Skip to Content

http://scn.sap.com/community/data-warehousing/netweaver-bw/blog/2012/05/22/authorization-in-bi-7 – Authorization in BI 7 – Part 1

In Authorization Part – 1, we have seen the creation of Authorization object. Now, part 2 will explain steps to create Authorization role.

  • Go to t-code RSECADMIN-> User tab and click Role Maintenance i.e. General Role Maintenance PFCG as shown below.

role.JPG

  • Next screen for the Role Maintenance will get open where you have to give Technical Name for the authorization role and click on Create Single Role.

role1.JPG

  • Next screen of create roles will open where you’ve to give Description of the role.
  • Few tabs are given in the screen, out of which you’ve to select Authorizations tab to generate authorization profile.
  • auth.JPG
  • Pop-up window will appear to ask you to Save the current role and then proceed.
  • Now click on the Change Authorization Data option to get into the auth value maintenance screen.
  • auth-1.JPG
  • Change role: Authorizations screen will appear where template selection window will popup, click on Do not select templates
  • auth4.JPG
  • Now, we’ve to enter all the required authorization roles manually so click on Manually (Ctrl+Shift+F9) button.
  • auth3.JPG
  • Window will popup where you can either directly enter authorization role name or search using F4.
  • Following roles are compulsory for reporting authorization.
    • S_RFC
    • S_RS_AUTH

    • S_RS_COMP

    • S_RS_COMP1

  • role2.JPG
  • Once objects are entered, you are back to the main screen with all the values in YELLOW which indicate values to be maintained for all of them.
  • auth6.JPG
  • Drill down for each object and fill up the required values.
    • S_RFC (Authorization Check for RFC Access)
      • Activity
      • Name of RFC to be protected
      • Type of RFC object to be protected
    • S_RS_AUTH (BI Analysis Authorizations in Role): Here you have to give technical name of authorization object(s) which we’ve created earlier. You have option to give *constant values also, again single, multiple-single and range values can be given for authorization.
    • auth8.JPG
    • Once you enter value, Save it.
    • auth9.JPG
    • S_RS_COMP (Business Explorer – Components): This role is used to restrict access for infoarea, infocube & reports.
      • Activity: You have to assign appropriate value(s) out of the list given. Value 16 & 22 are used majorly
        • Options
        1. Create or generate
        2. Change
        3. Display

                         6.  Delete

                        16.  Execute

                        22.  Enter, Include, Assign.

      • InfoArea: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
      • InfoCube: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
      • Name (ID) of a reporting component: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
      • Type of a reporting component: value * is used as the list contains all the components of query.
    • S_RS_COMP1(Business Explorer – Components: Enhancements to the Owner): In this role, values similar to S_RS_COMP role should be maintained.
  • Once you assign all the required values, YELLOW objects will turn into GREEN now, SAVE the role and GENERATE the role.
  • Click on SAVE (Ctrl + S) new window will pop up, just hit ENTER.
  • auth10.JPG
  • Message will appear in status bar Data was saved.
  • Click on Generate (Shift + F5) button.
  • Message will appear in status bar Profile(s) created.
  • Once you generate the role, do not click on SAVE button.
  • Now click on F3 / Back you are back to the main screen where now go to Users tab.
  • auth11.JPG
  • Enter BW User Id in User ID field and hit enter, name & other details will appear.
  • Click on User Comparison button to update user profile with the given role.
  • auth12.JPG
  • New window will pop-up where you’ve to select Complete comparison.
  • auth13.JPG
  • Message will appear in status bar – User master record for all roles adjusted.
  • Save the role and exit.


* Constant values for authorization: One should not use constant values for authorization because maintenance will increase as you’ve to go and change such values in each & every role. 

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply