Coming from old RSR concept, I'm currently trying to find a good solution for developing roles using the new authorization concept.
In BW 3.x, I just entered the activites directly into the authorization objects. Now, with the new analytical authorizations, I have to assign them via a single auth object. But what is the recommended way for the distribution of auth-relevant InfoObjects into single authorizations?
Example: let's say we have marked 0COSTCENTER as auth-relevant. In the old RSR concept, I just added the corresponding authobject to the role and entered the number of the cost center.
Now, with the new authorization concept, I first have to build an authorization for every cost center (CC1000, CC1001, ...) and then assign the corresponding CC authorization to the role using S_RS_AUTH.
That means, if I need to restrict the "usual" InfoObjects like cost center, company code, plant, etc., I have to prebuild thousands of AAs beforehand. Did I miss something? This new concept looks to me way more costly than the old concept.