Ref: SDN Wiki
Author: Sudhakar Mohan

How to create Info Object level( Characteristic Value ) Authorization for a Reporting User in BI 7.0

Scenario: There are 5 sales organizations and we are going to restrict a reporting user ( TEST ) to access only 2 sales organization data out of the 5. In this eg.1000 and 2000 are the sales organizations of the user TEST for which we are going to give access.So whenever the user TEST executes thereport,he will only be able to see the Sales organisations 1000 and 2000 in the report.

Step - 1: Mark the InfoObject Authorization Relevant & Activate it.

Step - 2: Go to Tcode - RSECADMIN
Under Maintenance - Enter the name of the Authorization Object and click Create Authorization.
Insert Sales Organization Info object as shown below. Also included the other SAP recommended objects 1.0TCAACTVT, 2.0TCAIPROV and 3.0TCAVALID.

Maintain the Values for these Objects. Select 0Salesorg and click Details.
Eg: Values 1000 and 2000 are maintained for Sales Organisation

Note : Also include all Authorisation Relevant Objects which are used in that infoprovider in addition to the above additional 3 objects otherwise you may get "No Authorisation" error when you execute the query.

Step - 3 : Tcode - RSU01 Assign User to Authorisation Object
Enter the name of the user to be assigned with the authorization object and click the change button.
The select the relevant authorization object and save.

Note : 0BI_ALL is the authorization object to access all the info objects which are authorization relevant.

Step - 4: Create Authorisation Variable in Query Designer
Create an Authorization Variable - Variable with Processing by Authorisation in Query Designer as Below for Sales Organisation.
Restrict the Sales Organisation with the Authorisation Variable and execute the query.