Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Sandbox in BI Development

Former Member
0 Kudos

I am creating a proposal so that trainee consultants on a BI environment can only create Y objects (data structures and reports) and only in the $TMP package.

I want to prevent modification to existing development work.

I am looking at the authorization objects S_DEVELOP and S_RS_COMP.

Am I in the right ballpark?

Regards,

Ian.

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Ian,

This can be done by using the Authorization Object S_RS_COMP, S_RS_COMP1. The Create, Change, Display activity is defined at ACTVT field level

You can define the naming convention at RSZCOMPID field level as Y* & selecting REP (Query) at RSZCOMPTP field level

7 REPLIES 7

Former Member
0 Kudos

Hi Ian,

This can be done by using the Authorization Object S_RS_COMP, S_RS_COMP1. The Create, Change, Display activity is defined at ACTVT field level

You can define the naming convention at RSZCOMPID field level as Y* & selecting REP (Query) at RSZCOMPTP field level

0 Kudos

Thanks - I thought that was the case.

What about the creation of objects such as InfoObjects, DSOs and InfoCubes?

0 Kudos

Use RSECADMIN for infocubes

0 Kudos

I thought RSECADMIN was to restrict data access not the creation/modification of the structure.

Would I have to create a setting for all InfoCubes, DSOs and InfoObjects already created?

Edited by: Ian Worley on Aug 31, 2010 9:26 AM

0 Kudos

> I thought RSECADMIN was to restrict data access not the creation/modification of the structure.

I meant to set security restrictions for infocubes .

> Would I have to create a setting for all InfoCubes, DSOs and InfoObjects already created?

This is not possible using RESECADMIN.

Former Member
0 Kudos

Hi Ian,

You mentioned Y objects (data structures and objects). Are you taking about BEX queries/structures or DDIC structures/ ABAP reports. The authorization requirements are completely different.

You would need S_DEVELOP to work on any ABAP development objects. The authorizations in this case are same as in R/3.

S_RS_COMP and S_RS_COMP1 are needed to design queries, variables, strcutures in BEX. If your trainee users would be runnig queries on BEX they would also need appropriate analysis authorizations for data, which in turn can be created in RSECADMIN. Analysis authorizations can be directly assigned to used through RSECADMIN or can be added to their roles through S_RS_AUTH. If no restrictions are needed for data (since its a sandbox) you can use the 0BI_ALL authorization

With BI 7.0, the auth objects for Infocubes, ODSO, Multiproviders are no longer needed for reporting but for BI developers working on the Administrator Workbench (transaction RSA1).

I tried to give an outline of the various cominations of access that might be needed. Hope this helps!

Regards,

Aninda

0 Kudos

Thanks Aninda for the response.

It appears that BASIS have worked it out for themselves and now my trainees have access to create local objects.

Regards,

Ian.