RSSM – Reporting Authorizations

In all the previous articles on BW security, we have already looked the current method of BW security through analysis authorizations. However, even now its possible for customers to continue to use the old security concept using reporting authorization objects (customer created authorization objects of the RSR class). Since there are still quite a few installations that continue to run in the old model let us have a brief look at this concept of BW security.

The basic transaction for maintaining BW 3.5 security is RSSM. The initial screen of the RSSM transaction can be divide into two main areas as shown below. The upper area is used to create new authorization objects whereas as the lower area is used to configure the checks for authorization objects for the individual cubes.

RSSM - Initial Screen
RSSM - Initial Screen

It is here that we create the the RSR authorization objects. During creation we have the choice of adding any of the authorization relevant InfoObjects defined in the system. However note that since these are authorization objects ( as opposed to analysis authorizations), maximum number of fields are limited to 10.

RSSM - Create Reporting Authorizations
RSSM - Create Reporting Authorizations

Once created, the second step is to check the relevant authorizations for the individual infocubes. This activity is also performed through RSSM as shown below. Whenever a new Infocube is created in BW, by default all possible authorization objects ( these are the authorization objects which contain any of the InfoObjects defined in the cube) are shown to be checked for it. Its the security administrator’s job to un-check all the unnecessary objects.

RSSM - Check Auth Objects for InfoProviders
RSSM - Check Auth Objects for InfoProviders

Like Analysis Authorizations, checks for reporting authorization which occur during query execution can not be caught through the standard security trace (ST01). We use the transsaction RSSMTRACE to trace security checks for reporting authorization objects. For individual users to be traced, they need to be added to list below. A security trace is generated during query execution for all the listed users. Subsequently the trace can be displayed through the same transaction for analyzing possible security errors.

RSSMTRACE - Troubleshooting Reporting Authorizations
RSSMTRACE - Troubleshooting Reporting Authorizations

9 thoughts on “RSSM – Reporting Authorizations

  • May 23, 2011 at 6:51 pm
    Permalink

    Too Good its my Home Page from now onwards. One place to all ur queries information on SAP Security Superlike…

    Reply
  • July 26, 2012 at 8:52 am
    Permalink

    Hello Anida!

    Really u r awesome. u r providing very valuable information regarding all topics of SAP Security. u r tooooooooooooo good.

    I am looking for getting overall idea on BI BW security. Can u suggest me any document with neat illustration or else can u provide the required info.

    Thanks in advance and keep doing this excellent work.

    Reply
    • July 26, 2012 at 12:09 pm
      Permalink

      Hi Sundar,

      I believe the BW security section in this blog is fairly comprehensive and am curious to know what exactly you are looking for? However you can certainly try to attend the BW 365 training course from SAP which provides a lot of information around BW security.

      Regards,
      Aninda

      Reply
  • August 9, 2012 at 10:31 am
    Permalink

    can u provide information to how to attend the bi 365 training provided by sap

    Reply
    • August 16, 2012 at 4:50 pm
      Permalink

      Please look up SAP Service Marketplace. They have list of trainings available for each geographical area.

      Reply
  • January 16, 2013 at 1:06 am
    Permalink

    Hi Aninda,

    Just came across this document. I was wondering if you could help me with RSR profiles and role based profiles in BI. I just want to understand the difference and would like to know how are they related?

    Many thanks in advance!

    Reply
    • February 3, 2013 at 3:48 pm
      Permalink

      Somehow I have never come across the name RSR profiles in my work. Are you talking about the reporting objects that were being used prior to BI 7. BI 7 replaced these with analysis authorizations.

      Reply
  • January 16, 2013 at 1:07 am
    Permalink

    Just want to add this is in relation to BI 7 while using AA.

    Thanks again!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *