Security for SAP BW BEx with TDV
This topic describes assumes knowledge of SAP BW BEx’s security infrastructure.
| • | Required Authorizations |
| • | Troubleshooting Security-Related Errors |
Required Authorizations
The following authorizations are required to log into the SAP BW BEx data source from TDV and introspect queries:
Class: AAAB (Cross-application Authorization Objects)
Object: S_RFC (Authorization Check for RFC Access)
Field: Activity . Value : 16 ( Execute)
In addition, the following authorization objects can be used to limit the InfoAreas visible to the TDV user, as well as limiting the InfoProviders and Queries accessible:
Class: RS (Business Information Warehouse)
Object: S_RS_COMP (Business Explorer - Components)
Field: Activity . Value : 01 ( Create), 03 ( Display) and 16 ( Execute)
Note: Although the SAP ODBO interface does not modify InfoObjects, Activity 01 is still required. Otherwise, SAP BW BEx introspection does not fetch any metadata.
Class: RS (Business Information Warehouse),
Object: S_RS_COMP1 (Business Explorer - Components: Enhancements to the Owner)
Field: Activity . Value : 03 ( Display) and 16 ( Execute)
Class: RS (Business Information Warehouse),
Object: S_RS_ICUBE (Administrator Workbench - InfoCube)
Field: Activity . Value : 03 ( Display)
Troubleshooting Security-Related Errors
This section describes common security-related errors and their remedies.
RFC Authorization
ERROR: User TESTUSER1 has no RFC authorization for function group SYST
TDV is logging into SAP with an SAP BW BEx user that lacks the authorization object S_RFC. Set authorization S_RFC_ALL to grant access to all RFCs, or restrict them to only the OLAP BAPIs required by TDV:
|
BAPI_MDPROVIDER_GET_DIMENSIONS |
BAPI_MDPROVIDER_GET_MEASURES |
|
BAPI_MDPROVIDER_GET_PROPERTIES |
BAPI_MDPROVIDER_GET_CATALOGS |
|
BAPI_MDPROVIDER_GET_CUBES |
BAPI_MDPROVIDER_GET_HIERARCHYS |
|
BAPI_MDPROVIDER_GET_LEVELS |
BAPI_MDPROVIDER_GET_MEMBERS |
|
BAPI_MDPROVIDER_GET_VARIABLES |
BAPI_MDDATASET_GET_CELL_DATA |
|
BAPI_MDDATASET_DELETE_OBJECT |
BAPI_MDDATASET_CREATE_OBJECT |
|
BAPI_MDDATASET_SELECT_DATA |
BAPI_MDPROVIDER_SET_KEY_DATE |
|
BAPI_MDDATASET_GET_AXIS_DATA |
BAPI_MDDATASET_GET_AXIS_INFO |