Authorizations for Business Planning and
Simulation
Use
The activities that you can carry out in BW-BPS are covered by the SAP authorization concept. This allows you to grant different users different rights for accessing planning functionality.
Integration
Business Information Warehouse authorizations
As well as planning-specific authorizations, planning users normally require other authorizations too such as reporting authorizations or authorizations for master data. Make sure that the user is provided with all the necessary authorizations.
To assign authorizations for changing and displaying plan data separately, you must include the ACTVT (activity) field in the reporting authorization object. In this field the value 02 represents the authorization to change. Value 03 represents the authorization to display plan data. If you do not include the field then this corresponds to an authorization to change plan data.
For more information about setting up and maintaining authorizations, see Maintaining Authorizations.
Authorizations of the SAP system
In addition to that, because of internal dependencies, you need authorization for the following authorization objects for data entry using planning layouts:
Authorization object |
Object class |
Description |
BC-SRV-KPR-BDS: Authorizations on document set (S_BDS_DS) |
BC_Z |
Controls access to documents that belong to a document set of the Business Document Service (BDS). |
Authorization object for the translation environment (S_TRANSLAT) |
BC_C |
Controls access to the translation functions of the SAP System. Determines whether, in which languages and which text types are to be translated. |
Features
The following authorization objects exist for Business Planning and Simulation:
Authorization objects of object class RS for BW-BPS
Authorization object |
Description |
Planning level (R_AREA) |
Controls access to the planning area and all lower-level objects. You must set up read access to planning areas for people who will work with the BW-BPS component. Otherwise, they will not be able to access any of the subordinate planning elements. |
Planning level (R_PLEVEL) |
Controls access to the planning area and all lower-level objects. |
Planning package (R_PACKAGE) |
Controls access to planning packages (including ad hoc packages). |
Planning methods (R_METHOD) |
Controls access to planning functions and the corresponding parameter groups. |
Parameter group (R_PARAM) |
Controls access to the individual parameter groups of a particular planning function. |
Global planning sequence (R_BUNDLE) |
Controls access to global planning sequences (you control authorizations for planning sequences that you create for a planning level with the authorization objects R_METHOD, R_PLEVEL, or R_AREA).
No separate authorization for execution is defined for this authorization object. Whether a global planning sequence can be executed or not, depends on the authorization objects for the planning functions contained in it. |
Planning profile (R_PROFILE) |
Controls access to the planning profile. A planning profile restricts the objects that can be viewed. If you wish to view the planning objects, you must have at least display authorization for the appropriate planning profile. |
Planning folder (R_PM_NAME) |
Controls access to planning folders. In order to be able to work with planning folders, you also require the necessary authorizations for the planning objects combined in the folder. |
Using the Web Interface Builder |
Controls access to Web interfaces that you create and edit with the Web Interface Builder, and from which you can generate Web-enabled BSP applications. |
Authorization for planning session and subplan (R_STS_PT) |
Controls access to the Status and Tracking System. The object enables a check to be carried out whether a user is allowed access to a certain subplan or a version of it with the Status and Tracking System. |
Executing Customizing for the BW-BPS Status and Tracking System (R_STS_CUST) |
Controls access to Customizing for the Status and Tracking System. The object enables or forbids a user to execute Customizing. |
Authorization for special access Status and Tracking System (R_STS_SUP) |
This authorization object provides the assigned users with the status of a superuser in relation to the Status and Tracking System. The object enables changing access to all plan data, independent of whether and where a user of the cost center hierarchy it is based on is assigned. The authorization object is intended for members of a staff controller group, who are not part of the line organization of the company, but who nevertheless must be able to intervene in the planning process. |
Combination of authorizations
In accordance with the hierarchical relationships that exist between the various types of planning objects, authorizations that are assigned to an object on a higher level are passed on to its subordinate objects. An authorization that has been passed on can be enhanced but not restricted on a lower level.
The following table presents the combination possibilities using the example of a change authorization for planning area and level:
Change planning area |
Change planning level |
Authorization available for level |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
No |
No |
No |
No |
Yes |
Yes |
In practice this behavior means that you can proceed according to two different strategies when setting up authorizations:
· Minimization of Customizing Effort: You assign authorizations for planning objects on as high a level as possible, and thereby enable access to the planning objects without further authorization assignment on lower levels.
· Optimization of Delimitation of Access Rights: You assign authorizations for planning objects on as low a level as possible, and therefore make sure that access to a planning object is only possible for the person responsible for this.
Activities
Create the user profiles you require and then assign authorization objects to these profiles. Then assign the newly created user profiles to possible users.
You can find further information on the activities associated with the different authorization objects in the online documentation on the authorization objects themselves. You can call this up in the maintenance transaction "Role Maintenance" (PFCG).