My company has several subsidiaries and the data of all of them is loaded into Celonis. We want to grant analysts from all subsidiaries the ability to access analyses in Celonis, but we don’t want them to be able to see data that is related to any of the other subsidiaries.
To the best of my knowledge, the way to implement such a restriction via Authorization Objects, which can then be applied to specific users (i.e. analysts from the subsidiaries) in order to restrict their viewing rights. From the menu: “You can add authorization objects here which can be used to automatically filter the dataset users.”
I have taken a look at the sample “query-definitions.xml.sample” file in the installation folder, but it’s still unclear to me how the concept is supposed to function - either via “the values are manually entered below” or via “the values are queried from a database”.
The parts that I’m unsure about are:
“On this screen you can configure the source of the mappings either from a database or from manual input”. --> What is supposed to be mapped to what?
“To be able to use these objects, they have to be linked to a user and a data model, which is possible in the respective views.” --> Which views are meant here?
If choosing the manual option, how is the definition of possible values supposed to be formatted?
Any help would be very much appreciated!
(Also, here are the sample query definitions.)<?xml version="1.0" encoding="UTF-8" ?> My Datasource jdbc:sap://... User Password sample.driver.class.name New DATABASE Source SELECT USERNAME, LANGUAGE, FIRST_NAME, LAST_NAME, EMAIL, CURRENCY FROM MY_USER_TABLE SELECT USERNAME, GROUPNAME FROM MY_GROUP_MAPPING_TABLE SELECT USERNAME, GROUPNAME FROM MY_GROUP_MAPPING_TABLE SELECT DISTINCT BUKRS FROM EKPO SELECT BUKRS FROM USER_BUKRS_MAPPING WHERE USERNAME = ? SELECT DISTINCT BUKRS FROM GROUP_BUKRS_MAPPING WHERE GROUPNAME IN(?)