Skip to Content
author's profile photo Former Member
Former Member

BPC Embedded Authorizations

Hi All

I was wondering if someone would be able to assist.

I am currently busy finalizing a BPC Embedded project and I need to ensure the users have the correct roles and authorizations in BW.

Currently if the users log onto BPC via the URL they are unable to view the administrator tab or the Activities tab.

Does anyone perhaps know which roles are required in BW or where I can find any documentation to assist with this?

Thank you to all!

Regards,

Roberto

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    Posted on Apr 29, 2015 at 08:23 AM

    Hi Roberto

    BPC 10.1 Embedded authorizations leverages the traditional BW / NW authorization concept, very similar to BPC 10.0. Depending on the level of security and granularity of your requirements, the security design can either be complex or relatively simple.

    The embedded model will use the following auth objects to control the following activities within BPC embedded:

    RSBPC_ID - Grants the user access to an environment

    RSBPC_ENVM - Manage environment

    RSBPC_MODL - Manage model

    RSBPC_BBPF - Manage and use BPF

    RSBPC_TEAM - Manage Team

    RSBPC_WKSP - Resource management (workbook, web report, and so on)

    RSBPC_USER - Manage users

    You will also need to cater for the other objects if you plan on using Planning Sequences, Functions, Formula's, SQL Script, etc

    In terms of data access, this is where it can get very granular, this is dependent on your security requirements for the organization. You can use Data Access Profiles, or leverage off the existing BW authorizations. From past experience, the additional layer of data access profiles was not needed, as the existing BW authorizations were sufficient, and we didn't have to reinvent the wheel.

    You will then need to factor in the other auth objects that will be used in conjunction with the BPC user access. For Example: users existing BW Analysis authorizations (i.e. Profit Center, Company Code, material master, etc restrictions)

    A real world example of a user security assignment was done as follows:

    A composite role was created called BPC_CAPEX_PLANNER - So in theory the user would simply request access to the composite role in GRC.

    In the composite role, the following single roles were part of the composite role :

    BPC_PC_1230465BPC PC_1230465BPC Profit Center Restriction (Planning)CF_EF_DOMESTICBW - CF Enabling Functions - DomesticBW Restrictions (Reporting, BEx)BPC_CAPEX_PLANNERBPC Capex PlannerBPC Restrictions (i.e. BPF's, Models, Planning Sequences, Functions)MNG_ACCT_BSAnalysis Management Accounting BSReporting Restriction on Balance Sheet AccountsMNG_ACCT_ISAnalysis Management Accounting ISReporting Restriction on Income Statement AccountsGEN_BU_ENDUSERBW - End UsersEnd User Restrictions for BW Activities (i.e. Bex, Reporting, etc)

    This is entirely dependent on your organizations security restrictions and dependencies. In the above example, the requirement was to adhere to the current security implementation and leverage off of the existing work that has already been done in BW.

    It is entirely possible to create everything in a single role for the BPC users. it really depends on the requirements, and the organization. One very important concept is that of maintainability. Currently from past BPC projects experience, the security matrix was too complex, and as a result organizations simply reverted to assigning super user rights to users as a result, which meant failing audit, etc.

    Reference Documentation - http://service.sap.com/~sapidb/011000358700001239962013E

    Hope this helps,

    Kind Regards

    Daniel

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 14, 2016 at 10:26 AM

    This message was moderated.


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.