SAP BPC: Security Terminology
SAP Business Objects Planning and Consolidation (SAP Business Objects EPM portfolio) is an application dedicated to financial processes. Owned by the business and designed for the end user, it is the target environment to support planning, consolidation and financial reporting, through unique functionalities like Business Process Flow and tight Microsoft Office integration.
Following needs to be set up to enable authorization restriction:
End users of the application. BPC users require an SAP BW named account with specific access.
Specific application level access right/permissions. E.g. Manage Environments, View Environments, Manage Security, etc.
- Task Profile:
A collection of granted tasks. A Task Profile determines what type of activities or tasks a user or team can perform in BPC.
- Data Access Profile:
A collection of read, writes, or denies member access rights to each dimension of the model.
A group of users with a common task profile and data access profile. A team can have a team lead who have special access rights to the Team’s folder
It is a shell or BPC client in which all configuration and data reside. There can be more than one environment
User’s Authorizations is determined by the team assigned.
A Team is a group of users and fairly equivalent to a SAP NetWeaver role. Task Profiles and Member Access Profiles are assigned to a Team. A team can contain one or more task profile and member access profile. BPC has “Admin” team by default. Following are the features of team:
- Team can be added to user to enable the access
- The Manage Security task is required to modify, create, or delete Teams
- Any team member can be identified as a Team Lead, which provides management access to the Team’s Folder