Professional Documents
Culture Documents
BI 7 Security
1
Prerequisite: The pre requisite of this presentation is that audience
should have knowledge about the BW 3.x SAP Security.
2
Topics Covered
3
Differences between BW 3.x & BI 7
4
Differences between 3.x & BI 7
5
Contd…
RSSM RSECADMIN
6
Contd…
Authorization:
Authorization: PFCG (Role based approach)
PFCG (Role based approach) RSECAUTH (Analysis Authorization Based
Approach)
7
Contd…
8
BI 7 Security Features
9
BI 7 Security Features
1. Analysis Authorization
2. Authorization Relevance
3. Special Characteristics
4. Special Authorization: 0BI_ALL
5. Variables in Authorization
6. Key Figure Authorization
7. Authorizing Navigational Attributes
10
Analysis Authorization
• This is also called data level access. With the new NW2004s analysis
authorisation principles it is now possible to create an analysis
authorisation object directly on an info object
11
Authorization Relevance
12
Special Characteristics
13
Special Authorization: 0BI_ALL
• A user that has a profile with the authorization object S_RS_AUTH and
has entered 0BI_ALL (or has included value as *) has complete access
to all data.
14
Key Figure Authorizations
15
Authorizing Navigational Attributes
16
Authorization Trace
17
Authorization Trace
In BI 7 we can Trace :
1) Authorization Monitoring
2) Change log of Analysis authorization
18
Authorization Monitoring
Checking Authorizations
• Log on with your own user ID (production support role)
• Check query execution with the authorizations of a specific user
19
Contd……..
20
Change log of Analysis authorization
Activate the following Virtual Providers from the Business Content (VAL =
Values, HIE = Hierarchies, UA = User Assignment)
21
Creation of Analysis
Authorization
22
Creation of Analysis Authorization
23
Creation through RSECADMIN
24
Automatic generation of analysis authorization
26
Load of Data Store Objects
• Fill the Data Store objects with the user data and authorizations
• Extract the data, for example, from an SAP R/3 source system or from
a flat file
Note: Some consistency checks should be added to avoid errors during
the generation later
27
Generate Authorizations
28
View Generation Log
29
Assignment of Analysis
Authorization
30
Assignment of authorization
31
Direct assignment
32
Pros and Cons
33
Contd…..
34
Indirect assignment through Roles (PFCG)
35
Pros and Cons
Pros:
• All the Change documents are already available
• All the existing SUIM reports are already available
• Possible to perform mass assign role assignment
Cons:
• Roles need to be created corresponding to the analysis authorization
which will include more maintenance in the system
36
New Authorization Objects
37
BI 7 new Authorization Objects
Below are the new authorization objects in BI7 for administration workbench,
business Explorer and analysis authorization.
Authorization objects for the Data Warehousing Workbench:
S_RS_DS: For the DataSource or its sub objects (NW2004s)
S_RS_ISNEW: For new InfoSources or their sub objects (NW 2004s)
S_RS_DTP: For the data transfer process and its sub objects
S_RS_TR: For transformation rules and their sub objects
S_RS_CTT: For currency translation types
S_RS_UOM: For quantity conversion types
S_RS_THJT: For key date derivation types
S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings
S_RS_RST: Authorization object for the RS trace tool
S_RS_PC: For process chains
S_RS_OHDEST: Open Hub Destination
38
Authorization objects for the Business Explorer:
S_RS_DAS: For Data Access Services
S_RS_BTMP: For BEx Web templates
S_RS_BEXTX: Authorizations for the maintenance of BEx texts
39
Questions
40