Security for SAP BW with TDV
This topic describes TDV support for SAP BW security features. It assumes knowledge of SAP BW's security infrastructure.
| • | Required Authorizations |
| • | Troubleshooting Security-Related Errors |
Required Authorizations
The following authorizations are required to log into SAP BW from TDV and introspect Cubes and Queries::
Class: AAAB (Cross-application Authorization Objects
Object: S_RFC (Authorization Check for RFC Access)
Field: Activity . Value : 16 ( Execute)
In addition, the following authorization objects can be used to limit the InfoAreas visible to the TDV user, as well as limiting the InfoProviders and Queries accessible:
Class: RS (Business Information Warehouse),
Object: S_RS_COMP (Business Explorer - Components)
Field: Activity . Value : 01 ( Create), 03 ( Display) and 16 ( Execute)
Note: The SAP ODBO interface does not modify InfoObjects but still Activity 01 is required. Otherwise SAP BW introspection does not fetch any metadata.
Class: RS (Business Information Warehouse),
Object: S_RS_COMP1 (Business Explorer - Components: Enhancements to the Owner)
Field: Activity . Value : 03 ( Display) and 16 ( Execute)
Class: RS (Business Information Warehouse),
Object: S_RS_ICUBE (Administrator Workbench - InfoCube)
Field: Activity . Value : 03 ( Display)
Troubleshooting Security-Related Errors
This section describes common security-related errors and their remedies.
RFC Authorization
ERROR: User TESTUSER1 has no RFC authorization for function group SYST
TDV is logging into SAP with an SAP BW user that lacks the authorization object S_RFC. Set authorization S_RFC_ALL to grant access to all RFCs, or restrict them to only the OLAP BAPIs required by TDV:
BAPI_MDPROVIDER_GET_DIMENSIONS
BAPI_MDPROVIDER_GET_MEASURES
BAPI_MDPROVIDER_GET_PROPERTIES
BAPI_MDPROVIDER_GET_CATALOGS
BAPI_MDPROVIDER_GET_CUBES
BAPI_MDPROVIDER_GET_HIERARCHYS
BAPI_MDPROVIDER_GET_LEVELS
BAPI_MDPROVIDER_GET_MEMBERS
BAPI_MDPROVIDER_GET_VARIABLES
BAPI_MDDATASET_GET_CELL_DATA
BAPI_MDDATASET_DELETE_OBJECT
BAPI_MDDATASET_CREATE_OBJECT
BAPI_MDDATASET_SELECT_DATA
BAPI_MDPROVIDER_SET_KEY_DATE
BAPI_MDDATASET_GET_AXIS_DATA
BAPI_MDDATASET_GET_AXIS_INFO