Security with Data Storage
In BI, data is stored on the SAP Web application server database.
If an end-user is evaluating data using Microsoft EXCEL, he or she can also store his or her data locally. The end-user has to make sure that no unauthorized person can access the locally stored data.
If BI evaluations and analysis are called using BEx Web applications, data is displayed in a Web browser. Data is then stored in a browser cache. We recommend that you always delete the browser cache when you have evaluated the data.
You can protect data from
being accessed by unauthorized end-users by assigning analysis authorizations.
By default, data is not protected. However, you can flag InfoObjects in BI as
being authorization-relevant (see also:
Tab Page: Business
Explorer). Data can only be accessed if the user has the
required authorizations.
Data in BI is
predominantly accessed for read purposes. However, in
Business Planning and
Simulation data is also changed.
If you use BEx tools from SAP NetWeaver '04, note the following:
BEx Web applications can be implemented either as stateful or stateless applications. The BI Web runtime for stateful Web applications uses session cookies to combine independent requests (that is, the function calls in a Web application, such as navigation steps) for a session. Such cookies are called sap-contextid. The cookie contains a generated ID as a value. This ID allows the relevant session to be identified on the server. The session cookie is a temporary cookie and is deleted automatically when the browser window is closed. The server also has a timeout parameter. The session cookie is invalid after the timeout and can no longer be used for navigating in a Web application. Using the Web template attribute NO-SESSION_COOKIE, you can use the session coding in the URL for the Web application. In this case, a session cookie is not generated. To ensure that the Web application uses the session coding in the URL, set X for the attribute NO-SESSION_COOKIE.