Skip to Content
avatar image
Former Member

Workbench changes to BPC models

Hi Guys

We have an architecture where BPC cubes are feeding data to Business Objects dashboards. The BPC cubes are set as "Source of data" which allows Bex queries to access the data through the virtual provider created. The BPC cubes have the usual settings (secure dimensions; work status etc). All settings have been made through the BPC web link.

Now the requirement is that we want to restrict access on the Bex queries. Much like data access profiles would show only specific data slices on BPC reports, we want the Bex (and hence the BOBJ dashboards) to also show the same data slices.

To do so, our security guy says we should make the infobject in the BPC cube (one of the secure dimensions) to be made authorisation relevant (see capture.jpg). This is because the data access profile cannot be read by the Bex queries. Bex would read off the authorisation relevance field.

There are two notes on the topic:

http://service.sap.com/sap/support/notes/1939673

http://service.sap.com/sap/support/notes/1973541

Regardless, are there any experiences/guidelines you might have faced where changes are requested on BPC models but have to be made through the workbench, and not through the BPC weblink? I know that you can go through SPRO for some settings, but the changes I am talking about are through RSA1.

BPC - NW 10.0 Sp3

BW - NW 7.31 although we will soon upgrade to 7.40

rgds

Shrikant

Capture.JPG (86.4 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    May 26, 2015 at 05:32 AM

    Hi Shrikant,

    If you want to add a dimension you need to add from web admin.

    Do not modify BPC cubes in BW directly, you will break those cubes.

    If you want to add BW dimensions then you need to build a new cube in BW with your new dimension, then copy the data from BPC to BW cubes. not ideal but its a work around.

    ps. your BPC SP is bit old.

    Andy

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks Andy

      I am not adding new dimensions through the workbench. No, thats off bounds.

      What I am trying to change in this specific instance is to just mark one of the secure dimensions as "Authorisation Relevant" through RSD1.

      Sp-wise, yes we should upgrade soon. We live in hope :-)

  • May 27, 2015 at 04:13 AM

    Hi Shrikant,

    Since you accessing data via Virtual Provider BPC DAPs will be applied when data is retrieved and user should be able to see only data s/he is authorized to.

    Those 2 Notes are for protection from unauthorized access when query runs directly on BPC base cube.

    So, to achieve your requirements I don't see a need making those InfoObjects authorization relevant. If you want to protect data in the base cube then you can make them authorization relevant.

    Regards,

    Gersh

    Add comment
    10|10000 characters needed characters exceeded

  • May 26, 2015 at 05:43 AM

    Hi,

    To meet your requirement the best option is to enable Authorization relevant(as mentioned in note 1973541) for all secured dimensions and create a new set of security objects which are equivalent to your member access profiles to assign the users.

    By just making dimension as authorization relevant followed by activation will not have any impact from BPC point of view.

    Or

    Create another Multiprovider (virtual ) on BPC cube ( if your cube technical name is fixed) based on custom infoobjects with authorization relevant flag is checked ( only for secured) .

    Disadvantage using this method is you have to manually create Bex Qs on new infoprovder.

    Thanks,

    Raju

    Add comment
    10|10000 characters needed characters exceeded