Child pages
  • Best Practice for using Analysis Authorizations
Skip to end of metadata
Go to start of metadata

Purpose

To describe how to design queries effectively using analysis authorizations and authorization variables and avoid some common pitfalls.

Overview  

Analysis authorization when used along with authorization variables can be very powerfull and some tips to create and use them effectively.

Authorizations variable should be in the 'Char Restrictions' and not the 'Default Area'.

Authorization variables should generally be used in the fixed filter rather that the defaul area filter.  This is because the user is able to navigate away from the default area and then they will be presented with an authroization error.

Multiple Authorization variables should be used with caution

When using multiple authorization variables it is important to realize that the variable with be filled with all the values that the user has in any authorization, these authorizations may not be mergeable at query runtime and the user will be presented with an authorization error.

This depends on weather the authorizations can be merged as per SAP Note 1000004.

Example:

Lets say a user has two authorization A and B,

AUTHORIZATION A:  MODE=CAR  , COLOR=BLUE
AUTHORIZATION B:  MODE=BIKE , COLOR=RED

When they execute a query with authorization variables on both MODE and COLOR,  The user may expect that they will be authorized,

The variables will be filled as follow,

MODE=CAR,BIKE
COLOR=BLUE,RED

This will fail as the user doesn't have any authorization for either RED CAR or BLUE BIKE.

Using Input ready Authorization variables

Using Input ready variables filled by authorizations can lead to unexpected results. 

When the variable screen is called the variable is filled, but it is possible for the user to change or delete the values later.  This leaded to No Authorization.  However If you split this variable into two variables, one Authorization variable in the char restrictions, and an input default value.  This means that the user can change/delete the variable screen values without removing the overall authorization variable in the Char Restrictions.   This is generally what users want.

Related Content

Related Documents

Insert SAP Help links or other WIKI content

Related Notes

Insert links to any related notes/KBA that support your topic or are related

  • No labels

1 Comment

  1. Unknown User (y9atsmm)

    Very useful short writeup of guidelines for using authorization variables!