Basic BI Security
The primary activates in BI are displaying
data and analyzing results. The end user will only be analyzing data, not
updating it.
Security for in Bi:
The security function
in BI does not put the focus on transaction codes or activates. Instead it
focuses on the data itself. The security function in BI focus on
·
Info Areas
·
Infoprovider ( InfoCube, DataStore Objects)
·
Queries
Bi is focused on What
Data a user can access. This may be controlled at the field level, or it may be
controlled at the Infoprovider level.
The Infoprovider is a category of objects that can provide data to a
query , such as InfoCube and Data Store Objects. The InfoCube or Data Store
Objects holds the summarized data that the user can then analyze Query Results
are based on the data in the Infoprovider.
There are two major
types of authorization in BI. One type focuses on Administrative users
(S_RS_ADMWB) and another type focuses on Reporting users (S_RS_COMP).
Analysis
Authorization:
If you restrict user
to certain InfoCube then this may be easy way to set up and maintain
authorizations but this will severely restrict access. This would mean users
can either access ALL the data in an InfoCube or NO data in the InfoCube.
For securing reporting
Users, you may want to define authorizations at a much lower level than the
InfoCube.
The Option Include for
authorization
·
InfoCube Level: Restrict at the InfoCube Level
·
Characteristics Level: Restrict access to all values for a
particular characteristics
·
Characteristic value level: restrict access to certain values of
a particular characteristics
·
Key figure level: Restrict access to certain key figures
·
Hierarchy Node: Restrict access to certain modes of Hierarchy.
Securing Data Access
for Reporting users:
You have restricted
access for reporting users by InfoCube. A sales manager can run any query
created for InfoCube. However, each sales manager is responsible for a specific
division. Although all sales Manager can run the same query, the result should
be displayed only for their assigned Division. You need to enable a reporting
user to query data by their assigned Division.
Minimum Authorization
Requirements for a Reporting User:
·
Analysis authorization for an Infoprovider
·
S_RS_COMP (Activities 03,16).
·
S_RS_COMP1 (query Owner)
·
S_RFC (BEx Analyzer or BEx Browser only)
·
S_TCODE (RRMX for BEx Analyzer)
·
S_RS_AUTH
A reporting user must
have authorization for the S_RS_COMP, S_RS_COMP1 authorization objects as well
as analysis authorization for the Infoprovider on which the query is based.
In addition, If the
reporting user will be using the BEx Analyzer reporting tool, they will need
authorization for objects S_RFC and S_TCODE with authorization for transaction
code RRMX.
Task 1:
Create roles Go to
PFCG (eg: SALES_AUTH_MP) Click on single role
Go to authorization
Tab And Select change authorization Data.
Provide details of
Your Info Area, Info Cube, Query , click on Save and generate
Create user: go to
su01 and create sales manager north (sales north)
Add details to user
and assign Initial Password to user
In Roles Tab Assign
roles to User
Log on the Bex
analyzer with your user Id and execute your query in the query result, drill
down by division. Notice that you have access for several divisions.
Task 2:
Ensure that InfoObject
Division as a authorization relevant.
Task3:
Go to RSECAD MIN
and select authorization Tab click on Maintenance
create
Authorization ZDIVNT and Press create button.
Enter short, medium
and long text of secure by division
Insert the row By
Pressing + Icon
Highlight the row with
Division and chose details and Insert the row by pressing the + Icon
Select I in the
Including/ Excluding Column.
Select EQ in the
Operator column
Enter North in the
characteristics from column
Save and press green
arrow back
Choose Insert Special
Character: the special Characteristics (0CTAACTVT(activity), 0TCAIPROV(
Infoprovider), and 0TCAVALID( Validity)) should now be added to your analysis
authorization
Save . return to
management of analysis Authorization. ( Green Arrow Back)
Assign your
reporting user to your analysis authorization, Zdivnt . By passing your
Reporting User to your new analysis authorization, that user will have only
access to division north (Pumps)
Choose User Tab and
Choose Assign
In the user field
enter your reporting user Id and choose change.
In the Authorization
section enter the Name ZDIVNT and press insert
Save Return Sap Menu
Green arrow Back, green arrow back).
Go to PFCG and
select authorization Tab and click on change authorization data .Expand
Business Information Warehouse, Expand BI analysis authorization Data and input
give for authorization Object.
Task 4:
Log in as your
administration user ID log in BEx analyzer
Select your query
(Z_MP_AUTH_REP) . Once open the Query, select it then choose Tools à Edit query
from the BEx toolbar.
Open your Query
Designer and press Filter Button.
From the context menu
for division chose restrict
In this shows choose
variable
Highlight Z_DIVI (
division) and copy it to the selection list on the right by pressing the
Right arrow. Press OK and then save.
Press save the query
and ok. And return to the BEX analyzer
You should leave the
division blank, your query will display all the division during drill down. If
we select the specific division , only that division will display during drill
down. Leave Division blank. When the query results are displayed. Choose filter
and double click on division. You should see all division in the Drill
down.( Division: East, West, North, South).
As your Reporting user
, execute your Report Query, Z_MP_AUTH_REP . When select Pumps for the Variable
Prompt. When the query displays, Drill down on Division. You should only see
division North only.
Any Doubts Please Watch and like : https://youtu.be/NeKQdGnStVE
No comments:
Post a Comment