not want him to see so he can only run quries on the remaining info objects in that cube. I am interested in total blockage of selected info object(s) and not of an approach of allowing the user to have agregated view of them. How this all be presenetd in S_RS_COMP and the rest of authorisation objects if need be ,i.e, S_RS_ICUBE etc.

I read some document mentioning security approach of BW known as " infocube independent dataset appraoch". what that means as far as S_RS_COMP are concernd. How do you compare it with a situation where the restriction is applied via S_RS_COMP to the infocube level and on the top of that the end user role also contained authorisation object created via RSSM on some info objects.

thanks for your help and much appreciated.

regards

malsakat

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

hi massoud,

welcome on board

This is possible by assigning authorization roles to each of these.

Try to refer these links . They also have a problem similar to you,

hope this helps

let me know

regards

ravi

ps: assigning points is the way of saying thanks in sdn

Former Member
0 Kudos

Hi

The links you gave me answers basic questions but

not my questions yet. Here they are presented in different format:

1. How to, if possible; to block a user from seeing an info object in a cube. This is not the same as give him filtered access to the info object, i.e, can only see certain company code, plants, etc. My requirement in here is clear which is the user should not see any company code, plants etc but he still can see the rest of the inf objects in the cube.

2. I know there three approaches to reporting users authorisations. They are:

1. query approach : user can run only named queries.

2. Infocube approach: user can run queries on all the infoobjects in named cubes. Further restriction applied by creating custom authorisation object via RSSM and adding it to the user role. The restriction can be on infoobject level , e.g, company code, plant etc.

3.Infocube independent dataset approach : I do not understand it so I am seaking some asistance and how do you compare it with the infocube approach.

regards

massoud

Answers (0)