Question:
I have done the following:
1. Created a hierarchy ZH_ORG and loaded data into it using a flat file
(the hierarchy is of 2 levels).
2. Created new info object ZIO_ORG (using rsa1) and associated the
hierarhcy to it.
3. Create new auth object ZZIO_ORG (using rssm) with ZIO_ORG info
object + 0tctauthh info object (activated this object from available
business content)
4. defined description for hierarchy in the auth object
5. created new role ZTEST_ORGANIZATION with basic authorizations to run
a report and the new auth object ZZIO_ORG. restricted the values in
ZIO_ORG attribute to 1 value of level 1.
6. created new user TESTMM08 and linked the role with this user
7. created a new report ZORG_QRY, having this info object. activated
hierarchy and new variable (processing - authorization) named ZVA_ORGH
I expect the report to run with only the restrictions as of specified
in the role. But, the report is showing all the values mentioned in the
hierarchy without any restriction.
Where are things going wrong? Any help on this will be appreciated.
Best regards,
Nishant
Answer:
The only thing pops out at me that you may have overlooked is activating the authorization check for the InfoProvider (also performed in RSSM).
The info object may be "authorization relevant" and added to the auth object, but you need to identify in which InfoCubes the authorization object check is active.
Hopefully, that's it,
Vincent
Answer:
Thanks Vincent for your suggestions. I did specify the "checks for infoproviders" to have the value of the ODS in which I have the data. I tried with and without this. Both seem to give me the same results. I never ever get the "no authorization" message. The report is showing all the data irrespective of the restrictions.
Any more pointers will be appreciated.
Thanks,
Nishant
Answer:
hello
try and check the authorsation check log in RSSM
and ST01 for the dummy user.
regards
guest
Answer:
an interesting which i notice in st01 trace is that : the zzio_org auth object (which contains the info object + 0tctauthh) is not used anywhere in the authorization check.
that can be the problem itself... any reasons why it should not be used in auth check.
Regards,
Nishant