First
a brief info on what Analysis Authorization is.
Analysis
Authorizations (AAUT) is concept used in BW systems to grant an access to the data
in the system for users. This AUT concept is not based on the standard
authorization concept of SAP as it is used in SAP transactional systems like
ECC. The AAUT concept serves the purpose of users that access query data.
Unlike
standard authorization concept of SAP which is based on classic authorization
objects the AAUT concept is based on so called Analysis Authorization object.
Such an object includes a group of characteristics and there are values defined
for these characteristics which an access will be granted to. The AAUT object (or so called authorization
objects for reporting) can include any characteristics that are flagged as authorization-relevant
characteristics. This flag is available on maintenance screen of the characteristics
in RSA1 -> Modeling -> Business Explorer -> Authorization Relevant.
Once the flag is enabled AAUT objects for reporting can be generated for the
characteristic.
While
BW report or query is running by user the system selects the data from
infoprovider. Once there is an authorization relevant characteristics part of the
data set the system evaluates whether user has enough authorization for the whole
data set. Only in case use fulfills the AUT values they the data is displayed.
The
AAUT objects are maintained in tcode RSECAUTH (you can jump there also via
tcode RSECADMIN). One AAUT object can have multiple characteristic included and
each of them can have multiple values against which an access is evaluated. Basically
the values can be of two types: flat values or hierarchy values. All operators
like EQ, BT, GT, LE etc. are possible.
Now
let’s see what different flat values that can be entered here are. Except regular
values where the value is precisely spelled out there can be also following
ones:
*
(asterisk): represents any number of characters
+
(plus): represents exactly one character
:
(colon): authorization for aggregated values, serves for purposes
of displaying aggregated values (e.g. totals), in case there are two
characteristic values tied to different key figures and user is only authorized
to see the data for characteristics of one value having Colon in the AAUT
object will enable the user to see the total coming from both values of the characteristic.
$
(dollar sign): enables usage of BW variables of type customer exit in
authorizations, the variable name is introduced by dollar sign.
Few
examples:
I EQ 02 //fixed value
I EQ 0TCT_24 // fixed value
I
CP A* //
patter
I EQ $VAR_SECT //variable
I EQ : //for aggregated
values
No comments:
Post a Comment