Escolar Documentos
Profissional Documentos
Cultura Documentos
Persistent Storage Area : In the BI information model, data is physically stored in the PSA object, a
transparent database table. A PSA object is the initial storage area of data, where requested data is saved,
unchanged from the source system, according to the structure defined in the Data Source. A PSA can be
created for each Data Source and source system.
Data Warehouse The result of the first transformations is saved in the next layer, the data
warehouse. This data warehouse layer offers integrated, granular, historic, stable data. This layer provides
the basis for building consistent reporting structures and allows you to react to new requirements with
flexibility.
Architected Data Marts Architected Data Marts are multidimensional reporting structures. This
layer satisfies reporting requirements. The term .architected. refers to the fact that these data marts are not
isolated applications but are based on a universally consistent data model.
Operational Data Store In addition to analytical and strategic reporting, a data warehouse also
supports operative reporting by means of the operational data store. Data can be updated to an operational
data store on a continual basis or at short intervals and is available for operational reporting. Operational
data can also be forwarded to the data warehouse layer at set times.
Info Object : The BI information model is based on a fundamental building block called the
Info Object. Info Objects are business evaluation objects such as customer or sales. Info Objects are
subdivided into characteristics, key figures, time characteristics or units, and are easily reused. From a
security perspective, Info Objects are similar to fields in my SAP ERP Securing access by company code
in my SAP ERP would be analogous to securing access by the Info Object for company code in BI. We
have four different types of Info Objects those are
Characteristics, Key Figure, Unit, Time Characteristics.
Info Provider : In BI, objects that provide information for reporting and analysis are called
Info Providers. There are two types of Info Providers: physical and logical. Info Objects, Info Cubes, and
Data Store Objects contain physical data. Info Sets, Remote Cubes, and Multi Providers are logical
structures and do not contain data.
Info Cube : An Info Cube is a transaction data container. In an Info Cube, data is organized
in terms of business dimensions. When reporting from an Info Cube, users can perform multidimensional
analysis from different business perspectives. For example, sales analysis could be performed across
different geographic regions or distribution channels.
Multi Provider : A Multi Provider provides access to data from several Info Providers and makes the
data available for reporting and analysis. A Multi Provider can be assembled from different combinations
of Info Providers.
Reports can be viewed by using many tools in BI : Users can access BI information with several
different tools. The Business Explorer Suite is provided as an integral part of BI. Users may also access
BI information through a Web browser, or Enterprise Portal, providing an
Easy-to-implement interface. Certified third-party tools are also available.
Authorization : To ensure that your data warehousing solution reflects your company's structure and
business needs, it is critical that you establish who is authorized to access what
data. With BI, authorizations can be defined and maintained by object: Info Object, query, Info Providers
and hierarchies. Authorizations can be inserted into roles that are used to determine what type of content
is available to specific users or user groups. Role templates and Business Content Roles are delivered
with BI.
Business Explorer : Using this you will gain overview of how the Business Explorer facilitates the
creation, maintenance, and organization of queries. BEX contains several components and each designed
to perform a specific task to enable many forms of analysis.
The Web Application Designer is the tool that used to create Web applications.
The Report Designer is used to create formatted reports. The Web Analyzer is used for Web-based ad hoc
analysis.
Query Designer : The Query Designer is the BEX tool used to create BI queries. It is a very flexible and
user-oriented tool. To create queries, users select characteristics and key figures from the global lists on
the left side of the screen and drag and drop the selections to the proper area on the right side of the
screen. Info Objects can be placed in Rows or Columns.
SECURITY COMPONENTS IN BI-II
The topic of this unit is security requirements for BI and my SAP ERP in generaI. Not only does it
compare the role of security functions in BI implementation with the role of security functions in an my
SAP ERP implementation, it also compares the security requirements of OLAP (Online Analytical
Processing) and OLTP (Online Transaction Processing).
Comparison of OLTP and OLAP security needs-II
Business Example : How you implement security for a user in my SAP ERP may be different than how
you implement security for the same user in BI. It is important to understand the difference in what the
user is trying to achieve in a BI system and how security must meet those differing needs.
Security needs for MY SAP ERP : When you designed security for youre my SAP ERP system you
were driven by transaction codes and field values. In general, my SAP ERP security is focused on:
Transaction codes
Specific field values
Which activities a user can perform.
Use of BI : The security requirements of a BI system are different from those of an my SAP ERP system.
A BI system has a very different business purpose and business goals from an my SAP ERP system. It is
important to understand the difference. Security must be approached differently if the BI implementation
is to be successful. The primary activities in BI
are displaying data and analyzing results. The end users will only be analyzing data, not updating it.
Security Focus in BI : The security function in BI does not put the focus on transaction codes or
activities. Instead it focuses on the data itself. The security function in BI focuses on:
Info provider
Info object
Info cube
Queries.
BI is focused on what data a user can access. This may be controlled at the field level, or it may be
controlled at the Info Provider level. The Info Provider is a category of objects that can provide data to a
query, such as Info Cubes and Data Store Objects. The Info Cube or Data Store Object holds the
summarized data that the user can then analyze. Query results are based on the data in the Info Provider.
Authorizations in BI-III
There are two major types of authorizations in BI. One type focuses on Administrative users and another
type focuses on Reporting users. Authorizations for Administrative users in many ways parallel my SAP
ERP security, but securing BI reporting users is much different. Because the security concept for
Reporting users is much more complicated, a different concept and special tools are required.
Reporting users authorization objects.
S_RS_COMP , S_RS_COMP1,S_RS_FOLD
Administrator User authorization object :
S_RS_ADMWB.
S_RS_HIER : Authorization object S_RS_HIER is related to hierarchies. It primarily protects who can
create hierarchies and who can execute queries that use hierarchies.
Securing data access for reporting users-IV
This unit will explain how to implement user security reporting in a BI environment. It discusses the both
the options that exist and the steps required for securing reporting users.
Define the purpose of Analysis Authorizations.
. Describe how to create an Analysis Authorization.
. Describe how to incorporate an Analysis Authorization into a role./
. Explain the options available for securing data access for reporting users.
. List the steps required for Info Object-level security.
. Define security by Info Area, Info Cube, and Info Object.
. Limit security by query owner.
. List authorization values that are specific to BI
. Define security for aggregated values
. Explain how to use variables in regards to authorizations
. Explain how hierarchies are used in BI.
. Explain why security is necessary for hierarchies.
. Demonstrate how to secure hierarchies.
. Describe the purpose of the analysis authorization trace
. Use the trace function
. Explain how to read the trace results
With the proper authorization, users can save workbooks to a role from the BEX Analyzer.
Security Administrators, with access to PFCG, can save workbooks to a role menu. After creating a
folder, insert a workbook by choosing Add Report. Enter the technical name of the report. Find the
technical name of the workbook in the BEX Analyzer. From the BEX menu choose Workbook Settings.
Note: The BI Workbook directory tables are RSRWBINDEX and RSRWBINDEXT.
TRANSPORTING ROLES WITH WORKBOOKS.
*For a role to be used, it must be saved to a role. When the role is assigned to a user, the user has
access to the workbook. Many business content roles have attached workbooks. For example, the
Business Content role, SAP_BW_TCONT has the BI Statistics workbook attached to it.
*Normally roles are created in development and moved to production. However,
in a BI production environment some users can create a workbooks and save
workbooks to a role. If that role originally came from DEV, and you make changes
to the role in DEV and transport it again, that will remove the attachments for all
the workbooks that were saved to the role in production. The workbooks will still
exist in production, but they will no longer be attached to the role, and the user
will not be able to see the workbooks.
*For the roles with workbooks, it probably will be best for the security administrator
to create specific roles for workbooks that only contain workbooks with NO
Authorizations. Any changes made to the role will be from workbooks being Created and saved to
this role in a production environment. This role should be created in DEV and transported to PRD,
but it should be empty and no other subsequent transports should occur for this role.
Note: Use report RSWB_REORG_ROLES to identify what workbooks are not attached to a role. Also,
you can use this report to delete unused workbooks.
Authorization Objects in BI & its usage
Reporting Users Authorization objects
S_RS_COMP : Using this auth object we can do restrictions based on queries in combination with info
area and info cube. It has the below fields.
Activity , Info Area , Info Cube , Type of reporting Component and Name of the reporting component.
S_RS_COMP1 : With this authorization object, you can restrict query component authorization with
regards to the owner. This authorization object is checked in conjunction with the authorization object
S_RS_COMP. This can be used to limit, by the query owner, which queries a user can see. It has the
following fields.
Type of reporting component , Name of the reporting component , Query Owner and Activity.
S_RS_FOLD : With this authorization object, you can deactivate the general view of the 'Info Area'
folder in the BEX analyzer. Then only the favorites and roles appear in the BEX open dialog for queries.
The view of the Info Areas is hidden.
*You only need to use this object if you do not want users to see the Info Areas listing of queries.
The object has one field - Hide .Folder. Push button. If this field is set to X (True), then the Info
Areas button will not appear in the BEX Analyzer Open Queries dialog box.
Administrator User Authorization Objects :
S_RS_ADMWB: Authorization object S_RS_ADMWB is the most critical authorization object in
administration protection. When you do anything in transaction code RSA1, object S_RS_ADMWB is
the first object checked. There are two fields in this object: Activity and Administrator Workbench Object.
Each of the two fields can have a variety of values. The possible values for the Administrator Workbench
field are:
Source Sys: Working with a source system
Info Object: Creating, maintaining Info Objects
Monitor: monitoring data brought over from the source systems
Workbench: Checked as you execute transaction code RSA1
Info Area: Creating and maintaining Info Areas
Appl Comp: Limiting which application components you can access
Info Package: Creating and scheduling Info Packages for data extraction
Metadata: Replication and management of the metadata repository.
General Authorization Objects
S_RS_IOBJ : You can use this authorization object to restrict the use of info objects like if some one
needs to update and maintenance of info objects then they must have access to this object and this will be
working with info object catalogue. It has the fields below
queries that use hierarchies. Using this authorization object you can restrict working with
hierarchies in the Administrator Workbench. It has below fields.
Info Object,Activity,Hierarchy. Hierarchy Version.
S_RS_MPRO : With this authorization object you can restrict working with Multi Providers or their subobjects. It has the below fields.
Info Area, Multi Provider, Sub object for the multi provider. Activity.
S_RFC : This auth object will be used to perform RFC for the BEX analyzer and when ever user
executes RRMX tcode first system will check whether the user ahs access to S_RFC or not.
BI USEFUL TABLES FOR TROUBLESHOOTING
BI TABLES
DESCRIPTION
Usage
RSECUSERAUTH
RSECUSERAUTH_CL
RSECVAL
RSECVAL_CL
RSECVALVIEW
To know the user authorization buffer and also analysis auth buffer
RSDCUBEIOBJ
RSDICMULTIIOBJ
infoovider:
Selection/Identification of
RSDCHA
characteristic catalogue
RSECBIAU
RSECHIE
RSECHIE_CL
RSBCTCB_QUERY
RSECHIEVIEW
V_COMPDIR_COMPIC
Workbokks details
Workbokks details
RSRWBINDEXT
RSRWBINDEX
*We need to allocate enough time to do the migration during system upgrade and for performing
through tests.
Step 1 : Select Users : If you click on ALLUSERS then all users will be migrated and if you want
selectively then provide the user details Manually. Once you enter the details then click on EXECUTE
Next Step 2nd
Step 2 : Select Authorizations : The authorization objects S_RS_ICUBE, S_RS_MPRO, S_RS_ISET and
S_RS_ODSO are no longer checked during query processing. The check is now performed on new
Business Content Info Objects: 0TCAIPROV, 0TCAACTVT and 0TCAVALID. These Info Objects are
provided during migration, and are generated according to the entries in the Info Provider and Activity
fields from the original authorization. Screen look like below and click on Next Step (3).
Existing profiles will be extended by authorization object S_RS_AUTH containing the migrated
authorizations.
Undo migration
All migrated authorizations and profiles will be deleted; extended profiles contain empty authorization
object R_RS_AUTH