SAP BI security is an
integral part of any BI implementation. Integrating all the data coming from
various source systems and providing the data access based on the user’s role
is one of the major concerns of all the BI Projects.
Security of SAP R/3-ECC systems
are based on the activities while SAP BI security is focused on what data user
can access. Security in BI is categorized by major 2 categories:
Administrative
Users – The
way we maintain security for administrative users is same as ECC security but
we have additional authorization objects in system which are defined only for
BI objects.
Reporting Users– We have separate tools(Analysis
Authorization) to maintain security for reporting users.
What is
Authorization Object?
It allows to check whether a
user is allowed to perform a certain action. Actions are defined on the fields,
and each field in authorization object should pass the check. We can check all
the Standard BI Authorization Objects using tcode SU21 under the Business Warehouse
folder:
With the SAP BI 7.0 we have
new tool to maintain the reporting level security. We can access this new tool
using tcode RSECADMIN
which replaces the old RSSM tool of BW 3.x.
## Below are the Step-by-Step
instructions to create/maintain authorization objects for SAP BI Reporting:
I am covering the scenario
where each employee (Sales Team) is assigned with one territory number, and the
data should be accessible to employee based on their territory only. For this
scenario to work we have to set security restriction for the corresponding
territory InfoObject (ZDWSLTER).
# The first step before we create any
Authorization Object is to set all the InfoObjects as authorization relevant
for which we want to restrict data access.
Authorization
Objects on InfoObject’s of type Characteristic:
# For accessing the new Analysis
Authorization tools we use tcode RSECADMIN -> Authorizations Tab ->
Maintenance Button
# We can also use tcode RSECAUTH directly to come to
maintenance screen:
# We have to give the technical name
of the Authorization Object (ZDWKJTEST) then hit the create button:
# The very first step of creating any
Authorization Object is to add the special characteristics as field for
restirction:
# The below 3 characteristics are
mandatory for defining any Authorization Object. If we don’t have this we will
get no access to any InforProvider. By default this gives us access to all the
InfoProvider(Full Access), but we can also set the value of InfoProvider for
which we want the Authorization Object to work.
# Now I am adding the infoobject(ZDWSLTER) for which we
want to add restriction
# We can double click on the newly
added infobject, and can define the value which we want to allow for this
InfoObject. We can also set the dynamic value using Customer Exit Code which we
will cover later in this blog.
Excellent blog Thanks for sharing a good information, This Article is useful to learners.
ReplyDeleteSAP BI/BE Online Training
It was so nice article.I was really satisfied by seeing this article sap wm video.
ReplyDeleteThank you. for wonderful article. It has more Information in Your Website sap learning videos.
ReplyDeleteI am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
ReplyDeleteCyber Security Projects for CSE
JavaScript Training in Chennai
Project Centers in Chennai for CSE
JavaScript Training in Chennai