Question:
Hi fans
How do you go about blocking user from seeing
parts of a cube. I mean there are info object we do not
want him to see so he can only run quries on the remaining
info objects in that cube. I am interested in total blockage of
selected info objects and not allowing the user to have agregated
view of them. How this all be presenetd in S_RS_COMP and the
rest of authorisation objects if need be ,i.e, S_RS_ICUBE etc.
thank you .
security007
Answer:
To block the summerized data , place " : " in the custom auth object field value . This will help you to display all the data except the restricted info object when you run the query.
_________________
Thanks
Answer:
The summary operator ( can be very dangerous. For example, if you secure and infoprovider on profit center but the infoprovider includes cost center then all the user has to do to see totals is exclude drill downs on profit center.
This sometimes is not a problem but think about it carefully before leaping in. The biggest problem with security in BW is poorly thought out cube designs and query strategies. The security is trivial.
Answer:
Hi guys
Thanks for your reply.
Just I must clearify my query: I am interested in total blockage of selected info object(s) and not of an approach of allowing the user to have agregated view of them (In this case the colon : will be used). How this all be presenetd in S_RS_COMP and the rest of authorisation objects if need be ,i.e, S_RS_ICUBE etc.
I read some document mentioning security approach of BW known as " infocube independent dataset appraoch". what that means as far as S_RS_COMP are concernd. How do you compare it with a situation where the restriction is applied via S_RS_COMP to the infocube level and on the top of that the end user role also contained authorisation object created via RSSM on some info objects.
thanks
security007