Advanced Features of SAP BW Reporting Authorizations

Advanced Features of SAP BW Reporting Authorizations
Session 709 Amelia Lo

Platinum Consultant, SAP NetWeaver RIG SAP Labs, LLC
Learning Objectives
As a result of this workshop, you will be able to:

Have a good handle of the most misunderstood features of
the BW Reporting Authorization

Understand Understand
how authorizations variable works how hierarchy node variable works
Learn the new functionality and new BW Authorizations
Objects in BW3.0
Learn the basics of Planning and Strategize BW
Authorizations
Know the dos and donts on BW Authorizations
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 2
SAP NetWeaver
The integration and application platform for lower TCO
SAP NetWeaver
People Integration
Multi-Channel Access Composite Application Framework Portal Collaboration Life Cycle Management
Unifies and aligns people, information and business processes

Integrates across technologies and organizational boundaries A safe choice with full .NET and J2EE interoperability
Information Integration
Business Intelligence Knowledge Management
Master Data Management
Process Integration
Integration Broker Business Process Management
The business foundation for SAP and partners

Powers business-ready solutions that reduce custom integration Its Enterprise Services Architecture increases business process flexibility
Application Platform
J2EE ABAP
DB andOS OS Abstraction Abstraction DB and
.NET
WebSphere
Dont Miss the SAP Business Solutions Tour!

Your chance to see SAP NetWeaver in action see live demonstrations of: SAP Enterprise Portal SAP Business Information Warehouse SAP Exchange Infrastructure SAP Web Application Server SAP Mobile Infrastructure SAP Master Data Management 30-minute tour timeslots available
Monday Tuesday 10:30 5:10 9:40 5:30
Wednesday 8:00 12:00
Located at Wyndham Hotel Parking Lot
Agenda
Special Topics on BW Reporting Authorizations Planning & Strategize BW Authorizations Whats New in BW 3.0 The Dos and Donts
Agenda
Special Topics on BW Reporting Authorizations Planning & Strategize BW Authorizations Whats New in BW 3.0 The Dos and Donts
Special Topics of BW Reporting Authorizations
A Quick Review of BW Reporting Authorizations A few most misunderstood Features

Variable filled Authorizations Important parameter when use Global Variable Customer Exit Hierarchy Authorizations with Compound Characteristics
Tracing Authorizations in BW
Open Data Warehouse Architecture
SAP R/3 vs. BW Authorizations

Whats the same
Role Based Security Authorizations

Users are assigned roles Roles contain profiles Profiles contain authorizations Roles are maintained using same tool (PFCG transaction) Can be administered via CUA (Central User Administration)
Authorization objects define specific permissions There are standard authorization objects available in the system
Whats different
Unique BW Objects (InfoProvider, InfoArea, InfoObject, Query) Unique SAP BW Authorization Tool to administer BEx Reporting data security It is possible to use variable security runtime parameters It is possible to generate profiles from datasources
Authorization Concept Overview

Bex Bex Browser Browser
Bex Analyzer Bex Bex Analyzer Analyzer Query Query Designer Designer
Web Web Appl Appl Designer Designer
Web Web Report Report
Analyzer
3rd 3rd party party OLAP OLAP client client
Bex Query Designer
2
Administrator Workbench
Administration Administration Scheduling Scheduling Monitor Monitor Meta Data Repository OLAP OLAP Processor Processor
Business Explorer
Meta Meta Data Data Manager Manager
Data Data Manager Manager
InfoCubes
Business Information Warehouse Server
Staging Staging Engine Engine

BAPI
ODS
1
Non Non R/3 R/3 Production Production Data Extractor Data Extractor Non Non R/3 R/3 OLTP OLTP Applications Applications
Production Production Data Data Extractor Extractor
OLTP OLTP Reporting Reporting
R/3 R/3 OLTP OLTP Applications Applications
Types of BW Authorizations
Systems Communication Authorizations Administration

Concept very close to standard R/3 all authorization relevant objects are delivered by SAP Pre-defined Templates can be used as a starting point Administration of authorizations like in R/3
Reporting
no authorization relevant object definition is delivered set of tools to define customer specified concept embedded in SAP BW administration
SAP BW Authorization Overview

User User Role Role
Profile Profile Authorization Authorization
Profile Profile Generator Generator
AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION WAREHOUSE-Administration WAREHOUSE WAREHOUSE-Administration
AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION WAREHOUSEWAREHOUSE- REPORTING
Object Object
Object Object
Field Field
Field Field
Value Value
Value Value
SAP BW Reporting Authorizations Objects

0..1
< Authorization Object >

<field 1> <field 2> <...>
0..n 1..m 0..n 0..10
Key Figure Object (1KFYNM) Authorization Relevant Characteristic Hierarchy Node

Only one 0TCTAUTHH per Reporting Authorization Object Many Hierarchy Authorizations can be entered characteristic
0..10
0TCTAUTHH 0ORGUNIT 0Costcenter 0Profitcenter
<...>
SAP BW InfoProviders
SAP BW Objects
Steps to Create Reporting Authorizations

1 2 Mark characteristics as "Authorization Relevant Create an Authorization Object for Reporting (Transaction: RSSM)
Include required Authorization Relevant Characteristics If key figure authorization required, include 1KYFNM, If Hierarchy authorization required, Include 0TCTAUTHH and leaf Characteristics,
3 Create Hierarchy Authorizations

Define a description of a hierarchy authorization. Create an authorization for the new authorization object. Enter the technical name of the description of a hierarchy authorization as value for field 0TCTAUTHH.
Create Authorizations with the values
Mark InfoObject Authorization Relevant
Authorizations
2
Create Authorization Object for Reporting

2
Authorization Definition for Hierarchy

3
BW Reporting Object in a Profile & Assign Value

< Authorization Object > 4
0EMPLOYEE 0ORGUNIT 0TCTAUTHH

Create Authorizations Variables

VARIABLE WIZARD IN BEx
Hierarchy Node Variable
Characteristic Variable
Authorization Variables of Customer Exit type

1 Create Variable z 2 Assign Variable to Query
Use of Variable filled Authorizations Scenario 1

SCENARIO:
You defined two Reporting Authorization Objects with same authorization relevant characteristic (0ORGUNIT) RA_OBJ1 contains values HR_EMEA & HR_US; RA_OBJ2 contains HR_US & HR_ASIA Both Reporting Authorization Objects are assigned to User Amelias Profile
RESULT:
Amelia have authorization to view HR_US ONLY !!!
< RA_OBJ1 >

Orgunit <...>
< RA_OBJ2 >

Orgunit <...>
HR_EMEA
HR_US
OSS note 653383
HR_ASIA
Use of Variable filled Authorizations Scenario 1

Possible Approach:
Define one Reporting Authorization Object and populate the values in one of the following ways: Manually populated in the profile Automated authorizations generation from the authorizations ODSs Derive the values via the authorizations Users Exit (RSR000001)
< RA_OBJ >

Orgunit <...>
HR_EMEA
HR_US
HR_ASIA
OSS notes 653383 557924
Maintain Global Variable for Authorization: via User Exit

1. Use transaction CMOD to develop User Exit RSR00001, Function Module: EXIT_SAPLRRS0_001 Maintain Customer Authorization Return Table as required Result Create Authorization Variable Include Variable in your query Authorization Check
Query with authorizations varaible
2. 3. 4.
$VAR
$VAR initiates User exit Read Customer AUTH Table User Exit RSR00001 Structure: RRRANGEEXIT
ZAUTH
Be Aware Your Import Parameter Specification

I_Step Values:
I_Step = 0 -> Enhancement is not called (Default) I_Step = 1 -> Enhancement is called up before Variable Entry I_Step = 2 -> Enhancement is called up after Variable Entry I_Step = 3 -> Called up to check the Variable Value; Variable appears once more
Compounded Hierarchy Authorizations - Scenario 2

SCENARIO:
You defined a Reporting Authorization Objects for a Hierarchy with Compounded characteristics (0CO_Area and 0CostCenter) You filled the authorizations variable with Flat Values for 0Costcenter
RESULT:
Brain 804 no authorization
Solution:
Define and use Hierarchy Node Variable
< Authorization Object >

0CO_Area 0Costcenter 0TCTAUTHH

Tracing Authorizations
ST01 SU53 RSSM
Tracing Authorization: Overview
Trace functionality embedded in SAP R/3 basis

Recording of authority checks for system (Transaction ST01) Display the last failed authority check of user (Transaction SU53)
SAP BW reporting authority trace*

set up user related trace recording for OLAP authority checks Transaction RSSM
*Authorizations checked against Reporting Objects are not supported with

standard trace functionality's
Recording of Authority Checks

1 2 3 4 5 Start Transaction ST01 Configure detail of trace recording Activate trace Perform actions on system Analyze trace using transaction ST01
Note: Trace ST01 can be used either in BW and R/3 source system.
Recording of Authority Checks
3 2
SAP BW Reporting Authority Trace

1 2 3 4 5 Start transaction RSSM in SAP BW Choose Authorization trace from Authorization object reporting menu or locate it from the bottom of the screen. Insert user Perform reporting activity Analyze trace 5 3 2
Agenda
BW Authorizations Overview Planning & Strategize BW Authorizations Whats New in BW 3.0 The Dos and Donts
Guiding Principals
Integrate in your Development Life Cycle
Plan Authorizations Early on in your Development Life Cycle Authorizations requirement collection at Blue Print Phase Identify and Assign Data Ownership
KISS Principal (Keep it Simple and Small)

A balance act among Granularity vs. Maintenance vs. Performance Design for simplicity and Ease of Maintenance without compromising Mandatory data security Divide user into Groups and manage security at InfoArea or InfoProvider level
Thorough Authorizations Testing

Must be a part of system Integration Test plan Performance testing is a essential part of test plan
Staffing for BW Authorizations

R/3 Authorization expert does not equivalent to BW Authorizations Experience Segregation of Duties among BW Users and Administrator
BW Authorizations Roadmap (I)

Develop Authorizations Strategy
1. 2. 3. 4. Consider company policy: Consider Legal requirements Classify types of users & required roles Consider Proof of Concept phase to valid complex authorization model Define Data Ownership and Responsibility Develop questionnaire for blue print Document requirements in Matrix Develop naming convention for Authorization Design the Roles consider segregate Activities from Data Access roles Use SAP delivered templates as the baseline Revise to meet your requirements
Develop Authorizations Matrix to collect authorization requirement for blue print phase
5. 6. 7. 8. 9.
Define BW Authorization for Admin workbench
10. 11.
12.
Define BW reporting authorizations
13. 14.
Define BW Reporting Objects for InfoObjects per step 6 Consider using Hierarchy node authorization based on user access pattern For complex & detailed authorizations needs, consider using Authorizations Variable to ease maintenance
BW Authorizations Roadmap (2)

Testing BW Authorizations Testing
15. Develop detailed test scenarios and plan Involve Business in authorizations testing 16. Develop performance test plan and establish the test environment and data volume 17. Incorporate BW Authorizations testing in the overall SAP System Tests (R/3 and non R/3).
Develop Administrative and Monitoring Process for BW Authorizations
18. 19. 20. 21.
Develop BW User Security request and approval processes Consider a Web-based authorization request workflow and user guide Develop a BW Security Administration checklist Define Periodic BW Security Reviews and Assessment Process
Conduct BW Authorization Training
22. 23.
BW Authorizations Training for Security Administrators Include BW Authorizations impact on data access as a part of the BW user training.
Agenda
New in Authorization Objects, Frontend (3.0)

S_RS_COMP
New Authorizations Check for Variables in Query Definition Object type is VAR
S_RS_COMP1
Is checked additionally with S_RS_COMP Checks for authorizations on query components dependent on the owner (creator RSZOWNER) Authorizations are necessary, e.g. for creating queries
S_RS_FOLD
Suppress InfoArea view of BEx elements Specify X (true) in the authorization maintenance for suppressing
New Authorization Objects, Backend (3.0)

S_RS_IOBJ
Authorization object for working with InfoObjects Is checked if authorization is not available via S_RS_ADMWB Additional checks for update rule authorizations
S_RS_ISET
For displaying / maintaining InfoSets (new object in BW)
S_RFC
Authorization for GUI activities Add following RFC_NAMEs with RFC_TYPE FUGR and ACTVT 16
RRXWS:
BW Web Interface RS_PERS_BOD: Personalization of Bex Open Dialog RSMENU: Roles and Menus
S_GUI
Authorization forGUI activities. Add the activity 60 (upload)
Automated Authorization Generator
Sourced from Two types of ODS Objects

Authorization Value ODS Hierarchy ODS
ODS Population
From R/3: HR Structural Authorizations From R/3: Cost Center (BW 3.1 content) From Flat Files
New RSSM User Interface
Automated Authorization Generation: the Architecture

< Auth Object >
Tcode: Tcode: RSSM RSSM Generate Generate Authorization Authorization

BW Metadata
0TCTAUTHH
0ORGUNIT 0EMPLOYEE
Value
0TCA_DS01
Hierarchy
0TCA_DS02
Text
0TCA_DS03
User Assign
0TCA_DS04
ODS-Objects
Update Rules
Value Value
InfoSource
Mapping & Transfer Rules DataSource Mapping & Transfer Rules DataSource
SAP BW Server
replicated Metadata
BW S-API
File File
Other Other
R/3 R/3
HR Structural Authorizations
BW/HR Structural Authorizations
Whats BW/HR Structural Authorizations

Bring R/3 Structural Authorizations to BW via Standard Extraction Associate with BW Authorizations via execution of special Module Full Refresh on a Customer Selected Frequency
Key Benefits
Reduced the Redundant Security Setup Provide Cross System Consistency
Structural Authorization in BW
PSA
R/3 Org. Structure
T77PR Profile R H B A U S 0 0
Transfer Rules
Struc Auth
Security Check
INDX Cluster
(0HR_PA_2 & 0HR_PA_3) Data Sources
T77UA Assignment
0HR_PA_2 Data Source
Update Rules
0HR_PA_3 Data Source
T77UU User
Struc Auth ODSs
RSSM Trans
OR
Program Modules RSSB_Generate _Authorizations
PSA PSA 0PA_DS02

0PA_DS03
R/3 OLTP
BW
12 Steps to Install Structural Authorizations

1 2
Create Structural Authorization Profile (IMG or TR-OOSP) Assign User to Profile (IMG or TR-OOSB) Update T77UU table to include User Name Execute program RHBAUS00 to create INDX Activate 0HR_PA_2 & 3 DataSource in R/3 and BW Activate or Create 0HR_PA_2 & 3 InfoSource & Communication Structure
12 Steps to Install Structural Authorizations

7 Activate and load ODS from R/3
Activate Target InfoObjects Authorization Relevant
Create Authorization Object (Transaction Code: RSSM)
10
Use Transaction code: RSSM or Execute RSSB Function Modules to generate BW Authorization Create Authorization Variables Create Query with Authorization Variables
11 12
Steps to Create Authorization from Flat Files
0 1 2 3 4 5 6
Planning & Mapping
Determine what you want to secure Mapping Objects & create Flat file Mark InfoObjects Auth. Relevant Define Reporting Auth Object via RSSM Use 0TCA_DS01 as template ODS name must be xxxx_DS01 Use 0TCA_DS02 as template ODS name must be xxxx_DS02 The data format = yyyymmdd or per Your Default Format Several Objects can define as constant RSSM: Find your ODSs & Mark Auth Obj Exec RSSB_Generate_Authorizations Define Variables for Auth InfoObjects Include Variables in your Queries
Define Reporting Object
Create Authorization Value Infosoure & ODS Create Authorization Hier Infosoure & ODS Create Update Rules for ODS Loads Generate Profiles via RSSM or RSSB program Create Authorizations Variable in Query Def.
Tips & Hints for Automatically Generated Authorizations Performance

If you have very large number of values in your user master record, the query performance will be significantly impacted It is a multiplication effect of: # authorization objects X # values X Ex: 20 orgunits X 10,000 EE X 5 objects = 1,000,000 checking
Alternatives
For top executives: setup a role to give full authorizations Use Hierarchy variables for queries initial view with Hierarchy Use RSR00001 User exit against the populated ODSs
How To Paper
HTTP://WWW.Service.SAP.com/BW -> Service & Implementation -> How to Papers

BW/HR Authorizations Generate Authorizations Profile from Flat File
Agenda
Dos and Donts

Dos
Keep the four guiding principals in mind when planning BW authorizations Consider a Proof of Concept phase for complex authorizations model Check out OSS Notes on Authorizations
Apply BW 3.0B SP15 for performance enhancement & corrections Note 625049: Improved performance Note 315094: Authorization recommendation
Check out the BW Online document on Security with Scenarios Use caution when request of user query publishing in Production
Limit number of users authorized Setup specific user published reporting roles with administrative process (clean-up) and alert users as Uncertified Reports
Dos and Donts

Dos Create an effective OSS Message for authorizations
Prepare a query which is as simple as possible and still reproduces the error Prepare a SAP_ALL user and a restricted user. If you use variables (customer exits) replace their content into profile of the restricted user (we do not support customer code) explain clearly what you expect to see and what the error is. don't forget to give all the necessary information: usernames, passwords, System, names, open the system.
Donts
Dont setup Field level specific security just because youve been asked Challenge the requester for legal or policy requirements
Further Information
Public Web:
www.sap.com/solutions/bi/ SAP Customer Services Network: www.service.sap.com/BW
Consulting Contact
Roy Wood, VP SAP NetWeaver Consulting Practice (r.wood@sap.com)
Related SAP Education Training Opportunities

http://www.sap.com/usa/education/ BW 365, Business Information Warehouse Authorizations
Related Workshops/Lectures at ASUG BITI Forum 2003
Questions?
Q&A
Feedback
Please complete your session evaluation and drop it in the box on your way out. Be courteous deposit your trash, and do not take the handouts for the following session.
Copyright 2003 SAP AG. All Rights Reserved

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express
permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other
software vendors.
Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint and SQL Server are registered trademarks of
Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390,
OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix and Informix Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
ORACLE is a registered trademark of ORACLE Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, the Citrix logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin and
other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C, World Wide Web Consortium,
Massachusetts Institute of Technology.

JAVA is a registered trademark of Sun Microsystems, Inc. JAVASCRIPT is a registered trademark of Sun Microsystems, Inc., used under license for technology invented
and implemented by Netscape.

MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies.
Copyright 2003 SAP AG. Alle Rechte vorbehalten

Weitergabe und Vervielfltigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher
Form auch immer, ohne die aus-drckliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen knnen ohne vorherige Ankn-digung gendert werden.
Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareprodukte knnen Softwarekomponenten auch
anderer Softwarehersteller enthalten.

Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint und SQL Server sind eingetragene Marken der
Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390,
OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix und Informix Dynamic ServerTM sind Marken der IBM Corporation in den USA und/oder anderen Lndern.
ORACLE ist eine eingetragene Marke der ORACLE Corporation. UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group. Citrix, das Citrix-Logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin und
andere hier erwhnte Namen von Citrix-Produkten sind Marken von Citrix Systems, Inc.
HTML, DHTML, XML, XHTML sind Marken oder eingetragene Marken des W3C, World Wide Web Consortium,
Massachusetts Institute of Technology.

JAVA ist eine eingetragene Marke der Sun Microsystems, Inc. JAVASCRIPT ist eine eingetragene Marke der Sun Microsystems, Inc., verwendet unter der Lizenz der von
Netscape entwickelten und implementierten Technologie.

MarketSet und Enterprise Buyer sind gemeinsame Marken von SAP AG und Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp und weitere im Text erwhnte SAP-Produkte und Dienstleistungen
sowie die entsprechenden Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und anderen Lndern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen.

Advanced Features of SAP BW Reporting Authorizations

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Advanced Features of SAP BW Reporting Authorizations

Transféré par

Droits d'auteur :

Formats disponibles

Advanced Features of SAP BW Reporting Authorizations

Session 709 Amelia Lo

As a result of this workshop, you will be able to:

the BW Reporting Authorization

how authorizations variable works how hierarchy node variable works

Learn the new functionality and new BW Authorizations

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 2

The integration and application platform for lower TCO

Unifies and aligns people, information and business processes

Master Data Management

The business foundation for SAP and partners

DB andOS OS Abstraction Abstraction DB and

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 3

Dont Miss the SAP Business Solutions Tour!

Wednesday 8:00 12:00

Located at Wyndham Hotel Parking Lot

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 4

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 5

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 6

Special Topics of BW Reporting Authorizations

A Quick Review of BW Reporting Authorizations A few most misunderstood Features

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 7

Open Data Warehouse Architecture

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 8

SAP R/3 vs. BW Authorizations

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 9

Authorization Concept Overview

Web Web Appl Appl Designer Designer

Web Web Report Report

3rd 3rd party party OLAP OLAP client client

Bex Query Designer

Meta Meta Data Data Manager Manager

Data Data Manager Manager

Business Information Warehouse Server

Staging Staging Engine Engine

Production Production Data Data Extractor Extractor

OLTP OLTP Reporting Reporting

R/3 R/3 OLTP OLTP Applications Applications

Systems Communication Authorizations Administration

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 11

SAP BW Authorization Overview

Profile Profile Authorization Authorization

Profile Profile Generator Generator

AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION WAREHOUSE-Administration WAREHOUSE WAREHOUSE-Administration

AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION WAREHOUSEWAREHOUSE- REPORTING

SAP BW Reporting Authorizations Objects

< Authorization Object >

Key Figure Object (1KFYNM) Authorization Relevant Characteristic Hierarchy Node

0TCTAUTHH 0ORGUNIT 0Costcenter 0Profitcenter

Steps to Create Reporting Authorizations

3 Create Hierarchy Authorizations

Create Authorizations with the values

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 14

Mark InfoObject Authorization Relevant

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 15

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 16

Create Authorization Object for Reporting

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 17

Authorization Definition for Hierarchy

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 18

BW Reporting Object in a Profile & Assign Value

SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 19

Special Topics of BW Reporting Authorizations

A Quick Review of BW Reporting Authorizations A few most misunderstood Features