We secure all our BW users via roles these roles have Analysis
authorizations embedded in them which restrict access to specific
infoproviders and values in these based on authorization relevant
When we try to create a BWA Explorer object in RSDDTPS we are forced to
assign a userid and an analysis authorization directly in
the "Authorizations" tab. Our security group only wants to have too
assign roles to users either via SU01 or CUA.
BO 2008 Enterprise Server (connected to BW system)
BW system (Netweaver 7.01 EHP1)
1) How can we create BWA Explorer objects on a infoprovider without
directly assigning users in Authorization Tab and how can we make the
system ignore whatever is on this tab and base access to a BWA explorer
object on the roles assigned to the user via SU01/CUA.
2) If a User has roles assigned in BW that give them access to a
specific infoprovider will this automatically also give them access to
a BO Server published BWA explorer object built on that infoprovider.
Related to this do we also need import the same roles and assign to the
user in CMS server with link to BWA Explorer Server or does the user
automatically get access to BWA Explorer as long as BWA Explorer is
published on BO Server.
3) If the user in BW is assigned roles that limit values based on an
authorization relevant object is this restriction enforced in the
values returned in published BWA Explorer for the user. Example
Authorization Relevant object is Profit Ctr and the user has two value
roles one contains access to all profit center that role up to a
hierarchy node limited to the USA and the other contains hierarchy
analysis authorization limiting access to all profit centers rolling up
to hierarchy node representing Europe. When a user access's the BWA
Explorer object which contain profit ctr will the values be limited
only to USA AND Europe Profit centers or will the BW value based
security be ignored.
Please provide advice on above questions and document resources on how
BW role based security interacts with BWA Explorer.