Translate

SAP BO AUTHORIZATION FOR BI REPORTING

To ensure that your data warehousing solution reflects your company’s structure and business needs, it is critical that you establish who is authorized to access what data. With Bi authorization can be defined and maintained by info Objects, Query, Infoprovider, and Hierarchies. Authorization can be inserted in to roles that are used to determine what type of content to specific users or user groups. Role templates and business content roles are delivered with BI.
The primary activates in BI are displaying data and analyzing results. The end user will only be analyzing data, not updating it.
Security for in Bi:
The security function in BI does not put the focus on transaction codes or activates. Instead it focuses on the data itself. The security function in BI focus on
  • Info Areas
  • Infoprovider ( InfoCube, DataStore Objects)
  • Queries
Bi is focused on What Data a user can access. This may be controlled at the field level, or it may be controlled at the Infoprovider level. The Infoprovider is a category of objects that can provide data to  a query , such as InfoCube and DataStore Objects. The InfoCube or DataStore Objects holds the summarized data that the user can then analyze Query Results are based on the data in the Infoprovider.
There are two major types of authorization in BI. One type focuses on Administrative users (S_RS_ADMWB) and another type focuses on Reporting users (S_RS_COMP).
Analysis Authorization:
If you restrict user to certain InfoCube then this may be easy way to set up and maintain authorizations but this will severely restrict access. This would mean users can either access ALL the data in an InfoCube or NO data in the InfoCube.
For securing reporting Users, you may want to define authorizations at a much lower level than the InfoCube.
The Option Include for authorization
  • InfoCube Level: Restrict at the InfoCube Level
  • Characteristics Level: Restrict access to all values for a particular characteristics
  • Characteristic value level: restrict access to certain values of a particular characteristics
  • Key figure level: Restrict access to certain key figures
  • Hierarchy Node: Restrict access to certain modes of Hierarchy.
Securing Data Access for Reporting users:
You have restricted access for reporting users by InfoCube. A sales manager can run any query created for InfoCube. However, each sales manager is responsible for a specific division. Although all sales Manager can run the same query, the result should be displayed only for their assigned Division. You need to enable a reporting user to query data by their assigned Division.
Minimum Authorization Requirements for a Reporting User:
  • Analysis  authorization for an Infoprovider
  • S_RS_COMP (Activities 03,16).
  • S_RS_COMP1 (query Owner)
  • S_RFC (BEx Analyzer or BEx Browser only)
  • S_TCODE (RRMX for BEx Analyzer)
  • S_RS_AUTH
A reporting user must have authorization for the S_RS_COMP, S_RS_COMP1 authorization objects as well as analysis authorization for the Infoprovider on which the query is based.
In addition, If the reporting user will be using the BEx Analyzer reporting tool, they will need authorization for objects S_RFC and S_TCODE with authorization for transaction code RRMX.
Task 1:
Create roles Go to PFCG (eg:SALES_AUTH_MP) Click on single role
Go to authorization Tab And Select change authorization Data.
Provide details of Your Info Area, InfoCube, Query ,click on Save and generate
Create user: go to su01 and create sales manager north (sales north)
Add details to user and assign Initial Password to user
In Roles Tab Assign roles to User
Log on the Bex analyzer with your user Id and execute your query in the query result, drill down by division. Notice that you have access for several divisions.
Task 2:
Ensure that InfoObject Division as a authorization relevant.
Task3:
 Go to RSECADMIN  and select authorization Tab click on Maintenance
create  Authorization ZDIVNT and Press create button.
Enter short, medium and long text of secure by division
Insert the row By Pressing + Icon
Highlight the row with Division and chose details and Insert the row by pressing the + Icon
Select I in the Including/ Excluding Column.
Select EQ in the Operator column
Enter North in the characteristics from column
Save and press green arrow back
Choose Insert Special Character: the special Characteristics (0CTAACTVT(activity), 0TCAIPROV( Infoprovider), and 0TCAVALID( Validity)) should now be added to your analysis authorization
Save . return to management of analysis Authorization. ( Green Arrow Back)
Assign your reporting  user to your analysis authorization, Zdivnt . By passing your Reporting User to your new analysis authorization, that user will have only access to division north (Pumps)
Choose User Tab and Choose Assign
In the user field enter your reporting user Id and choose change.
In the Authorization section enter the Name ZDIVNT and press insert
Save Return Sap Menu Green arrow Back, green arrow back).
 Go to PFCG and select authorization Tab and click on change authorization data .Expand Business Information Warehouse, Expand BI analysis authorization Data and input  give for authorization Object.
Task 4:
Log in as your administration user ID log in BEx analyzer
Select your query (Z_MP_AUTH_REP) . Once open the Query, select it then choose Tools à Edit query from the BEx toolbar.
Open your Query Designer and press Filter Button.
From the context menu for division  chose restrict
In this shows choose variable
Highlight Z_DIVI ( division) and copy it to the selection list on the  right by pressing the Right arrow. Press OK and then save.
Press save the query and ok. And return to the BEX analyzer
You should leave the division blank, your query will display all the division during drill down. If we select the specific division , only that division will display during drill down. Leave Division blank. When the query results are displayed. Choose filter and double click on division. You should see all division  in the Drill down.( Division: East, West, North, South).
As your Reporting user , execute your Report Query, Z_MP_AUTH_REP . When select Pumps for the Variable Prompt. When the query displays, Drill down on Division. You should only see division North only.
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

sap hana hana database aws s4 hana hana db s4hana conversion steps sap hana azure bw4hana hana migration s4hana migration sap cloud migration steps sap hana migration steps sap hana migration to azure s4hana sap fiori fiori performance fiori erp s4 hana fiori sap fiori app sap fiori client sap fiori launchpad sap s4 hana fiori cisco ecc AI SAP AI abap dumps hana sap S/4HANA S/4HANA Conversion best sap ui5 & fiori training configuration database fiori tutorial on webide free sap ui5 & fiori training s/4 hana sap dumps sap fiori tutorial sap ui5 sap ui5 & fiori sap ui5 & fiori tutorial sara ui5cn 2367245 - Troubleshooting performance issues with SAP BPA Amazon free tier for SAP AWS setup Experience CALL_FUNCTION_NOT_FOUND CCMS Configuration and Use Create New Data Class in SAP (Oracle) Critical top SAP Abap dumps DHCP Clients Not Receiving IP Addresses Download Stack.xml HAN-DB HAN-DB-ENG High CPU Usage Due to Excessive Process Switching How To How to Start and Stop SAP Hana Tenant Database How to change SAP Hana Sql Output results are limited to 5000 Records How to perform SAP Dual Stack Split - Netweaver Inactive Objects in SAP Intercompany transactions in SAP AP / AR : Cross Company Code Transaction Interface Flapping Due to Duplex Mismatch KBA LOAD_PROGRAM_LOST MSSQL shrinking transaction log file Migrating to SAP hana database NAT Overload Causing Internet Access Failure Note 500235 - Network Diagnosis with NIPING OSPF Adjacency Not Forming PRINCE2 Foundation Sample Questions Preparing for S/4HANA Conversion and the MUST know items Push to Download Basket S/4HANA Migration Cockpit S/4JANA SAP BI Support Data Load Errors and Solutions SAP BI/BW Landscape SAP BPA SAP Basis SAP Basis Automation SAP Business Objects SAP CPS SAP Certification SAP FI Certification SAP FI Certification Sample Questions SAP HANA Admin - Cockpit SAP HANA DB Engines SAP HANA Database SAP HANA terminate session connection disconnect cancel kill hang stuck SAP Hana DB restore SAP Hana Numeric Error Codes SAP Landscape SAP Language installation SAP MM and Purchase Order Tables SAP Maintenance Planner SAP Note 500235 SAP R/3 Glossary SAP Readiness Check SAP S/4HANA 1709 Installation Files SAP S/4HANA 2023 SAP S/4HANA 2023 Installation SAP S/4HANA 2023 running SAP S/4HANA Installation SAP Scheduling SAP Solman 7.2 CHARM: SAP Support Package Stack Strategy SAP Support package SAP Upgrade SAP support stack upgrade SP stacks STORAGE_PARAMETERS_WRONG_SET SUSE/SLES/Kernel versions Setup of S/4hana 2023 TSV_TNEW_PAGE_ALLOC_FAILED TSV_TNEW_PAGE_ALLOC_FAILED error Transaction ID Unable to download an SAP Note Unix/Linux Command That Are Helpful For SAP Basis Upgrading SAP Kernel Without Downtime Upgrading windows server 2008 to windows server 2019 What is OSS Notes? SAP SNOTE Tutorial accounting agile ale idoc ale/edi archive FI documents audit auditing auditor aws aws cloud basic type bluefield approach ccms ccmsidb charm copilot datavard dbacockpit download sap note download snote edi idoc electronic data interchange enable sap archiving objects erpprep ffid firefighter fraud functional hana admin how to apply sap security note https://www.erpprep.com/ idoc install install sap fiori installation interfaces intermediate document internal control license key linux version materials management messsage niping test order type port prince2 agile prince2 agile practitioner purchasing quick info s4 hana sap abap dumps sap abbreviations sap activate certification sap activate project manager sap authorization sap aws sap brownfield sap ccms sap ccms configuration sap erp sap error sap grc sap greenfield sap internet demo system sap license sap maintenance certificate sap material management sap meaning sap mm sap mm consultant sap monthly security note sap netweaver sap network diagnostic sap niping sap note sap oss sap patch day sap performance sap performance issue sap purchase order sap s/4hana sap sales and distribution sap sap otc sap sd sap sd certification training sap sd course sap sd jobs sap sd module sap sd online training sap sd training sap sd tutorial sap sd tutorial for beginners sap security sap security note sap snote sap snote tutorial sap solution manager sap sql segregation of duties separation of duties sles slicense smc snote snote in sap system sod conflict solution manager solution maneger stop start hana database suse linux techie trex two step upgrade required waterfall