News & information about SAP Business Intelligence tools and SAP HANA. In this article I will try to explain a bit more about SAP CRM Marketing attributes and how this data is setup, as well as which tables are technically used behind.
If you’re evaluating Tableau vs. QlikView vs. Microsoft Power BI, read on. We highlight the key pros and cons of each of these vendors. Plus, we included a.
BW Security – Sap Security Pages. The idea for this article came to me after reading through a question from a visitor to this site. I believe the question is relevant to anyone designing Analysis Authorizations. So even though there are other posts in this blog that talk about how to actually create analysis authorization, this current article is meant to help security consultant in actually applying the concepts while designing security. I will start with reproducing the question below. Q: Hi Aninda,Firstly, thanks for the helpful posts on this site.
I would like to check with you on how the system checks BI auth. Does it check every possible combination?
For eg: user is assigned with 2 analysis auth as below: A: plant 1. PG) 1. 00. B: plant 2. PG 2. 00. When the user runs a report and fills in the fields with plant : 1. PG: 1. 00, 2. 00,he/she will actually get no authorization.
When I checked the trace, it looks like the system is checking for. PG 1. 00. 2) plant 1.
PG 2. 00. 3) plant 2. PG 1. 00. 4) plant 2. PG 2. 00. In this case, the authorization failed because there is no such combination for 2 and 3 in my analysis authorization. Appreciate your advice if my understanding is correct and how do we work around this apart from asking the user to run the report separately for plant 1. Thanks. I will elaborate from my original answer below.
Firstly I should re- iterate that SAP does indeed check for the 4 different combinations mentioned , i. PG 1. 00. 2) plant 1.
PG 2. 00. 3) plant 2. PG 1. 00. 4) plant 2. PG 2. 00. This may be counter intuitive to us from our experience in ECC while looking up data from SAP tables in SE1. SUIM. However, BI reports only return data when the total result set is authorized.
In other words, you need access to all possible combinations for the query to return any data at all. You get everything or nothing . We need to ask ourselves, Is this extra access a problem? Like most consulting questions, there is no single correct answer to the problem. For some clients this extra access might be okay while for others it might be a strict no.
I would start looking at how security is set up in ECC and try to replicate same access in BI. For example, I would think a Buyer in ECC would be assigned to one or more purchasing groups and would be responsible for one or more plants. Its far less likely that a Buyer is assigned to a different purchasing groups for different plants. So the more likely scenario tells me that the extra access with the two new authorizations are perfectly fine and in line with ECC security. However, your client might be using a different configuration for plant and purchasing group security. In case, the extra security access is not enough, the solution would be to ask the reporter to run the BW query twice.
Once for Plant 1. PG 1. 00 and next for Plant 2.