Introduction to Roles and Authorizations in BW 7.4

The Roles and Authorization maintained in BW7.4 provides a restriction on accessing reports based on infocube level, Characteristics level, Characteristics Value level, Key Figure level, hierarchy Node Level. The above mentioned restrictions are maintained by using this below mentioned approach;

Authorizations are maintained in authorization objects.

Roles contain the Authorizations.

Users are assigned to roles

Capture 21.PNG

Transactions Used

Infoobject Maintenance – RSD1.

Role Maintenance – PFCG

Roles and Authorization maintenance – RSECADMIN.

User creation SU01.

Note: A Characteristic object should be Authorization Relevant to make it available for restrictions. To make a characteristics object, Authorization Relevant; Go to “Business Explorer” tab in Info object details. Without making an object Authorization relevant checked, we cannot use it or include it into the Authorization Object.

Enter T code RSD1

Capture.PNG

enter the info object and click on Maintain.

Capture 1.PNG

Click on Business Explorer Tab then select the Authorization Relevant check box.so now we can use this

object in Roles and Authorization.

SCENARIO:

In my Scenario we want to create authorization on info object(0FUNCT_LOC) with hierarchy.suppose the hierarchy have three level’s and i have 3 user’s like User1,User2,User3. but User1 need to access hierarchy level 1 data ,User2 need to access hierarchy level 2 and User3 need to access hierarchy level 3.so that we need to follow the steps.

Creating Roles and Authorization objects

Creating Authorization objects

Enter T code RSECADMIN

Capture 2.PNG

then click on Ind.Maint.

/wp-content/uploads/2016/04/cap2_927902.png

Enter the Authorization name and click on create.

/wp-content/uploads/2016/04/cap1_927890.png

Maintain short,medium,long description and click on Insert Row and enter the objects.

0TCAACTVT Activity in Analysis Authorizations

0TCAACTVT Grant authorizations to different activities like to change and Display, Default value is 03 Display.

0TCAIPROV Authorizations for InfoProvider

0TCAIPROV Grant authorization to particular InfoProviders, Default value is * .

0TCAVALID Validity of an Authorization

0TCAVALID Define when authorizations are valid or not valid, Default Value is * .

and click on insert special characteristics.

/wp-content/uploads/2016/04/cap3_927916.png

/wp-content/uploads/2016/04/cap4_927914.png

/wp-content/uploads/2016/04/cap5_927923.png

now enter the info object 0FUNCT_LOC. and double click on that then go for Hierarchy Authorizations Tab.

click on create option.

/wp-content/uploads/2016/04/cap6_927924.png/wp-content/uploads/2016/04/cap7_927925.png

  

select Hierarchy click on browse.

/wp-content/uploads/2016/04/cap8_927941.png

select Node Details and click on browse.

select particular Node from left side and move to right side what ever we required for particular user.

select particular Type of Authorization is

Capture 12.PNG

then click on continue.

Now click on User Tab.

Capture 13.PNG

click on Indvl Assignment then it will appear the below screen.

/wp-content/uploads/2016/04/cap10_927947.png

Enter the User and click on Role Maintenance.

/wp-content/uploads/2016/04/cap11_927948.png

click on create single role.

/wp-content/uploads/2016/04/cap12_927798.png

enter the description and click on change authorization data ICON.

/wp-content/uploads/2016/04/cap13_927898.png

add the above marked objects and click on generate ICON.

Now come to User tab enter the required user’s

/wp-content/uploads/2016/04/cap14_927989.png

Click on user comparison then we get the below screen.

/wp-content/uploads/2016/04/cap15_927990.png

If we want to give access particular T code then go to Menu tab click on Add that T code and then screen will appear like this.

Capture 20.PNG

enter t code and click on Assign Transactions.and save it.

now log in Analyzer or SAP BW with

for the User2 and User3 also we need to follow the same steps.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply