Type of Authorization
You can define the authorization starting from a node of the hierarchy in different ways:
You must define a level for this type. A typical example of an absolute level is data protection with regard to the degree of detail of the data (works council ruling: no reports at employee level only at more summarized levels).
You must specify a level that is defined relative to the node for this type. It makes sense to specify a relative distance if an employee may only expand the hierarchy to a certain depth below his or her initial node, but this node moves to another level when the hierarchy is restructured.
Hierarchy Levels
For types 2 and 4 you can specify, in Hierarchy Level, the level to which the user can expand the hierarchy.
Validity Area
In the Validity Area you specify in exactly which ways a hierarchy authorization has to match a selected display hierarchy for it to be included in the authorization check.
2
Note that in some circumstances, setting a check level that is too low may lead to more nodes being selected using hierarchy node variables that are filled from authorizations, than actually exist in the display hierarchy for the query. This can cause an error message.
Note that hierarchy authorizations can calculate single values that are the end nodes (leaves) of non-displayed hierarchy, but that in this case, the strictest check type, which is 0, is valid.
As a general rule, make the check as strict as possible. The default is type 0.