cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Workbench changes to BPC models

Go to solution
Former Member

on ‎05-26-2015 6:24 AM

0 Kudos

Hi Guys

We have an architecture where BPC cubes are feeding data to Business Objects dashboards. The BPC cubes are set as "Source of data" which allows Bex queries to access the data through the virtual provider created. The BPC cubes have the usual settings (secure dimensions; work status etc). All settings have been made through the BPC web link.

Now the requirement is that we want to restrict access on the Bex queries. Much like data access profiles would show only specific data slices on BPC reports, we want the Bex (and hence the BOBJ dashboards) to also show the same data slices.

To do so, our security guy says we should make the infobject in the BPC cube (one of the secure dimensions) to be made authorisation relevant (see capture.jpg). This is because the data access profile cannot be read by the Bex queries. Bex would read off the authorisation relevance field.

There are two notes on the topic:

http://service.sap.com/sap/support/notes/1939673

http://service.sap.com/sap/support/notes/1973541

Regardless, are there any experiences/guidelines you might have faced where changes are requested on BPC models but have to be made through the workbench, and not through the BPC weblink? I know that you can go through SPRO for some settings, but the changes I am talking about are through RSA1.

BPC - NW 10.0 Sp3

BW - NW 7.31 although we will soon upgrade to 7.40

rgds

Shrikant

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-26-2015 6:32 AM
0 Kudos

Hi Shrikant,

If you want to add a dimension you need to add from web admin.

Do not modify BPC cubes in BW directly, you will break those cubes.

If you want to add BW dimensions then you need to build a new cube in BW with your new dimension, then copy the data from BPC to BW cubes. not ideal but its a work around.

ps. your BPC SP is bit old.

Andy

Show replies
Show replies
Former Member
‎05-26-2015 6:43 AM
0 Kudos

Thanks Andy

I am not adding new dimensions through the workbench. No, thats off bounds.

What I am trying to change in this specific instance is to just mark one of the secure dimensions as "Authorisation Relevant" through RSD1.

Sp-wise, yes we should upgrade soon. We live in hope 🙂

Answers (2)

Answers (2)

former_member200327
Active Contributor
‎05-27-2015 5:13 AM
0 Kudos

Hi Shrikant,

Since you accessing data via Virtual Provider BPC DAPs will be applied when data is retrieved and user should be able to see only data s/he is authorized to.

Those 2 Notes are for protection from unauthorized access when query runs directly on BPC base cube.

So, to achieve your requirements I don't see a need making those InfoObjects authorization relevant. If you want to protect data in the base cube then you can make them authorization relevant.

Regards,

Gersh

Show replies
Show replies
former_member190501
Active Contributor
‎05-26-2015 6:43 AM
0 Kudos

Hi,

To meet your requirement the best option is to enable Authorization relevant(as mentioned in note 1973541) for all secured dimensions and create a new set of security objects which are equivalent to your member access profiles to assign the users.

By just making dimension as authorization relevant followed by activation  will not have any impact from BPC point of view.

Or

Create another Multiprovider (virtual ) on BPC cube ( if your cube technical name is fixed) based on custom infoobjects with authorization relevant flag is checked ( only for secured) .

Disadvantage using this method is you have to manually create Bex Qs on new infoprovder.

Thanks,

Raju

Show replies
Show replies
Ask a Question