Skip to Content
Technical Articles
Author's profile photo Andrzej Jedrzejczyk

Using SAP BW authorization relevant InfoObject in SAP Profitability and Performance Management reporting

SAP Profitability and Performance Management (PaPM) is a unique tool which allows user to maintain their data in easy and robust way. Nevertheless, question that might came in customer’s mind is:

“Which kind of authorizations can I use?”

This question can be answered depending on the angle you are looking at or standing on.  For example which environment should be allowed for user to change, which action should user perform.

In the blog post written by Irina Ivanova, she described the authorization concept seen from SAP Profitability and Performance Management point of view. In addition to this wonderful and clear blog post, you can check additional information in the official help documentation for authorizations in SAP Help Portal.

Now if you tend to focus on authorization related to Dual Control, it is being described in detail by Ivann Oriondo in this blog post.

Since there are still questions about PaPM authorization related to infoobjects, I came up with idea to write an authorization related blog post focusing on : authorization relevant InfoObjects in PaPM and how user can deal with it.

In my next few paragraphs below, let me discuss and explain to you the infoObject’s analytical authorizations. Let’ begin.

What is analytical authorization? To be quick in explanation let’s have an example which will visualize this thing.

You are chief of controlling department of company X. This company is parent company of 3 other child companies: A, B and C. In every of those companies there is also chief of controlling department, but he/she is responsible only for his/hers company. You (as higher in company hierarchy) would like to see every information, e.g.: Net result from company X, however you don’t want them to see result of each other, so: controlling dept. of company A should only see data from company A and so on, so net result report should be shown for every chief as on screen below:

Fig.%201%20Example%20of%20results%2C%20which%20will%20be%20displayed%20for%20different%20companies.

Fig. 1 Example of results, which will be displayed for different companies.

So you need to create 4 reports for every company member, which will have to be restricted by Company code for every specific company? The answer is: There is a better solution: You can use Authorization relevant InfoObject and create only one report and SAP BW backend will restrict data according to your authorizations and everything can happen on one report only. In this blog I will show you how to achieve such thing and how to combine this feature with SAP Profitability and Performance Query function.

So we need to create company code characteristic for those purposes:

  1. Company code characteristic:

Fig.%202%20Authorization-Relevant%20checkbox%20on%20HANA%20Studio%20creation%20view

Fig. 2 Authorization-Relevant checkbox on HANA Studio creation view.

With given master data:

Fig.%203%20HANA%20Studio%20Masterdata%20maintenance%20screen.

Fig. 3 HANA Studio Master data maintenance screen.

Now we can log into BW client and go to Transaction RSECADMIN.

Fig.%204%20RSECADMIN%20screen%20in%20SAP%20GUI.

Fig. 4 RSECADMIN screen in SAP GUI.

Individual maintenance and create new authorization named CC_A:

Fig.%205%20RSECADMIN%3A%20Maintaining%20authorization%20CC_A.

Fig. 5 RSECADMIN: Maintaining authorization CC_A.

Now you can press the button in green square like on screenshot above. It will fill table with 3 InfoObjects that are necessary for analytic authorization to work. Since those are in the table you can add this particular authorization relevant InfoObject – in our case YBW_COMP. Double click this InfoObject.

New screen will pop-up. Add new line like and edit row : I – for include. Then you can select list of single values to be included for analytical authorizations like on screenshot below:

Fig.%206%20RSECADMIN%3A%20Maintaining%20authorization%20CC_A%3A%20Selecting%20single%20values.

Fig. 6 RSECADMIN: Maintaining authorization CC_A: Selecting single values.

Or you can select specific range of given values:

Fig.%207%20RSECADMIN%3A%20Maintaining%20authorization%20CC_A%3A%20Selecting%20range.

Fig. 7 RSECADMIN: Maintaining authorization CC_A: Selecting range.

The third and last option is to select contains pattern and it can look like this:

Fig.%208%20RSECADMIN%3A%20Maintaining%20authorization%20CC_A%3A%20Selecting%20by%20pattern.

Fig. 8 RSECADMIN: Maintaining authorization CC_A: Selecting by pattern.

For this particular scenario we will select it as equal to “CC_A”:

Fig.%209%20RSECADMIN%3A%20Maintaining%20authorization%20CC_A%20%u2013%20Saved%20and%20activated%20authorization.

Fig. 9 RSECADMIN: Maintaining authorization CC_A – Saved and activated authorization.

After that you can save and activate authorization object. Next you can make authorization object for companies B and C, and then one more: for all companies: CC_ALL

Fig.%2010%20RSECADMIN%3A%20Maintaining%20authorization%20CC_ALL.

Fig. 10 RSECADMIN: Maintaining authorization CC_ALL.

Next thing is to assign authorization object to particular user. In our case user DBW_ATH_PAPM. To do that go to T-code RSECADMIN and select User tab and individual assignment:

Fig.%2011%20RSECADMIN%3A%20Assign%20authorizations%20for%20user.

Fig. 11 RSECADMIN: Assign authorizations for user.

And fill name of particular authorization and click “Insert”.

Fig.%2012%20RSECADMIN%3A%20Selecting%20authorizations%20for%20user.

Fig. 12 RSECADMIN: Selecting authorizations for user.

In this scenario I will add CC_A and CC_B authorizations to this user.

Second idea is to add those authorizations to specific role:

Fig.%2013A%20Applying%20authorizations%20for%20role.

Fig. 13A Applying authorizations for role.

Fig.%2013B%20Applying%20authorizations%20for%20role.

Fig. 13B Applying authorizations for role.

And if you do so, those values are applied to tab “Role Based”

Fig.%2014%20RSECADMIN%20authorizations%20for%20user%20%u2013%20Role-Based%20tab.

Fig. 14 RSECADMIN authorizations for user – Role-Based tab.

Now on SAP Profitability and Performance Management side lets create Model Table function that will contain this characteristic and key figure: Net result. Then fill table with data given below:

Company Code Net result
CC_A 1.500.000
CC_B 2.000.000
CC_C 2.500.000

 

And simple query function with this Model Table as an input and query source as Environment. Definition of query should look like this: Net result in columns and Company code in rows. Last step is to restrict Company code characteristic with authorization variable as given in screenshot below:

Fig.%2015%20SAP%20Profitability%20and%20Performance%20Management%20Query%20function%20definition.

Fig. 15 SAP Profitability and Performance Management Query function definition.

And activate the query.

As user with no restrictions defined and full authorization this is how result would look like:

Fig.%2016%20Query%20result%20visible%20for%20user%20with%20all%20authorizations.

Fig. 16 Query result visible for user with all authorizations.

As you can see – all results are available. Now how this query will look from this specific user for whom we managed authorizations? Answer in screenshot below:

Fig.%2017%20Query%20result%20visible%20for%20user%20with%20restrictions%20via%20authorization%20objects.

Fig. 17 Query result visible for user with restrictions via authorization objects.

As you can clearly see analytic authorization works for SAP Profitability and Performance Management query function. It can be relevant when you would like to restrict the results of your calculations for specific user. I encourage you to switch those authorizations to the one created before. If you would like to know more about those kinds of privileges please stay tuned for another blog in which I will describe advanced things that you can do with SAP BW analytics privileges feature!

Assigned tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo CARLOS GARCIA
      CARLOS GARCIA

      Excelent Blog Andredzj, with this aprroach we can restrict at query level, do you know if there is any way, in PAPM you can restrict so the user can not execute a calculation for a specific Company ?

      Author's profile photo Andrzej Jedrzejczyk
      Andrzej Jedrzejczyk
      Blog Post Author

      Hi Carlos

      Thank you for sharing your opinion, I really appreciate it, this blog is a starting point of series of blogs related to SAP BW authorization in SAP PaPM. Second part you can find here:

      https://blogs.sap.com/2021/07/30/using-sap-bw-authorization-relevant-infoobject-in-sap-profitability-and-performance-management-3.0-more-complex-scenarios/

      Using SAP BW authorization relevant InfoObject in SAP Profitability and Performance Management 3.0 – more complex scenarios.

      There will be also 3rd part treated about restricting calculation (mainly writer function) in SAP PaPM using SAP BW authorization.

      Please follow SAP PaPM blogs.

      Regards

      Andrzej