Wednesday, March 9, 2016

Special characters in Analysis Authorization values

First a brief info on what Analysis Authorization is.

Analysis Authorizations (AAUT) is concept used in BW systems to grant an access to the data in the system for users. This AUT concept is not based on the standard authorization concept of SAP as it is used in SAP transactional systems like ECC. The AAUT concept serves the purpose of users that access query data.

Unlike standard authorization concept of SAP which is based on classic authorization objects the AAUT concept is based on so called Analysis Authorization object. Such an object includes a group of characteristics and there are values defined for these characteristics which an access will be granted to. The AAUT object (or so called authorization objects for reporting) can include any characteristics that are flagged as authorization-relevant characteristics. This flag is available on maintenance screen of the characteristics in RSA1 -> Modeling -> Business Explorer -> Authorization Relevant. Once the flag is enabled AAUT objects for reporting can be generated for the characteristic.

While BW report or query is running by user the system selects the data from infoprovider. Once there is an authorization relevant characteristics part of the data set the system evaluates whether user has enough authorization for the whole data set. Only in case use fulfills the AUT values they the data is displayed.

The AAUT objects are maintained in tcode RSECAUTH (you can jump there also via tcode RSECADMIN). One AAUT object can have multiple characteristic included and each of them can have multiple values against which an access is evaluated. Basically the values can be of two types: flat values or hierarchy values. All operators like EQ, BT, GT, LE etc. are possible.
Now let’s see what different flat values that can be entered here are. Except regular values where the value is precisely spelled out there can be also following ones:


* (asterisk): represents any number of characters

+ (plus): represents exactly one character

: (colon): authorization for aggregated values, serves for purposes of displaying aggregated values (e.g. totals), in case there are two characteristic values tied to different key figures and user is only authorized to see the data for characteristics of one value having Colon in the AAUT object will enable the user to see the total coming from both values of the characteristic.

$ (dollar sign): enables usage of BW variables of type customer exit in authorizations, the variable name is introduced by dollar sign.


Few examples:
I EQ      02                                   //fixed value
I EQ      0TCT_24                           // fixed value          
I CP      A*                                   // patter                
I EQ      $VAR_SECT                       //variable

I EQ      :                                     //for aggregated values

No comments: