<b>Analysis Authorization Question:</b>

1) In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.

2) Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign “Reporting Authorizations” as per the process defined in BW 3.x system.

3) Customer sometime have 100 + Roles to have 3.X “Reporting Authorizations”. This is Managed, assigned, approved using role concept.

<b>

Migration Options:</b>

1) New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned “Like Company code 1100” not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.

2) Analysis Migration Tool - RSEC_MIGRATION does not update “ROLES”. It creates or changes “PROFILES”.

3) Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.

<b>Questions</b>

a) This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.

b) Does any one use direct assignment to Users? It is good business practice?

c) Is <b>Profiles</b> recommended method of Authorization Maintenance?

d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.

Just want to check how other folks have done migration that can be supported going forward.

Pankaj Gupta