Analysis Authorization in SAP BW 7.3
Objective:
Describe the principle of analaysis authorization checks
Explain the differences between analysis authorizations and previous reporting authorization.
Business Example:
The user want to display transaction data from a navigation attributes in a query. Therefore, there is a need for analysis authorizations. As a result of this, new navigation attributes has to be added in the respective InfoObject that are tied to this requirement that set by the user. Only authorize user are able to view the the specific transaction data.
Authorization Check in the InfoObject
Authorization Check OK : Query results will be shown if query selection is a proper subset of the authorization.
Authorization Check Not Ok: Query results will not be shown at all ('not authorized') even if the parts of the authorizations are met.
Analysis authorizations are not based on authorizaton objects. You create authorizations that include a group of charateristics instead. You restrict the values for these characteristics.
The authorizations can include any authorization-relveant chracteristics, and great single values, intervals and hierachy authorizations in the same way. Navigation attributes can also be flagged as authroization-relevant in the attribute maintenance for chracteristics and can be added to authroization as separate chracteristics.
Working with Authorization-Relevant Chracteristics
Before restricing authorizations on characteristics, remember to mark the
Authorization relevant as shown above.
Creating analysis authorization for attributes:
Business Example:
To provide additional information in your reports, you have defined attributes. You need to ensure that your users have the neccesary authorization to display the attributes.
Creating analysis authorization as Navigational Attributes
In authorizations, navigation attributes are handled as ordinary characteristics. You can mark navigation attributes as authorization relevant independently of the assigned basic characteristics.
To mark a navigation attribute as authroization relevant, select the relevant indicator on
Attributes tab page in the InfoObject maintenance.
Using Authorization variables
There are two different ways variables are used for authorization processing. It is important to understand the differences.
Using Variable
When you have maintained analysis authorizations in transaction RSECADMIN, you can craete variables in your queries that are filled automatically with the value of the user's authorization. When the user open a query, the data is selected automatically according to his or her authorization.
This type of variable is callled an
authorization variable.
Creating an Authorization Variable - Example
Note: Note that when variables are filled automatically, they do not have to be input ready, which means a variable screen does not need to appear when you execute the query or Web application. The user opens the query with the authroizaton variable, and only the data that corresponds to his or authorizations is displayed.
The variable needs to be set up to have the
Processing by parameter set to
Authorization. Additionally, the
Ready for Input checbox should
NOT be selected if the query user should automatically receive data for all values for which they are authorizied. If the
Input Ready checkbox