Select Authorization Concept
SAP provides two different ways of securing OLAP data in BW. The first is the traditional, and till BW 3.5 the only way, using Z authorization objects for reporting. The second way, which was introduced as part of BI 7, uses analysis authorizations. So the first step in BW security, should always be to choose the concept which we want to use in our BW landscape.
We can reach the switch settings option through the transaction SPRO as shown below
Once inside the transaction, we just choose the appropriate authorization concept setting and save our entry. Though its appears to be a single setting, we should give some thought about which authorization concept to use as migrating from one concept to another takes a significant amount of time for design, testing and implementation.
SAP recommends that for new projects at least we use the concept of analysis authorizations for security as it provides significant advantages over the old concept. There is also the possibility that in the future SAP might stop supporting the old authorization concept completely in their products. Thus in our future discussions on BW security, I would concentrate on analysis authorizations.
Before going into detailed configuration for analysis authorizations, it might be worth to look at a few of the advantages of analysis authorizations over reporting authorization objects.
- Reporting authorization objects are Z or Y objects of the RSR class (SAP Business Information Warehouse – Reporting). As authorization objects they are limited to a maximum of 10 authorization fields per object. Analysis authorizations have no such restrictions.
- The new concept allows us to separately secure the navigational attributes used in an InfoProvider. For example, the authorization object 0COSTCENTER can have different security when it appears as an InfoObject in an InfoProvider and when it appears as a navigational attribute for another InfoObject. In the old concept, both these cases will have the same security.
SAP Business Information Warehouse – Reporting
Can you please explain the below statement . I’m new to BI security
The new concept allows us to separately secure the navigational attributes used in an InfoProvider. For example, the authorization object 0COSTCENTER can have different security when it appears as an InfoObject in an InfoProvider and when it appears as a navigational attribute for another InfoObject. In the old concept, both these cases will have the same security.
SAP Business Information Warehouse – Reporting
Vishal
You would need to understand the structure of InfoObjects and how InfoObjects are used in InfoProviders to understand this statement. You can look at the attributes of InfoObjects in transactions RSA1 or RSD1. Otherwise its difficult to appreciate how InfoObjects differ from their Navigational or Display attributes. Thanks