Skip to Content

The Art of understanding Security and Authorizations in SAP BI/BW

Now days many of us might be aware that we are not confined to our own responsibilities. There are cases where a SAP- BI/BW consultant has to perform the activities of a security or Basis consultants or at least should be in a position to educate the security consultant to satisfy our needs.

Security in BI is a bit different compared to our OLTP (R3) system.

In r3 we perform restriction to transaction, some field values and the activities a user can perform this depends tactically on his designation.

The main work in BW is to fetch and analyze the data the end users will not update any data instead they only analyze the data for further decision making. So the main aim of the BI security is to concentrate on the data itself, it can be info areas, info providers and Queries, of the all  queries play a very important role in decision making.

To understand the authorization concept in BW first we need to classify the users into two types

  •     Administrative users: Users work on the system with info providers, transaction codes etc.(mostly security authorizations in for this users is same as in R3 side)
  • Reporting users: Users access the queries through BEx analyzer or Bex web Analyzer…

But for the reporting users there should be a separate concept to restrict data at field level , also u need to have special tools like Analysis authorizations.

For understanding this first we need to be familiar about Authorization objects.

Some points about Authorization objects

  1. They help you to maintain authorizations by grouping up to 10 authorization fields using an And relation to see the user can perform the action or not.
  2. Authorization objects are grouped according to the authorization object classes.We can check them in the TcodeSU21 (Maintaining authorization objects).

The major class in BI is RS which you can find in the following screenshot.


Under this class authorization objects exits.


Here in the above screen shot there are some Authorizaiton objects which are used for Administrative users and some for reporting.

In the next part we will learn about the important authorization objects for reporting.

  1. Cont.…..
You must be Logged on to comment or reply to a post.
  • Hi Santosh,

    Good article on the Auth, Could you please provide me with the URL for the next article if it is published, I’m looking for similar info for BI & BO.

    Thanks in advance.

      • Thnx, Santosh,

        Sorry to ask, But just a ray of hope so checking with you that have you ever worked on SAP ECC & BI Data reconciliation, The one available on the net are so generic, So ws wondering if you have real scenario based, If you do, Please share.

        Thanks in advance.

        Best Regds,


        • HI,

          Generally we use to do a vlook up in excel for the delta load data day by day, other than that we have some small programs, but not sure about the remaining ways.


          • Hi Santosh,

            That is a manual process and laborious, So was looking for some automated solution, Anyways thanks and will be waiting for your second post on the Authorizations…:)