Avoid These Common Pitfalls in Using Reporting Authorizations With and Without Hierarchies

  • by Robert Williams, Business Intelligence Project Manager
  • May 1, 2006
Avoid unexpected report results when you use hierarchy authorizations by taking these simple steps.
Key Concept
Reporting authorizations allow you to grant access according to specific values of reporting objects such as profit center or cost center. Hierarchy authorizations provide further flexibility to grant access by reference to nodes in associated hierarchies. For example, an organization can grant the director of a major division access to all of his or her profit centers through a single assignment. This not only simplifies the initial definition of roles; it also reduces future maintenance since the authorization automatically reflects the reassignment of profit centers following a company reorganization.

Graeme Smith’s article, “Prevent Users from Accessing Sensitive Data Using Authorization Restrictions,” in the September 2005 issue of BW Expert explained how to restrict data access with BW reporting objects. Continuing the theme, I’m going to describe how to reference hierarchy nodes in your authorizations. You will see how, under certain circumstances, using hierarchies in reporting can prevent your system from displaying authorized InfoObject values.

It is important to understand this interaction if you are planning to grant access at the InfoObject level, even if you don’t have any immediate intention to use reporting hierarchies in your queries. Discovering an adverse effect after you have implemented your authorization strategy could be very time consuming to rectify. As shown in the later examples, there are implications for BW data modelers, query developers, and those involved in SAP data access administration.

The article consists of three main sections, which you may prefer to read selectively depending on your familiarity with these topics:

  • “Hierarchy Authorization Maintenance” describes how to define node-based authorizations with reference to the InfoProvider and data that appear in subsequent examples.

  • “Common Pitfalls”’ describes how and why inconsistent query results can occur, and highlights some other potential pitfalls of maintaining authorizations on hierarchical data.

  • “Flexibility in Reporting Authorization Maintenance” shows how you can avoid inconsistent query results and potentially simplify authorization maintenance.

Robert Williams

Robert Williams has specialized in data warehousing and business intelligence for more than 10 years. He has worked with BW since Release 1.2, in which he obtained SAP certification in 2000. During this time he has led a number of technical teams. He has acted as project manager for large SAP BW projects and as technical lead on SAP implementation projects. Robert has experience in most aspects of SAP BW architecture, design, and development, including authorizations.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.