Please note this article has been written from an ABAPers point of view and some knowledge of creating BW
queries will be required.
When using an authorisation object to restrict a query report it determines if the user can see everything
in a range. If they cant see them all then an authorisation error will be displayed. You may have a requirement
to still allow the user to see the report but to remove values they are not authorised to see.
This would be done by having 2 variables on the report selection screen, one for the user to enter their
selection and a hidden one which will do the actual report restriction. The code for this will look something
like this, where 'ZGMGTNOI' is the hidden field and '0S_GRANT' is the visible user input field.
**** ZGMGTNOI variable derives input from variable OS_GRANT WHEN 'ZGMGTNOI'. if i_step = 2. * gets selection values entered by user (0S_GRANT) loop at I_T_VAR_RANGE into wa_range where VNAM eq '0S_GRANT' and IOBJNM eq '0GRANT_NBR'. wa_grant-low = wa_range-low. wa_grant-high = wa_range-high. wa_grant-option = wa_range-opt. wa_grant-sign = wa_range-sign. append wa_grant to r_grant. endloop. * selects all grants user is authorised to see within entered * selection values select grant_nbr from ZGMUSERGRANTS into corresponding fields of table it_ZGMUSERGRANTS where UNAME eq sy-uname and grant_nbr in r_grant. * If no values are found! Populates hidden restriction variable with * user input if sy-subrc ne 0. loop at r_grant into wa_grant. move-corresponding wa_grant to wa_ETRANGE. wa_ETRANGE-opt = wa_grant-option. append wa_ETRANGE to E_T_RANGE. endloop. * If values are found! Populates hidden restriction variable with * all values user is authorised to see else. clear: wa_range. loop at it_ZGMUSERGRANTS into wa_ZGMUSERGRANTS. wa_ETRANGE-sign = 'I'. wa_ETRANGE-opt = 'EQ'. wa_ETRANGE-low = wa_ZGMUSERGRANTS-grant_nbr. append wa_ETRANGE to E_T_RANGE. endloop. endif. endif.
SAP BW Query Exit to populate authorisation dynamically