Creating an Authorization Profile Using Profile Generator - SAP BW

With Profile Generator,SAP has made authorization management very easy. First, we will create an authorization profile for a role. All users in that role can run queries but cannot change the queries.

Prerequisites:
Three users U_EAST,U_MIDWEST,and U_WEST have been created through transaction SU01.

Work Instructions:
Step 1. After logging on to the BW system,run transaction PFCG,or double-click Maintain Roles.
Work Instructions

Step 2. Enter a name for the role,and then clickcreate.

Note:BW provides authorization profiles for a variety of roles in Business Content. To see a list of them,clickclick.
Role Maintenance

Step 3. Click the Authorizations tab.
create roles

Step 4. Click Yesto save the role and continue.
save the role

Step 5. Click pento Change authorization data.
Change authorization data

Step 6. Select the template S_RS_RREPU,and then clickadopt-reference.
Choose template

Note:BW provides authorization templates for a variety of roles in Business Content. S_RS_PPEPU is one of them,for query display and execution.

Step 7. The new window shows all authorizations for this role. For example,the users assigned to the R_RUN_QUERIES role can Display,Execute,Enter,Include,and Assign Calculated key figure,Query,Restricted key figure,and Template structure.

Note:If we expand other nodes,we will see other authorizations granted to this role.

To change an authorization field value,click pennext to the field. In our example,the reporting component Query has the activity Execute in two places. Let's remove Query from the first one.
Change role authorizations

Step 8. Deselect REP for Query,and then click saveto continue.
Define valuesDefine values

Note:S_RS_COMP is an authorization object; RSZCOMPTP is one of its fields. In this field we specify objects on which users can perform activities.

Step 9. Click Clickto generate the profile.
generate the profile

Step 10. Enter a name and a description,and then click clickto continue.
continue

Step 11. The status light of the Authorizations tab turns green (the red square becomes a green circle). Click the User tab to assign users to this role.
Change roles

Step 12. Enter three users: one from the East region,one from the Midwest region,and one from the West region.

Clickuser-compare to add the authorization profile to the users' master data.
Change roles

Step 13. Clickcomplete-compare to continue.
compare role user master record

Step 14. ClickYes to save the role.
save the role.

Step 15. Notice that the status light of the User tab turns green (the red square becomes a green circle).
Change roles

Result
You have created the role R_RUN_QUERIES and its corresponding authorization profile AP_R_QUERY. Also,you have assigned three users to this role. To verify that the role and assignments are correct,run transaction SU01 to display user U_WEST's master data. Under the tab Roles,review the role to which this user is assigned. Under the tab Profiles,notice the user's authorization profile.
Result

Display user
From this example,we get an idea of how BW manages its authorization. Each role has an authorization profile. Users assigned to a particular role have all authorizations included in the authorization profile. A user can be assigned to multiple roles. The user derives his or her authorizations from the roles to which he or she is assigned.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

SAP BW Topics