BI SECURITY Security in SAP is controlled through authorization objects.

The SAP Business Information Warehouse BIW, has a set of authorization objects specific to BW which control security in BW. Primarily there are two classes of authorization objects in SAP BIW. They are in the areas of BIW - reporting and BIW administration. The BIW reporting authorization objects are used for field level security in BW reporting. The BW administration objects are used to secure administation functions in business information warehouse. Below are some of the authorization objects in the above two areas of BW security. 1. SAP Business Information Warehouse Reporting - S_RS_COMP - S_RS_COMP1 - S_RS_FOLD 2. SAP Business Information Warehouse Administration - S_RS_ADMWB - S_RS_IOBJ - S_RS_ISOUR - S_RS_ISRCM Apart from the above two classes of authorization objects in SAP BW, there are a set of common authorization objects which are used in BW. These common authorization objects are required by all users as these auth_objects are checked in different areas. The common set of authorization objects used in SAP BIW include S_RS_ICUBE, S_RS_ODSO and S_RS_HIER. One key point to note is that BW reporting authorization objects for field level security are created as needed whereas the BW administration authorization objects are used across the module to secure admin functions. More on SAP BW authorizations coming soon. SAP BW turns data stored in SAP R/3 into more reportable knowledge. SAP BW is not about creating or updating data, but it is about turning the data into information for decision making. As with SAP R/3 where security is controlled via authorizations, in SAP BW implementation as well, security is a key aspect of BW model implementation. SAP BW Security is not focused on transaction codes or actions that can be executed by users, but is more focused on the data itself. To put this in a structure, SAP BW security focuses on the key areas within BW which are:

- Info Areas - Info Provides including BW Infocubes - BW Queries It is clear on the above that SAP BW Security is focused on what data can be accessed by the user, The main use of BW is to analyze information and summarize this information in an Infocube. This data is not updated by the end user. The data to be analyzed is accessed by the user in the InfoProvider by using a reporting tool such as BEx Analyzer. InfoProviders in BW are a classification of objects that can provide data to a BW query such as Infocubles or ODS objects. The Infocube contains data the summarized data that can then be analyzed by the user. Results of the query are based on the data in the InfoCube / ODS Object. BW Transaction code RRMX is one of the key transaction codes to analyze data. So how does a company differentiate between its security strategy for SAP BW as against tackling security within SAP R/3. In ECC 6.0 security is detailed around company codes, document types, sales organizations, purchasing organizations, plants, business areas and so on. Authorization restrictions are relevant at the transaction code level as well as at authorization object level to prevent users from creating, changing, or viewing data with the ACTVT field. However, one has to take a different approach for BW security as compared to R/3. To take an example, in BW it is key to look at lets say which company codes can a user access. A BW query can provide a restrictive view if the user has access to only a select set of company codes. The user may only be able to make decisions for that particular company code only. When a user executes a query, and they have access to only one company code 1000, the query will return data for that company code only. This may be valid in a scenario, where there are multiple company codes per geography and data across each should not be shared. It is important that the security strategy be planned at the onset of the BW implementation. This has a major impact on how BW report, queries will work in the future and how these may be secured. Even in BW, report and queries can be secured at the company code level, purchasing organisation level etc, but a thorough consideration must be given as to how this will fit in with the overall security strategy for the company in their system landscape.

R3 is mainly used for the transactional data and auth

objects is used for the tocde restrictions BI is used for the Reporting,BI authorization is for Historical data access where is R3 is real time data, Analysis authorization is the new concept in BI by which we can build the query restriction by value with unlimited no of Infoobjects And trace aswell.