The Art of understanding Security and Authorizations in SAP BI/BW
Now days many of us might be aware that we are not confined to our own responsibilities. There are cases where a SAP- BI/BW consultant has to perform the activities of a security or Basis consultants or at least should be in a position to educate the security consultant to satisfy our needs.
Security in BI is a bit different compared to our OLTP (R3) system.
In r3 we perform restriction to transaction, some field values and the activities a user can perform this depends tactically on his designation.
The main work in BW is to fetch and analyze the data the end users will not update any data instead they only analyze the data for further decision making. So the main aim of the BI security is to concentrate on the data itself, it can be info areas, info providers and Queries, of the all queries play a very important role in decision making.
To understand the authorization concept in BW first we need to classify the users into two types
- Administrative users: Users work on the system with info providers, transaction codes etc.(mostly security authorizations in for this users is same as in R3 side)
- Reporting users: Users access the queries through BEx analyzer or Bex web Analyzer…
But for the reporting users there should be a separate concept to restrict data at field level , also u need to have special tools like Analysis authorizations.
For understanding this first we need to be familiar about Authorization objects.
Some points about Authorization objects
- They help you to maintain authorizations by grouping up to 10 authorization fields using an And relation to see the user can perform the action or not.
- Authorization objects are grouped according to the authorization object classes.We can check them in the TcodeSU21 (Maintaining authorization objects).
The major class in BI is RS which you can find in the following screenshot.
Under this class authorization objects exits.
Here in the above screen shot there are some Authorizaiton objects which are used for Administrative users and some for reporting.
In the next part we will learn about the important authorization objects for reporting.