Your SAP Resource  »  Publications  »  SAP Experts  »  BI Expert Online

Log In  |  Help

BI Expert

SAP BI/BW/BusinessObjects
concepts, technology, and
best practices

Part of the
SAP Experts
knowledgebase

Subscribe/Renew Now

Browse by Category  |  Advanced Search »

Go

Home

Knowledgebase Overview

Article Index  |  PDF

Free Sample Article

Frequently Asked Questions

Downloads

Webinars

SAP NetWeaver/BI and Portals 2011 Conference

SAP Insider Event Calendar

SAP Experts Knowledgebases

About Us

Contact Us

Knowledgebase  »  Volume 6 (2008)  »  Issue 7 (July/August)

SAP NetWeaver BI Security for Complex Requirements  Print

by Shahid Manzur, BI Architect, SAP Labs, and Marc Bernard, Chief Architect, NetWeaver RIG, SAP Labs

In SAP NetWeaver BI 7.0, you can join multiple authorizations. However, the union is only possible at an aggregated level. Find out how to implement analysis authorizations for unions and see a custom solution that helps overcome this limitation.

Categories: Aggregates, SAP Customer Relationship Management, Security, Transformations

SAP CRM, Security and Authorizations

Key Concept

An analysis authorization is a new security concept as of SAP NetWeaver BI 7.0. It is different from the conventional authorization object concept and helps overcome limitations that existed when it comes to reporting and analysis. Enhancements include, for example, the ability to base authorizations on an unlimited number of InfoObjects and to grant access to transaction data by navigation attributes. Also, you can now set individual InfoObjects to "authorization relevant," regardless of the InfoProvider. Furthermore, you can set validity for individual authorizations instead of the entire role. Finally, you can join multiple authorizations, which is a significant improvement from the previous security model.

In SAP NetWeaver BI 7.0, SAP has made several enhancements to the BI security model. The most important one is the ability to do a union of several authorizations at an aggregated level. However, some limitations still do exist when you are working with standard analysis authorizations.

Let’s say, for example, that authorizations in a CRM pipeline analysis report are based on three objects: industry, service area, and region. The user has access to the telecom industry, plus the service area enterprise applications within the Midwest region. The requirement in this case is to show all opportunities that meet the security criteria, or, in other words, the union of all security objects. Prior to analysis authorizations it was only possible to show the intersection of all the security objects or data that meets all three requirements.

With analysis authorizations it is now possible to show the union at an aggregated level. From there, users can then drill down into individual areas and look at the details. In this case it is possible to report on the overall pipeline value for all of telecom opportunities plus enterprise application opportunities in the Midwest.

However, what if the requirement is to show a union of all the transaction level details? This is not possible using security based on analysis authorizations. For example, assume the user is an industry leader for telecom and also happens to be the service area leader for enterprise applications in the Midwest region. When this user executes the dashboard/report he expects to see details for all the opportunities that fall under his area. In such a scenario you need a custom approach because analysis authorizations only allow reporting at an aggregated level without all the transaction details.

In this article we will cover two scenarios. In the first, we create a union of transaction details, which we will show you how to implement using a custom security approach. Second, we will briefly explain how to do a union at an aggregated level using standard analysis authorizations for requirements where reporting at an aggregated level is sufficient.

Would you like to see the full version of this article?

If you are an electronic license holder to BI Expert, please click here to log in.

If you would like information about becoming an electronic license holder — and having 24/7 unrestricted access to all articles and content in the BI Expert online knowledgebase — click here to see the available subscription options.

Or call 1-781-751-8799 to speak directly with a subscription and licensing specialist about customized access for you and your team.

Isn't your SAP implementation worth world-class information support?

Copyright © 2010 Wellesley Information Services. All rights reserved. Email: customer.service@bi-expertonline.com.
BI Expert, 20 Carematrix Drive, Dedham, MA 02026, USA.
Sales and Customer Service: 1-781-751-8799
SAP and the SAP logo are trademarks or registered trademarks of SAP AG in Germany and several other countries.