on 05-26-2015 6:24 AM
Hi Guys
We have an architecture where BPC cubes are feeding data to Business Objects dashboards. The BPC cubes are set as "Source of data" which allows Bex queries to access the data through the virtual provider created. The BPC cubes have the usual settings (secure dimensions; work status etc). All settings have been made through the BPC web link.
Now the requirement is that we want to restrict access on the Bex queries. Much like data access profiles would show only specific data slices on BPC reports, we want the Bex (and hence the BOBJ dashboards) to also show the same data slices.
To do so, our security guy says we should make the infobject in the BPC cube (one of the secure dimensions) to be made authorisation relevant (see capture.jpg). This is because the data access profile cannot be read by the Bex queries. Bex would read off the authorisation relevance field.
There are two notes on the topic:
http://service.sap.com/sap/support/notes/1939673
http://service.sap.com/sap/support/notes/1973541
Regardless, are there any experiences/guidelines you might have faced where changes are requested on BPC models but have to be made through the workbench, and not through the BPC weblink? I know that you can go through SPRO for some settings, but the changes I am talking about are through RSA1.
BPC - NW 10.0 Sp3
BW - NW 7.31 although we will soon upgrade to 7.40
rgds
Shrikant
Hi Shrikant,
If you want to add a dimension you need to add from web admin.
Do not modify BPC cubes in BW directly, you will break those cubes.
If you want to add BW dimensions then you need to build a new cube in BW with your new dimension, then copy the data from BPC to BW cubes. not ideal but its a work around.
ps. your BPC SP is bit old.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shrikant,
Since you accessing data via Virtual Provider BPC DAPs will be applied when data is retrieved and user should be able to see only data s/he is authorized to.
Those 2 Notes are for protection from unauthorized access when query runs directly on BPC base cube.
So, to achieve your requirements I don't see a need making those InfoObjects authorization relevant. If you want to protect data in the base cube then you can make them authorization relevant.
Regards,
Gersh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
To meet your requirement the best option is to enable Authorization relevant(as mentioned in note 1973541) for all secured dimensions and create a new set of security objects which are equivalent to your member access profiles to assign the users.
By just making dimension as authorization relevant followed by activation will not have any impact from BPC point of view.
Or
Create another Multiprovider (virtual ) on BPC cube ( if your cube technical name is fixed) based on custom infoobjects with authorization relevant flag is checked ( only for secured) .
Disadvantage using this method is you have to manually create Bex Qs on new infoprovder.
Thanks,
Raju
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.