on our project we are working with SAP data. In the final app users should only see results for the company code they are located in.
This information could for example be provided by a table containing the following columns
user name
company code
Currently for the hand full of users we can configure analysis authorization manually. But what if in the future hundreds of users need access to our app?
Do you have experience with such a setup and know
the most efficient way to manage the access rights
User Management in large scale user bases is always tricky - yet alone when it comes to AA configurations. For larger user groups we can attach identity providers.
Is there any possibility to connect data from e.g. LDAP to the OD user accounts (as we do on internal)?
If the user has a list of companies in their user metadata in LDAP, this information should be extractable into a user-bound system variable (has to be configured via certain extraction rules, can point you to the internal documentation if needed). If you then in turn set up an AA dimension for columns containing the company, you can create a rule based on the user-bound system variable containing the company.
The setup is a bit complicated but it should be doable.
Currently, I cannot supply you with a working example. Maybe someone working with AA-enabled Apps on internal can help you (at least with the “rule based on system variable” part. We might already have working setups for e.g. department-affiliation-based AA).
