This guide outlines key SAP BW security transaction codes, steps to activate authorizations, hierarchical authorizations, and structural authorizations in SAP BW.
.png)
SAP BW Security Transaction Codes
| Transaction Code | Description |
|---|---|
| RSA1 | Main transaction for administrative functions in SAP BW (Administrator Workbench) |
| RSD1 | Used to mark objects as relevant for authorization (InfoObject Maintenance) |
| RSSM | Used to create and modify authorization objects in SAP BW |
| RSZV | Used to create or modify variables for authorization checks (Variable Maintenance) |
| RRMX | Business Explorer reporting tool in SAP BW for data analysis |
| GLOBAL_TEMPLATES | Templates for modeling and evaluating data |
How to Activate Authorizations in SAP BW
Follow these steps to activate authorizations in SAP BW:
- Mark InfoObject as authorization-relevant → Transaction RSD1
- Create a report authorization object → Transaction RSSM
- Select InfoCubes for authorization → Transaction RSSM
- Manually integrate the authorization object into a role → Transaction PFCG
- Change/Maintain authorization values → Transaction PFCG
- Assign the role to a user → Transaction PFCG or via Central User Administration (CUA)
Hierarchical Authorizations in SAP BW
To control authorizations for hierarchies, follow these steps:
- Transfer and activate InfoObject 0TCTAUTHH → Transaction RSD1
- Mark InfoObject 0TCTAUTHH as authorization-relevant → Transaction RSD1
- Mark Leaf InfoObject as authorization-relevant → Transaction RSD1
- Create authorization objects with 0TCTAUTHH and Leaf InfoObject → Transaction RSSM
- Define hierarchical authorizations → Transaction RSSM
- Manually integrate the authorization object into a role → Transaction PFCG
- Maintain authorization values → Transaction PFCG
- Assign the role to a user → Transaction PFCG or via Central User Administration (CUA)
Structural Authorizations in SAP BW
Structural authorizations from mySAP ERP HCM can be extracted and mapped in SAP BW to maintain system consistency. The relevant tables include:
- T77PR – Structural authorization profiles
- T77UA – User assignments
- T77UU – Users (used to select users for extraction)
Enforcing Structural Authorizations in SAP BW
Steps in mySAP ERP HCM System:
- Run Program RHBAUS02 → Upload Table T77UU and enter users.
- Run Program RHBAUUS00 → Generate an index for the structural authorization profile.
- Activate Data Source 0HR_PA_2.
Steps in SAP BW System:
- Replicate Data Source 0HR_PA_2.
- Activate ODS InfoProvider 0HR_PA_2.
- Create an InfoPackage to extract data for 0HR_PA_2.
- Load ODS data from mySAP ERP HCM.
- Mark InfoObjects as authorization-relevant (e.g., position, employee) to ensure proper reporting.
- Create reporting authorization objects.
- Link authorization objects to InfoCubes.
- Run Program RSSB_GENERATE_AUTHORIZATIONS.
.%20The%20image%20fe.webp)
,%20Quality%20Assurance%20(QA),%20and%20Production%20(PROD).%20The%20diagram%20.webp){kind=spacer}
,%20Quality%20Assurance%20(QA),%20and%20Production%20(PROD).%20The%20diagram%20.webp){kind=spacer}
Posts
No comments:
Post a Comment