Introduction to Roles and Authorizations in BW 7.4
The Roles and Authorization maintained in BW7.4 provides a restriction on accessing reports based on infocube level, Characteristics level, Characteristics Value level, Key Figure level, hierarchy Node Level. The above mentioned restrictions are maintained by using this below mentioned approach;
Authorizations are maintained in authorization objects.
Roles contain the Authorizations.
Users are assigned to roles
Infoobject Maintenance – RSD1.
Role Maintenance – PFCG
Roles and Authorization maintenance – RSECADMIN.
User creation SU01.
Note: A Characteristic object should be Authorization Relevant to make it available for restrictions. To make a characteristics object, Authorization Relevant; Go to “Business Explorer” tab in Info object details. Without making an object Authorization relevant checked, we cannot use it or include it into the Authorization Object.
Enter T code RSD1
enter the info object and click on Maintain.
Click on Business Explorer Tab then select the Authorization Relevant check box.so now we can use this
object in Roles and Authorization.
In my Scenario we want to create authorization on info object(0FUNCT_LOC) with hierarchy.suppose the hierarchy have three level’s and i have 3 user’s like User1,User2,User3. but User1 need to access hierarchy level 1 data ,User2 need to access hierarchy level 2 and User3 need to access hierarchy level 3.so that we need to follow the steps.
Creating Roles and Authorization objects
Creating Authorization objects
Enter T code RSECADMIN
then click on Ind.Maint.
Enter the Authorization name and click on create.
Maintain short,medium,long description and click on Insert Row and enter the objects.
0TCAACTVT Activity in Analysis Authorizations
0TCAACTVT Grant authorizations to different activities like to change and Display, Default value is 03 Display.
0TCAIPROV Authorizations for InfoProvider
0TCAIPROV Grant authorization to particular InfoProviders, Default value is * .
0TCAVALID Validity of an Authorization
0TCAVALID Define when authorizations are valid or not valid, Default Value is * .
and click on insert special characteristics.
now enter the info object 0FUNCT_LOC. and double click on that then go for Hierarchy Authorizations Tab.
click on create option.
select Hierarchy click on browse.
select Node Details and click on browse.
select particular Node from left side and move to right side what ever we required for particular user.
select particular Type of Authorization is
then click on continue.
Now click on User Tab.
click on Indvl Assignment then it will appear the below screen.
Enter the User and click on Role Maintenance.
click on create single role.
enter the description and click on change authorization data ICON.
add the above marked objects and click on generate ICON.
Now come to User tab enter the required user’s
Click on user comparison then we get the below screen.
If we want to give access particular T code then go to Menu tab click on Add that T code and then screen will appear like this.
enter t code and click on Assign Transactions.and save it.
now log in Analyzer or SAP BW with
for the User2 and User3 also we need to follow the same steps.