Show TOC

AuthorizationsLocate this document in the navigation structure

Use

To ensure that the data warehousing solution maps the structure of your company and meets your company requirements, you have to define who has access to which data.

An authorization allows a user to perform a certain activity on a certain object in the BW system. There are two different concepts for this depending on the role and tasks of the user: Standard authorizations and analysis authorizations.

Caution

An authorization concept must always have already been included in the modeling phase. Otherwise there could be functional or security restrictions.

Standard Authorizations

These authorizations are required by all users who work in the Data Warehousing Workbench to model or load data, by users who work in the planning workbench or Analysis Process Designer by users who work with BEx Broadcaster or define queries.

Each authorization refers to an authorization object and defines one or more values for each field in the authorization object. Individual authorizations are combined into roles by system administration. You can copy the roles delivered by SAP and adjust them as necessary. The system administrator creates these authorizations and enters them into individual users'master records in the form of profiles.

More information: Standard Authorizations.

These authorizations are based on the SAP standard authorization concept.

Note

More detailed documentation on SAP's standard authorization concept: ABAP Authorization Concept

The graphic below illustrates the structure of the authorizations:

Analysis Authorizations

All users who want to display transaction data from authorization-relevant characteristics in a query require analysis authorizations for these characteristics.

Authorizations of this type are not based on the standard SAP authorization concept. They use their own concept based on the BW reporting and analysis features instead. As a result of the distribution of queries using BEx Broadcaster and publication of queries to the portal, more and more users can access query data. With the special BW authorization concept for displaying query data, you can far better protect especially critical data.

More information: Analysis Authorizations.

Note

Before SAP NetWeaver 7.0, the SAP standard authorization concept was also used for analysis authorizations, where they were known as reporting authorizations. If you are still using the reporting authorizations concept and upgrade to SAP NetWeaver 7.3, you now have to migrate these authorizations to the new analysis authorization concept.

In SAP NetWeaver 7.3, an analysis authorization is now a TLOGO object (analytics security object) and can be transported to other systems. If you have upgraded from SAP NetWeaver 7.0 to SAP NetWeaver 7.3 and already implemented the new analysis authorizations concept in SAP NetWeaver 7.0, you have to migrate these analysis authorizations from 7.0 to the transportable analysis authorizations.

More information: Migration of Analysis Authorizations

How Authorizations Work

Authorization checks can be used to protect any functions, objects or values in the system. When you perform an action, the authorization check compares the values for the individual fields of an authorization object or an authorization assigned to the user with the values set for executing an action in the program. A user is only authorized to perform an action if the authorization check is successful for every field in an authorization object or authorization. This enables complex user authorization checks.