Skip to Content
Former Member
Aug 15, 2008 at 07:06 AM

management of user authorizations when BOE is accessing a SAP BW



I have a question regarding the management of user authorizations when BOE is accessing a SAP BW System. The situation is as follows.

  • I successfully installed BusinessObjects XI Integration for SAP Solutions on our BO system

  • I successfully configured a SAP (BW) entitlement system in BOE.

  • I am now able to import SAP users and roles into BOE

  • I am also able to logon to BO using the credentials of a sap (BW) user

  • I created a connection to the BW system in designer and generated a universe. I am able to view BW data in BO.

Now to my questions:

1.) I was a little bit surprised that I am able to access data in BW with a user that I created in my BO system. (no logon of this particular user to BW was required) This BO user should therefore be unknown in the BW system, and shouldnu2019t have any rights to view data. How is this possible? The authorizations defined in BW donu2019t seem to matter (in my example the user shouldnu2019t have any rights in BW since he doesnu2019t exists in BW)

2.) To put it in other words: I am aware that BO is capable of managing user authorizations (e.g. on universe level, on object level, on report levelu2026). Letu2019s imagine a situation where a certain user should not be allowed to view sales data for EMEA in BW. Since the user is also using BEx Analyzer this authorization is correctly defined in BW. Now, if the user logs on to BO and opens a report containing sales data, he will be able to view all regions (including EMEA), since the BW authorizations are not checked. How can this problem be solved? Do I always have to define / mange user rights both in BW and BO?

3.) In Universe Designer I am able to manage access restriction, for example on object level. Therefore if a certain user group is not allowed to access the object u201Ccountyu201D, a drill down from EMEA data downwards to data of each of the countries will not be possible for this user group. I want to go a little bit further, and allow the user to only access a certain country (e.g. France) and not all countries ( = row-level-security). How can this be designed in a universe that is based on an BW system?

Thanks in advance for you help.