Managing User Authorization

Security is an essential element of any information system. BW is no exception to this rule. It uses an R/3 utility called Profile Generator to manage authorization. In this chapter, we will demonstrate how to use this utility.

The foundation of SAP authorization management is based on authorization objects. These objects define what a user can do, and to which SAP objects. Such a definition is called authorization. For example, the authorization in Table 6.1 allows users with that authorization to display and execute – but not change – the queries IC_DEMOBC_Q01 and IC_DEMOBC_Q02. This authorization is defined using authorization object S_RS_COMP.

Table 6.1. AN AUTHORIZATION FROM AUTHORIZATION OBJECT S_RS_COMP

S_RS_COMP Field Field Description Field Value
ACTVT Activity Display, Execute
RSINFOAREA InfoArea *
RSINFOCUBE InfoCube *
RSZCOMPID Name (ID) of a reporting component IC_DEMOBC_Q01, IC_DEMOBC_Q02
RSZCOMPTP Type of a reporting component Query

Multiple authorizations are combined to create an authorization profile. In SAP, an authorization profile is assigned to a user role. Users assigned to the role have the authorizations to execute the defined business activities.

In this chapter, we will use Profile Generator to create user roles and assign users to the roles. In addition, we will demonstrate how to run R/3 transactions and access Web sites from BEx Browser. Although the sales manager described in Chapter 1 may not need this function, we cover it here so that we can introduce an advanced feature powered by the integration of BEx Browser and Profile Generator. Let's start with a demonstration of the Profile Generator.

Категории