Scribd Logo
Upload

Welcome to Scribd!

  • Issue With The New Security Model of BI 7.0 and SEM BSC Applications

    Uploaded by

    Miguel F. Matos G.
    23 views8 pages
    The document discusses security issues with two SAP applications after upgrading to BI 7.0. The first application displays balanced scorecards and needs users to have roles allowing access to specific scorecards and reading data for different business units. The second application loads data for a specific business unit but currently shows all units if users have roles from the first application. The security model needs to be updated so the load application only shows the business unit a user's roles allow them to load data for.

    Original Description:

    Original Title

    NOTA OSS

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses security issues with two SAP applications after upgrading to BI 7.0. The first application displays balanced scorecards and needs users to have roles allowing access to specific scorecards and reading data for different business units. The second application loads data for a specific business unit but currently shows all units if users have roles from the first application. The security model needs to be updated so the load application only shows the business unit a user's roles allow them to load data for.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views8 pages

    Issue With The New Security Model of BI 7.0 and SEM BSC Applications

    Uploaded by

    Miguel F. Matos G.
    The document discusses security issues with two SAP applications after upgrading to BI 7.0. The first application displays balanced scorecards and needs users to have roles allowing access to specific scorecards and reading data for different business units. The second application loads data for a specific business unit but currently shows all units if users have roles from the first application. The security model needs to be updated so the load application only shows the business unit a user's roles allow them to load data for.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Issue with the new security model of BI 7.

    0 and SEM BSC Applications


    We have 2 Applications, The first one is a BSP application called Balanced Scorecard, and the second one is an application based on a BPS Layout called Carga (Load). . BSP application:

    The main purpose of that application is to see, evaluate and count 20 Balanced Scorecards. It has:

    States:

    Business units: Characteristic values related to cubes and queries. Balanced Scorecards: indicators, ratios, strategies, objectives related to a set of business units that can be read, written and be modified by users.

    A Balanced Scorecard belongs to a Business unit. Some balanced scorecards could have on its report data related to different Business units, even to data that dont belong to its unit. For example, corporativo balanced belongs to Business unit corporativo but it need to read data of business unit Mercados Masivos. On this application, according to its roles combination a user could see, valorise and comment any balanced scorecard.

    3.5 Security Model: On this application, users need to access to set of queries ZBSC_C10* that have included a characteristic named ZCO_UNEG (business unit). Its acceded through a Characteristic Value Variable named ZUNINEG (the processing type is authorization). An authorization object called ZUNINEG was made is order to see data on each balanced properly for accessing that characteristic on BW 3.5. We can make an example about the security model: In order to work properly with a Balanced scorecard called Corporativo, the users must have (on 3.5): Two roles:

    1. ZSEM_BSC_CORPORATIVO_II: This role allow access to Corporativo balanced scorecard.

    2. ZBW_SEM_AUTORIZ_UNIDAD_NEGOCIO: This role allow reading data of all of business


    units.

    The characteristic ZCO_UNEG is filtered by ZUNINEG Characteristic Value Variable and processing type authorization.

    Users with these profiles could see data as follow:

    7.0 Security Model BI 7.0 (After upgrade)


    On this application, users need to access to a set of queries ZBSC_C10* that have included a characteristic named ZCO_UNEG (business unit). Its acceded through a Characteristic Value Variable named ZUNINEG (the processing type is authorization). An analysis authorization called ZUNINEG_BI was made is order to visualize data for all Business units on each balanced properly and accessing that characteristic values on BI 7.0. ZUNINEG_BI was created with the following characteristics:

    In order to visualize characteristic data (ZCO_UNEG) 0TCAACTVT has the following valorisation:

    ZCO_UNEG has the following:

    In order to see data of the following units

    Another analysis authorization called ZBICORPORATI, has the following characteristics:

    In order to allow modify characteristic data (ZCO_UNEG) 0TCAACTVT has the following valorisation:

    ZCO_UNEG has the following:

    In order to see data of the following units

    We can make an example about the security model: In order to work properly with a Balanced scorecard called Corporativo, the users must have (on BI 7.0): Two roles:

    3. ZSEM_BSC_CORPORATIVO_II: This role allows access to Corporativo balanced scorecard.

    4. ZBW_SEM_AUTORIZ_UNIDAD_NEGOCIO: This role allows reading data of all of


    business units.

    Users with these profiles could see data as follow:

    BPS Layout Application:

    This application is for saving data of a specific business unit, for a year and with a specific frequency.
    In order to work properly with this application, the users must have (on BI 7.0) the following:

    ZSEM_BSC_BPS*: This set of roles allows loading data into business units.

    Each role has the analysis authorization for the unit for which data is being loaded.

    The same analysis authorization called ZBICORPORATI made for the application was used here:

    In order to allow modify characteristic data (ZCO_UNEG) 0TCAACTVT has the following valorisation:

    ZCO_UNEG has the following:

    In order to see data of the following units

    To access this application there are 20 roles, one for each business unit with the following structure: * ZSEM_BSC_BPS. In this role, the users displayed in the list box just business unit for which the user has the roles of loading data for this unit, eg if the user has the role ZSEM_BSC_BPS_CORPORATIVO should only display the list box in the corporate unit. As shown in the figure below:

    Many users has SEM_BSC_BPS* roles mainly for loading and modify data for a particular business unit. The problem is that the role assigned to a user with the other two roles of the previous BSP application, the user displays all the business units in the list box. For example, a user who has the role of visualization above, ZSEM_BSC_CORPORATIVO_II and the role ZBW_SEM_AUTORIZ_UNIDAD_NEGOCIO and also has the role of ZSEM_BSC_BPS_CORPORATIVO will display all the business units in the application of load, it would be wrong, because it should display only the unit for which the user with this set of profiles must load (corporativo unit).

    What should be done to ensure that the load application is not showing all the business units in the List Box, if the user has the roles of the previous application?

    You might also like