Show TOC Start of Content Area

Object documentationAuthorizations for Documents  Locate the document in its SAP Library structure

Definition

A user needs the appropriate authorizations to display or edit a document for a BI object.

Use

To edit documents in the Documents functional area of the Data Warehousing Workbench, the user needs authorization for the authorization object S_RS_ADMWB Data Warehousing Workbench Object with the respective document class:

     Metadata: DOC_META

     Master Data: DOC_MAST

     InfoProvider Data: DOC_TRAN

To edit documents on the Documents screen for a specific BI object, the user needs the following authorizations for the individual document classes:

...

       1.      Metadata

If you have the authorization to display or to edit a metadata object, you can also display or edit the documents for these metadata objects.

Valid activities are:

Activity

Name in BI Context

Information

03 (display)

display

 

23 (maintain)

maintain

Included are: create, change, delete

       2.      Master Data

If you have the authorization to display or to edit in specific master data, you can also display or edit the documents for these characteristic values.

Valid activities are:

Activity

Name in BI Context

Information

03 (display)

display

 

23 (maintain)

maintain

Included are: create, change, delete

       3.      InfoProvider Data

Authorization objects for InfoProvider data are not delivered. They are created as required. For more information, see Analysis Authorizations.

Caution

Note: The Activity field needs to be included in the authorization objects that are to model the authorizations for documents. The user only has display authorization if this field is missing. We recommend you include the Activity field particularly for new projects or subprojects.

To include the Activity field in existing authorization objects, you first need to delete all previous authorizations. For running projects, we therefore recommend the following procedure: Assign the old authorizations to those users who receive the display authorization. Create a new authorization object with the Activity field and also give this to users who are also to be given authorization for editing documents.

If a Reporting user has the display authorization for the InfoProvider data of a specific area (for example, customer 1-1000 and material 3000-5000), this user can also display the documents for this InfoProvider data.

NoteThe BI Security Manager has to be configured on the portal so that the checks described can also be performed for the documents on the portal.

Note You also have to assign a read authorization to the end user on the portal. Navigate to your BI system object on the portal by choosing System Administration System Configuration System Landscape Portal Content.  Double-click  the BI system object. In the Object dropdown box, choose the Permissions option and select the read authorization (Read) for the relevant role (for example, Everyone) that is assigned to the portal user.Select the End User indicator.

To give a user the authorization for editing InfoProvider data documents, the system administrator has the following options:

Activity

Name in BW context

Information

The user receives the authorization for the data with activity 36 (enhanced maintenance) in the authorization objects for InfoProvider data.

maintain_documents

You can also assign display authorization for one area, and edit authorization for the other.

Caution

Note: In this case, the user is not allowed the authorization "Authorization object S_RS_ADMWB Data Warehousing Workbench Object = DOC_TRAN” for the maintenance of documents (see next row).

With the authorization objects for InfoProvider data, the user has display authorization for the data (display) and additionally receives  authorization to maintain documents: Authorization object S_RS_ADMWB Data Warehousing Workbench Object = DOC_TRAN

maintain

A different assignment of authorizations is not possible: The user additionally receives edit authorization for all areas for which the user currently has display authorization.

We recommend that you only assign this combination of authorizations to a Reporting user if it is too time-consuming to change all the existing authorization objects individually.

 

 

 

End of Content Area