Skip to Content
Aug 20, 2015 at 02:06 PM

Best Practice Read Only Security BPC and BW for Production


Hi Experts,

has anyone created a Task Profile or BW role definition for read only settings for production environments?
Our client, who wishes to restrict consultants and others to read-only functionality while providing us the ability to view all activity and data in the system.
I created a Task Profile and DAP that provide read only and the VIEW tasks along with a few more to be able to view the packages and schedule task statuses for all users (The DAP profiles are all read only so even if there are a few “use TP below we cannot transact in the system”.

Any other thoughts re security setup? Does anyone have a Task Profile (TP) and Data Access Profile (DAP) setup that they created and can share?

While this seems like an obvious question, we find have been adjusting the TP multiple times to arrive at the below setup to view all the necessary functions and data.


Use BPFs
View Journals
Use Input Forms and Save Data
Run Audit Reports
Run Comment Reports
Run Work Status Reports
Run BPF Reports
Run Security Reports
View Consolidation Monitor
View Ownership Manager
View Controls definition
View Controls
Cancel Any User Packages
Edit Package Schedules for any users
View All Package Status
View All Detailed Package Status
View Models
View Environments
View Business Rules
View Dimensions
View Data Locks and Work Status
View Drill Throughs
View Document Types
View Audit Settings
View BPFs settings
View Journal Templates
View Security
View Equity Pick Up Monitor
View Equity Pick Up Audit Report
Use Work Status