SAP BW Authorizations

Hi All,
I am BW Consultant, till now I didn't get a chance to work on BW Authorizations.
Could please suggest how authorization concept will work in our BW system and could please give good documentation for the same. I need to work on BW 7.0 system.
Thanks in advance...
Prasanna
Moderator Message: Please search for relevant documentation.
Edited by: kishan P on Mar 2, 2012 3:41 PM

Hi,
Please check the below link:
http://help.sap.com/saphelp_nw04s/helpdata/en/80/d71042f664e22ce10000000a1550b0/frameset.htm
Please refer notes
820183 New authorization concept in BI
727354 Colon authorization during query execution
1122407 dealing with prerequisits for message processing in OLAP!!
Thanks,
Venkat

Similar Messages

  • Learning SAP BW authorizations structure and hierarchy  -  concepts

    Hello Experts,
    I need a good document for learning Authorizations structuring and hierarchy in SAP BIW 3.5 . I am giving authorizations in BIW but do not hv conceptual nd fundamentalistic knowledge of SAP BW authorizations and its structure . Plz send a good document for learning BW authorizations .............................it may be an excerpt frm FU&FU guide. My Email Id is [email protected]
    A short but complete SAP BW fundamentalistic , concepts and structure & hierarchy covering document is appreciated.
    Requested to revert at earliest as this is very urgent.
    Points guaranteed.
    Regards,
    Somya

    Hi maheshwari ,
    Use these steps for authorizations,
    1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
    EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
    first u ahve to decide which area & on which Infoobject.
    2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
    2.after that U Have to goto RSSM there u have to create authorization object
    Ex: Zxxx ( XXX is Infoobject Name ).
    3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
    4.next goto PFCG create role & save it
    5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
    6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
    7.click generate +enter
    8. goto user tab Enter userId+enter + click on usercomparision+ enter
    9.save the role.
    FOR HIRARCHIES:
    1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
    2. there u have to select Hierachy on which u have to apply authorization.
    Thanks,
    kiran

  • Report data restriction based on SAP ID - Authorization in BI 7.0

    Hi Friends,
    In our project the requirement of restriction of report is as follows.
    There are two reports
    1. Carrier View Report
    2. Carrier Drilldown Report
    Carrier View which is on Multiprovider is main report and Carrier Drilldown report, which is on DSO (ODS) is RRI report.
    Carrier Vendors (these are vendors taking care of transporting the goods to customer locations from plant) will be viewing these reports. We have a master data maintained for Carriers as Carrier ID. The report has this Carrier ID in rows. Each carrier vendor would be given a SAP ID for logging into BW WEB reports.
    Security Requirement: When a carrier execute report, the data in the report should be restricted to Carrier ID associated with the SAP ID which he is using.
    Kindly suggest us the steps to do it, I am not basis person, but I need to help him.
    Thanks and regards,
    Balaraj

    Hi Balaraj,
    You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI.  Use transaction RSECADMIN to create authorizations and user assignments.
    You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
    Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization  variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
    Assign points if you find it helpful.
    Regards, Uday

  • SAP template authorization

    Hi,
      Does anybody know where I can go to check what all the auth objects exists in SAP delivered templates like
    S_RS_RREPU BW role: Reporting user
    S_RS_RREDE BW role: Reporting developer
    S_RS_ROPAD BW role: BW Administrator
    etc.....
    I want to base my roles on some of the objects but I dont know what all field values a specific type of user may need.
    I am specifically looking for auth object S_RFC.  Does anybody know what typical function groups to assign for this object for bex analyzer/ RRMX/ web report execution.
    Thanks

    Hi,
       SUIM is transaction where you can look for all roles and authorization objects are in SAP BW system. Under Authorization node you can find all the Authorization objects .
    hope this will help.
    Cheers,
    Balaji

  • SAP Report Authorization

    Hello,
    I have developed some reports for HR using InfoCubes 0PAPA_C02 and 0PA_C01. My reports are based on Company Code, Personnel Area, Country Code.
    The Problem that I am facing is how to restrict employees related data based on company Code, Countries, Personnel Area.
    I have tried to create Roles in RSECADMIN but some how values in the queries are not getting restricted.
    Please Help.
    Anil Kachru

    Hi Balaraj,
    You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI.  Use transaction RSECADMIN to create authorizations and user assignments.
    You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
    Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization  variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
    Assign points if you find it helpful.
    Regards, Uday

  • SAP BO authorizations

    Hi,
    which authorizations / roles are necessary for the different BO elements (Xelcisu, Explorer etc.) By which way the authorizations / roles were desinged and assigned to users?
    Thanks!
    Best regards
    SwS

    Hi
      I guess Admin guide will clarify you : http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
       See "Setting rights section" / "Working with access levels"  in page number 705.
    Regards
    Ashwini

  • SAP SCM Authorizations

    Hi,
    I am looking SAP SCM Security tcodes and tables that are used on daily basis like in R/3 ECC SU01,SU10,SE10,SU01,PFCG,SU24,SE16,SE11,SE38,su21,su20 etc.
    thanks

    Hi Jain,
    I highly recommend you to read this nice guide if you haven't read yet:
    http://www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/80c094de-90aa-2910-02b8-e31a6f5ff0c2
    In this guide you'll be able to find definition of roles and responsibilities when implementing GRC.  You'll understand that Auditors should take a GRC course also; GRC it's a tool that involves a lot of areas. If you've been working with SAP authorizations so far, you won't have problems understanding GRC, you should read the corresponding guides and you'll be able to "map" your company requirements via system configuration.
    Cheers,
    Diego.

  • SAP Portal : authorizations acceptance form

    Hi All,
    We are thinking of automating our approval process for user authorizations.
    What we need is that any user should able to login to SAP through the internet and should be able to submit an accepted digital document of his authorizations to the approver for approval.
    Can  this can be done with SAP EP only or any other interfaces are needed?.  Please share the documents if any.
    Best Regards,
    DVRK

    Hi,
    unfortunately, I am not aware of any simple way how to do this. In more complex landscapes as it's your case you would have a dedicated system that is responsible for provisioning users in all systems. So this system would assign all required roles in ABAP AS as well as in portal. I am talking about something like SAP Identity Management.
    You could try to build some duct tape solution but in the end this does not usually pays off.
    Cheers

  • SAP Upgrade - Authorizations

    Hi Everyone!
    I'm about to get an project that is an Upgrade from 4.7 Enterprise to ECC 6.0 and got some doubts about how SAP Authorizations will behave in this situation.
    Does anybody passed through it?
    Anybody knows if there a standard application or something like this to "adjust" the 4.7 roles to work properly at new environment running ECC 6.0? Or they just work the way it is?
    Perhaps the major issues that upgrade can bring...
    I'm wondering that some auth objects and t_codes has changed even in the way they works and the way it interact with tables and others.
    Can anybody help me? or perhaps a guide about this upgrade?
    Best regards.

    Have a look at transaction SU25 and it's documentation.

  • SAP User Authorizations.

    Hi, Sachin here.
    This is regarding authorizations.
    I have to remove some authorization as per below mentioned.
    1.  Su01, su02, su03, su10, sm59, sm01, scc4, rz20      these comes under basis part
    2. Se80, se39, se38, se15, se11, se12, se01                 and these comes under ABAP Workbench part
    I have gone through authorization roles, but these all T.Codes are not present as in object “Transaction code check at transaction start” directly.
    These might be in other packages.
    In which packages and with which object I can remove these authorizations?
    I have gone through packages like “Basis Administration”,” Basis Development Environment” Basis Central Function”
    There is one object “ABAP Workbench” in package” Basis Development Environment”
    If I will make this object inactive, shall above mentioned ABAP Workbench relate authorizations get removed??
    Pleae guide.
    Wram Regards
    Sachin.
    Message was edited by:
            scil scil
    Message was edited by:
            scil scil

    hello Sachin,
    You need to  check the roles which are giving these transactions to the users.
    Execute report RSUSR070 in SE38 or simply execute the transaction S_BCE_68001425.
    Now under tabstrip Selection according to authorization values go to input field Authorization object1-->Object 1. Here input value S_TCODE and press the retun/enter key.
    Now more inputs fileds will come up. You can give t-codes here and the output will display the roles in which these transactions are present.
    Then accordingly you can ensure that these roles are not assigned to the users or may be change the roles to suit your requirements. Though changing standard SAP roles is not a good practice ; you can actually create a new role as a copy of exisitng standard role under your customer namespace and subsequently make modifications to that role.
    Please award points if answer was helpful.
    Regards.
    Ruchit.

  • SAP BI Authorization issue

    Hii,
    User A with ZALL auth can see the data OF PROJECT ABC for same query .
    But user B with project specific authorization OF PROJECT ABC can't see the data.
    note: no error of no authorization .seems to be some object auth issue.
    Regards,
    Akshay

    Hi,
    enter the T-CODE - RSECADMIN -> select analysis table -> select execute as -> give the user name -> select with log -> select RSRT -> select start transaction -> now it will show which error your facing.
    then based the resolve the problem.
    Thanks,
    Phani.

  • SAP BI authorization relevant

    All,
    I tried to create a custom authorization object for an infoobject otcaactivity (just for eg) .Before that I used RSD1 to make that infobject authorizartion relevant.But after that I inserted the infobject which is made as auth.relevant to the custom object and tried to assign value for the intervals.I got an message as the characteristic value is not authorization relevant...why is that?I tried in sand box..is it any way related to info cube which is not yet created for the particular info object in the sand box thats the reason I get error message ?
    Whats the reason to secure characteristics and key figure values?

    Hey,
    Activating business content mean making authorization relevant?
    For BW3.5 there is no need of the mandatory info objects?(0TCAACTVT ,0TCAIPROV ,0TCAVALID ,0TCAKYFNM)
    Whats the difference between securing through reporting authorization object and securing through BI specific object??
    Thanks

  • SAP HR Authorization issue

    Currently we are using P_ORIGIN Authorisation. In this we are using personnel area and Org. Key as restrictions. Org. Key is currently set to be Personnel Subarea.
    Example-
    Authorization level:   M, R, W
    Infotype:                *
    Personnel Area:        US10
    Employee Group:       *
    Employee Subgroup:  *
    Subtype:                 *
    Organizational Key:   US01
    The authorization restriction works correctly for Personnel area and users are not able to view employee data from other personnel areas. However, they are able to view employees with Personnel areas other than US01. Though they do not have access to change this information, they are still able to display employee data.
    Is there anyway to make authorisation on Organization Key behave the same way as Personnel Area. i.e. users should be restricted only the Org Key (Personnel subarea) US01.
    Alternately: Can we have a custom authorisation object based on a field from PA0008 - example: TRFST?
    Thanks,
    Anil

    Hi,
         Goto SU21 to create your own Authorization object.
    Regards,
    Srini.

  • Sap bi authorizations issue with query designer..

    i am using bw 3.x and bi 7 query designer with different kind of probs?...
    i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
    and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
    please suggest if any authorizations should be added or not

    hi suman chakravar,
    thanks for replying,
    can u be little bit clear about the steps.
    i went to tcode su01 and entered profile 0bi_all..it doesnt work.
    and executed tcode su56.there i can find list of BI related authorization profiles
    i added s_rs_all profile to my user. even then i face the same problem.
    i can see only queries in query designer of bi 7 format and i can not view info providers.
    i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
    Edited by: satishchow on Dec 14, 2011 3:23 PM

  • SAP CRM Authorizations - restrictions on viewing BP from specific country

    Hi
    We have a requirement that says that it should only be possible to view customers that belongs to the same country as the employee and it should ony be possible for the employee to create activities for these customers.
    We have set filters on organizational level(Sales group, Sales office) on the role in PFCG.
    However, this does only apply for sales orders, and it is now possible to only search for orders from their own country.
    Does someone know what restrictions we should set on the role in PFCG to fullfill this requirement?
    Should not the organizational filters cover this?
    BR
    Johan

    This can not be achived with pfcg role. You have to options:
    - implement badi BADI_CRM_BP_UIU_AUTHORITY
    - implement ACE

Maybe you are looking for

  • Can't get macbook to boot up

    I can't get my MacBook to boot up, Come on and wheel spins. Screen turn  light blue, then dark blue with curser and just keep repeating that pattern.

  • How to add a button to an existing frame?

    Hey everyone , this is a GUI question for a project I am doing in school. Basically, I have created a frame that has 3 JPanes, top, center and bottom. Here are the declarations: this.add(northPanel,    BorderLayout.NORTH);           this.add(SYBoard,

  • Downloading photos shot in raw

    I have Photoshop Elements 11 and I have been downloading and organizing my photos in JPEGS, but now I would like to do  the same -shooting in RAW I have a Panasonic Lumix F 2.8 but I am planning to buy a Sony Alpha A7 II mirror-less camera I would ap

  • Groups

    Someone in my contacts has set up a Group. I do not want to be linked with these people in the group. How do I block and remove the Group? I do not see the options. 

  • Problem accessing classes when moved into another jar

    Hi, I have written some classes and want to put them in an external jar as a library. However, when I do this, I have to include the full path for them to work- what am I doing wrong? I am using JBuilder6 Example:- I have a class called LogWriter in