Solved: Bi Roles Creation for IS users

Former Member · ‎03-13-2008

Hello,

I am hoping someone can help me with creating some IS roles in BI 7.0. I am completely new to BI and I am having trouble understanding fully what I need to do. I have been asked to create roles for the folowing areas as we are trying to remove SAP_ALL:

Production Support

Configuration

Development

Security

Lock unlock users (Done)

I have created the role for the unlocking of users as it was very simple and only required 1 tx.

I have searched the other forums and online and cant find anything that tells me the standard txs for these roles. Does anyone have knowledge of a link or website whre I can get the iformation?

Thanks in advance for any help.

Dawn

Former Member · ‎03-13-2008

Hi Muthukumaran

Thank you for your help. We do have the AA switched on.

So to get this clear…I can create the administrator roles for basis and config etc the same as I would in R3? I don’t need to assign any specific txs or anything unless asked to by the administrators themselves?

Is that correct?

Thanks again

Dawn

jurjen_heeck · ‎03-13-2008

Hi Dawn,

As you may have noticed this is a frequently asked (and hardly ever answered) question here. "What are the standard roles for..."

The point is that you're trying to restrict access to the system without interfering too much with other peoples' work, the other people being the ones you need to create roles for.

Are they really unaware of the transactions they need?

Do you think they expect you to know exactly what they do and don't need to do their work ?

Better talk to them first.

I for one would be really upset if (part of) my tools stopped working based on the advice of total strangers on an internet forum......

Just my 2 cents.

Jurjen

Former Member · ‎03-13-2008

Hi Jurgen,

Yes I agree that they would'nt be very happy to have their work restricted. I am basically just looking for some information on the standard transactions etc so that I can make a start, I would need their testing and approval before I can complete them.

Thanks

Dawn

jurjen_heeck · ‎03-13-2008

>


> I am basically just looking for some information on the standard transactions etc so that I can make a start, I would need their testing and approval before I can complete them.

I have no experience in BI myself, but have you looked at the standard delivered SAP roles? Especially for basis tasks quite a few exist. Their names begin with SAP and the SAP_BC* roles should help you. Just copy the ones you need to your own namespace and work on from there.

Former Member · ‎03-13-2008

Hi Jurjen,

Yes I tried these but I could only find BW roles and as I havent actually taken my BI auth training yet I wasnt sure how different these were.

I will keep looking online and try to get some help from the other BI Security person when she is back in work.

Thanks

Dawn

Former Member · ‎03-13-2008

Hi Dawn,

BW - Reporting Authorisations

BI - Analysis Authorisations.

BI is something like fully loaded BW with business content and new auth concept.

Confirm with your Basis team whether they have the anslysis auth switched on or not, otherwise its just another BW box.

And for the roles you were talking about and the transactions for the roles.,

BW is a OLAP system so it doesnt work based on transactions rather analysis.

Said that., there will be 3 different type of users.,

1. Administrators (Basis & Security)

2. Power Users (BW Developers)

3. Reporting Users

Administrator roles will be same like any other R3 system like role for basis, security etc.,

Power users will typically need RSA1 which is developement workbench for BW. It doesnt mean that you simply add RSA1 to the role and it pulls the auth objects sin PFCG. BW doesnt work that way.

You have to give access to couple of other objects to complete RSA1.

The objects of interest are.,

S_RS_ADMWB

S_RS_HIER

S_RS_ICUBE

S_RS_IOBJ

S_RS_IOMAD

S_RS_ISET

S_RS_ISOUR

S_RS_ISRCM

S_RS_ODSO

Reporting users are typical end users who can be running wueries from BEX to generate reports. You have to control which queries can be run and generate reports based on the users.

Objects of interest.,

S_RS_COMP

S_RS_COMP1

Given the basic understanding of BW works and understand the jargons like infocube, ODS, infosource etc should help you do this.

Thanks.

Note : The classification of roles is documented in BW365.

Regards,

Muthu Kumaran KG

Edited by: Muthukumaran Krishnan Govindan on Mar 13, 2008 3:27 PM

Former Member · ‎03-13-2008

Hi Muthukumaran

Thank you for your help. We do have the AA switched on.

So to get this clear…I can create the administrator roles for basis and config etc the same as I would in R3? I don’t need to assign any specific txs or anything unless asked to by the administrators themselves?

Is that correct?

Thanks again

Dawn

Former Member · ‎03-13-2008

Dawn,

Create Basis and Security roles as you normally do in R3 based on transactions.

For power users you might create a role based on the objects given. (Assign RSA1 transaction, others RRMX, RSSM can also be added, further like RSPC, RSPO can be assigned on request)

Reporting users you have get functional inputs like what to restrict like by infocube, ODS etc

Given AA switched on you will have to be familiar with RSECADMIN.

Thanks.

Regards,

Muthu Kumaran KG

Former Member · ‎03-13-2008

Thank you, that really helps.

Former Member · ‎03-13-2008

As you are using BI 7.0, RSSM is no longer available as a transaction. This has been replaced by transaction RSECADMIN.

Former Member · ‎03-13-2008

Hi Mark,

Yes we are using BI 7.0. RSSM has been replaced. I am only using PFCG at the moment though to create the admin roles.

This is not something I am very experienced in.