Skip to Content
Author's profile photo Kiran Yelluru

Restricting the Hierarchy node variable values during report execution using Analysis authorization concept in sap BW 7.3

Applies to:

SAP BW 7.3


This paper gives a clear picture about how to use SAP BW Analysis authorization concept to restrict the query variable screen (input) and output based on customer exit hierarchy node variable.

While executing the report, the hierarchy node variable values would be populated or restricted based on the authorizations of the user to the profit centres, executing the report.

These authorization mappings are maintained in the DSO so that if any change in the information can be overwritten and easily maintained in the DSO data.


Analysis Authorization concept is not based on standard authorization concept of SAP but based on BW objects. Any BW object could be marked as authorization relevant, the objects 0TCAIPROV, 0TCAVALID AND 0TCAACTVT are checked default.

0TCAACTVT – to restrict the authorization to activities

0TCAIPROV – to restrict the authorization to Info Providers

0TCAVALID – to restrict the validity of the authorization


         1)      As we are handling the authorization concept at BW level itself the involvement of Basis team will be eliminated

         2)      The changes of authorizations to the profit centre hierarchy and hierarchy nodes can be easily handled by making the changes to the flat file data 

                   which we will feed to the DSO in BW.  


         3)      As the authorization check is applied at variable of the specific report the remaining objects and data structures which will use the profit centre will not be affected.

     Business scenario:

While executing the query, hierarchy node variable values would be populated or restricted based on the authorization of the user who is executing the report. These authorization mappings will be provided over excel sheet.


1)  Make 0PROFIT_CTR as Authorization Relevant :-

In the 0PROFIT_CTR info object Business explorer tab we need to select the Authorization Relevant check box


2) Need to create customer exit based hierarchy node variable in the report

Below are the settings which need to be maintained for creation of customer exit Hierarchy node variable

untitled -1.JPG

3) Create Analysis Authorization object using RSECADMIN

We need to create custom analysis authorization object i.e. ZPROTS using RSECADMIN T code.

In RSECADMIN screen we need to press on Individual Maintenance button.

untitled -2.JPG

In the next screen we need to give the name of the custom authorization object and press on create button

untitled -3.JPG

In the next screen we need to add the required Info objects which needs to be made authorization specific


We need to double click on the each added info object in above screen and specify the detail values for each object like below screen

untitled -5.JPG

In above screen I have mentioned hierarchy name which needs to be made authorization specific and also added the name of the customer exit variable for hierarchy node under Technical node name are indetails screen and also specified Type of Authorization Hierarchy, Hierarchy Level and Area of Validity.

After all the above settings the custom analysis authorization object will look like below screen shot.

untitled -6.JPG

4) Assigned this Authorization object to the user using RSECADMIN

         In the RSECADMIN T code, in User tab we need to select Individual Assignment

untitled -7.JPG

In the next screen we need to give the user id and need to press on change button

untitled -8.JPG

In the next screen we need select Manual or Generated tab and enter the technical name of the authorization object and press on insert button in order to insert relationship between custom authorization object ZPROTS and particular user ID.

untitled -9.JPG

We need to save the settings which we made in above screen using save button at the top.

untitled -10.JPG

5) Create standard DSO to store the data which will be read through the customer exit variable when the particular report is executed by the user

ZANA_AUT DSO has been created with the required below fields in the screen shot

untitled - 11.JPG

Need to create the flat file data source using which we can load the data containing the authorization mappings in excel spread sheet.

untitled - 12.JPG

6)  Required code need to be written for this customer exit variable under include ZXRSRU01

untitled - 13.JPG

Testing Method:-

I have restricted only 4 hierarchy nodes in the data of DSO with the user id (EXVY101) and 3 hierarchy nodes with different user id (EXMG232) for testing.

untitled - 14.JPG

When the report is executed with the user id EXVY101 in RSRT as desired we are able to see only those 4 hierarchy node values restricted directly to the hierarchy node variable which we created with the customer exit processing type.

untitled - 15.JPG

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Dear kiran very useful document you have posted for BW users

      Author's profile photo Former Member
      Former Member

      Dear Kiran,

      This is very useful information with related screen shots for BW users.

      Author's profile photo Aditya Sai
      Aditya Sai

      What if the customer has multiple division for same salesorg?

      Can we create multiple objects with different nodes or single object with multiple nodes?

      Author's profile photo Daniel Ray
      Daniel Ray

      We do not have the authorizationrelevant option checked out. Do you have any suggestions to achieve this without the authorization concept. We need to display only the 1st level node informatioin.



      Author's profile photo Former Member
      Former Member

      We have implemented this solution,you can use i step= 0 ,instead of i step=1 in the code above.

      This is because i step=0 works on authorization variable and not i step=1.




      Author's profile photo Khan Aslam
      Khan Aslam

      I have everything worked out but one issue I don't know how to resolve. I am hoping someone here knows how to do it. Is there a way to stop pre-populating the authorized values. Users don't like the long list of values if they are assigned 30 different cost centers

      Author's profile photo Shiv C
      Shiv C



      How do we pass if the costcenter is compounded? If the costcenter is 100457 and the CO area is 1002 then variable expects the value as 1002/100447. We tried the pass the exact value but we getting an error.

      I appreciate your help with this.