SAP Security Online - BW Authorization objects


	R/3 Security
	BW Security
		Important Notes
		Authorization Objects
	Enterprise Portal
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

BW Security- New Authorization object in BW 3.0

Authorization Objects for Working in the Business Explorer

S_RS_COMP: Authorizations for using different components for the query definition. This authorization object is very important for reporting

The authorization object S_RS_COMP restricts query component activities. For example, it restricts if someone can create queries, change queries, or execute queries. You can restrict query creation, change, and execution by the InfoArea and InfoCube. If your company has one InfoCube for sales information and another for financial data, you can restrict a user to only those queries written for the sales InfoCube or the financial InfoCube.

You could also use S_RS_COMP if you want to protect by query name. For example, you have an InfoCube for sales data. Every sales manager needs access to this InfoCube. However, sales managers in different lines of business are not allowed to execute the same query.

The following table contains specific information about the fields in S_RS_COMP and how they are used.

bw_auth_obj11

S_RS_COMP1: Authorization for queries from specific owners. This object is new in SAP BW 3.0. It can be used to limit, by the query owner, which queries a user can see. For example, you can only see queries created by the power user for your area.

Authorization object S_RS_COMP1 secures the list of queries seen by the user via the BEx Analyzer or Web-based reporting (this authorization object began with release 3.0A).With S_RS_COMP1, you can limit the list of queries by the query owner. For example, you are a manager for a local sales team. You can only run queries created by the power user for your geographic region. S_RS_COMP1 limits both what queries you can see in the BEx Analyer tool, what queries you can display, and what queries you can execute. The Owner field in S_RS_COMP1 works in conjunction with the fields
in S_RS_COMP.
If the special value $USER is entered as an authorization value for the Owner field, then a user can only change their queries and cannot change any other queries. The $USER will also limit the queries the user can see and display in the analyzer tool.

Authorization objects S_RS_COMP and S_RS_COMP1 are evaluated together. A user must have access to both objects. The actions you can take related to a query in S_RS_COMP are complemented by the owner field in S_RS_COMP1.

The following table details the fields in S_RS_COMP1 and how they are used.

bw_auth_obj12

S_RS_FOLD Display authorization for folder. This object is new in SAP BW 3.0

If you do not want InfoAreas to appear as an option, then use the authorization object S_RS_FOLD. This object is not required. You only need to use it if you do not want users to even see the InfoAreas listing of queries. The object has one field - Hide .Folder. Push button. If this field is set to X (True), then the InfoAreas button will not appear in the BEx Analyzer Open → Queries dialog box

When a user brings up the BEx Analyzer or uses the Query Designer for Web-based reporting, there are four categories from which they may choose existing queries: History, Favorites, Roles, and InfoAreas. Authorization object S_RS_FOLD will allow you to disable the InfoAreas category

More Authorization Objects for Working in the Data Warehousing Workbench

SAP Help | SAP Service Market Place | SAP SDN