BW Security (Authorizations)

The following are some of the relevant SAP BW Security transaction codes.

Transaction Code


Description

RSA1


Transaction RSA1 is the main transaction for administrative functions in SAP BW (Administrator Workbench)

RSD1


This transaction code can be used to mark objects as relevant for authorization (InfoObject Maintainence)

RSSM


This transaction code can be used to create and modify authorization objects in SAP BW

RSZV


This transaction code is used to create or modify the variables for authorization checks. (Variable Maintenance)

RRMX


Business Explorer is the reporting tool in SAP BW and is used for analyzing data.

GLOBAL_TEMPLATES


Templates for modelling and evaluating data


How to Activate Authorizations In BW

The following steps explains how to activate the authorizations in BW.

1) Mark InfoObject as relevant for authorization tcode => RSD1

2) Create report authorization object tcode => RSSM

3) Select InfoCubes tcode => RSSM

4) Manually integrate authorization object in role tcode => PFCG

5) Change / Maintain authorization values => PFCG

6) Assign role to user tcode => PFCG or via Central User Administration

Hierarchical Authorizations in BW

The following steps describe the steps to control authorizations for hierarchies

1) Transfer and activate InfoObject 0TCTAUTHH tcode => RSD1

2) Mark InfoObject 0TCTAUTHH as relevant for authorization tcode => RSD1

3) Mark Leaf InfoObject as relavant for authorization tcode => RSD1

4) Create authorization objects with 0TCTAUTHH and Leaf InfoObject => RSSM

5) Define hierarchical authorizations tcode => RSSM

6) Manual intrgration of authorization object in role tcode => PFCG

7) Maintain authorization values tcode => PFCG

8) Assign role to user tcode => PFCG or via Central User Administration

For extracting structural authorizations from HR (mySAP ERP HCM) and to map it in SAP BW to maintian consistency between the two systems the tables of interest are:

1) T77PR for Structural Authorization profiles

2) T77UA for user assignments

3) T77UU for users (in this table you can select the users for extraction. You can either select all or specific users)
Structural Authorizations in SAP BW

The following steps show the way Structural Authorization is enforced in SAP BW.

The following steps to be carried out in the mySAP ERP HCM system.

1) Call program RHBAUS02 for uploading Table T77UU and enter users.

2) Call program RHBAUUS00 for generating an index for structural authorization profile

3) Activate Data source 0HR_PA_2

The following steps to be carried out in the SAP BW system

1) Replicate Data source 0HR_PA_2

2) Activate ODS InfoProvider 0HR_PA_2

3) Create an InfoPackage to perform an extraction for 0HR_PA_2

4) Load ODS data from mySAP ERP HCM

5) Mark InfoObjects as relevant for authorization (In order to use structural authorizations in SAP BW, all characteristic values like position, employee etc. which are relevant to reporting should be marked as authorization relevant InfoObjects.)

6) Create reporting authorization objects

7) Link authorization objects to InfoCubes

8) Call program RSSB_Generate_Authorizations.