Skip to Content
Author's profile photo prabhith prabhakaran

SAP BW 7.3 Analysis Authorization and SSO with BO — PART 2

Hi All,

These days, there are lot of projects happening in the BW-BO Integration Space. Obviously the data level security also place a very crucial role both in BW and BO side. Here am trying to show how exactly an Analysis Authorization(Hereafter referred to as AA) works in BW and how it is further leveraged in BO side.

Part 1 covers the step by step activities to be done at the BW side.(http://scn.sap.com/docs/DOC-47501)

Part 2 covers the step by step activities to be done at the BO side.

 

Applies to:

SAP NetWeaver Business Warehouse (formerly BI).

Author:      Prabhith Prabhakaran

Company: Capgemini India Private Limited

Author Bio:

/wp-content/uploads/2013/10/pho_298035.png

Prabhith is a Senior SAP BW-BOBJ Consultant with more than six years of experience and is currently working with Capgemini Consulting, India.

His area of expertise includes BW, BODS, BOBJ and HANA.

Other popular articles from the same Author:

  1. Points to be considered while integrating BW Bex queries with BO WEBI  –> http://scn.sap.com/docs/DOC-35444
  2. SAP BW 7.3 Promising Features –>  http://scn.sap.com/docs/DOC-30461
  3. House Keeping / Performance Tuning Activities in SAP BW Systems (4 Parts)

        –> http://scn.sap.com/community/data-warehousing/netweaver-bw/blog/2013/10/02/house-keeping-activities-in-sap-bw-systems

Scenario: We will take a scenario in an automotive industry where Vehicles are sold in different Regions(say, Within India) .In the company, we have a Regional Manager user who is supposed to see vehicles sold under his Region and in the Area which is hierarchically under his Region.

For document purpose, the Regional Manager username is BOUSR_BAN. He is supposed to see only Bangalore Region(Key is R002) and the Area under his Bangalore Region which is  ‘Bangalore’ and ‘Hubli’.

We have seen this scenario working perfectly at the BW side in the Part 1.

Now let’s move ahead and log into the BO side.

Before moving ahead to BO, please be informed that the administrative/ Basis activities pertaining to the BW-BO SSO integration have not been been explained as the same has been explained adequately elsewhere.

This scope of this document will the modifications/activities required to make SSO working in BO side.

 

First log into to the BO CMC.(assuming that the BW-BO SSO technical integration is completed).

/wp-content/uploads/2013/10/1_298036.png

Change Authentication to SAP.

/wp-content/uploads/2013/10/2_298037.png

Import the required roles to BO. The roles created in BW would be available in the left pane, select and manually add to the right pane.

In this case, we are manually adding the Bangalore Role.(BAN)

/wp-content/uploads/2013/10/3a_298074.png

Perform the user update activities.

/wp-content/uploads/2013/10/4_298088.png

PS: The users attached with the imported role will now be available in BO side.

Take OLAP Connections and navigate to the BICS connection which you want to make as SSO enabled.

/wp-content/uploads/2013/10/6_298089.png

Right click on the connection and edit the same:

/wp-content/uploads/2013/10/7_298098.png

Enable SSO authentication:

/wp-content/uploads/2013/10/8_298099.png

Now we are all set for testing the security in BO.

Login to a Webi report using the SSO user id BOUSR_BAN(Created in BW as mentioned in Part 1) and authentication as SAP.

/wp-content/uploads/2013/10/22_298299.png

Run the corresponding Webi report for which we tested the data level security (for the Bex counterpart) in Part 1.

/wp-content/uploads/2013/10/23_298300.png

You can find that only Bangalore Region is available for the user BOUSR_BAN.

After giving the required prompts, we will get the following output in Webi.

/wp-content/uploads/2013/10/25_298317.png

Earlier, the output we received in Bex was as follows:

/wp-content/uploads/2013/10/21_298318.png

This completes the step by step SSO authorization activity in BO.

Hope this document was useful for you!

Expecting your feedback and comments.

BR

Prabhith

Assigned Tags

      17 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi prabhith prabhakaran,

      Helpful document thanks For Sharing 🙂 🙂 , Is there any documents Related info From BW  to HANA  (using CTS Mechanism) not IMPORT and EXPORT. 😉 😉

      Regards,
      Giri

      Author's profile photo Former Member
      Former Member

      Nice ...Thanks for Sharing Part 2  

      Regards,

      NK

      Author's profile photo Former Member
      Former Member

      Hi Prabhith

      I could not see the attached screenshots. Can you please upload again. We have also implemented SSO between BO-BW system in our project, faced few issues earlier but now its working fine..

      Nice blog both part1 and part 2..Hope this article could have come few months before 🙂 ...

      Regards

      Shabnam

      Author's profile photo Matthew Billingham
      Matthew Billingham

      Sometimes it's a browser issue, but I've checked in chrome and IE and I also cannot see the screenshots.

      Author's profile photo prabhith prabhakaran
      prabhith prabhakaran
      Blog Post Author

      Hi,

      Thanks a lot for all your comments.

      Matthew Billingham ,Shabnam Shourav

      I am not facing any issues in seeing the screesnshots.

      Even I asked a friend of mine to check , he is also not facing any problems.

      Don't know what exactly the issue is?

      BR

      Prabhith

      Author's profile photo CH Raman
      CH Raman

      Hi Prabhith,

      Very useful article and good presentation. Thanks for sharing.

      Me too, am also seeing screen shots thru google chrome/mozille. its fine.

      Thanks

      Author's profile photo Matthew Billingham
      Matthew Billingham

      I can see them now. I wonder if it was to do with synchronisation of servers.

      Author's profile photo Former Member
      Former Member

      Its visible for me also ... Thanks

      Author's profile photo Former Member
      Former Member

      Thanks for the Part 2 as well!

      Regards,

      Prasad

      Author's profile photo Carlos Pinto Camarero
      Carlos Pinto Camarero

      Another helpful document, thanks for your time Prabhith.

      Regards,

      Carlos

      Author's profile photo Former Member
      Former Member

      Hi,

      Nice piece of information on SSO.

      Thanks for sharing,

      Regards,

      Lethika

      Author's profile photo prabhith prabhakaran
      prabhith prabhakaran
      Blog Post Author

      Hi,

      Thanks a lot to all of you!

      BR

      Prabhith

      Author's profile photo Former Member
      Former Member

      Nice 1.....Keep it up... 🙂

      Author's profile photo François MAZAUD
      François MAZAUD

      Thks.

      Would that work for  a relational connection, too ? (ie, scenario where BO accesses BW infoproviders, mirrored as Universes, instead of accessing queries).  I can't see this property "use SSO" for relational connections... Maybe its because only BICS handles security ?

      Author's profile photo Former Member
      Former Member

      Hi,

      Thanks for sharing the document.

      Regards

      Amrith..

      Author's profile photo prabhith prabhakaran
      prabhith prabhakaran
      Blog Post Author

      Hi,

      Thanks a lot. Mithun Patil and Amrithpal K.

      BR

      Prabhith

      Author's profile photo Former Member
      Former Member

      HI

      Thanks a lot nice and detailed very helpfull