SAP BLOG Using SAP BW authorization relevant InfoObject in SAP Profitability and Performance Management 3.0 – more complex scenarios

SAP Blog

Kayıtlı Üye
Katılım
22 Ara 2017
Mesajlar
1,366
Tepki puanı
7
Puanları
6
In previous blog about SAP BW Authorizations, my friend guided you step by step how to manage Analytic Authorization of an InfoObject and how you can use it in query function of SAP Profitability and Performance Management 3.0 (SAP PaPM). In this part I will focus about showing you how to create more complex scenarios and how you can use this kind of authorizations on query level.

If you didn’t check his blog post about simple cases of BW authorization usage in SAP PaPM, I encourage you to visit this one first before continuing with the next section of this blog post.

First of all: let’s have a quick presentation of more complex choices that you can display on query level. Let us assume that user has restrictions not only for one characteristic, but on few of them. In this example those characteristics will be: Company code: YBW_COMP, Country: /NXI/CNTR and Version: 0VERSION.

As you can see, we have characteristics with all possible technical naming conversion including standard one: 0VERSION, Characteristics delivered with certain product/add-on: /NXI/CNTR and created by user: YBW_COMP. Additionally we added one key figure: YQA_AMT. In the end, the data in Model Table function will look like this:

fig1.jpg


Fig. 1. Transactional data saved in model table function​

In the screenshot above, you can find such values for given characteristic:

  • Company code: CC_A, CC_B and CC_C
  • Version: 1, 2 and 3
  • Country: US, DE and PL

Just a bit of a side note, regarding the authorization user – DBW_ATH_PAPM. DBW_ATH_PAPM authorizations for these more complex scenarios are maintained like on the screenshot (from RSECADMIN) given below:

fig2.jpg


Fig. 2. SAP BW authorization assignment for particular user (RSECADMIN)​

Now going back to Model Table — So we have Model Table and let’s create query on top of that. However, did you think about one question: “What results will be shown by query?” Query will show data according to authorizations meaning it will show common part of authorization values, visualized as on figure below:

fig3.jpg


Fig. 3. Visual representation of part of common of chosen authorizations​

In other manner, data that will be shown will have such filter: (Company: CC_A OR CC_B) AND (Country: US) AND (Version: 1 OR 2).

Note:

When you create a query, you have to remember that authorization relevant characteristic need to have variable set as: Authorization.


fig4.jpg


Fig. 4. SAP PaPM query definition with “Authorization” variable​

If you miss to do that, you will get message:


fig5-1.jpg


Fig. 5. An error message (SAP PaPM view)​

Let us analyze results of a query:

fig6.jpg


Fig. 6. Query results (SAP PaPM view) when using SAP BW reporting authorization​

As you can clearly see, query results match what I stand for earlier. Query will display only records which are matching certain filters done by authorizations.

But how about displaying records that are in Model Table or Model BW function via Analyze screen? Let’s try it:

fig7.jpg


Fig. 7. SAP PaPM Model table function output when using SAP BW reporting authorization from our example​

You will get a message that you haven’t got authorization to display results of that InfoProvider. But why? To be able to answer that question let us have a look about what Analyze button would like to display. When you do the same thing with user which has no restrictions, data will be displayed as given:

fig8.jpg


Fig. 8. SAP PaPM Model table function output when using no restriction for SAP BW reporting authorization​

As you can see, by default results that are shown were created by aggregation of key figure (or all of key figures used), and since our DBW_ATH_PAPM user doesn’t have authorizations to display all of characteristic’s values or aggregated key figure value, we must attach aggregation authorizations for that user to be able to analyze display that kind of data. You can create them as I explained in first part of my blog, but instead of giving precise value, you need to fill field with colon sign “:” as shown on screenshot below.

fig9.jpg


Fig. 9. Definition of SAP BW “aggregation” authorization​

You can create all of those aggregation authorizations for all 3 characteristics from our example and add them to your user. Then we can try to Analyze function model table again:

fig10.jpg


Fig. 10. SAP PaPM Model table function output when using SAP BW reporting authorization from our example extended by SAP BW “aggregation” authorization​

Nevertheless, you still cannot see and add any characteristic to rows/columns freely due to the fact that we have restrictions on values of those characteristics. When you want to add Company code to rows you will get a message that you haven’t got authorizations to display that. Only way to display those is to filter them up according to your authorizations, e.g. we will be able to see CC_A for company code:

fig11.jpg


Fig. 11. SAP PaPM Model table function output when using SAP BW reporting authorization (filtering data to authorized values)​

Note:

You may ask: why the system doesn’t automatically filter data according to those authorizations? When we run Analyze, PaPM is trying to display all InfoProvider’s data in aggregated form and doesn’t know if you want to display those values or not – remember that the only way to pass information about variables is the query function. This is why it is important to select authorization variables on authorization relevant characteristics in definition of query.


To exhaust the topic about authorization on characteristics we must mention one more: Hierarchy authorization. As you know you can use hierarchy of characteristic can be display when analyzing a query. You can provide this information in query definition:

fig12.jpg


Fig. 12. SAP PaPM query definition with hierarchy in the rows​

So, when you would like to Analyze query with no restricted values (by authorization feature) you will see such results:

fig13.jpg


Fig. 13. SAP PaPM query output when using hierarchies in the rows​

Hierarchy for Company code has given definition:

fig14.jpg


Fig. 14. SAP PaPM hierarchy definition for characteristic/field “Company code”​

Ok, so how you can maintain authorization on specific hierarchy node level? It is pretty simple: You can go to RSECADMIN and create such authorization, but it needs to be a hierarchy authorization as given on screenshot below:

fig15.jpg


Fig. 15. SAP BW hierarchy authorization definition​

So, as you expect, user DBW_ATH_PAPM with such authorizations will be able to display only values given under specific node of hierarchy – in this case N03:

fig16.jpg


Fig. 16. SAP PaPM query output when using hierarchies authorization in query definition​

Key figures can also be restricted by authorizations – some people could see only authorized key figures on the same query/report. Authorization for specific key figure should look like this:

fig17.jpg


Fig. 17. SAP BW key figure authorization definition​

And for technical InfoObject 0TCAKYFNM you can select technical name of the key figure that you want to authorize:

fig18.jpg


Fig. 18. SAP BW key figure authorization definition for key figure “YQA_AMNT”​

Meaning – user will only be able to see values for that specific key figure. So, let’s have a look into SAP PaPM Environment. Let’s create simple example with two characteristics and two key figures. So, Analyze screen in SAP PaPM for user with authorizations for all characteristics values and key figures:

fig19.jpg


Fig. 19. SAP PaPM query output for user with no authorization restriction​

For our DBW_ATH_PAPM user, we restrict authorizations only for key figure Net result – YQA_AMT. As you can see key figure Quantity is not available for this user to analyze.

fig20.jpg


Fig. 20. SAP PaPM query output for user with authorization restriction to key figure “Net result – YQA_AMT”​

You can see that using BW authorizations is not that difficult, and I think you will be able to re-create that examples on your system. I strongly encourage you to try it by yourself and make some of examples which can have all of authorizations mentioned in this blog and in the previous part.

In next blog I will go through other SAP Profitability and Performance Management functions that can use BW Authorizations, so watch out!

Okumaya devam et...
 
Üst