SAP BW Security (Authorizations): A Comprehensive Guide

 SAP BW (Business Warehouse) Security is essential for safeguarding data access, defining user permissions, and managing authorizations. Below is a detailed breakdown of key SAP BW Security transaction codes, steps for activating authorizations, and methods for hierarchical and structural authorizations.


Key SAP BW Security Transaction Codes

Transaction CodeDescription
RSA1Main transaction for administrative functions in SAP BW (Administrator Workbench).
RSD1Mark objects as relevant for authorization (InfoObject Maintenance).
RSSMCreate and modify authorization objects in SAP BW.
RSZVCreate or modify variables for authorization checks (Variable Maintenance).
RRMXBusiness Explorer (BEx) reporting tool for analyzing data in SAP BW.
GLOBAL_TEMPLATESTemplates for modeling and evaluating data.

How to Activate Authorizations in SAP BW

Follow these steps to activate and manage authorizations in SAP BW effectively:

  1. Mark InfoObject as Authorization Relevant: Use T-Code RSD1.
  2. Create Report Authorization Objects: Use T-Code RSSM.
  3. Select InfoCubes for Authorization: Access using T-Code RSSM.
  4. Integrate Authorization Objects into Roles: Use T-Code PFCG (Manual Integration).
  5. Maintain Authorization Values: Modify values in PFCG.
  6. Assign Roles to Users: Use T-Code PFCG or manage centrally via Central User Administration (CUA).

Hierarchical Authorizations in SAP BW

To control hierarchical authorizations in SAP BW, follow these steps:

  1. Transfer and Activate InfoObject 0TCTAUTHH: Use T-Code RSD1.
  2. Mark 0TCTAUTHH as Authorization Relevant: Use RSD1.
  3. Mark Leaf InfoObject as Authorization Relevant: Access via T-Code RSD1.
  4. Create Authorization Objects: Combine 0TCTAUTHH and Leaf InfoObject using T-Code RSSM.
  5. Define Hierarchical Authorizations: Use RSSM.
  6. Integrate Authorization Objects into Roles: Use T-Code PFCG.
  7. Maintain Authorization Values: Edit in PFCG.
  8. Assign Roles to Users: Use T-Code PFCG or CUA.

Structural Authorizations in SAP BW

To ensure structural authorization consistency between mySAP ERP HCM and SAP BW, follow these steps:

Tables of Interest in SAP ERP HCM:

  1. T77PR – Structural Authorization Profiles.
  2. T77UA – User Assignments.
  3. T77UU – User Selection Table (Select specific or all users for extraction).

Steps for Structural Authorizations

In mySAP ERP HCM:

  1. Call Program RHBAUS02: Upload Table T77UU and enter users.
  2. Run Program RHBAUUS00: Generate index for structural authorization profiles.
  3. Activate Data Source 0HR_PA_2: Ensures data availability for BW extraction.

In SAP BW:

  1. Replicate Data Source 0HR_PA_2.
  2. Activate ODS InfoProvider 0HR_PA_2.
  3. Create InfoPackage: Perform data extraction from ERP to BW.
  4. Load Data into ODS: Extract from mySAP ERP HCM.
  5. Mark InfoObjects as Authorization Relevant: Ensure reporting characteristics like position, employee, etc., are flagged for authorization.
  6. Create Reporting Authorization Objects.
  7. Link Authorization Objects to InfoCubes.
  8. Run Program RSSB_GENERATE_AUTHORIZATIONS: Generate necessary authorizations.

Conclusion

SAP BW Security and Authorization Management are crucial for controlling access to sensitive BW data. Using T-Codes like RSA1, RSD1, RSSM, and PFCG, administrators can activate authorizations, manage hierarchies, and enforce structural authorizations seamlessly. Consistency between SAP HCM and BW authorizations ensures a robust, secure, and compliant reporting system.

By mastering these steps and tools, you can enhance SAP BW security and optimize data governance.

Comments Comments