SAP BW Query Exit to restrict users output

Please note this article has been written from an ABAPers point of view and some knowledge of creating BW queries will be required.

When using an authorisation object to restrict a query report it determines if the user can see everything in a range. If they cant see them all then an authorisation error will be displayed. You may have a requirement to still allow the user to see the report but to remove values they are not authorised to see.

This would be done by having 2 variables on the report selection screen, one for the user to enter their selection and a hidden one which will do the actual report restriction. The code for this will look something like this, where 'ZGMGTNOI' is the hidden field and '0S_GRANT' is the visible user input field.

**** ZGMGTNOI variable derives input from variable OS_GRANT
WHEN 'ZGMGTNOI'.
if i_step = 2.

* gets selection values entered by user (0S_GRANT)
loop at I_T_VAR_RANGE into wa_range where VNAM eq '0S_GRANT'
and IOBJNM eq '0GRANT_NBR'.
wa_grant-low = wa_range-low.
wa_grant-high = wa_range-high.
wa_grant-option = wa_range-opt.
wa_grant-sign = wa_range-sign.
append wa_grant to r_grant.
endloop.

* selects all grants user is authorised to see within entered
* selection values
select grant_nbr
from ZGMUSERGRANTS
into corresponding fields of table it_ZGMUSERGRANTS
where UNAME eq sy-uname
and grant_nbr in r_grant.

* If no values are found! Populates hidden restriction variable with
* user input
if sy-subrc ne 0.
loop at r_grant into wa_grant.
move-corresponding wa_grant to wa_ETRANGE.
wa_ETRANGE-opt = wa_grant-option.
append wa_ETRANGE to E_T_RANGE.
endloop.
* If values are found! Populates hidden restriction variable with
* all values user is authorised to see
else.
clear: wa_range.
loop at it_ZGMUSERGRANTS into wa_ZGMUSERGRANTS.
wa_ETRANGE-sign = 'I'.
wa_ETRANGE-opt = 'EQ'.
wa_ETRANGE-low = wa_ZGMUSERGRANTS-grant_nbr.
append wa_ETRANGE to E_T_RANGE.
endloop.
endif.
endif.