Step by step exercise for bw 365
-
Upload
siva-pradeep-bolisetti -
Category
Software
-
view
168 -
download
10
Transcript of Step by step exercise for bw 365
Exercise1: Create and Execute BI queryExercise 2: Set up Info Object-Level Security for Reporting UsersExercise 3: Using S_RS_COMP1 and S_RS_FOLDExercise 4: Tracing BI authorizationsExercise 5: ST01 TraceExercise 6: Securing Access to workbooksExercise 7 Using SAP provided templates to build security for administrator users
Exercise 1: Create and Execute BI querySolution:
Go to ProgramsBusiness ExplorerAnalyzer
Go to BEX toolbarToolsCreate New Query
Select the system and login
Select “New Query”
Select the Info Provider on which query need to be created
Select the Cube and click Open
Drag and drop the characteristics/key figures from left window to right Rows/columns and Free Characteristics
And then click to save the query. Select the Role
Enter the description and technical name and Click SAVE
Login using Bex Analyzer and then run the Query and Result will be displayed as below
Exercise 2: Set up Info Object-Level Security for Reporting UsersSolution:
The steps to implement authorization level security:
• Make the info object as authorization relevant• Create analysis authorization on that info object• Assign analysis authorization to user (directly or through Role)• Add a variable to the Query
Create a userExecute SU01 and give the user name and click Create
Enter User First Name and Last Name
Go to Logon Tab and then Enter Initial Password; enter the same password in Repeat Password
Go to Roles Tab and then add Role “REPORTING_BASIC” and Click Save
Note: If REPORTING_BASIC role is not existing in the system then can be uploaded in the below way to the system. This Role contains access to Basis Transaction codes needed by a reporting user.
Upload a Role: • Copy the below role to your desktop
REPORTING_BASIC.SAP
• Execute Tcode PFCG and then Select RoleUpload
Click Ok
Select the Role and Click OPEN
And then click ok on the message
Go to the change mode of the Role by clicking Go to authorization tab by clicking change authorization data
Click Save and Then Generate
And role is now uploaded and activated in the system
Define the Info Object as authorization relevantExecute RSA1, Go to InfoProvider, expand the info are and then double click on your info object or Execute Tcode RSD1, enter info object name
Go to change mode and then Business Explorer tab, check “authorization Relevant”
Save and activate the info object.
Create Analysis authorization
• Execute Tcode RSECAUTH• Enter Name of analysis authorization ZCOMP_CODE and Click Create•
Enter short, medium and long description and click to insert mandatory characterstics
Double click on 0TCAACTVT, then click Value authorization tab and enter the below values and go back
Double click on 0TCAVALID, then click Value authorization tab and enter the below values and go back
And then Double click on 0TCAIPROV, then click Value authorization tab and enter the below values and go back
Enter 0COMP_CODE
And then Double click to specify the values
Note: This value defines the restriction of your info object to some specific values. You can select any value depending upon the data that is available in your info object
And then click Save.
Assign Authorization to User
Execute Tcode RSU01, enter user name and click Change
Enter analysis auth name and click Insert
And then Click Save
Add a variable to a Query
Go to Query Designer. Open existing query. Drag Company Code to char restriction tab
Right click on Company Code and select RestrictSelect variables from the drop down list.
Click Create
Specify Description for Variable, Technical name and Processing Type in General Tab
Specify the below mentioned details in “Details” tab
Move the variable from left window to Selection list and click OK
Save the Query.
Login using Reporting_## and select the query to execute using Bex Analyzer
It will be prompted for the variable value
Result will be displayed only for company Code 1000 and 1101
Exercise 3: Using S_RS_COMP1 and S_RS_FOLDSolution:Create a new role REPORTING_BASIC_NEW by copying the REPORTING_BASIC role
Execute Tcode PFCG and then Enter Role Name
The Role CopyEnter the new Role name and click copy selectively
Go to Change mode of the Role, authorization tab, click Change authorization data
• Expand the Business Information Warehouse object class and then authorization object Business Explorer – Components Enhancements to the Owner (Object S_RS_COMP1).
• Choose Change• Next to the Owner (Person Responsible) give the userid of the query owner• For e.g. if we give userid of Anil here and assign this role to REPORTING-## user then
REPORTING-## will be only able to view the queries created by Anil.
Click Save and Then Generate and click ok to accept the default profile
Assign the Role to REPORTING-## user
Execute SU01 and click Change
Go to Roles Tab and Delete the existing role and add new one and click Save
• Log on to the Bex Analyzer as REPORTING-## and note which queries the user can access through Info Area
• User should be able to see the queries created by user Anil
Hide Info Area Push button for reporting users using S_RS_FOLD
Change role REPORTING_BASIC_NEW through PFCG and click Change authorization Data
Click manually to add S_RS_FOLD auth object
Enter object and click Ok
Select the Value, Save and Generate the Role
This will hide the Info Area Push button for the users, so that they are not able to view the Info Providers
Exercise 4: Tracing BI AuthorizationsSolution:
Create any new user with access to Role REPORTING_BASIC_NEW and let user execute ZTEST_QUERY2. User will get below authorization error:
We need to put a trace on to analyze the error.
Execute RSECADMIN and then go to Analysis Tab. Click on Error Logs
Click “Configure Log Recording”
Add the user name and click “Add User” and Click Save
Login as REORTING_1 and let the user execute the same query until user get “No authorization” error message:
To Check the Trace
Execute RSECADMIN and then go to Analysis Tab. Click on Error Logs
Click Display
Error log will be something like below:
Trace is checking info object 0COMP_CODE in user’s profile which is missing
Exercise 5: ST01 TraceSolution:
Login as an admin user and Execute ST01Make sure Authorization check is selected and there is no General Filters
And click on Trace On
Execute Tcode RSA1 and go to the specific Info Provider under modeling tabRight click and Select “Create InfoCube”
Enter name, description and copy from and then click “Create”
Select Activate
Execute ST01 and Press “Analysis”
Enter user id and limit the records for authorization check only and click Execute
And you will be able to see the trace log for authorization checks that happened against your profile
Exercise 6: Securing Access to workbooks
Part 1
Open an existing query and try to save it to Roles Tab using REPORT_1 user id
Since No roles are assigned to your end, you will not able to assign it.
Part 2Execute Tcode PFCGEnter Role name REPORTING_WORKBOOK_01 and click Create
Enter description and Save.Go to authorization tab
Click on Change Authorization data
Click manually to add the authorization objects
Add S_USER_AGR and S_USER_TCD and click Ok
Maintain the values as below
And generate the Role
Go to Menu Tab and created Folder Sales
Enter name as Sales and Click OK
Now assign the Role to User Reporting_1 and click on User comparison and save the role
Part 3
Execute the Query using BEX Analyzer and save the results
Go to Roles Tab Workbook roleSales Folder
Enter the Workbook name and click SAVE
Part 4 Go to PFCG and enter the Role name REPORTING_WORKBOOK_01
Go to Menu Tab and click Report
Add the workbook id
And save the Role
Exercise 7: Use SAP Provided Template to Build SecuritySolution:
Execute PFCG and enter name and click Create
Enter Description and Go to Authorization tab, and click change authorization data
Select the role S_RS_RDEAD and Select Adopt reference
You can expand the required Class and then auth object to see the specific values