Let me discuss and explain to you the infoObject’s analytical authorizations. Let’ begin.
What is analytical authorization? To be quick in explanation let’s have an example which will visualize this thing.
You are chief of controlling department of company X. This company is parent company of 3 other child companies: A, B and C. In every of those companies there is also chief of controlling department, but he/she is responsible only for his/hers company. You (as higher in company hierarchy) would like to see every information, e.g.: Net result from company X, however you don’t want them to see result of each other, so: controlling dept. of company A should only see data from company A and so on, so net result report should be shown for every chief as on screen below:
So you need to create 4 reports for every company member, which will have to be restricted by Company code for every specific company? The answer is: There is a better solution: You can use Authorization relevant InfoObject and create only one report and SAP BW backend will restrict data according to your authorizations and everything can happen on one report only. In this blog I will show you how to achieve such thing and how to combine this feature with SAP Profitability and Performance Query function.
So we need to create company code characteristic for those purposes:
1. Company code characteristic:
With given master data:
Now we can log into BW client and go to Transaction RSECADMIN.
Individual maintenance and create new authorization named CC_A:
Now you can press the button in green square like on screenshot above. It will fill table with 3 InfoObjects that are necessary for analytic authorization to work. Since those are in the table you can add this particular authorization relevant InfoObject – in our case YBW_COMP. Double click this InfoObject.
New screen will pop-up. Add new line like and edit row : I – for include. Then you can select list of single values to be included for analytical authorizations like on screenshot below:
Or you can select specific range of given values:
The third and last option is to select contains pattern and it can look like this:
For this particular scenario we will select it as equal to “CC_A”:
After that you can save and activate authorization object. Next you can make authorization object for companies B and C, and then one more: for all companies: CC_ALL
Next thing is to assign authorization object to particular user. In our case user DBW_ATH_PAPM. To do that go to T-code RSECADMIN and select User tab and individual assignment:
And fill name of particular authorization and click “Insert”.
In this scenario I will add CC_A and CC_B authorizations to this user.
Second idea is to add those authorizations to specific role:
And if you do so, those values are applied to tab “Role Based”
Now on SAP Profitability and Performance Management side lets create Model Table function that will contain this characteristic and key figure: Net result. Then fill table with data given below:
Company | Net result |
CC_A | 1.500.000 |
CC_B | 2.000.000 |
CC_C | 2.500.000 |
And simple query function with this Model Table as an input and query source as Environment. Definition of query should look like this: Net result in columns and Company code in rows. Last step is to restrict Company code characteristic with authorization variable as given in screenshot below:
And activate the query.
As user with no restrictions defined and full authorization this is how result would look like:
As you can see – all results are available. Now how this query will look from this specific user for whom we managed authorizations? Answer in screenshot below:
As you can clearly see analytic authorization works for SAP Profitability and Performance Management query function. It can be relevant when you would like to restrict the results of your calculations for specific user. I encourage you to switch those authorizations to the one created before.