The authorized values are loaded into a new InfoCube A as transaction data. This InfoCube contains not only the characteristic 0TCTUSERNM for the user but also the characteristics relevant to authorization. A query is created for each of these characteristics in InfoCube A. This query contains the variable 0TCTUSEE for 0TCTUSERNM in the filter and only has the characteristic in a drilldown state. All queries, for which the system is to display only authorized values, must contain variables for characteristics relevant to authorization. These are filled by queries that were defined in InfoCube A previously (Setting: Fill from query).

The variable 0TCTUSEE for 0TCTUSERNM can be used here, along with SAP Exit that is automatically filled with the user name. If a query is executed now, the BW system firstly starts the necessary queries in the InfoCube A with the authorization data.

The system then uses the set of permitted characteristic values in each case to restrict the query display. The user does not need to specify anything in this scenario. Instead, the query is automatically adjusted to his/her authorizations.

The result set (that is, the authorized values) is temporarily stored in the database, before being included in the join when the query is executed. This is consequently the quickest method for larger value quantities.

However, this method has the following disadvantages

You should therefore only use this method when the amount of authorized data is very large and cannot be displayed with intervals or using a hierarchy.

Otherwise, the following method must be used.