Authorization in BI 7 – Part 2

http://scn.sap.com/community/data-warehousing/netweaver-bw/blog/2012/05/22/authorization-in-bi-7 – Authorization in BI 7 – Part 1

In Authorization Part – 1, we have seen the creation of Authorization object. Now, part 2 will explain steps to create Authorization role.

• Go to t-code RSECADMIN-> User tab and click Role Maintenance i.e. General Role Maintenance PFCG as shown below.

• Next screen for the Role Maintenance will get open where you have to give Technical Name for the authorization role and click on Create Single Role.
  

• Next screen of create roles will open where you’ve to give Description of the role.
• Few tabs are given in the screen, out of which you’ve to select Authorizations tab to generate authorization profile.
• 
• Pop-up window will appear to ask you to Save the current role and then proceed.
• Now click on the Change Authorization Data option to get into the auth value maintenance screen.
• 
• Change role: Authorizations screen will appear where template selection window will popup, click on Do not select templates
• 
• Now, we’ve to enter all the required authorization roles manually so click on Manually (Ctrl+Shift+F9) button.
• 
• Window will popup where you can either directly enter authorization role name or search using F4.
• Following roles are compulsory for reporting authorization.
  • S_RFC

  • S_RS_AUTH

  • S_RS_COMP

  • S_RS_COMP1

• 
• Once objects are entered, you are back to the main screen with all the values in YELLOW which indicate values to be maintained for all of them.
• 
• Drill down for each object and fill up the required values.
  • S_RFC (Authorization Check for RFC Access)
    • Activity
    • Name of RFC to be protected
    • Type of RFC object to be protected
  • S_RS_AUTH (BI Analysis Authorizations in Role): Here you have to give technical name of authorization object(s) which we’ve created earlier. You have option to give *constant values also, again single, multiple-single and range values can be given for authorization.
  • 
  • Once you enter value, Save it.
  • 
  • S_RS_COMP (Business Explorer – Components): This role is used to restrict access for infoarea, infocube & reports.
    • Activity: You have to assign appropriate value(s) out of the list given. Value 16 & 22 are used majorly
      • Options
    1. Create or generate
    2. Change
    3. Display

                         6.  Delete

                        16.  Execute

                        22.  Enter, Include, Assign.

• InfoArea: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
• InfoCube: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
• Name (ID) of a reporting component: one or more single, multiple-single or range values can be mentioned here.F4 help available to select values.
• Type of a reporting component: value * is used as the list contains all the components of query.
• S_RS_COMP1(Business Explorer – Components: Enhancements to the Owner): In this role, values similar to S_RS_COMP role should be maintained.
• Once you assign all the required values, YELLOW objects will turn into GREEN now, SAVE the role and GENERATE the role.
• Click on SAVE (Ctrl + S) new window will pop up, just hit ENTER.
• 
• Message will appear in status bar Data was saved.
• Click on Generate (Shift + F5) button.
• Message will appear in status bar Profile(s) created.
• Once you generate the role, do not click on SAVE button.
• Now click on F3 / Back you are back to the main screen where now go to Users tab.
• 
• Enter BW User Id in User ID field and hit enter, name & other details will appear.
• Click on User Comparison button to update user profile with the given role.
• 
• New window will pop-up where you’ve to select Complete comparison.
• 
  
• Message will appear in status bar – User master record for all roles adjusted.
• Save the role and exit.

* Constant values for authorization: One should not use constant values for authorization because maintenance will increase as you’ve to go and change such values in each & every role.