Most organisations implement BW security at the infocube level. SAP provides an option to set up security at the infoobject level. Securing at the infoobject level is much more secure. With BW infoobject level security, a user working in a particular division will have access to only to reports for that division. Lets take a look at the steps needed to setup infoobject level security in SAP business warehouse:

1) Infobject Authorization Relevant - The first step is to enable the 'authorization relevant' setting for an InfoObject in the definition in the business explorer tab.

2) Customized Authorization object for reporting - The second step is to create a new authorization object through transaction code RSSM. Since SAP BW does not come with a standard authorization object for reporting.

3) Assign Authorization Object to Role - The new reporting authorization object created in step 2 should then be allocated to a sap role so that bw users can be assigned that role.

4) Query Variables - Variables are important in query beacuse they distinguish the data that can be accessed by the query itself. Then, to secure reporting only to a division, the query must be able to restrict data by division. This is made easy by defining a variable in the system.

5) Authorization object mapping to InfoProvider - The final step in creating security at the infoobject level is to map the new authorization object created to the inforprovider. Any users attempting to query an infoprovider will only be able to do so based on the definition of the authorization object defined and assigned in their SAP roles.

Related Posts

Functional Area in SAP
Configuring Sourcelists in SAP MM
SAP PP - Bill of Material BOM
SAP SD - Basics of Sales Documents