To ensure that your data warehousing solution represents the structure of your company and fulfills the requirements of your company, you have to define who has access to which data.
An authorization allows a user to perform a certain activity on a certain object in the BI system. There are two different concepts for this depending on the role and tasks of the user: standard authorizations and analysis authorizations.
An authorization concept must always have been taken into account in the modeling phase. Otherwise there could be functional or security restrictions.
These authorizations are required by all users who are working in the Data Warehousing Workbench to model or load data, and also by users who work in the planning workbench or the Analysis Process Designer, and those that work with the Reporting Agent or the BEx Broadcaster or define queries.
Each authorization refers to an authorization object and defines one or more values for each field that is contained in the authorization object. Individual authorizations are grouped into roles by system administration. You can copy the roles delivered by SAP and adjust them as needed. These authorizations are then entered into individual users’ master records in the form of profiles.
More information: Standard Authorizations
These authorizations are based on SAP's standard authorization concept.
More detailed documentation on SAP's standard authorization concept: SAP Authorization Concept
The following figure illustrates the structure of the authorizations:
All users who want to display transaction data from authorization-relevant characteristics in a query require analysis authorizations for these characteristics.
This type of authorization is not based on SAP's standard authorization concept. Instead, the authorizations use their own concept that takes the features of reporting and analysis in BI into consideration. As a result of the distribution of queries using the BEx Broadcaster and the publication of queries to the portal, more and more users can access query data. Using the special authorization concept of BI for the display of query data, you can protect especially critical data in a much better way.
More information: Analysis Authorizations
Before SAP NetWeaver 7.0, the SAP standard authorization concept was also used for analysis authorizations, which were then still called reporting authorizations. If you have upgraded to SAP NetWeaver 7.0, you can decide whether you want to use the new, more user-friendly concept or switch back to the previous reporting authorization concept. If you decide to use the new concept, the old reporting authorization objects are no longer taken into account (access is denied). However, SAP recommends using the new concept because it is better suited to the requirements of BI and because the previous concept will no longer be supported.
More information about the previous concept for reporting authorizations: Previous Concept for Reporting Authorizations
Functions of Authorizations
Authorization checks can be used to protect any functions, objects, or values in the system. During an authorization check, when you perform a certain action the system compares the values for the individual fields of an authorization object or an authorization that are assigned to the user with the values that are predefined for the execution of an action in the program. A user is only authorized to perform an action if the authorization check is successful for every field in an authorization object or authorization. Complex checks of the user authorization can be carried out in this way.