Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Diff.between BW and R/3 roles and authorizations

Former Member

‎07-08-2008 11:45 AM

0 Kudos

Hi Experts,

Please any one let me know is there any difference for creating roles and assigning authorizations in BW and R/3 systems.

Please let me know the BW related T-codes

Regards,

Reedy V.

5 REPLIES 5

Former Member

‎07-08-2008 12:10 PM

0 Kudos

What version of BW? Are you using BI7 analysis authorisations.

BI7 - go [here|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce]

If using BW 3.5 or another similar version then build your roles in PFCG and assign to users in SU01

There is more to it which you can find [here|https://service.sap.com/SECURITY] (sorry for the poor link Bernhard ) under category SAP Business Information Warehouse Security Guides

Edited by: Julius Bussche on Jul 8, 2008 12:34 PM

Formatting and link corrected

Thanks Julius!

Edited by: Alex Ayers on Jul 8, 2008 2:10 PM

Former Member

‎07-08-2008 2:02 PM

0 Kudos

Hi,

You use same tcode PFCG to create and assign roles.

But auhtrizations which you give in role are different.

Authorization objects are different

Also key point : Info objects in BW should be made Authorization relevant

hope this helps

Former Member

‎07-11-2008 8:28 AM

0 Kudos

First and foremost difference between the two is that in R/3 there are thousands of tcodes and S_TCODE is the first line of defence.But in BW it is not so because there are not many tcodes S_TCODE is not anymore effective. In BW you need to add objects manually for the roles and mainatain the values.Like say for an BW admin the object S_RS_ADMWB is teh object that controls the administrators admin rights for tcode RSA1. But for reporting users you not only need standard objects like S_RS_COMP but also you need to create custom objects to apply restrictions.

The above is just an overview.

Former Member
In response to Former Member

‎07-11-2008 9:45 AM

0 Kudos

Hi,

The big difference between BI and R/3 is that SAP does not know what reports you have in BI. So if you want to use authorizations you have to create the authorization objects yourself. The activities you can carry out with SAP transactions(abaps) have the same procedure as in R/3, but the reports, just see above. The difference between BI 7.0 and BW 3.x is that in BW you create your own authorization objects with the same limitiations as in R/3 authorization object (max 10 fields). You can add these authorization objects manualy in the profile generator(tr PFCG). There are also possibilities to add these objects as a profile directly to a user but you should not do that, this is the old fashion way. In the Bi situation you also make your own authorization objects(unlimited fields) and much easyier. THese objects you can use with the PFCG (preferable) or add them direct to the user. In the PFCG you put the object name in the field from authorization object S_RS_AUTH. The advantage is that if you change the content of the authorization object it is immidiately available. With the two layer concept you can achieve with the PFCG you can make functional authorizations and add those to users with the same function. Otherwise you authorize on persons and that is much more complicated in maintenance and security.

have fun

bye Jan

Former Member

‎07-22-2008 12:22 PM

0 Kudos

Hi Reddy,

Before we go ahead its better you clarify which version of BW your speaking about is it BI7 or other one.

This will help us address you question in a much better way.

Thanks

J G