Thank You Julius Bussche for responding back. We are on release BI Netweaver 7.0. I have created 2 roles, one for super user and the other for reporting user. Can can i specify these 2 roles to meet my earlier requirement? Thank You!

Hi,

Are you asking us to spec your roles for you?

Surely this is what your security team is being paid for. If you let us know what the problems are then we can advise, it is not the role of the SDN forums to perform basic design work.

Thareq, what have you tried thus far in regards to designing/creating these roles? If you are posting a question, then I assume something is not working? From a technical standpoint, the requirements you specified in your opening thread are rather basic and can be secured via standard authorization objects. However, if your BI people are using InfoObjects marked as Authorization Relevant in their queries, then you need to use analysis authorizations (RSECADMIN) in addition to standard authorization objects (PFCG).

> ... then I assume something is not working?

By the looks of it, it has not reached that phase yet.

I suspect it is in the in-box stage of the implementation. A lonely mail with the subject title "BI Security" and a message body which looks very similar (or even identical) to the initial post in this thread. It has been read once or possibly twice.

We still don't know which authorization concept Thareq is using (in 7.00 both are available). Again I suspect that Thareq does not know this either yet, otherwise we would have been told this vital part of the question.

Anyway.. lets hope Thareq gets back to us with the needful infos to be able to discuss whether his approach is a good one or not. Otherwise I can only see locking this thread as the least worste option...

Cheers,

Julius

Julius,

How do i find that information "which authorization concep" I am using? You asked me which release i am on and i said netweaver 7.0. So for, I have created 2 roles but i do not know which authorization objects to assing to those 2 roles to accomplish the below senerio a and b. Senerio C gets applied to both Super Users and Reporting Users.

a. Folks identified as u2018Reporting Users onlyu2019 should have access to the Bex Analyzer tool only .

b. Folks identified as u2018Super Usersu2019 should have access to the Bex Analyzer & Query Designer tools only.

c. None of these folks should have access to transaction RSA1 in BW.

I suggest you find someone who does know which concepts are available, which one you are using and more importantly... has done some basic training to be able to evaluate the requirement, build the authorizations side and the roles to go with it.

Thread locked!