cancel
Showing results for 
Search instead for 
Did you mean: 

BW screens in extranet

Former Member
0 Kudos

We are in the process of starting to implement reporting applications for external users. SAP BI already has most of the reports/screens we need... but there is a serious concern on security. IT thinks that if we presented the screens to extranet users, we automatically open up the entire SAP BI system for potential hacking. Is there a convincing way to put only the end results (the screens with the query results) to the extranet?. the queries filter the BI database so that only the relevant data suited/authorized to the external user are transmitted to the screens-if only the screen sat in the extranet, then only the user relevant data are accessible. I hope i was able to explain what we want

We have SAP BW 7.

In any event, any suggestion would be most welcome...

Best regards,

Huba

Accepted Solutions (1)

Accepted Solutions (1)

MartinMaruskin
Active Contributor
0 Kudos

If you have as much as possible bullet-proof authorization concept in place this concern should not be an issue.

Notice that reporting user (in your case = extranet user) has only exposure to business data in BW's infoproviders. Such a user is accessing the data by MDX (in case of BEx) or by BICS (in case of portal) interface. This should guarantee no access to technical data (metadata) in SAP's BW backend.

See following links for details:

[Security Guide for SAP NetWeaver BI|http://help.sap.com/saphelp_nw70ehp2/helpdata/en/1c/1368a5a588ff4a8bedc4039c03c40f/frameset.htm]

[Running an Enterprise Portal: Security Aspects|http://help.sap.com/saphelp_nw70ehp2/helpdata/en/14/c8864242283150e10000000a1550b0/frameset.htm]

Former Member
0 Kudos

Hello Martin,

Thanks for the insoght and the links. I am not a security expert, but i was given the explanation that by granting extranet access to BW screens hackers have a way to gain administrator rights and by this access to the entire BW backend. I have no idea how this could be done, but îf this is true, i was hoping that the screens could maybe somehow shifted from the intranet to the extranet, so that only the query results are exposed to extranet users.

Do you think that this would be possible?

Thanks, Huba

MartinMaruskin
Active Contributor
0 Kudos

What you could so is to use information broadcasting functionality to store data from BW queries in kind of "offline" way into the files (TXT, XLS) on separate server. By this you separate BW from external users. But you might loose your BW "screens" like reports etc... and navigation/drill down functionality of BW.

Answers (0)