11-23-2009 5:39 AM
Hi,
Is there any possibility to force BCS users to use BI Analysis Authorizaton objects security? Does SAP has some kind of plan to adhere the new BI Analysis Authorization concept towards BCS security?
Thanks
11-23-2009 8:21 AM
It's possible to restrict BCS users to use BI Analysis Authorization objects in BCS System.
1. Using RSECADMIN Transaction Code. We can restrict Analysis Authorizations for the BCS Management Forecast Report.
2. This authorization object S_RS_AUTH is used to make BI analysis authorizations available in the standard roles of SAP NetWeaver.
3. Maintain BI authorization Characteristics and Dimensions for InfoObject, restrict Business Unit/ Cost Centre and Version.
4. Two Type to restricted Values in BI Analysis Authorization
1. Hierarchy Authorizations
2. Value Authorizations
11-23-2009 8:21 AM
It's possible to restrict BCS users to use BI Analysis Authorization objects in BCS System.
1. Using RSECADMIN Transaction Code. We can restrict Analysis Authorizations for the BCS Management Forecast Report.
2. This authorization object S_RS_AUTH is used to make BI analysis authorizations available in the standard roles of SAP NetWeaver.
3. Maintain BI authorization Characteristics and Dimensions for InfoObject, restrict Business Unit/ Cost Centre and Version.
4. Two Type to restricted Values in BI Analysis Authorization
1. Hierarchy Authorizations
2. Value Authorizations
11-23-2009 11:36 PM
HI Raja,
Thanks for your attempt. I am trying to use the Analysis Auth objects for BCS tasks like consolidation, reclassification, elimination etc used in BCS.
Currently, AA objects used for reporting. I am wondering if the same AA objects can be used in BCS task. or if SAP has plan to do that.
Thanks
11-24-2009 6:36 AM
Data Submitter Access for Financials and Management.
Authorization object S_RS_AUTH is used to make BI analysis authorizations for Data Submitter Access.
E.g- we can create ZGeneral BI analysis authorizations for General Access to Submit a Data in BCS system.
Maintain BI Analysis authorization Characteristics and Dimensions for InfoObject. We can restrict below Characteristics and Dimensions for Data Submitter Access in BCS System.
1. Posting Level
2. Activity in Analysis Authorizations
3. Authorizations for InfoProvider
4. Validity of an Authorization
5. User Name
6. Company
7. Customer
8. Document type
9. Restatement year
10. Management Unit
11. Product
12. Product Category
13. Version
14. Business Unit/Cost Centre
11-24-2009 6:57 AM
Thanks Raja,
Is that mean S_RS_AUTH can be used to restrict BCS users for BCS activity?
For example: running the period Lock/Unlock using UCMON transaction code, user can be validated using the auth object S_RS_AUTH and using the Analysis Authorization object based on a Consolidation InfoObject.
Do you have any kind of document for reference?
Thanks
11-24-2009 9:03 AM
Authorization object R_UC_PERIO for SAP Consolidation: Authorization Check for Period
Definition
You can use this authorization object R_UC_PERIO to define the authorizations for changing the period status and the processing status. This determines which users are able to change a period status or processing status in the Consolidation Monitor.
Defined fields
The object consists of the following fields:
Activity: Permitted operations
Possible values:
PA: Open period
PB: Close period
PC: Open processing of consolidation groups
PD: Close processing of consolidation units
Consolidation area: Field value for the Consolidation area in which you want to change a period status.
Characteristic 1 through 7: Field values for the assigned characteristics
Possible values: Field values for the respective characteristic
Characteristic 8: Currently NOT used!
11-24-2009 8:08 PM
Hi Raja,
Thanks Again. These are the following Auth objects present in BCS for securing data. However, my question was is it possible to use Analysis Authorization object for BCS users.
R_UC_ODSM Authorization for Deletion/Change of ODS/Totals Records
R_UC_PERIO SAP Cons: Authorization Check for Period
R_UC_RECON Authorization for Deletion/Change of Transaction Data
R_UC_TASK SEM-BCS: Authorization Check for Task
Thanks for your attempt.
11-25-2009 4:16 AM
I can used the BI Analysis Authorization Object in BCS System restrict the BCS User. Still you not able to understand. Please give me your exact Requirements to me. I will give to solution for that.
The combination of authorization Object can be used to restrict the BCS User like
(E.g.:- R_UC_PERIO, R_UC_TASK and S_RS_AUTH).
Authorization object S_RS_AUTH is used to make BI analysis authorizations for Adjustments Financial user role.
E.g.:- Adjustments Financial user role
The following authorization object can be used for BCS User in Adjustments Financial Role.
1. Cross-application Authorization Objects (S_RFC, S_TCODE)
2. Basis: Administration (S_GUI, S_SPO_DEV, S_USER_AGR)
3. Basis - Development Environment (S_TRANSLAT)
4. Financials Basis (R_UGMD_SNG)
5. Business Information Warehouse (S_RS_ADMWB, S_RS_AUTH, S_RS_BTMP, S_RS_COMP, S_RS_COMP1,
S_RS_FOLD, S_RS_ICUBE, S_RS_IOBJ, S_RS_IOMAD, S_RS_RSTT, S_RS_TOOLS)
6. SAP Business Information Warehouse u2013 Reporting (S_RS_PARAM)
7. Strategic Enterprise Management ( R_UC_PERIO, R_UC_TASK, R_UGMD_CHA).