cancel
Showing results for 
Search instead for 
Did you mean: 

Cost Center Authorization

raju_saravanan
Contributor
0 Kudos

Dear Friends / Experts

We have around 10 HR (BW/BO) reports. All are woking fine. Now the users wants to restrict the report based on cost center.

Hence, I have created one DSO with relevent information and extracted the data from ECC ( Used id, Cost Center belonging, Etc....). Created one customer exit variable and lookedup this used cost center data in CMOD. This is perfectly working.

My Doubts

1) This logic no where related with authorization. Do i still need to consider authorization object and handle further ?

2) If the Logged in user not available in the DSO, i am not able to edit the query in BO-Webi .

Can anybody advise ?. Good advise awarded with points.

Regards

Saravanan Raju

Accepted Solutions (0)

Answers (3)

Answers (3)

shahidimam_shaik
Active Participant
0 Kudos

Hi,

Below link is a document on how to set a field based authorizations on bex queries.

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/4753ed83-0e01-0010-e186-f98413f86...

regards..

Former Member
0 Kudos

Hi.

Regarding 1)

If you want to make sure the users cannot report on other costcenters than the ones they are "allowed" to as per the content of the DSO, I would apply analysis authorisations (RSECADMIN) for that. You can use the content of your DSO to generate the analysis authorisations, but you might need to write some code to make it work perfectly for you.

I am not sure I understand the problem with your point 2) - If the user has no costcenter assigned to him/her, as per your DSO, then I it makes sense to me that the user cannot run the report or edit it, so I do not really get your point here...

Regards

Jacob

Former Member
0 Kudos

1) This logic no where related with authorization. Do i still need to consider authorization object and handle further ?

The concept of authorization is only similar, instead of a DSO, you use a Z*COST time-dependent authorization-relavent IObject & start to set the time-intervals for access. I assume the DSO concept, although is a quick fix is not a long term solution, as there needs to be loads, corrections at irregular time intervals & this needs to reflect on the BEx. This holds okay for lesser # of users, but you might never estimate the size, as the business would consider adding more in months to come. As rightly said, you need not have an authoriztion object to handle, but if you make cost center object's customer exit to refer this using a SSO-details (like sy-uname), this will restrict entries & authorization based on this field in your BEx. But still you need to work on the DSO concept & try to migrate towards a authroization-releavant IOBject for good sakes, as there is a possiblity the data is exposed -or- completely not avalialbe even for testing & you need to add the same set of ccenters repeatedly for all users again & again, month-on-month, issues like that.

2) If the Logged in user not available in the DSO, i am not able to edit the query in BO-Webi .

Yes, as stated above, this is the drawbacks in this model. Hope it helps.