The SAP Fan Club Forums

[Malsakat]

Hi ALL

Has anyone used BI Custom user exit for BI Authorisations as the basis for their authorisation concept. I mean someone who build the DSO which contain users and the info objects they need to access and their permited values for client with hundards or thousands of end users. I am keen to know if this concept worked for them on the long term. what are the pros and cons of it. This concept ensures few analysis authorisations are built but the actual work is in the maintenance of the DSO for each and every client of BI. What about system performance ? does it get effected by the increasing number of end users added to the DSO.

I know of this concept but never implemented it so I am keen to hear from anyone who has implemented it and share with me their views about the BI cutom user exit.


Kind regards

Massoud

[Al.]

Hi,

If designed properly it can work very well and is a good way to reduce admin effort in the longer term. My team and I have used auth variables in a few ways in the past:

- providing access to dynamic data like HR objects
- granting access based on attributes on financial document content driven by customisation in ECC & sent to BW
- using ECC access which is loaded into a multiprovider and the BW auths generated from that data so it's always in line with ECC auths (or at least the delta is the time between the change of ECC access and the extract into BW).

A few considerations:
- carefully consider what you are restricting on. Keep it as simple as possible & restrict to as few different attributes as possible. This applies to making characteristics auth relevant anyway so apply the same logic
- consider future requirements as the choice to go down this route has an affect on the functional design as well as the security design
- invest time in performance tuning the code as it will affect response times as data sets and user base increases. Optimising it at the early stage saves problems later on down the line.


Good luck!