Scribd Logo
Upload

Welcome to Scribd!

  • BW Securitypdf

    Uploaded by

    Kiran Jay
    105 views33 pages
    This document discusses authorization objects and security in SAP Business Warehouse (BW). It explains that BW security focuses on data at the info area, info provider, and query levels. Common authorization objects for BW include S_RS_COMP, S_RS_ICUBE, and S_RFC. Roles define user authorizations by assigning authorization profiles, which are linked to authorization objects. Securing reporting users involves checking authorizations for these objects when users access queries in BW. Hierarchies can also be secured by making the info object used as the hierarchy node authorization relevant. Workbooks can be secured by roles using authorization objects like S_user_agr and S_user_tcd.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses authorization objects and security in SAP Business Warehouse (BW). It explains that BW security focuses on data at the info area, info provider, and query levels. Common authorization objects for BW include S_RS_COMP, S_RS_ICUBE, and S_RFC. Roles define user authorizations by assigning authorization profiles, which are linked to authorization objects. Securing reporting users involves checking authorizations for these objects when users access queries in BW. Hierarchies can also be secured by making the info object used as the hierarchy node authorization relevant. Workbooks can be secured by roles using authorization objects like S_user_agr and S_user_tcd.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    105 views33 pages

    BW Securitypdf

    Uploaded by

    Kiran Jay
    This document discusses authorization objects and security in SAP Business Warehouse (BW). It explains that BW security focuses on data at the info area, info provider, and query levels. Common authorization objects for BW include S_RS_COMP, S_RS_ICUBE, and S_RFC. Roles define user authorizations by assigning authorization profiles, which are linked to authorization objects. Securing reporting users involves checking authorizations for these objects when users access queries in BW. Hierarchies can also be secured by making the info object used as the hierarchy node authorization relevant. Workbooks can be secured by roles using authorization objects like S_user_agr and S_user_tcd.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 33

    | 

    AUTHORIZATIONS

       
    An authorization defines what a user
    can do, and to which SAP objects.
    For example, a user may be able to
    display and execute, but not change,
    a query. Authorizations are defined
    using authorization objects
    | 
    In general r/3 security is focused on
    Transaction codes.
    Specific field values.
    Which activities a user can perform.
    | 
     

    The business goals and purpose of BW


    system is exactly different than R/3.
    There is no updating of buisness data
    in BW.
    The primary activities in BW are
    displaying data and analyzing
    results.
    So the security is set accordingly.
    | !| "
    "

    Security is primary focused on data


    itself.
    Mainly its focused on:
    Info areas
    Info providers
    Queries
      #$ 
    An authorization object is used to
    define user authorizations. It has
    fields with values that specify
    authorized activities, such as display
    and execution, on authorized
    business objects, such as queries.
    The maximum number of characters
    allowed for the technical name is 10.
      #$ 

    _roup of activities and objects which a


    user can have access to.
    Buisness information warehouse-
    warehouse-
    Reporting
    You need to create authorization for field level
    security as required.
    Buisness information warehouse:
    Authorization objects are delivered to protect all
    major authorizations
    !%%&'#$   
      () *( '
    ((
    S_RS_ICUBE-Info cube access
    S_RS_ICUBE-
    S_RS_COMP--one field relates to
    S_RS_COMP
    query and one relates to info cube
    S_RS_COMP1--Secure query using
    S_RS_COMP1
    user name.
    S_RS_FOLD--display authorization for
    S_RS_FOLD
    favorite folder.
    S_RFC--to enable the logon access to
    S_RFC
    business explorer
      #$ 
    () %# )  
    S_RS_ADMWB-individual objects of admis.
    S_RS_ADMWB-
    Wb
    S_RS_IOBJ--Authorization for info objects
    S_RS_IOBJ
    S_RS_ISOUR--Authorization for source
    S_RS_ISOUR
    system(transaction data info sources)
    S_RS_ISRCM--Authorization for source
    S_RS_ISRCM
    system (master data info sources)
    |'( '
    Securing reporting users comes in picture
    starting from user enters Bex explorer.
    Security is primarily tied to :
    INFO AREA
    INFOPROVIDER
    QUERY
    This check can be performed using
    s_rs_comp, s_rs_comp1,s_rs_icube,s_rfc
    |+|+,
    Activity:Display(03)
    Execute(16)
    Info Area: Specific Info Area name
    Info Cube: Specific Info Cube or ODS
    name
    Name of Reporting
    component:Specific query technical
    name or ´*´.
    Type of reporting component:REP
    |+|+,-
    Every field is present in conjunction
    with OWNER
    %
    In Profile _enerator, an authorization
    profile corresponds to a role. A user
    assigned to the role automatically
    has the corresponding authorization
    profile. A user can be assigned to
    multiple roles. The maximum
    number of characters allowed for the
    technical name is 30.
    | '(%
    There is hierarchy
    to be followed:
    ROLES

    AUTHORIZATION PROFILE

    AUTHORIZATION OBJECTS
     '%
    Tcode [ PFC_
    Authorization Objects-
    Objects-S_RS_COMP,
    S_RS_ICUBE,S_RFC
    *#$ %.% 
    Make the info object authorization
    relevant.
    Create your own authorization
    object.
    Tcode:RSSM
    Now add this authorization object in role.
    Create a variable for your query.
    Now if you execute the query you will see
    all the values.
    Authorization for infoobject is checked but
    since the data its picking up from infocube
    and for infocube no authorization is being
    set.
    , /'*#   
    %. 
    Now check the query it will only give
    the result for which user is
    authorized.
    Also you can make the query variable
    itself checking the authorization:
    In the variable screen give variable
    type as authorization variable.
    And uncheck ready to input
    checkbox.
     '0  
    Make the info object used as
    Hierarchy node authorization
    relevant.
    Create an authorization object for
    hierarchy and go to radio button
    authorization definition fr hier.
    Fill The entries:
    Also check that field 0tctauthh is
    made authorization relevant and
    included in your authorization object.
    Enter the authorization object in your
    role.
    _enerate the profile.
    And execute the query.
    You should see only the node which
    you made authorization relevant.
    |'&/#/
    _o to Programs[
    Programs[buisness
    explorer[[Browser.
    explorer
    Authorization Objects:
    S__UI[
    S__UI[ authorization for gui activities
    S_BDS_DS[[ authorization for document set.
    S_BDS_DS
    To save workbooks to roles:
    S_user_agr: Authorizations:Role check
    S_user_tcd: Transaction in roles
    _o to Menu tab in the roles and
    insert two folders
    Now save your workbooks in these
    roles ,so that only authorized user
    can access workbooks.

    You might also like