Start of Content Area

Procedure documentation Maintaining Authorizations for Hierarchies  Locate the document in its SAP Library structure

Use

Authorizations for hierarchies determine up to which subarea of a hierarchy a user may drilldown.

Prerequisites

Before you can set authorizations for hierarchies, you must first transfer and activate the InfoObject 0TCTAUTHH from the Business Content. Make sure that the indicator Relevant for Authorization is set. You must also create an authorization object for which you want to set the authorization.

Example

Authorization for a hierarchy on the Profit Center characteristic (0PROFIT_CTR):

Define an authorization object with 0PROFIT_CTR and 0TCTAUTHH.

Note

Example: You define a hierarchy for the basic characteristic B. For characteristic B there is a referencing characteristic R. If you use this hierarchy for characteristic R in the query, authorization for the basic characteristic B is checked. However, you can change this logic so that characteristic R is checked for instead. In the maintenance screen for reporting authorizations, choose the following path from the main menu Extras Compatibility Ref. Characteristics with Hierarchy Switch Off.

You need the characteristic 0TCTAUTHH to specify the hierarchy in the authorization. If you add this characteristic to an authorization object, you can specify authorizations for hierarchies for all InfoObjects in the authorization object.

Procedure

...

       1.      In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose SAP Menu Business Explorer Reporting Authorization Objects.

       2.      Choose Authorizations Authorization Definition for Hierarchies Change.

       3.      In the Definition, select the InfoObject, hierarchy and node.

Note

If there are several users who are authorized to work with just one part of a hierarchy (subtree) but the top node is different for each, you have the option of specifying a variable instead of a node.

See also: Variable Types

Instead of selecting a node, you can also set the Top of hierarchy indicator. This enables you to ensure that a user is authorized to use a hierarchy from the top node down to a determined level.

You can select the top node here. However, if the hierarchy is being used in a query without a filter on this node, the user will not be able to execute the query.

This is because the top-most visible node does not represent the actual top of the hierarchy. As, for example, there are other Remaining Leaves, there should always be exactly one internal node at the top of the hierarchy. Therefore, there is one internal node above the top-most visible node. If the hierarchy is used in a query without the top-most node being determined, it is compared with this unseen, internal node. So that the user has the correct authorizations, select the internal top of the hierarchy for this option.

¡        Make settings for the Type of Authorization, the Hierarchy Level and Area of Validity.

See also Settings for Hierarchy Authorizations.

       4.      If you set the Node variable default valueindicator, this definition of an authorization for a hierarchy is used as the default value for node variables.

If more than several authorizations are assigned to a user for different subareas of the same hierarchy, one of these authorizations has to be defined as the default value. Only one node can be selected for a node variable on the variable screen of a query. So that this variable can be filled from the authorizations, the correct variable type has to be selected and an authorization has to be determined as the default value.

       5.      Specify a technical name for this definition. If you do not enter a value, a unique ID is set.

       6.      Now create an authorization for the new authorization object. To do this, enter the technical name of the definition as a characteristic value for the characteristic 0TCTAUTHH. Hierarchy authorizations and authorizations for characteristic values are added:

¡        Specify the value ‘ ‘ (a blank character) as a characteristic value if only hierarchy authorizations are to be in effect. If you specify more values these are authorized additionally.

¡        Specify the value “:” (a colon) when queries are also allowed without this characteristic.

Caution

The value '*’ (all characteristic values) is not supported for the characteristic 0TCTAUTHH. Nevertheless, if you specify the value ‚*’ a ‚:’ is automatically generated instead because no other valid value is found.

If you would like the user to be able to see all values and hierarchies for a characteristic, use the value '*' for this characteristic.

Note

If you use a drilldown hierarchy in the query, you restrict the highest node by a fixed node or a node variable.

Definitions of authorizations for hierarchies must be transported separately. See: Transporting Additional Information

Alternative Procedure:

You can make authorizations for hierarchies in a different way.

See: Maintaining Authorizations Manually

See also:

Hierarchy Attributes

 

 

End of Content Area