Start of Content Area

Analysis Authorizations for BI Reporting (New)  Locate the document in its SAP Library structure

Technical Data

Function Is

New

In Release

Software Component

      Component: SAP NetWeaver

      Release: 7.0

Assignment to Application Component

 BW-BEX-OT OLAP Technology

Country Setting

Valid for all countries

Use

As of SAP NetWeaver 7.0, a completely new concept for analysis authorizations is used in BI; this concept is based only on authorizations as elementary objects. The previous authorization concept (reporting authorizations) has been completely replaced. There is a move away from the SAP authorization concept of authorization objects. The new authorizations can contain any authorization-relevant characteristics and handle single values, intervals, and hierarchy authorizations equally. Navigation attributes can now be flagged as authorization relevant in the attribute maintenance for characteristics, and can be applied as characteristics in authorizations.

Activation of authorizations by InfoProvider is no longer required. Instead, all authorization-relevant characteristics are checked. In addition, there are three special characteristics for the InfoProvider, the activity, and the reconceived authorization characteristic validity, which specifies the validity period of an authorization. The authorization of an activity, such as Write,is set for an InfoProvider using InfoProvider. The validity period of an authorization is set using Validity. Patterns and open time intervals provide a variety of options, such as creating authorizations that are valid periodically.

The characteristic for InfoProvider represents the structure of the InfoProvider store in the Data Warehousing Workbench with its master data and the hierarchy characteristic for InfoArea. This makes it possible to authorize entire InfoAreas.

The authorizations are available as virtual master data for the characteristic 0TCTAUTH and can also be grouped hierarchically, for example, to create thematic arrangements.

The authorization checks on authorization objects for hierarchies and InfoProviders, which also had to be maintained until now, are no longer required for reporting analysis and have thus been removed from the analysis, unlike back-end management. This means that there is no longer a difference between hierarchy authorization and hierarchy node authorization in the query.

Management of Analysis Authorizations

There is a maintenance transaction from which all functions for managing analysis authorizations can be accessed. All activities for managing components of the analysis authorization system are maintained with authorizations for the new authorization object S_RSEC, which covers all relevant objects with namespace authorizations for specific activities.

The maintenance transactions have been completely redesigned, made accessible to, and customized for typical users. Closer integration enables quicker administration and better control of the relevant objects than before.

There is a separate infrastructure for maintaining the authorizations and assigning them to users. These replace the standard transactions for user maintenance from SAP NetWeaver. It is not absolutely necessary to assign authorizations to roles. This can be achieved with the connection to the SAP role concept. With a special authorization object for role connection, the new authorizations can be assigned using role maintenance.

The function for generating authorizations was adapted and enhanced to include the additional option of loading medium and long texts. It is no longer necessary to select authorization objects. The authorizations are generated directly from the entries in special DataStore objects.

Checking and Monitoring Analysis Authorizations

To improve revision capabilities, a complete change log of authorizations and assignments to users was created. These changes can be analyzed using queries on RemoteProviders and restricted with analysis authorizations.

In addition, there is a new troubleshooting tool that replaces the old authorization log. It uses the HTML format, can be saved and printed, and is stored persistently in the database.

The readability of messages has been improved in the log for generation of authorizations.

For test purposes, it is possible to execute certain actions relating to the analysis as another user. This is password-protected.

Effects on Existing Data

The existing authorization concepts can continue to be run without changes. They exist independently of the new authorizations. The two concepts cannot be used simultaneously or in combination with one another. If you want to continue to use the existing concept, note the following:

The Customizing setting under SAP Customizing Implementation Guide ® SAP NetWeaver ® Business Intelligence ® General BI Settings ® Authorization Settings is now obsolete. As of SAP NetWeaver 7.0, the authorizations for MultiProviders are always checked by the authorization object S_RS_MPRO, regardless of the setting in Customizing. You must therefore ensure that users have authorization for the authorization object S_RS_MPRO, where applicable.

SAP recommends that you switch to the new concept so that you can benefit from the new options and easier administration.

By default, the new concept is active; support is no longer provided for the old concept.

During migration, the old data and authorization data remains untouched and unchanged. This enables parallel development of a new concept without having to delete the old one. Parallel operation, however, is not possible.

Effects on Data Transfer

Full compatibility is not possible. Existing authorization concepts must therefore be converted. This affects the compatibility modes for referencing characteristics with hierarchies and referencing navigation attributes. Both modes are obsolete. All authorizations can and must be defined for the characteristic itself.

The conceptual manageability has been simplified and developed in terms of clarifying the concept. The disadvantage of the incomplete portability is insignificant in comparison to the advantages that simpler manageability provides.

The old data can be kept.

Migration has to be completed manually or using a tool. It always requires subsequent manual work.

Effects on System Administration

Administration has been simplified significantly. Usability and flexibility have also been greatly improved.

Secondary effects such as automatic activation of authorization objects for new InfoProviders can also be eliminated, if required. The maintenance effort required also decreases since back-end checks on hierarchies and InfoProviders are omitted (authorization objects S_RS_HIER, S_RS_MPRO, and so on).

Every characteristic marked as authorization relevant is checked during query execution. If no authorization is found, no authorization is given. The authorization relevant property is the only relevant property; the function of the authorization objects and the activation are no longer required.

Effects on Customizing

The new concept is the default. In Customizing, you can switch back to the old concept at SAP Customizing Implementation Guide ® SAP NetWeaver ® Business Intelligence ® Reporting-Relevant Settings ® General Reporting Settings ® Analysis Authorizations: Select Concept.

 

 

End of Content Area