Now it is time to trace and troubleshot. I’am going to explain this thema based on analytical query CDS Z05_C_FlightByAirportQuery which is based on Cube CDS view Z05_I_FlightByAirport.
Access control was defined for the Cube CDS view in previous post:
@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
grant select on Z05_I_FlightByAirport
where ( Airline, FlightDate) =
aspect pfcg_auth ( ZS_NEW,
CARRID,
FLTDATE,
actvt = '03' );
Step-by-step:
1. Switch on trace in ST01 for a testing user.
Access control was defined for the Cube CDS view in previous post:
@EndUserText.label: 'Role for Z05_I_FLIGHTBYAIRPORT'
@MappingRole: true
define role Z05_ROLE {
grant select on Z05_I_FlightByAirport
where ( Airline, FlightDate) =
aspect pfcg_auth ( ZS_NEW,
CARRID,
FLTDATE,
actvt = '03' );
Step-by-step:
1. Switch on trace in ST01 for a testing user.
2. Start a report or RSRT by testing user and open analytical query.
3. Go back to ST01 and open Analysis. Enter testing user name and time periods.
4. Analyse results.
You could see that:
- ZS_NEW authorization object is successfully checked
- S_TCODE ckecked for RSRT t-code
- BW authorizations S_RS_COMP, S_RS_COMP1, S_RS_AUTH
For more information you could go to SU21 and read documentation.
5. Let’s exclude ZS_NEW from a user profile. The results are different:
Now we have an error with ZS_NEW authorization object and no records in report.
6. Let’s crop authorization, exclude 0BI_ALL and some other.
For only those authorizations objects we get correct analytical query result in RSRT.
Trace for this case:
It seems that 0BI_ALL is not needed, but error in trace occurred.
No comments:
Post a Comment