Maintaining Authorizations for Hierarchies
Before you can make authorizations for hierarchies, you must first transfer and activate the Info Object 0TCTAUTHH from Content. Make sure that the indicator relevant for
authorization is set. You must also create an authorization object for which you want to make the authorization.
- Choose Business Explorer → Authorizations → Reporting Authorization Objects.
- Choose Authorizations → Authorization Definitions for Hierarchies > Change.
- In the Definition, select the InfoObject, hierarchy, and node.
- Select the Type of authorization:
0 - for the node
1 - for a subtree below the node
2 - for a subtree below the node up to and including levels for a subtree below the node
3 - for the entire hierarchy
4 - for a subtree below the node up to and including levels (relative) (You must specify a level that is defined relative to the node for this type. It makes sense to specify a relative distance if an employee may only expand the hierarchy to a certain depth below his initial node, but this node is moved to another level when the hierarchy is restructured.)
- Specify a technical name for this definition. If you do not enter a value, a unique ID is set.
- Now create an authorization for the new authorization object. To do this, enter the technical name of the definition as a characteristic value for the characteristic 0TCTAUTHH. For the characteristic defined on the hierarchy, specify the value" ." (blank). It often makes sense to also enter ":" (colon) so that queries without this characteristic are also allowed.
Hint: If you enter the value "*" here (all characteristic values), the user is allowed to view data for all characteristic values, regardless of whether a hierarchy is used or a complete drilldown is carried out.
- Optionally you can use the following fields:
- Top of hierarchy: This option allows you to select the top of the hierarchy instead of a node in the hierarchy.
If, for example, you want to authorize a user to work with a hierarchy from the top node, down to a particular level, you can of course authorize the user for the highest node in the hierarchy. If, on the other hand, the hierarchy is used in the query without a filter set for this node, the user is not able to execute the query.
This is because the node that is displayed at the highest level in the hierarchy, is not actually the top of the hierarchy. For example, there is the .All Other Leaves. node. This is an internal node, but a node in the hierarchy nevertheless, and it is this node that is at the top of the hierarchy, a level higher than the highest node that appears in the hierarchy display. If the hierarchy is used in the query, and the top-level node has not been specified explicitly, the system checks the authorization against the highest node in
the hierarchy, meaning the internal node that is not displayed. This option, therefore, allows you to determine the top-level node of the hierarchy yourself, so that you can ensure that users are assigned the appropriate authorizations.
- Hierarchy level : Within the framework of the authorization check, you can use this value to specify to which level the user can expand the hierarchy.
Please note that this is an absolute value and refers to the entire hierarchy. The highest node of a hierarchy stands at level 1. If you have entered the value 3 for the hierarchy level, for example, then the user can expand/see the hierarchy up to level 3.
- Validity period : 0: Name, Version, and key Date identical
1: Name and version identical
2. Name identical
3. All hierarchies
- Node variable default value: If this option is chosen, this definition of a hierarchy authorization is used as the default value for node variables.
If a user is allocated several authorizations for subareas of the same hierarchy, one of these authorizations must be defined as the default value in this way. Only one node can be chosen for a node variable in the variable screen of a query. In order that this variable be filled from the authorizations, the correct variable type must be chosen and an authorization must be marked as the default value.
|
