Upload
julianholgado
View
310
Download
16
Tags:
Embed Size (px)
Citation preview
Advanced Features of SAP BW Reporting Authorizations
Session 709
Amelia LoPlatinum Consultant, SAP NetWeaver RIG
SAP Labs, LLC
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 2
Learning Objectives
As a result of this workshop, you will be able to:
Have a good handle of the most misunderstood features of the BW Reporting Authorization Understand how authorizations variable worksUnderstand how hierarchy node variable works
Learn the new functionality and new BW Authorizations Objects in BW3.0
Learn the basics of Planning and Strategize BW Authorizations
Know the dos and donts on BW Authorizations
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 3
SAP NetWeaverThe integration and application platform for lower TCO
Unifies and aligns people, information and business processes Integrates across
technologies and organizational boundaries
A safe choice with full .NET and J2EE interoperability
The business foundation for SAP and partners Powers business-ready
solutions that reduce custom integration
Its Enterprise Services Architecture increases business process flexibility
DB and OS Abstraction
.NET WebSphere
People Integration
C
o
m
p
o
s
i
t
e
A
p
p
l
i
c
a
t
i
o
n
F
r
a
m
e
w
o
r
k
Process IntegrationIntegration
BrokerBusiness Process
Management
Information IntegrationBusiness
IntelligenceKnowledge
Management
Multi-Channel Access
SAP NetWeaverSAP NetWeaver
Portal Collaboration
Life Cycle M
anagement
Master Data Management
J2EE ABAP
Application Platform
DB and OS Abstraction
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 4
Dont Miss the SAP Business Solutions Tour!
Your chance to see SAP NetWeaver in action see live demonstrations of:
SAP Enterprise Portal SAP Business Information WarehouseSAP Exchange Infrastructure SAP Web Application Server SAP Mobile Infrastructure SAP Master Data Management30-minute tour timeslots available Monday 10:30 5:10 Tuesday 9:40 5:30 Wednesday 8:00 12:00
Located at Wyndham Hotel Parking Lot
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 5
Agenda
Special Topics on BW Reporting Authorizations
Planning & Strategize BW Authorizations
Whats New in BW 3.0
The Dos and Donts
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 6
Agenda
Special Topics on BW Reporting Authorizations
Planning & Strategize BW Authorizations
Whats New in BW 3.0
The Dos and Donts
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 7
Special Topics of BW Reporting Authorizations
A Quick Review of BW Reporting Authorizations
A few most misunderstood Features Variable filled Authorizations Important parameter when use Global Variable Customer Exit Hierarchy Authorizations with Compound Characteristics
Tracing Authorizations in BW
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 8
Open Data Warehouse Architecture
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 9
SAP R/3 vs. BW Authorizations
Whats the same Role Based Security Authorizations
Users are assigned roles Roles contain profiles Profiles contain authorizations Roles are maintained using same tool (PFCG transaction) Can be administered via CUA (Central User Administration)
Authorization objects define specific permissions There are standard authorization objects available in the system
Whats different Unique BW Objects (InfoProvider, InfoArea, InfoObject, Query) Unique SAP BW Authorization Tool to administer BEx Reporting
data security It is possible to use variable security runtime parameters It is possible to generate profiles from datasources
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 10
Authorization Concept Overview
Meta Data ManagerMeta Data Manager
Business Explorer
Business InformationWarehouse Server
Meta DataRepositoryMeta DataRepository
InfoCubesInfoCubesData ManagerData Manager
Non R/3 Production Data Extractor
Non R/3 Production Data Extractor
Non R/3 OLTP ApplicationsNon R/3 OLTP Applications
OLAP ProcessorOLAP Processor
3rd party OLAP client
3rd party OLAP client
ODSODSStaging EngineStaging Engine
BAPIBAPI
R/3 OLTP ApplicationsR/3 OLTP Applications
OLTP Reporting
OLTP Reporting
Production DataExtractor
Production DataExtractor
3
SchedulingScheduling
MonitorMonitor
Administrator Workbench
AdministrationAdministration
2
1
Bex BrowserBex Browser
Analyzer
Bex Query Designer
Bex Analyzer
Web Appl DesignerWeb Appl Designer Web ReportWeb Report
Bex AnalyzerBex Analyzer
Query DesignerQuery Designer
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 11
Types of BW Authorizations
Systems Communication Authorizations
Administration Concept very close to standard R/3 all authorization relevant objects are delivered by SAP Pre-defined Templates can be used as a starting point Administration of authorizations like in R/3
Reporting no authorization relevant object definition is delivered set of tools to define customer specified concept embedded
in SAP BW administration
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 12
SAP BW Authorization Overview
UserUser
ProfileProfile
AuthorizationAuthorization
ValueValue
ObjectObject
FieldField
AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION
WAREHOUSE-Administration
AUTHORIZATION OBJECT CLASS: AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION BUSINESS INFORMATION
WAREHOUSEWAREHOUSE--AdministrationAdministration
ValueValue
ObjectObject
FieldField
AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION
WAREHOUSE- REPORTING
AUTHORIZATION OBJECT CLASS: AUTHORIZATION OBJECT CLASS: BUSINESS INFORMATION BUSINESS INFORMATION
WAREHOUSEWAREHOUSE-- REPORTINGREPORTING
RoleRole
Profile GeneratorProfile Generator
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 13
SAP BW Reporting Authorizations Objects
0..n
SAP BW ObjectsSAP BW InfoProviders
1..m
< Authorization Object >
Key Figure Object (1KFYNM)
Authorization Relevant Characteristic
Hierarchy Node
0..1
0..10
0..10
0..n
Only one 0TCTAUTHH Only one 0TCTAUTHH per Reporting per Reporting Authorization ObjectAuthorization Object
Many Hierarchy Many Hierarchy Authorizations can be Authorizations can be entered characteristicentered characteristic
0TCTAUTHH
0ORGUNIT
0Costcenter
0Profitcenter
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 14
Steps to Create Reporting Authorizations
1 Mark characteristics as "Authorization Relevant
Create an Authorization Object for Reporting(Transaction: RSSM)
Include required Authorization Relevant Characteristics If key figure authorization required, include 1KYFNM, If Hierarchy authorization required, Include 0TCTAUTHH and
leaf Characteristics,
Create Hierarchy Authorizations Define a description of a hierarchy authorization. Create an authorization for the new authorization object. Enter
the technical name of the description of a hierarchy authorization as value for field 0TCTAUTHH.
Create Authorizations with the values
2
3
4
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 15
Mark InfoObject Authorization Relevant
1
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 16
Authorizations
2
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 17
Create Authorization Object for Reporting
2
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 18
Authorization Definition for Hierarchy
3
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 19
BW Reporting Object in a Profile & Assign Value
< Authorization Object >
0EMPLOYEE
0ORGUNIT
0TCTAUTHH
4
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 20
Special Topics of BW Reporting Authorizations
A Quick Review of BW Reporting Authorizations
A few most misunderstood Features Variable filled Authorizations Important parameter when use Global Variable Customer Exit Hierarchy Authorizations with Compound Characteristics
Tracing Authorizations in BW
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 21
Create Authorizations Variables
VARIABLE WIZARD IN BEx
Characteristic Variable
Hierarchy Node Variable
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 22
Authorization Variables of Customer Exit type
z Create Variable1
2 Assign Variable to Query
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 23
Use of Variable filled Authorizations Scenario 1
SCENARIO: You defined two Reporting Authorization Objects with same authorization relevant characteristic (0ORGUNIT)
RA_OBJ1 contains values HR_EMEA & HR_US; RA_OBJ2 contains HR_US & HR_ASIA
Both Reporting Authorization Objects are assigned to User Amelias Profile
RESULT: Amelia have authorization to view HR_US ONLY !!!
HR_US
< RA_OBJ1 >Orgunit
HR_EMEA
< RA_OBJ2 >Orgunit
HR_ASIA
OSS note653383
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 24
Use of Variable filled Authorizations Scenario 1
Possible Approach: Define one Reporting Authorization Object and populate the values in one of the following ways:
Manually populated in the profile
Automated authorizations generation from the authorizations ODSs
Derive the values via the authorizations Users Exit (RSR000001)
< RA_OBJ >Orgunit
HR_EMEA HR_US HR_ASIAOSS notes
653383 557924
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 25
Maintain Global Variable for Authorization: via User Exit
$VAR
Query with authorizations varaible
User Exit RSR00001
Structure: RRRANGEEXIT
$VAR initiates User exit
ZAUTH
Read CustomerAUTH Table
Authorization Check
1. Use transaction CMOD to develop User Exit RSR00001, Function Module: EXIT_SAPLRRS0_001
2. Maintain Customer Authorization Table as required
3. Create Authorization Variable4. Include Variable in your query
Return Result
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 26
Be Aware Your Import Parameter Specification
I_Step Values: I_Step = 0 -> Enhancement is
not called (Default) I_Step = 1 -> Enhancement is
called up before Variable Entry I_Step = 2 -> Enhancement is
called up after Variable Entry I_Step = 3 -> Called up to check
the Variable Value; Variable appears once more
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 27
Compounded Hierarchy Authorizations - Scenario 2
SCENARIO: You defined a Reporting Authorization Objects for a Hierarchy with Compounded characteristics (0CO_Area and 0CostCenter)
You filled the authorizations variable with Flat Values for 0Costcenter
< Authorization Object >
0CO_Area
0Costcenter
0TCTAUTHH
RESULT: Brain 804 no authorization
Solution:Define and use Hierarchy Node VariableHierarchy Node Variable
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 28
Special Topics of BW Reporting Authorizations
A Quick Review of BW Reporting Authorizations
A few most misunderstood Features Variable filled Authorizations Important parameter when use Global Variable Customer Exit Hierarchy Authorizations with Compound Characteristics
Tracing Authorizations in BW
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 29
Tracing Authorizations
ST01ST01
SU53SU53
RSSMRSSM
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 30
Tracing Authorization: Overview
Trace functionality embedded in SAP R/3 basis Recording of authority checks for system (Transaction ST01) Display the last failed authority check of user (Transaction
SU53)
SAP BW reporting authority trace* set up user related trace recording for OLAP authority checks
Transaction RSSM
*Authorizations checked against Reporting Objects are not supported withstandard trace functionality's
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 31
Recording of Authority Checks
Start Transaction ST01
Configure detail of trace recording
Activate trace
Perform actions on system
Analyze trace using transaction ST01
Note: Trace ST01 can be used either in BW and R/3 source system.
1
2
3
4
5
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 32
Recording of Authority Checks
2
3
5
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 33
SAP BW Reporting Authority Trace
Start transaction RSSM in SAP BW
Choose Authorization trace from Authorization object reporting menu or locate it from the bottom of the screen.
Insert user
Perform reporting activity
Analyze trace
1
2
3
4
5
3
5
2
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 34
Agenda
BW Authorizations Overview
Planning & Strategize BW Authorizations
Whats New in BW 3.0
The Dos and Donts
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 35
Guiding Principals
Integrate in your Development Life Cycle Plan Authorizations Early on in your Development Life Cycle Authorizations requirement collection at Blue Print Phase Identify and Assign Data Ownership
KISS Principal (Keep it Simple and Small) A balance act among Granularity vs. Maintenance vs. Performance Design for simplicity and Ease of Maintenance without
compromising Mandatory data security Divide user into Groups and manage security at InfoArea or
InfoProvider level
Thorough Authorizations Testing Must be a part of system Integration Test plan Performance testing is a essential part of test plan
Staffing for BW Authorizations R/3 Authorization expert does not equivalent to BW Authorizations
Experience Segregation of Duties among BW Users and Administrator
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 36
BW Authorizations Roadmap (I)
Develop Authorizations Strategy1. Consider company policy:2. Consider Legal requirements3. Classify types of users & required roles4. Consider Proof of Concept phase to valid
complex authorization model
5. Define Data Ownership and Responsibility 6. Develop questionnaire for blue print7. Document requirements in Matrix8. Develop naming convention for Authorization9. Design the Roles consider segregate
Activities from Data Access roles
10. Use SAP delivered templates as the baseline11. Revise to meet your requirements
12. Define BW Reporting Objects for InfoObjectsper step 6
13. Consider using Hierarchy node authorization based on user access pattern
14. For complex & detailed authorizations needs, consider using Authorizations Variable to ease maintenance
Develop Authorizations Matrix to collect authorization requirement for blue print phase
Define BW Authorization for Admin workbench
Define BW reporting authorizations
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 37
BW Authorizations Roadmap (2)
Testing BW Authorizations Testing
15. Develop detailed test scenarios and planInvolve Business in authorizations testing
16. Develop performance test plan and establish the test environment and data volume
17. Incorporate BW Authorizations testing in the overall SAP System Tests (R/3 and non R/3).
18. Develop BW User Security request and approval processes
19. Consider a Web-based authorization request workflow and user guide
20. Develop a BW Security Administration checklist
21. Define Periodic BW Security Reviews and Assessment Process
22. BW Authorizations Training for Security Administrators
23. Include BW Authorizations impact on data access as a part of the BW user training.
Develop Administrative and Monitoring Process for BW Authorizations
Conduct BW Authorization Training
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 38
Agenda
BW Authorizations Overview
Planning & Strategize BW Authorizations
Whats New in BW 3.0
The Dos and Donts
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 39
New in Authorization Objects, Frontend (3.0)
S_RS_COMP New Authorizations Check for Variables in Query Definition Object type is VAR
S_RS_COMP1 Is checked additionally with S_RS_COMP Checks for authorizations on query components dependent on the
owner (creator RSZOWNER) Authorizations are necessary, e.g. for creating queries
S_RS_FOLD Suppress InfoArea view of BEx elements Specify X (true) in the authorization maintenance for suppressing
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 40
New Authorization Objects, Backend (3.0)
S_RS_IOBJ Authorization object for working with InfoObjects Is checked if authorization is not available via S_RS_ADMWB Additional checks for update rule authorizations
S_RS_ISET For displaying / maintaining InfoSets (new object in BW)
S_RFC Authorization for GUI activities Add following RFC_NAMEs with RFC_TYPE FUGR and ACTVT 16
RRXWS: BW Web InterfaceRS_PERS_BOD: Personalization of Bex Open DialogRSMENU: Roles and Menus
S_GUI Authorization forGUI activities. Add the activity 60 (upload)
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 41
Automated Authorization Generator
Sourced from Two types of ODS Objects
Authorization Value ODS Hierarchy ODS
ODS Population
From R/3: HR Structural Authorizations From R/3: Cost Center (BW 3.1 content) From Flat Files
New RSSM User Interface
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 42
ValueValue
ODS-Objects
SAP BWServer
InfoSource
Automated Authorization Generation: the Architecture
Update Rules
Mapping & Transfer Rules
DataSource
BW Metadata
replicated Metadata
DataSource
FileFile R/3R/3OtherOther
BWS-API
Mapping & Transfer Rules
Value Hierarchy Text User Assign
0TCA_DS01 0TCA_DS02 0TCA_DS03 0TCA_DS04
Tcode: RSSM Generate AuthorizationTcode: RSSM Generate Authorization< Auth Object >
0TCTAUTHH
0ORGUNIT
0EMPLOYEE
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 43
HR Structural Authorizations
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 44
BW/HR Structural Authorizations
Whats BW/HR Structural Authorizations
Bring R/3 Structural Authorizations to BW via Standard Extraction Associate with BW Authorizations via execution of special Module Full Refresh on a Customer Selected Frequency
Key Benefits
Reduced the Redundant Security Setup Provide Cross System Consistency
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 45
BWBWR/3 OLTPR/3 OLTP
Structural Authorization in BWStructural Authorization in BW
RSSMTrans
Security Security CheckCheck
ORProgramModulesRSSB_Generate_Authorizations
PSA PSAPSA PSA
0HR_PA_20HR_PA_2DataData
SourceSource
Struc Auth
0PA_DS02
PSAPSATransfer Rules
ODSsODSs
UpdateRules
0HR_PA_30HR_PA_3DataData
SourceSourceStruc Auth
0PA_DS03
R/3 Org. StructureR/3 Org. Structure
INDXINDXClusterCluster
(0HR_PA_2(0HR_PA_2&&
0HR_PA_3)0HR_PA_3)DataData
SourcesSources
RHBAUS00
T77UAT77UAAssignmentAssignment
T77UUT77UUUserUser
T77PRT77PRProfileProfile
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 46
12 Steps to Install Structural Authorizations
Create Structural Authorization Profile (IMG or TR-OOSP)1
Assign User to Profile (IMG or TR-OOSB)2
Update T77UU table to include User Name3
Execute program RHBAUS00 to create INDX4
Activate 0HR_PA_2 & 3 DataSource in R/3 and BW5
Activate or Create 0HR_PA_2 & 3 InfoSource & Communication Structure
6
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 47
12 Steps to Install Structural Authorizations
Activate and load ODS from R/3 7
Activate Target InfoObjects Authorization Relevant8
Create Authorization Object (Transaction Code: RSSM)9
Use Transaction code: RSSM or Execute RSSB Function Modules to generate BW Authorization
10
Create Authorization Variables11
Create Query with Authorization Variables12
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 48
Steps to Create Authorization from Flat Files
Planning & Mapping 0 Determine what you want to secure Mapping Objects & create Flat file
1 Mark InfoObjects Auth. Relevant Define Reporting Auth Object via RSSMDefine Reporting Object
2 Create Authorization Value Infosoure & ODS
Use 0TCA_DS01 as template ODS name must be xxxx_DS01
3 Create Authorization HierInfosoure & ODS
Use 0TCA_DS02 as template ODS name must be xxxx_DS02
4 The data format = yyyymmdd or per Your Default FormatSeveral Objects can define as constant
Create Update Rules forODS Loads
Generate Profiles via RSSM or RSSB program5 RSSM: Find your ODSs & Mark Auth Obj Exec RSSB_Generate_Authorizations
6 Create Authorizations Variable in Query Def.
Define Variables for Auth InfoObjects Include Variables in your Queries
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 49
Tips & Hints for Automatically Generated Authorizations
Performance If you have very large number of values in your user master record,
the query performance will be significantly impacted It is a multiplication effect of: # authorization objects X # values X Ex: 20 orgunits X 10,000 EE X 5 objects = 1,000,000 checking
Alternatives For top executives: setup a role to give full authorizations Use Hierarchy variables for queries initial view with Hierarchy Use RSR00001 User exit against the populated ODSs
How To Paper HTTP://WWW.Service.SAP.com/BW -> Service & Implementation ->
How to Papers BW/HR Authorizations Generate Authorizations Profile from Flat File
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 50
Agenda
BW Authorizations Overview
Planning & Strategize BW Authorizations
Whats New in BW 3.0
The Dos and Donts
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 51
Dos and Donts
Dos
Keep the four guiding principals in mind when planning BW authorizations
Consider a Proof of Concept phase for complex authorizations model Check out OSS Notes on Authorizations
Apply BW 3.0B SP15 for performance enhancement & corrections Note 625049: Improved performance Note 315094: Authorization recommendation
Check out the BW Online document on Security with Scenarios Use caution when request of user query publishing in Production
Limit number of users authorized Setup specific user published reporting roles with administrative
process (clean-up) and alert users as Uncertified Reports
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 52
Dos and Donts
Dos
Create an effective OSS Message for authorizations Prepare a query which is as simple as possible and still
reproduces the error Prepare a SAP_ALL user and a restricted user. If you use variables (customer exits) replace their content into
profile of the restricted user (we do not support customer code) explain clearly what you expect to see and what the error is. don't forget to give all the necessary information: usernames,
passwords, System, names, open the system.
Donts
Dont setup Field level specific security just because youve been asked Challenge the requester for legal or policy requirements
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 53
Further Information
Public Web:www.sap.com/solutions/bi/SAP Customer Services Network: www.service.sap.com/BW
Consulting ContactRoy Wood, VP SAP NetWeaver Consulting Practice ([email protected])
Related SAP Education Training Opportunitieshttp://www.sap.com/usa/education/BW 365, Business Information Warehouse Authorizations
Related Workshops/Lectures at ASUG BITI Forum 2003
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 54
Questions?
Q&A
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 55
Feedback
Please complete your session evaluation and drop it in the box on your way out.
Be courteous deposit your trash, and do not take the handouts for the
following session.
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 56
Copyright 2003 SAP AG. All Rights Reserved
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint and SQL Server are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix and Informix Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
ORACLE is a registered trademark of ORACLE Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, the Citrix logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin and
other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology.
JAVA is a registered trademark of Sun Microsystems, Inc. JAVASCRIPT is a registered trademark of Sun Microsystems, Inc., used under license for technology invented
and implemented by Netscape.
MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies.
SAP AG 2003 ASUG BITI Forum Session 709, Amelia Lo / 57
Copyright 2003 SAP AG. Alle Rechte vorbehalten
Weitergabe und Vervielfltigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die aus-drckliche schriftliche Genehmigung durch SAP AG nicht gestattet. In dieser Publikation enthaltene Informationen knnen ohne vorherige Ankn-digung gendert werden.
Die von SAP AG oder deren Vertriebsfirmen angebotenen Softwareprodukte knnen Softwarekomponenten auch anderer Softwarehersteller enthalten.
Microsoft, WINDOWS, NT, EXCEL, Word, PowerPoint und SQL Server sind eingetragene Marken der Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informixund Informix Dynamic ServerTM sind Marken der IBM Corporation in den USA und/oder anderen Lndern.
ORACLE ist eine eingetragene Marke der ORACLE Corporation. UNIX, X/Open, OSF/1 und Motif sind eingetragene Marken der Open Group. Citrix, das Citrix-Logo, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, MultiWin und
andere hier erwhnte Namen von Citrix-Produkten sind Marken von Citrix Systems, Inc.
HTML, DHTML, XML, XHTML sind Marken oder eingetragene Marken des W3C, World Wide Web Consortium, Massachusetts Institute of Technology.
JAVA ist eine eingetragene Marke der Sun Microsystems, Inc. JAVASCRIPT ist eine eingetragene Marke der Sun Microsystems, Inc., verwendet unter der Lizenz der von
Netscape entwickelten und implementierten Technologie.
MarketSet und Enterprise Buyer sind gemeinsame Marken von SAP AG und Commerce One. SAP, R/3, mySAP, mySAP.com, xApps, xApp und weitere im Text erwhnte SAP-Produkte und Dienstleistungen
sowie die entsprechenden Logos sind Marken oder eingetragene Marken der SAP AG in Deutschland und anderen Lndern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen.
Advanced Features of SAP BW Reporting AuthorizationsLearning ObjectivesSAP NetWeaverThe integration and application platform for lower TCODont Miss the SAP Business Solutions Tour!AgendaAgendaSpecial Topics of BW Reporting AuthorizationsOpen Data Warehouse ArchitectureSAP R/3 vs. BW AuthorizationsAuthorization Concept OverviewTypes of BW AuthorizationsSAP BW Authorization OverviewSAP BW Reporting Authorizations ObjectsSteps to Create Reporting AuthorizationsMark InfoObject Authorization RelevantAuthorizationsAuthorization Definition for HierarchyBW Reporting Object in a Profile & Assign ValueSpecial Topics of BW Reporting AuthorizationsCreate Authorizations VariablesAuthorization Variables of Customer Exit typeUse of Variable filled Authorizations Scenario 1Use of Variable filled Authorizations Scenario 1Maintain Global Variable for Authorization: via User ExitBe Aware Your Import Parameter SpecificationCompounded Hierarchy Authorizations - Scenario 2Special Topics of BW Reporting AuthorizationsTracing AuthorizationsTracing Authorization: OverviewRecording of Authority ChecksRecording of Authority ChecksSAP BW Reporting Authority TraceAgendaGuiding PrincipalsAgendaNew in Authorization Objects, Frontend (3.0)New Authorization Objects, Backend (3.0)Automated Authorization GeneratorAutomated Authorization Generation: the ArchitectureBW/HR Structural Authorizations12 Steps to Install Structural Authorizations12 Steps to Install Structural AuthorizationsTips & Hints for Automatically Generated AuthorizationsAgendaDos and DontsDos and DontsQuestions?FeedbackCopyright 2003 SAP AG. All Rights ReservedCopyright 2003 SAP AG. Alle Rechte vorbehalten