1. Security Management Logic

Security Management is split by Role dans Scope depending on the object you want to give users access to.

1.1 Role

One user needs to have at least one role (but can have multiple ones).
The role is concretely a user group.
The objective behind is to give access to Workspaces (Remote and/or Web), Models, Shortcuts.
The list of roles by GBU has been defined and should not changed frequently.
For example: two users can be Sales Manager for one GBU - they will see the same workspaces, shortcuts, models... The process will be identical.

1.2 Scope

One user needs to have one scope/perimeter only (in order to avoid conflict/blocking between several users.)
The scope is concretely a user group.
The objective behind is to give access to a specific list of DFUs or any other dimension (depending on an aggregated level).
The scope is changing frequently depending on Commercial Team organization in SAP/GBU.
For example: two users can be Sales Managers for one GBU but with two different scopes - they will be able to work on the same workspace at the same time on a different set of DFUs.

2. Security by GBU

As explained above, security is applied based on GBU and role. Here is the summary of GBU roles list.

2.1 Workspaces

2.2 Models

2.3 Shortcuts

2.4 Master Tables

3. Examples

3.1 Example #1 - Simple

For ex: for a Sales Employee of a given GBU

#	Description	Screenshot
1	right click the master table Sales Employee ID, then click Security, In the Advanced security tab, for each user group, associate the conditions to the corresponding user groups,
2	right click the master table Material:shipto@DC, click Security, In the Advanced security tab, for each user group, associate the conditions to the corresponding user groups,

3.2 Example #2 - Complex

For example, QSM-285899

#	Description	Screenshot	Reference view
Problem Reporting!
1	user SANTOSMA all black view while open the work space,
Trouble Shooting!
2	The grid view has a split on dimension Material:Shipto@DC into Country Ship-To Sold-To Material and the original data field dimension, Material:Shipto@DC
3	If you connect as the user into the rich client and right click => Configure on the view, you can check which one is empty (the one with /) :
4	The problem is on Material : the view has a filter on Material, on condition 'GBU - TS: Yes & Planned Material \| TS : Yes' :
5	User belongs to those groups :
6	The only group having a security configured on the master table 'Material' is TS - US / Marcio Santos, with the visibility condition 'GBU - SA&D' Finally, a right click => hierarchy view (with a super user account) on the master table 'Material' shows that there is no intersection between the combination of the conditions used to filter the grid and the condition of visibility :
7	select here the 3 conditions (pressing control key allows to multiple select them) :
8	And we can see that no material fulfills the 3 conditions :
Fix!
9	The problem is on Material : the view has a filter on Material, on condition 'GBU - TS: Yes & Planned Material \| TS : Yes' : The only group having a security configured on the master table 'Material' is TS - US / Marcio Santos, with the visibility condition 'GBU - SA&D' To remove the condition 'GBU - SA&D' in Material table associated with user group TS - US / Marcio Santos

4. Useful documentation

QAD Documentation