08-27-2010 2:39 PM
I am creating a proposal so that trainee consultants on a BI environment can only create Y objects (data structures and reports) and only in the $TMP package.
I want to prevent modification to existing development work.
I am looking at the authorization objects S_DEVELOP and S_RS_COMP.
Am I in the right ballpark?
Regards,
Ian.
08-27-2010 2:57 PM
Hi Ian,
This can be done by using the Authorization Object S_RS_COMP, S_RS_COMP1. The Create, Change, Display activity is defined at ACTVT field level
You can define the naming convention at RSZCOMPID field level as Y* & selecting REP (Query) at RSZCOMPTP field level
08-27-2010 2:57 PM
Hi Ian,
This can be done by using the Authorization Object S_RS_COMP, S_RS_COMP1. The Create, Change, Display activity is defined at ACTVT field level
You can define the naming convention at RSZCOMPID field level as Y* & selecting REP (Query) at RSZCOMPTP field level
08-27-2010 3:18 PM
Thanks - I thought that was the case.
What about the creation of objects such as InfoObjects, DSOs and InfoCubes?
08-27-2010 9:42 PM
08-31-2010 8:25 AM
I thought RSECADMIN was to restrict data access not the creation/modification of the structure.
Would I have to create a setting for all InfoCubes, DSOs and InfoObjects already created?
Edited by: Ian Worley on Aug 31, 2010 9:26 AM
08-31-2010 9:50 PM
> I thought RSECADMIN was to restrict data access not the creation/modification of the structure.
I meant to set security restrictions for infocubes .
> Would I have to create a setting for all InfoCubes, DSOs and InfoObjects already created?
This is not possible using RESECADMIN.
09-01-2010 11:18 AM
Hi Ian,
You mentioned Y objects (data structures and objects). Are you taking about BEX queries/structures or DDIC structures/ ABAP reports. The authorization requirements are completely different.
You would need S_DEVELOP to work on any ABAP development objects. The authorizations in this case are same as in R/3.
S_RS_COMP and S_RS_COMP1 are needed to design queries, variables, strcutures in BEX. If your trainee users would be runnig queries on BEX they would also need appropriate analysis authorizations for data, which in turn can be created in RSECADMIN. Analysis authorizations can be directly assigned to used through RSECADMIN or can be added to their roles through S_RS_AUTH. If no restrictions are needed for data (since its a sandbox) you can use the 0BI_ALL authorization
With BI 7.0, the auth objects for Infocubes, ODSO, Multiproviders are no longer needed for reporting but for BI developers working on the Administrator Workbench (transaction RSA1).
I tried to give an outline of the various cominations of access that might be needed. Hope this helps!
Regards,
Aninda
09-01-2010 3:09 PM
Thanks Aninda for the response.
It appears that BASIS have worked it out for themselves and now my trainees have access to create local objects.
Regards,
Ian.