BI Security Activities in SAP

7/25/2019 BI Security Activities in SAP

1/11

Authorization Requirements for a Reporting-User

S_RS_COMP : Using this authorization object, you can restrict the

components that you work with in the Business Explorer query defnition

S_RS_COMP1 (Query oner! "!ith this authorization object, you can

restrict query component authorization with regards to the owner

S_R#C ($%& Ana'yzer ! : !ith this authorization object, user will be

using the BEx "nalyzer reporting tool

S_CO)% (RRM* for $%& Ana'yzer!: #ser will need to ha$eauthorizations %or object &'()* and &'+*-E with authorization %or the t.

code ((/0

S_RS_#O+): -isable the 1n%o"reas button in the BEx "nalyzer pen

2ueries dialog box


2/11

a,'es use in $. Se/urity"

RS%C0A+ - Authorization 0a'ue Status

RS%C.% Status of Authorization ierar/hies


3/11

RS%C* Authorization e&ts

RS)CU$% )ire/tory of .nfoCu,es 2 .nfoPro3ier

RS)CU$%.O$4 O,5e/ts per .nfoCu,e (here-use 'ist!

RS)CA Chara/teristi/ Cata'og


4/11

o to 6n the 'ist of ro'es of a parti/u'ar query2 o to 6n hetheruser has a//ess to the ro'e in hi/h the e&e/ute query e&ists

3ou can fnd the query name %rom trace report or you can ask the user

4ro$ide the query name in (&((E4-1( and fnd the technical query name

RSRR%P).R )ire/tory of a'' reports (Query 7%8U8..)!

4ro$ide the technical query name 5#nique 1-6 in "7('81E( and fnd the list o%

roles

)i9erent :in of ro'es assigne in $."

+here are 9 kinds o% roles assigned to the reporting users

/enu (ole; "uthorization role9 *ommon "uthorization role


5/11

Menu Ro'e : ((/0 and queries will be assigned in menu


6/11

Assigning or;,oo;s to ro'es"

1% a user wants to sa$e a workbook to a location where it can be easily accessed

by others, they need to sa$e to a (ole S_US%R_A7R is required to the user to

sa$e theworkbook to the /enu area o% the role

Ana'ysis Authorizations"

!hen user executes a query which has an in%oobject which is authorization

rele$ant, then user needs to ha$e analysis authorizations to execute the query


7/11

"nalysis authorizations are created using RS%CA)M.8

!e need to ha$e access to the authorization object S_RS%Cto create the

analysis authorizations


8/11

Spe/ia' /hara/teristi/s2,usiness /ontent /hara/teristi/s "

=+*""*+>+ 5"cti$ity6: display 5=96

=+*"14(> 51n%o4ro$iders6: grants authorization to particular 1n%o4ro$iders

=+*">"?1- 5>alidity6: grants authorization to specifc time periods

"part %rom the abo$e special characteristic, we need to add the authorizationrele$ant in%oobject in the analysis authorization

RS%CAU"

#sing a colon5:6 as an authorization $alue enables to execute queries which do

not ha$e auth rele$ant in%o object that are checked in the in%ocube and pro$ide

aggregate data %or the characteristic le$el %or which user does not ha$e access


9/11

+hese authorization $alues can be assigned as single $alue, ranges and pattern

5@6

E2: single $alue B+: range o% $alues *4: contain patternA "B*@

RS%CA)M.8 ra/e (RS%CPRO!

+ransaction code (&E*"-/1< is specifc to B1 and only traces the custom

reporting authorization objects you create to control access to 1n%object $alues

+here are ; ways to run trace:

*hoose the button Error ?ogs, add the user to the list and ask the user to

run the query


10/11

; *hoose the button Execution as option i% you know the query type the

user name, check !ith ?og and execute the query yoursel%

3ou can fnd all the traces executed by yoursel% i% you pro$ide blank date and@ in restricted user


11/11

+here are ; kinds o% error messages in trace reports

Message %=%

BI Security Activities in SAP

Documents