Hello,
We are facing an strange issue related to BI authorizations. We have to
restrict users in query designer such that they cannot edit any query
with the name starting from Z*. They should be able to copy the Z*
queries to Y* names and should have full access to edit these Y* queries only.
But the problem is that as soon as we give access to edit the Y* queries to these users they have access to edit Z* queries as well. In the ST01
trace we found that there is a dummy check on S_RS_COMP object for all
the fields except ACTVT. Hence if we give access to ACTVT=02 they have
change access for all the queries Z* as well as Y*.
The trace looks like this:`
S_RS_COMP RC=4 RSINFOAREA= ;RSINFOCUBE= ;RSZCOMPTP= ;RSZCOMPID= ;ACTVT=06;
S_RS_COMP RC=0 RSINFOAREA= ;RSINFOCUBE= ;RSZCOMPTP= ;RSZCOMPID= ;ACTVT=02;
As you can see it doesn’t check for any values in RSZCOMPID which is the most important field where the restriction is in place.
This is not normal, as I do remember there was always a check on this field and we could have easily restricted this user.
Note: I am able to perform edit operation with this user for Z* queries but if I try to do “Save As” it will not save any query in the Z* format it will give no authorization error message. This is good as it lets you save this only in Y* format. Hence my restriction only works while copying this query to some other name only. 