SAP BPC: Security Terminology

SAP Business Objects Planning and Consolidation (SAP Business Objects EPM portfolio) is an application dedicated to financial processes. Owned by the business and designed for the end user, it is the target environment to support planning, consolidation and financial reporting, through unique functionalities like Business Process Flow and tight Microsoft Office integration.

Security Terminology

Following needs to be set up to enable authorization restriction:

• User:

End users of the application.  BPC users require an SAP BW named account with specific access.

• Tasks:

Specific application level access right/permissions.  E.g. Manage Environments, View Environments, Manage Security, etc.

• Task Profile:

A collection of granted tasks. A Task Profile determines what type of activities or tasks a user or team can perform in BPC.

• Data Access Profile:

A collection of read, writes, or denies member access rights to each dimension of the model.

• Team:

A group of users with a common task profile and data access profile.  A team can have a team lead who have special access rights to the Team’s folder

• Environment:

It is a shell or BPC client in which all configuration and data reside. There can be more than one environment

User Authorization

User’s Authorizations is determined by the team assigned.

Team

A Team is a group of users and fairly equivalent to a SAP NetWeaver role. Task Profiles and Member Access Profiles are assigned to a Team.  A team can contain one or more task profile and member access profile. BPC has “Admin” team by default. Following are the features of team:

• Team can be added to user to enable the access
• The Manage Security task is required to modify, create, or delete Teams
• Any team member can be identified as a Team Lead, which provides management access to the Team’s Folder