SlideShare a Scribd company logo

SAP BI 7 security concepts

•
•
Siva Pradeep Bolisetti
Siva Pradeep Bolisetti

SAP BI 7 security concepts

Technology
1 of 56
BI 7 Security Concepts
Topics Covered: • Difference between BW 3.x and BI 7 • Securing reporting users access • Authorization Trace • Creation of Analysis Authorization • Assignment of Analysis Authorization • Securing Access to Workbooks • Additional BI7 Security Features • New Authorization Objects
There was no SAP delivered authorization object to link the hierarchies to Roles. Customized Auth object need to be created which will fall under SAP Class RSR. Difference between BW 3.x and BI Security SAP delivered Auth object S_RS_AUTH (Class RS) can be added to the Roles and further linked to analysis authorization
Contd… RSSM RSECADMIN Old transaction: RSSM Concept of authorization: 'Reporting Authorization' New transaction : RSECADMIN Concept of authorization: 'Analysis Authorization'
Contd… Authorization: PFCG (Role based approach) Authorization: PFCG (Role based approach) RSECAUTH (Analysis Authorization Based Approach)
Contd… Full Authorization: SAP_ALL, SAP_NEW 0BI_ALL: Allow full authorization for the IO authorization relevant, Used in the authorization object: S_RS_AUTH Full Authorization: SAP_ALL, SAP_NEW
Authorization objects are grouped according to authorization object classes. The major authorization object class in BI is RS. S_RS_COMP: Decides which Info area, Info provider’s data user can view S_RS_COMP1: Decides which owner’s queries a user can execute S_RS_FOLD: Hide or display the “Info Area” push button for end users S_RS_AUTH: Gives access to analysis Authorizations S_RS_ADMWB: Used by BW administrator for Modeling and controlling Some other Auth objects: To save workbooks/Queries to Roles S_USER_AGR: In which Role user can add workbooks and Queries S_USER_TCD: should have value as RRMX and used in conjunction with S_USER_AGR Authorization Objects in BI 7
In BI 7, reporting users access needs to be restricted to certain levels like InfoCube Level: Restrict at the InfoCube level. Characteristic Level/Info Object: Restrict access to all values for a particular characteristic. Characteristic Value Level: Restrict access to certain values of a particular characteristic. Key Figure Level: Restrict access to certain key figures. Hierarchy Node: Restrict access to certain nodes of a hierarchy Restricting access in BI
Below are the minimum authorization requirements for a reporting user: • Analysis authorizations for an Info Provider • S_RS_COMP (Activities 03, 16) • S_RS_COMP1 (Query owner) • S_RFC (Bex Analyzer or Bex Browser only) • S_TCODE (RRMX for Bex Analyzer) A reporting user must have authorizations for the S_RS_COMP, S_RS_COMP1 authorization objects as well as analysis authorizations for the Info Provider on which the query is based. In addition, if the reporting user will be using the Bex Analyzer reporting tool, they will need authorizations for object S_RFC and S_TCODE with authorization for transaction code RRMX. Securing Data Access for Reporting Users
Secure by Info Cube: If the authorizations need to be checked only on Info Provider level. You can then create roles that allow you to run queries from the specified Info Provider (s). Securing by Query: Another option would be to use the Info Provider in conjunction with the query name. To do this, you will need a strict naming convention for query names so that security does not have to be updated each time a new query is created. Securing by Info Object: Allowing two user to execute the same query, but to get different results based on their assigned data access for division, cost center, or some other Info Object, is known as info Object level security or field level security Options for Securing Data Access
The more granular level of restricting access of the users is at Info Object/Field level . The following procedure shows the steps you must be following when setting up security for an Info Object: 1. Define the Info Object as authorization relevant. 2. Create (or adjust) analysis authorizations for the Info Object. 3. Assign authorizations to users. 4. Add a variable to the queries. Securing by Info Object:
The Authorization Relevant setting for an Info Object made in the Info Object definition on the Business Explorer tab. The business needs will drive which Info Objects should be relevant for security. • Execute Tcode RSD1 • Enter the info object name • Go to Business Explorer Tab • Select the check box “Authorization Relevant” • Activate the info object Authorization Relevance
Analysis Authorizations are fundamental building blocks of the new reporting concept which contains both the data value and hierarchy restrictions. • Execute Tcode RSECADMIN • Go to Maintenance in Authorization Tab • Enter The Analysis Authorization and click Create Create analysis authorizations:
Once you have created analysis authorizations, users will need access to the right authorizations according to business needs. You can assign authorizations in roles using S_RS_AUTH or directly in transaction RSECADMIN or RSU01. Assign authorizations to users:
Add a variable to the queries If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable. The variable can be added anytime independent of the other steps listed here.
Exercises: • Create a simple query from an existing Info Cube, execute it, and save it as a new workbook • Defining Info Object-Level Security for Reporting Users • Limit query access within the Bex Analyze using S_RS_COMP1 and S_RS_FOLD
Authorization Trace
Trace Tool : ST01 and RSECADMIN Transaction code ST01 executes a trace tool that exists on all ABAP based systems. Among other purposes, this tool serves as trace for all SAP-provided authorizations objects. You simply turn on the trace (for a specific user), and when the trace is completed you can see which authorization objects were checked and the results of the check. In transaction RSECADMIN →Analysis you can execute a trace that is specific to BI analysis authorizations. Analysis authorizations will not appear in the ST01 trace
Authorization Trace In BI 7 we can Trace : 1) Authorization Monitoring 2) Change log of Analysis authorization
Authorization Monitoring Checking Authorizations • Log on with your own user ID • Check query execution with the authorizations of a specific user
Contd…….. Evaluate Log Protocol • Turn on logging of user activities related to analysis authorizations • View detailed information about authorization checks
Change log of Analysis authorization Activate the following Virtual Providers from the Business Content (VAL = Values, HIE = Hierarchies, UA = User Assignment) The system records all changes to authorizations and user assignments. Queries can be built on these Info Providers to find out the trace of - How many users have access to a given InfoCube? - Which users have access to company code X? - When was authorization “XYZ” created, and by whom?
Exercise (s): • Trace BI authorizations • ST01 Trace
Creation of Analysis Authorization
Creation of Analysis Authorization There are two ways to create the analysis authorization in BI 7 1. Manual creation of analysis authorization through RSECAUTH Tcode 2. Automatic generation of analysis authorization approach (for mass creation and assignment)
Creation through RSECADMIN 1) Execute Tcode RSECADMIN 2) Go to Maintenance in Authorization Tab 3) Enter The Analysis Authorization and click Create
Automatic generation of analysis authorization With the generation of analysis authorizations, we can load authorized values from other systems into Data Store objects and generate authorizations from them. This approach is generally used for mass creation of analysis authorization and assignment of these authorizations to the users. Steps to be performed: Data Warehouse Workbench (RSA1): 1. Activate Business Content 2. Load of Data Store Objects Management of Analysis Authorizations (RSECADMIN): 3. Generate Authorizations 4. View Generation Log
Activate Business Content SAP delivers Business Content for storing authorizations and user assignment of authorizations should be activated
Load of Data Store Objects • Fill the Data Store objects with the user data and authorizations • Extract the data, for example, from an SAP R/3 source system or from a flat file Note: Some consistency checks should be added to avoid errors during the generation later
Generate Authorizations Start the generation by specifying the relevant Data Store objects
View Generation Log Detailed log can be viewed once the generation is completed
Assignment of Analysis Authorization
Assignment of authorization 1. Direct assignment of Analysis authorization through RSECADMIN 2. Indirect assignment through Roles (PFCG)
Direct assignment Direct assignment of Analysis authorization through RSECADMIN
Pros: • This approach removes the use of creating Roles for the corresponding analysis authorization . Cons: • No Change documents are provided by SAP for assigning and removal of Analysis authorization from the user • No SUIM (System User Information Management) reports are provided by SAP for analysis authorization • No possible way to assign mass analysis authorization to the users at a stretch. Analysis authorization based Approach:
• If an id is deleted using SU01 who is having analysis authorization assigned to it, these authorization will not get deleted from the user’s profile. If the same id is recreated, automatically user id will be populated with the earlier analysis authorizations. So if this approach is followed, it is always recommended that analysis authorization are manually deleted from the user id using RSU01 and then id using SU01 Contd…..
Indirect Assignment • Alternatively to the direct assignment, we can also assign authorizations to roles, which can then be assigned to users. • Use authorization object S_RS_AUTH for the assignment of authorizations to roles • Maintain the authorizations as values for field BIAUTH
Pros: • All the Change documents are already available • All the existing SUIM reports are already available • Possible to perform mass assign role assignment Cons: • Roles need to be created corresponding to the analysis authorization which will include more maintenance in the system Pros and Cons
Query is more the technical definition of what the results should look like. Workbooks are actual results that have been formatted and can be refreshed each time the workbook is executed. The query is a definition of what data the query should fetch and how the data should be initially displayed. A query definition includes rows, columns, filters, and free characteristics. The workbook is a result set of the query. In this workbook, the data is displayed by sales organization. Every time the user executes the workbook, the data will be refreshed, but the format can remain the same, depending on the settings for the query in the workbook. Multiple query results saved in workbooks from the same query definition enable users to customize how they want to review the results and analyze the data. Queries and Workbooks:
If a user wants to save a workbook to a location where it can be easily accessed by others, they need to save to a Role. Saving to a Role means saving to a security role. You may want to set up roles specifically for saving workbooks. You can then assign the role to all parties who need to share workbooks. In order to save workbooks to roles, a user needs: • S_USER_AGR: Authorizations: Role check • S_USER_TCD: Transactions in roles The authorization object S_USER_AGR has two fields: Activity and Role Name. For the Activity field, the user must have at least values 01, 02 and 22. If the user can delete workbooks, they will also need value 06. For the Role Name, you should enter the specific roles you have created for saving workbooks. Authorization object S_USER_TCD has one field, Transaction Code. The user needs value RRMX in this field. Saving workbooks to Queries:
Exercise (s): Securing Access to Workbooks
BI 7 Security Features
Concept of BW security remains the same in BI 7 while changes are more with respect to new authorization features, more authorization objects, newer Tcodes and more flexibility. 1. Analysis Authorization 2. Special Characteristics 3. Special Authorization: 0BI_ALL 4. Variables in Authorization (Custom Exit) 5. Colon authorization 6. Pound Authorization 7. Key Figure Authorization 8. Authorizing Navigational Attributes BI 7 Security Features
Analysis Authorizations are fundamental building blocks of the new reporting concept which contains both the data value and hierarchy restrictions. This is also called data level access. With the new NW2004s analysis authorisation principles it is now possible to create an analysis authorisation object directly on an info object The authorisation can either be single values or a value range or created with a reference to a hierarchy, provided the info object is created with a hierarchy and the info object is authorisation relevant. Analysis Authorization:
These special characteristics must be assigned to a user in at least one authorization 0TCAACTVT: Restrict access to activities i.e. display, create, change etc 0TCAIPROV: Restrict access to the Info Provider i.e. Info Cube, ODS, Multi provider etc 0TCAVALID: Provides the validity of the analysis authorization All these authorization should be marked as authorization relevant Special Characteristics:
An authorization for all values of authorization-relevant characteristics is created automatically in the system. It has the name 0BI_ALL. It can be viewed, but not changed. Every user that receives this authorization can access all the data at any time. Each time an Info Object is activated and the property “authorization relevant” is changed for the characteristic or a navigation attribute, 0BI_ALL is automatically adjusted. A user that has a profile with the authorization object S_RS_AUTH and has entered 0BI_ALL (or has included value as *) has complete access to all data. 0BI_ALL
Variables of type Customer Exit can be used with the special value $ (as escape sequence) as prefix before the variable name. This enables dynamic granting of authorizations (authorized values are retrieved at runtime). Customer exit reads the variable values using a selection routine placed in the function module EXIT_SAPLRRBR_001 inside of enhancement RSR0001. (This Enhancement is accessed via transaction code CMOD). Custom Exit: The advantage of this method is that you can give all users the same authorization by placing the variable name with a $ sign in front of it instead of a value in The characteristic value (or the hierarchy node)
Colon (: )as Authorization Two Purposes for Colon Authorization Value: If the Info Provider has sensitive data, it could be that you do not want the user to see any summarized data. For example, let us assume you have an Info Provider that has sensitive forecasting data. In this business scenario you have chosen to secure by Info Objects (for example, Company Code). If you do not want a user with access to Company Code 1000 to see ANY data from other company codes, then you might not Give this user the colon (:) value in the authorization. This would mean that ANY queries on your Info Provider that do not use the Company Code Info Object will fail for this user. Second purpose of the Colon authorization is to give user access to the aggregated data. For example, user can see Total of sales done by all sales organization but details data of only his sales organization.
Pound (#) as Authorization Using a Pound Sign (#) as an Authorization Value: When data is loaded into SAP BW, some fields may be marked as no value assigned (posted with INITIAL). If you have secured an Info Object that has data that is unassigned in the Info Cube, you may choose to give the user a pound sign (#) in order to avoid an authorization error at runtime. The # character is interpreted as authorization for the display of the value Not assigned (posted with INITIAL).
Key Figure Authorization This restriction is used to grant authorization to particular key figures to the users. • Technical name: 0TCAKYFNM • Possible values: - Single value (EQ) Exactly one key figure - Range (BT) Selection of key figures - Pattern (CP) Selection of key figures based on pattern Note: If a particular key figure is defined as authorization-relevant, it will be checked for every Info Provider
Authorizing Navigational Attributes: To restrict the access to navigational attributes, it should be marked as authorization- relevant in attribute tab strip. Note: The referencing characteristic does not need to be authorization-relevant
Authorizing Navigational Attributes: To restrict the access to navigational attributes, it should be marked as authorization- relevant in attribute tab strip. Note: The referencing characteristic does not need to be authorization-relevant
New Authorization Objects
Below are the new authorization objects in BI7 for administration workbench, business Explorer and analysis authorization. Authorization objects for the Data Warehousing Workbench: S_RS_DS: For the DataSource or its sub objects (NW2004s) S_RS_ISNEW: For new InfoSources or their sub objects (NW 2004s) S_RS_DTP: For the data transfer process and its sub objects S_RS_TR: For transformation rules and their sub objects S_RS_CTT: For currency translation types S_RS_UOM: For quantity conversion types S_RS_THJT: For key date derivation types S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings S_RS_RST: Authorization object for the RS trace tool S_RS_PC: For process chains S_RS_OHDEST: Open Hub Destination BI 7 new Authorization Objects
Authorization objects for the Business Explorer: S_RS_DAS: For Data Access Services S_RS_BTMP: For BEx Web templates S_RS_BEXTX: Authorizations for the maintenance of BEx texts Authorization objects for the Admin of analysis authorizations S_RSEC: Authorization for assignment and administration of analysis authorizations S_RS_AUTH: Authorization object to include analysis authorizations in roles Changed Authorization Objects: S_RS_ADMWB (Data Warehousing Workbench: Objects): New values for filed RSADMWBOBJ has been added like BIA_ZA, CNG_RUN, CONT_ACT etc for activities like BI Accelerator Monitor Checks and Attribute Change Run.
SAP BI 7 security concepts

Recommended

sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasksSiva Pradeep Bolisetti
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
BI Security (1).ppt
BI Security (1).pptBI Security (1).ppt
BI Security (1).pptcsekar2
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 

Recommended

sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasksSiva Pradeep Bolisetti
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
BI Security (1).ppt
BI Security (1).pptBI Security (1).ppt
BI Security (1).pptcsekar2
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsTL Technologies - Thoughts Become Things
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis SecurityGuang Ying Yuan
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Fiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksFiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksJasbir Khanuja
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Mass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwMass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwDitto S Perumalsami
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil Kumar
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...Andre Bothma
 
Oaf personaliztion examples
Oaf personaliztion examplesOaf personaliztion examples
Oaf personaliztion examplesKaushik Kumar Kuberanathan
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Welding and types
Welding and types Welding and types
Welding and types Siva Pradeep Bolisetti
 
OnSpotAward_TDMS_team
OnSpotAward_TDMS_teamOnSpotAward_TDMS_team
OnSpotAward_TDMS_teamAbhinav Vatsa
 

More Related Content

What's hot

How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsTL Technologies - Thoughts Become Things
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis SecurityGuang Ying Yuan
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Fiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksFiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksJasbir Khanuja
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
Mass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwMass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwDitto S Perumalsami
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil Kumar
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...Andre Bothma
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 

What's hot (20)

How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systems
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRC
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answers
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administration
 
Fiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksFiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricks
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
Mass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwMass User Password Reset Using Lsmw
Mass User Password Reset Using Lsmw
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and Instruction
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...Step by step on changing ecc source systems without affecting data modeling o...
Step by step on changing ecc source systems without affecting data modeling o...
 
Oaf personaliztion examples
Oaf personaliztion examplesOaf personaliztion examples
Oaf personaliztion examples
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
 

Viewers also liked

OnSpotAward_TDMS_team
OnSpotAward_TDMS_teamOnSpotAward_TDMS_team
OnSpotAward_TDMS_teamAbhinav Vatsa
 
7g
7g7g
7g96_mavg
 
01 iec t1_s1_oo_ps_session_01
01 iec t1_s1_oo_ps_session_0101 iec t1_s1_oo_ps_session_01
01 iec t1_s1_oo_ps_session_01Niit Care
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginnersThiyagarajan Soundhiran
 
C programming
C programmingC programming
C programmingAnurag Byala
 
03 the c language
03 the c language03 the c language
03 the c languagearafatmirza
 
Step by step exercise for bw 365
Step by step exercise for bw 365Step by step exercise for bw 365
Step by step exercise for bw 365Siva Pradeep Bolisetti
 
Governance Of Enterprise IT MIA
Governance Of Enterprise IT MIAGovernance Of Enterprise IT MIA
Governance Of Enterprise IT MIATroy DuMoulin
 
How to improve user experience via roles
How to improve user experience via rolesHow to improve user experience via roles
How to improve user experience via rolesSiva Pradeep Bolisetti
 
Calculation of optimum cost of transportation of goods from godowns to differ...
Calculation of optimum cost of transportation of goods from godowns to differ...Calculation of optimum cost of transportation of goods from godowns to differ...
Calculation of optimum cost of transportation of goods from godowns to differ...Siva Pradeep Bolisetti
 
Bluetooth Technology -- detailed explanation
Bluetooth Technology -- detailed explanation Bluetooth Technology -- detailed explanation
Bluetooth Technology -- detailed explanation Siva Pradeep Bolisetti
 
C Programming- Features of C language
C Programming- Features of C languageC Programming- Features of C language
C Programming- Features of C languageTrinity Dwarka
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practicesJonathan Eemans
 
Enterprise Risk Management Software
Enterprise Risk Management SoftwareEnterprise Risk Management Software
Enterprise Risk Management SoftwareMike Taylor
 
Sappress sap governance risk and compliance
Sappress sap governance risk and complianceSappress sap governance risk and compliance
Sappress sap governance risk and complianceSiva Pradeep Bolisetti
 
Use of network scheduling technique
Use of network scheduling technique Use of network scheduling technique
Use of network scheduling technique Siva Pradeep Bolisetti
 

Viewers also liked (19)

Welding and types
Welding and types Welding and types
Welding and types
 
OnSpotAward_TDMS_team
OnSpotAward_TDMS_teamOnSpotAward_TDMS_team
OnSpotAward_TDMS_team
 
7g
7g7g
7g
 
01 iec t1_s1_oo_ps_session_01
01 iec t1_s1_oo_ps_session_0101 iec t1_s1_oo_ps_session_01
01 iec t1_s1_oo_ps_session_01
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginners
 
C programming
C programmingC programming
C programming
 
03 the c language
03 the c language03 the c language
03 the c language
 
Step by step exercise for bw 365
Step by step exercise for bw 365Step by step exercise for bw 365
Step by step exercise for bw 365
 
Governance Of Enterprise IT MIA
Governance Of Enterprise IT MIAGovernance Of Enterprise IT MIA
Governance Of Enterprise IT MIA
 
C tutorial
C tutorialC tutorial
C tutorial
 
How to improve user experience via roles
How to improve user experience via rolesHow to improve user experience via roles
How to improve user experience via roles
 
Li fi
Li fiLi fi
Li fi
 
Calculation of optimum cost of transportation of goods from godowns to differ...
Calculation of optimum cost of transportation of goods from godowns to differ...Calculation of optimum cost of transportation of goods from godowns to differ...
Calculation of optimum cost of transportation of goods from godowns to differ...
 
Bluetooth Technology -- detailed explanation
Bluetooth Technology -- detailed explanation Bluetooth Technology -- detailed explanation
Bluetooth Technology -- detailed explanation
 
C Programming- Features of C language
C Programming- Features of C languageC Programming- Features of C language
C Programming- Features of C language
 
Authorisations in SAP: best practices
Authorisations in SAP: best practicesAuthorisations in SAP: best practices
Authorisations in SAP: best practices
 
Enterprise Risk Management Software
Enterprise Risk Management SoftwareEnterprise Risk Management Software
Enterprise Risk Management Software
 
Sappress sap governance risk and compliance
Sappress sap governance risk and complianceSappress sap governance risk and compliance
Sappress sap governance risk and compliance
 
Use of network scheduling technique
Use of network scheduling technique Use of network scheduling technique
Use of network scheduling technique
 

Similar to SAP BI 7 security concepts

SAP BI Security Features
SAP BI Security FeaturesSAP BI Security Features
SAP BI Security Featuresdw_anil
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security featuresShazia_Sultana
 
Visible Governance: How to set up data governance using Visible Analyst Comme...
Visible Governance: How to set up data governance using Visible Analyst Comme...Visible Governance: How to set up data governance using Visible Analyst Comme...
Visible Governance: How to set up data governance using Visible Analyst Comme...Michael Cesino
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapShane Coughlan
 
Scalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsScalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsPallavi Koppula
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxjuancusa
 
552259774-VMDR-Presentation-Slides.pdf
552259774-VMDR-Presentation-Slides.pdf552259774-VMDR-Presentation-Slides.pdf
552259774-VMDR-Presentation-Slides.pdfHarkeemShaw1
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Less11 Security
Less11 SecurityLess11 Security
Less11 Securityvivaankumar
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Business Analytics System
Business Analytics SystemBusiness Analytics System
Business Analytics SystemMahesh Patwardhan
 
#SPFestSEA Introduction to #MicrosoftGraph
#SPFestSEA Introduction to #MicrosoftGraph#SPFestSEA Introduction to #MicrosoftGraph
#SPFestSEA Introduction to #MicrosoftGraphVincent Biret
 
Cache Security- Adding Security to Non-Secure Applications
Cache Security- Adding Security to Non-Secure ApplicationsCache Security- Adding Security to Non-Secure Applications
Cache Security- Adding Security to Non-Secure ApplicationsInterSystems Corporation
 
Data base security
Data base securityData base security
Data base securitySara Nazir
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
Pradeep_ETL Testing_CV with 3 years of Exerience
Pradeep_ETL Testing_CV with 3 years of ExeriencePradeep_ETL Testing_CV with 3 years of Exerience
Pradeep_ETL Testing_CV with 3 years of ExeriencePradeep Shahapur
 

Similar to SAP BI 7 security concepts (20)

SAP BI Security Features
SAP BI Security FeaturesSAP BI Security Features
SAP BI Security Features
 
An expert guide to new sap bi security features
An expert guide to new sap bi security featuresAn expert guide to new sap bi security features
An expert guide to new sap bi security features
 
Visible Governance: How to set up data governance using Visible Analyst Comme...
Visible Governance: How to set up data governance using Visible Analyst Comme...Visible Governance: How to set up data governance using Visible Analyst Comme...
Visible Governance: How to set up data governance using Visible Analyst Comme...
 
Casa engl
Casa englCasa engl
Casa engl
 
Open Source Compliance Automation Capability Map
Open Source Compliance Automation Capability MapOpen Source Compliance Automation Capability Map
Open Source Compliance Automation Capability Map
 
Scalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizationsScalable security modeling sap bw analysis authorizations
Scalable security modeling sap bw analysis authorizations
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
 
552259774-VMDR-Presentation-Slides.pdf
552259774-VMDR-Presentation-Slides.pdf552259774-VMDR-Presentation-Slides.pdf
552259774-VMDR-Presentation-Slides.pdf
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Less11 Security
Less11 SecurityLess11 Security
Less11 Security
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Business Analytics System
Business Analytics SystemBusiness Analytics System
Business Analytics System
 
#SPFestSEA Introduction to #MicrosoftGraph
#SPFestSEA Introduction to #MicrosoftGraph#SPFestSEA Introduction to #MicrosoftGraph
#SPFestSEA Introduction to #MicrosoftGraph
 
Cache Security- Adding Security to Non-Secure Applications
Cache Security- Adding Security to Non-Secure ApplicationsCache Security- Adding Security to Non-Secure Applications
Cache Security- Adding Security to Non-Secure Applications
 
Data base security
Data base securityData base security
Data base security
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
 
Pradeep_ETL Testing_CV with 3 years of Exerience
Pradeep_ETL Testing_CV with 3 years of ExeriencePradeep_ETL Testing_CV with 3 years of Exerience
Pradeep_ETL Testing_CV with 3 years of Exerience
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

SAP BI 7 security concepts

  • 1. BI 7 Security Concepts
  • 2. Topics Covered: • Difference between BW 3.x and BI 7 • Securing reporting users access • Authorization Trace • Creation of Analysis Authorization • Assignment of Analysis Authorization • Securing Access to Workbooks • Additional BI7 Security Features • New Authorization Objects
  • 3. There was no SAP delivered authorization object to link the hierarchies to Roles. Customized Auth object need to be created which will fall under SAP Class RSR. Difference between BW 3.x and BI Security SAP delivered Auth object S_RS_AUTH (Class RS) can be added to the Roles and further linked to analysis authorization
  • 4. Contd… RSSM RSECADMIN Old transaction: RSSM Concept of authorization: 'Reporting Authorization' New transaction : RSECADMIN Concept of authorization: 'Analysis Authorization'
  • 5. Contd… Authorization: PFCG (Role based approach) Authorization: PFCG (Role based approach) RSECAUTH (Analysis Authorization Based Approach)
  • 6. Contd… Full Authorization: SAP_ALL, SAP_NEW 0BI_ALL: Allow full authorization for the IO authorization relevant, Used in the authorization object: S_RS_AUTH Full Authorization: SAP_ALL, SAP_NEW
  • 7. Authorization objects are grouped according to authorization object classes. The major authorization object class in BI is RS. S_RS_COMP: Decides which Info area, Info provider’s data user can view S_RS_COMP1: Decides which owner’s queries a user can execute S_RS_FOLD: Hide or display the “Info Area” push button for end users S_RS_AUTH: Gives access to analysis Authorizations S_RS_ADMWB: Used by BW administrator for Modeling and controlling Some other Auth objects: To save workbooks/Queries to Roles S_USER_AGR: In which Role user can add workbooks and Queries S_USER_TCD: should have value as RRMX and used in conjunction with S_USER_AGR Authorization Objects in BI 7
  • 8. In BI 7, reporting users access needs to be restricted to certain levels like InfoCube Level: Restrict at the InfoCube level. Characteristic Level/Info Object: Restrict access to all values for a particular characteristic. Characteristic Value Level: Restrict access to certain values of a particular characteristic. Key Figure Level: Restrict access to certain key figures. Hierarchy Node: Restrict access to certain nodes of a hierarchy Restricting access in BI
  • 9. Below are the minimum authorization requirements for a reporting user: • Analysis authorizations for an Info Provider • S_RS_COMP (Activities 03, 16) • S_RS_COMP1 (Query owner) • S_RFC (Bex Analyzer or Bex Browser only) • S_TCODE (RRMX for Bex Analyzer) A reporting user must have authorizations for the S_RS_COMP, S_RS_COMP1 authorization objects as well as analysis authorizations for the Info Provider on which the query is based. In addition, if the reporting user will be using the Bex Analyzer reporting tool, they will need authorizations for object S_RFC and S_TCODE with authorization for transaction code RRMX. Securing Data Access for Reporting Users
  • 10. Secure by Info Cube: If the authorizations need to be checked only on Info Provider level. You can then create roles that allow you to run queries from the specified Info Provider (s). Securing by Query: Another option would be to use the Info Provider in conjunction with the query name. To do this, you will need a strict naming convention for query names so that security does not have to be updated each time a new query is created. Securing by Info Object: Allowing two user to execute the same query, but to get different results based on their assigned data access for division, cost center, or some other Info Object, is known as info Object level security or field level security Options for Securing Data Access
  • 11. The more granular level of restricting access of the users is at Info Object/Field level . The following procedure shows the steps you must be following when setting up security for an Info Object: 1. Define the Info Object as authorization relevant. 2. Create (or adjust) analysis authorizations for the Info Object. 3. Assign authorizations to users. 4. Add a variable to the queries. Securing by Info Object:
  • 12. The Authorization Relevant setting for an Info Object made in the Info Object definition on the Business Explorer tab. The business needs will drive which Info Objects should be relevant for security. • Execute Tcode RSD1 • Enter the info object name • Go to Business Explorer Tab • Select the check box “Authorization Relevant” • Activate the info object Authorization Relevance
  • 13. Analysis Authorizations are fundamental building blocks of the new reporting concept which contains both the data value and hierarchy restrictions. • Execute Tcode RSECADMIN • Go to Maintenance in Authorization Tab • Enter The Analysis Authorization and click Create Create analysis authorizations:
  • 14. Once you have created analysis authorizations, users will need access to the right authorizations according to business needs. You can assign authorizations in roles using S_RS_AUTH or directly in transaction RSECADMIN or RSU01. Assign authorizations to users:
  • 15. Add a variable to the queries If we want a query to only provide results based on the division, for example, then the query itself needs the ability to filter specific division values. Before we can secure on division, the query must be able to restrict data by division. The only way the query can restrict data dynamically is through a variable. The variable can be added anytime independent of the other steps listed here.
  • 16. Exercises: • Create a simple query from an existing Info Cube, execute it, and save it as a new workbook • Defining Info Object-Level Security for Reporting Users • Limit query access within the Bex Analyze using S_RS_COMP1 and S_RS_FOLD
  • 18. Trace Tool : ST01 and RSECADMIN Transaction code ST01 executes a trace tool that exists on all ABAP based systems. Among other purposes, this tool serves as trace for all SAP-provided authorizations objects. You simply turn on the trace (for a specific user), and when the trace is completed you can see which authorization objects were checked and the results of the check. In transaction RSECADMIN →Analysis you can execute a trace that is specific to BI analysis authorizations. Analysis authorizations will not appear in the ST01 trace
  • 19. Authorization Trace In BI 7 we can Trace : 1) Authorization Monitoring 2) Change log of Analysis authorization
  • 20. Authorization Monitoring Checking Authorizations • Log on with your own user ID • Check query execution with the authorizations of a specific user
  • 21. Contd…….. Evaluate Log Protocol • Turn on logging of user activities related to analysis authorizations • View detailed information about authorization checks
  • 22. Change log of Analysis authorization Activate the following Virtual Providers from the Business Content (VAL = Values, HIE = Hierarchies, UA = User Assignment) The system records all changes to authorizations and user assignments. Queries can be built on these Info Providers to find out the trace of - How many users have access to a given InfoCube? - Which users have access to company code X? - When was authorization “XYZ” created, and by whom?
  • 23. Exercise (s): • Trace BI authorizations • ST01 Trace
  • 25. Creation of Analysis Authorization There are two ways to create the analysis authorization in BI 7 1. Manual creation of analysis authorization through RSECAUTH Tcode 2. Automatic generation of analysis authorization approach (for mass creation and assignment)
  • 26. Creation through RSECADMIN 1) Execute Tcode RSECADMIN 2) Go to Maintenance in Authorization Tab 3) Enter The Analysis Authorization and click Create
  • 27. Automatic generation of analysis authorization With the generation of analysis authorizations, we can load authorized values from other systems into Data Store objects and generate authorizations from them. This approach is generally used for mass creation of analysis authorization and assignment of these authorizations to the users. Steps to be performed: Data Warehouse Workbench (RSA1): 1. Activate Business Content 2. Load of Data Store Objects Management of Analysis Authorizations (RSECADMIN): 3. Generate Authorizations 4. View Generation Log
  • 28. Activate Business Content SAP delivers Business Content for storing authorizations and user assignment of authorizations should be activated
  • 29. Load of Data Store Objects • Fill the Data Store objects with the user data and authorizations • Extract the data, for example, from an SAP R/3 source system or from a flat file Note: Some consistency checks should be added to avoid errors during the generation later
  • 30. Generate Authorizations Start the generation by specifying the relevant Data Store objects
  • 31. View Generation Log Detailed log can be viewed once the generation is completed
  • 33. Assignment of authorization 1. Direct assignment of Analysis authorization through RSECADMIN 2. Indirect assignment through Roles (PFCG)
  • 34. Direct assignment Direct assignment of Analysis authorization through RSECADMIN
  • 35. Pros: • This approach removes the use of creating Roles for the corresponding analysis authorization . Cons: • No Change documents are provided by SAP for assigning and removal of Analysis authorization from the user • No SUIM (System User Information Management) reports are provided by SAP for analysis authorization • No possible way to assign mass analysis authorization to the users at a stretch. Analysis authorization based Approach:
  • 36. • If an id is deleted using SU01 who is having analysis authorization assigned to it, these authorization will not get deleted from the user’s profile. If the same id is recreated, automatically user id will be populated with the earlier analysis authorizations. So if this approach is followed, it is always recommended that analysis authorization are manually deleted from the user id using RSU01 and then id using SU01 Contd…..
  • 37. Indirect Assignment • Alternatively to the direct assignment, we can also assign authorizations to roles, which can then be assigned to users. • Use authorization object S_RS_AUTH for the assignment of authorizations to roles • Maintain the authorizations as values for field BIAUTH
  • 38. Pros: • All the Change documents are already available • All the existing SUIM reports are already available • Possible to perform mass assign role assignment Cons: • Roles need to be created corresponding to the analysis authorization which will include more maintenance in the system Pros and Cons
  • 39. Query is more the technical definition of what the results should look like. Workbooks are actual results that have been formatted and can be refreshed each time the workbook is executed. The query is a definition of what data the query should fetch and how the data should be initially displayed. A query definition includes rows, columns, filters, and free characteristics. The workbook is a result set of the query. In this workbook, the data is displayed by sales organization. Every time the user executes the workbook, the data will be refreshed, but the format can remain the same, depending on the settings for the query in the workbook. Multiple query results saved in workbooks from the same query definition enable users to customize how they want to review the results and analyze the data. Queries and Workbooks:
  • 40. If a user wants to save a workbook to a location where it can be easily accessed by others, they need to save to a Role. Saving to a Role means saving to a security role. You may want to set up roles specifically for saving workbooks. You can then assign the role to all parties who need to share workbooks. In order to save workbooks to roles, a user needs: • S_USER_AGR: Authorizations: Role check • S_USER_TCD: Transactions in roles The authorization object S_USER_AGR has two fields: Activity and Role Name. For the Activity field, the user must have at least values 01, 02 and 22. If the user can delete workbooks, they will also need value 06. For the Role Name, you should enter the specific roles you have created for saving workbooks. Authorization object S_USER_TCD has one field, Transaction Code. The user needs value RRMX in this field. Saving workbooks to Queries:
  • 42. BI 7 Security Features
  • 43. Concept of BW security remains the same in BI 7 while changes are more with respect to new authorization features, more authorization objects, newer Tcodes and more flexibility. 1. Analysis Authorization 2. Special Characteristics 3. Special Authorization: 0BI_ALL 4. Variables in Authorization (Custom Exit) 5. Colon authorization 6. Pound Authorization 7. Key Figure Authorization 8. Authorizing Navigational Attributes BI 7 Security Features
  • 44. Analysis Authorizations are fundamental building blocks of the new reporting concept which contains both the data value and hierarchy restrictions. This is also called data level access. With the new NW2004s analysis authorisation principles it is now possible to create an analysis authorisation object directly on an info object The authorisation can either be single values or a value range or created with a reference to a hierarchy, provided the info object is created with a hierarchy and the info object is authorisation relevant. Analysis Authorization:
  • 45. These special characteristics must be assigned to a user in at least one authorization 0TCAACTVT: Restrict access to activities i.e. display, create, change etc 0TCAIPROV: Restrict access to the Info Provider i.e. Info Cube, ODS, Multi provider etc 0TCAVALID: Provides the validity of the analysis authorization All these authorization should be marked as authorization relevant Special Characteristics:
  • 46. An authorization for all values of authorization-relevant characteristics is created automatically in the system. It has the name 0BI_ALL. It can be viewed, but not changed. Every user that receives this authorization can access all the data at any time. Each time an Info Object is activated and the property “authorization relevant” is changed for the characteristic or a navigation attribute, 0BI_ALL is automatically adjusted. A user that has a profile with the authorization object S_RS_AUTH and has entered 0BI_ALL (or has included value as *) has complete access to all data. 0BI_ALL
  • 47. Variables of type Customer Exit can be used with the special value $ (as escape sequence) as prefix before the variable name. This enables dynamic granting of authorizations (authorized values are retrieved at runtime). Customer exit reads the variable values using a selection routine placed in the function module EXIT_SAPLRRBR_001 inside of enhancement RSR0001. (This Enhancement is accessed via transaction code CMOD). Custom Exit: The advantage of this method is that you can give all users the same authorization by placing the variable name with a $ sign in front of it instead of a value in The characteristic value (or the hierarchy node)
  • 48. Colon (: )as Authorization Two Purposes for Colon Authorization Value: If the Info Provider has sensitive data, it could be that you do not want the user to see any summarized data. For example, let us assume you have an Info Provider that has sensitive forecasting data. In this business scenario you have chosen to secure by Info Objects (for example, Company Code). If you do not want a user with access to Company Code 1000 to see ANY data from other company codes, then you might not Give this user the colon (:) value in the authorization. This would mean that ANY queries on your Info Provider that do not use the Company Code Info Object will fail for this user. Second purpose of the Colon authorization is to give user access to the aggregated data. For example, user can see Total of sales done by all sales organization but details data of only his sales organization.
  • 49. Pound (#) as Authorization Using a Pound Sign (#) as an Authorization Value: When data is loaded into SAP BW, some fields may be marked as no value assigned (posted with INITIAL). If you have secured an Info Object that has data that is unassigned in the Info Cube, you may choose to give the user a pound sign (#) in order to avoid an authorization error at runtime. The # character is interpreted as authorization for the display of the value Not assigned (posted with INITIAL).
  • 50. Key Figure Authorization This restriction is used to grant authorization to particular key figures to the users. • Technical name: 0TCAKYFNM • Possible values: - Single value (EQ) Exactly one key figure - Range (BT) Selection of key figures - Pattern (CP) Selection of key figures based on pattern Note: If a particular key figure is defined as authorization-relevant, it will be checked for every Info Provider
  • 51. Authorizing Navigational Attributes: To restrict the access to navigational attributes, it should be marked as authorization- relevant in attribute tab strip. Note: The referencing characteristic does not need to be authorization-relevant
  • 52. Authorizing Navigational Attributes: To restrict the access to navigational attributes, it should be marked as authorization- relevant in attribute tab strip. Note: The referencing characteristic does not need to be authorization-relevant
  • 54. Below are the new authorization objects in BI7 for administration workbench, business Explorer and analysis authorization. Authorization objects for the Data Warehousing Workbench: S_RS_DS: For the DataSource or its sub objects (NW2004s) S_RS_ISNEW: For new InfoSources or their sub objects (NW 2004s) S_RS_DTP: For the data transfer process and its sub objects S_RS_TR: For transformation rules and their sub objects S_RS_CTT: For currency translation types S_RS_UOM: For quantity conversion types S_RS_THJT: For key date derivation types S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings S_RS_RST: Authorization object for the RS trace tool S_RS_PC: For process chains S_RS_OHDEST: Open Hub Destination BI 7 new Authorization Objects
  • 55. Authorization objects for the Business Explorer: S_RS_DAS: For Data Access Services S_RS_BTMP: For BEx Web templates S_RS_BEXTX: Authorizations for the maintenance of BEx texts Authorization objects for the Admin of analysis authorizations S_RSEC: Authorization for assignment and administration of analysis authorizations S_RS_AUTH: Authorization object to include analysis authorizations in roles Changed Authorization Objects: S_RS_ADMWB (Data Warehousing Workbench: Objects): New values for filed RSADMWBOBJ has been added like BIA_ZA, CNG_RUN, CONT_ACT etc for activities like BI Accelerator Monitor Checks and Attribute Change Run.