Skip to Content

SAP BW 7.3 Analysis Authorization and SSO with BO — PART 2

Hi All,

These days, there are lot of projects happening in the BW-BO Integration Space. Obviously the data level security also place a very crucial role both in BW and BO side. Here am trying to show how exactly an Analysis Authorization(Hereafter referred to as AA) works in BW and how it is further leveraged in BO side.

Part 1 covers the step by step activities to be done at the BW side.(

Part 2 covers the step by step activities to be done at the BO side.


Applies to:

SAP NetWeaver Business Warehouse (formerly BI).

Author:      Prabhith Prabhakaran

Company: Capgemini India Private Limited

Author Bio:


Prabhith is a Senior SAP BW-BOBJ Consultant with more than six years of experience and is currently working with Capgemini Consulting, India.

His area of expertise includes BW, BODS, BOBJ and HANA.

Other popular articles from the same Author:

  1. Points to be considered while integrating BW Bex queries with BO WEBI  –>
  2. SAP BW 7.3 Promising Features –>
  3. House Keeping / Performance Tuning Activities in SAP BW Systems (4 Parts)


Scenario: We will take a scenario in an automotive industry where Vehicles are sold in different Regions(say, Within India) .In the company, we have a Regional Manager user who is supposed to see vehicles sold under his Region and in the Area which is hierarchically under his Region.

For document purpose, the Regional Manager username is BOUSR_BAN. He is supposed to see only Bangalore Region(Key is R002) and the Area under his Bangalore Region which is  ‘Bangalore’ and ‘Hubli’.

We have seen this scenario working perfectly at the BW side in the Part 1.

Now let’s move ahead and log into the BO side.

Before moving ahead to BO, please be informed that the administrative/ Basis activities pertaining to the BW-BO SSO integration have not been been explained as the same has been explained adequately elsewhere.

This scope of this document will the modifications/activities required to make SSO working in BO side.


First log into to the BO CMC.(assuming that the BW-BO SSO technical integration is completed).


Change Authentication to SAP.


Import the required roles to BO. The roles created in BW would be available in the left pane, select and manually add to the right pane.

In this case, we are manually adding the Bangalore Role.(BAN)


Perform the user update activities.


PS: The users attached with the imported role will now be available in BO side.

Take OLAP Connections and navigate to the BICS connection which you want to make as SSO enabled.


Right click on the connection and edit the same:


Enable SSO authentication:


Now we are all set for testing the security in BO.

Login to a Webi report using the SSO user id BOUSR_BAN(Created in BW as mentioned in Part 1) and authentication as SAP.


Run the corresponding Webi report for which we tested the data level security (for the Bex counterpart) in Part 1.


You can find that only Bangalore Region is available for the user BOUSR_BAN.

After giving the required prompts, we will get the following output in Webi.


Earlier, the output we received in Bex was as follows:


This completes the step by step SSO authorization activity in BO.

Hope this document was useful for you!

Expecting your feedback and comments.



You must be Logged on to comment or reply to a post.