8 Bip U Workshop Security

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

SAP Business Warehouse/Business Intelligence Reporting

BW/BI Security
Washington State HRMS Business
Warehouse/Business Intelligence (BW/BI)
BW/BI Power User Workshop Materials
General Topics BW/BI Power Users
Section 8
BW/BI Security
2
8 - BW/BI Power User Workshop - BW/BI Security
The following section provides an overview of BW/BI Security.
Business Intelligence
Business Explorer (BEx)
BW/BI Security
BW/BI Environment
BW/BI Security Overview
Security Variables
Structural Authorizations
Exercise 4
Exercise 5
BW/BI Security Overview
3
8 - BW/BI Power User Workshop - BW/BI Security
The ability to access BW/BI reports, specific functions, and data within the BW/BI environment is
controlled by HRMS BW/BI Security:
1. BW/BI User Role The ability to access specific functions in BW/BI is controlled through
roles. Agency HRMS BW/BI users will be mapped to either a BW/BI End User or BW/BI
Power User role. All BW/BI users can access reports via the HRMS Portal. Only Power
Users can develop ad hoc queries against data available within the BW/BI structures.
2. BW/BI InfoProvider Role The ability to access BW/BI data structures (InfoProviders) is
controlled by a BW/BI InfoProvider Role. Agency HRMS BW/BI users will be mapped to
either an HR/Payroll/Time data or- HR/Payroll/Time with Financial data or
Financial data only or HR/Payroll/Time with Grievance data or Grievance data
only InfoProvider Role.
3. BW/BI Data Security The ability to access report results is controlled through the
organization structure within the security and role mapping setups. BW/BI data structures
apply an additional level of data security for specific values such as SSN, Name, etc.
Structural Authorizations
4
8 - BW/BI Power User Workshop - BW/BI Security
BW/BI Data Security
BW/BI Data Security is based on Structural Authorizations.
Structural Authorizations are defined in HRMS (SAP R/3) and are loaded to the BW/BI on a
nightly basis. Structural Authorizations restrict the display of data based on the users
organization structure within the security and role mapping setups.
Some InfoObjects within BW/BI are considered confidential (for example, SSN and Name).
BW/BI Security will check Structural Authorizations to ensure the user receives results for
only the data they have access to.
Structural Authorizations
8 - BW/BI Power User Workshop - BW/BI Security 5
In BW/BI , there are two characteristics identified as confidential InfoObjects:
1. Employee (0EMPLOYEE)
2. Person (0PERSON)
BW/BI security will check Structural Authorizations when these two characteristics are included in queries
and reports. This will ensure the user receives results for only the data they have access to.
Person
Characteristic
Employee
Characteristic
Structural Authorizations
8 - BW/BI Power User Workshop - BW/BI Security 6
Employee and Person have display-only attributes that are located in the Attributes folder of the
characteristic. These display-only attributes can only be included in a query or report if Employee or
Person characteristics are also included.
Display-only
Attributes
of Person
Display-only attributes of
Employee selection
Display-only attributes of
Person selection
Display-only attributes of Employee
Display-only attributes of Person
Display-only Attribute
of Employee
Security Variables
8 - BW/BI Power User Workshop - BW/BI Security 7
Security Variables are variables in a query or report that check Structural Authorizations. If Employee or
Person characteristics are included in a query or report, a Security Variable must also be included.
When a Security Variable is included with the Employee or Person characteristics, BW/BI Security will
check Structural Authorizations. This will ensure the user receives results for only the data they have
access to.
If a Security Variable is not included with the Employee or Person characteristics, BW/BI Security will
return an authorization error for users who do not have statewide access.
An example of the authorization error is displayed below:
Security Variables
8 - BW/BI Power User Workshop - BW/BI Security 8
Person Security
Variable
Employee and Person is a No Display type of Security Variables:
No Display: Does not prompt users to select an Employee or Person prior to running the query. Automatically returns
data the user has security access to.
Security Variables for Employee and Person include:
Employee (0EMPLOYEE):
No Display: Employee Sec (AUTH)
Person (0PERSON):
No Display: Person Sec (AUTH)
Employee Security
Variable
Security Variables
8 - BW/BI Power User Workshop - BW/BI Security 9
Sample of an ad hoc query with Confidential InfoObjects
and Security Variables
Result: Return data for employees the user has access to
The example below shows the results of using Employee and Person characteristics with Security Variables.
If the user has authorization to view
only one employee, only one
employees data will be displayed.
Security Variables
SAP Business Warehouse / Business Intelligence Reporting
Exercise 4 Adding Confidential InfoObjects
Washington State HRMS Business
Warehouse/Business Intelligence (BW/BI)
BW/BI Power User Workshop Materials
General Topics BW/BI Power Users
BW/BI Power User Workshop - Exercise 4
SAP Business Warehouse / Business Intelligence Reporting
Exercise 5 Deleting an Existing Ad Hoc Query
Washington State HRMS Business
Warehouse/Business Intelligence (BW/BI)
BW/BI Power User Workshop Materials
General Topics BW/BI Power Users
BW/BI Power User Workshop - Exercise 5

You might also like