bi security activities in sap
TRANSCRIPT
-
7/25/2019 BI Security Activities in SAP
1/11
Authorization Requirements for a Reporting-User
S_RS_COMP : Using this authorization object, you can restrict the
components that you work with in the Business Explorer query defnition
S_RS_COMP1 (Query oner! "!ith this authorization object, you can
restrict query component authorization with regards to the owner
S_R#C ($%& Ana'yzer ! : !ith this authorization object, user will be
using the BEx "nalyzer reporting tool
S_CO)% (RRM* for $%& Ana'yzer!: #ser will need to ha$eauthorizations %or object &'()* and &'+*-E with authorization %or the t.
code ((/0
S_RS_#O+): -isable the 1n%o"reas button in the BEx "nalyzer pen
2ueries dialog box
-
7/25/2019 BI Security Activities in SAP
2/11
a,'es use in $. Se/urity"
RS%C0A+ - Authorization 0a'ue Status
RS%C.% Status of Authorization ierar/hies
-
7/25/2019 BI Security Activities in SAP
3/11
RS%C* Authorization e&ts
RS)CU$% )ire/tory of .nfoCu,es 2 .nfoPro3ier
RS)CU$%.O$4 O,5e/ts per .nfoCu,e (here-use 'ist!
RS)CA Chara/teristi/ Cata'og
-
7/25/2019 BI Security Activities in SAP
4/11
o to 6n the 'ist of ro'es of a parti/u'ar query2 o to 6n hetheruser has a//ess to the ro'e in hi/h the e&e/ute query e&ists
3ou can fnd the query name %rom trace report or you can ask the user
4ro$ide the query name in (&((E4-1( and fnd the technical query name
RSRR%P).R )ire/tory of a'' reports (Query 7%8U8..)!
4ro$ide the technical query name 5#nique 1-6 in "7('81E( and fnd the list o%
roles
)i9erent :in of ro'es assigne in $."
+here are 9 kinds o% roles assigned to the reporting users
/enu (ole; "uthorization role9 *ommon "uthorization role
-
7/25/2019 BI Security Activities in SAP
5/11
Menu Ro'e : ((/0 and queries will be assigned in menu
-
7/25/2019 BI Security Activities in SAP
6/11
Assigning or;,oo;s to ro'es"
1% a user wants to sa$e a workbook to a location where it can be easily accessed
by others, they need to sa$e to a (ole S_US%R_A7R is required to the user to
sa$e theworkbook to the /enu area o% the role
Ana'ysis Authorizations"
!hen user executes a query which has an in%oobject which is authorization
rele$ant, then user needs to ha$e analysis authorizations to execute the query
-
7/25/2019 BI Security Activities in SAP
7/11
"nalysis authorizations are created using RS%CA)M.8
!e need to ha$e access to the authorization object S_RS%Cto create the
analysis authorizations
-
7/25/2019 BI Security Activities in SAP
8/11
Spe/ia' /hara/teristi/s2,usiness /ontent /hara/teristi/s "
=+*""*+>+ 5"cti$ity6: display 5=96
=+*"14(> 51n%o4ro$iders6: grants authorization to particular 1n%o4ro$iders
=+*">"?1- 5>alidity6: grants authorization to specifc time periods
"part %rom the abo$e special characteristic, we need to add the authorizationrele$ant in%oobject in the analysis authorization
RS%CAU"
#sing a colon5:6 as an authorization $alue enables to execute queries which do
not ha$e auth rele$ant in%o object that are checked in the in%ocube and pro$ide
aggregate data %or the characteristic le$el %or which user does not ha$e access
-
7/25/2019 BI Security Activities in SAP
9/11
+hese authorization $alues can be assigned as single $alue, ranges and pattern
5@6
E2: single $alue B+: range o% $alues *4: contain patternA "B*@
RS%CA)M.8 ra/e (RS%CPRO!
+ransaction code (&E*"-/1< is specifc to B1 and only traces the custom
reporting authorization objects you create to control access to 1n%object $alues
+here are ; ways to run trace:
*hoose the button Error ?ogs, add the user to the list and ask the user to
run the query
-
7/25/2019 BI Security Activities in SAP
10/11
; *hoose the button Execution as option i% you know the query type the
user name, check !ith ?og and execute the query yoursel%
3ou can fnd all the traces executed by yoursel% i% you pro$ide blank date and@ in restricted user
-
7/25/2019 BI Security Activities in SAP
11/11
+here are ; kinds o% error messages in trace reports
Message %=%