SAP BW Security is controlled using authorization objects for reporting users and for administration users. Reporting users in SAP BIW need to have access to create a query. Two main authorization objects which provide the user with the access to create a BW query is S_RS_ICUBE and S_RS_COMP. SAP has the option to restrict access to BW reports by query name, by infoarea or at the infocube level. Lets look at each of the above.

1. Infoarea is a grouping of infocubes in SAP BW
2. Infocube is the actual data used to create BW reports.
3. Infoobject is the most granular level and denotes a field such as company code or plant etc.

S_RS_COMP - S_RS_COMP is the most important authorization object from a BW prespective. With this authorization object, you can control the different components of the query definition. A good example is that S_RS_COMP can be used to restrict users to create queries only in their application areas or only for their own infocubes.

S_RS_COMP1 - This authorization object restricts queries to specific owners. This can be used to restrict which queries can be reviewed by a query owner based on the correct application area.

S_RS_FOLD - This BW reporting authorization object can restrict users display access to a specific folder. This will prevent BW users to get access to other infoareas.

Related Posts

SAP BW Tutorial Loading Data in Infocube
SAP R/3 Installation Guide Book
SAP Internet Transaction Server
Invoice Verification SAP R/3 MIRO MRBR