SAP BusinessObjects Planning and Consolidation: Administrator and Power User Best Practices for Configuring Authorizations and Authentication
- by Ryan Leask, Senior Director, Solution Strategy for SAP’s Business User and Line of Business Sales Organization
- Prakash Darji, Vice President and General Manager, Data Warehousing Solutions and SAP HANA Platform, SAP
- December 11, 2009
When a power user creates an application in SAP BusinessObjects Planning and Consolidation, users must be assigned and given authorization to read and write data that they own. Take an in-depth look at how authentication and authorization are set up to ensure users can only work with the regions of data they own. This information can help you ensure that your data remains accurate and that you aren’t violating any data governance policies your company may have.
Differentiating between the terms authentication and authorization is important, as often these terms are used interchangeably. The term authentication refers to assigning a user access to the SAP BusinessObjects Planning and Consolidation system. This user then logs on to the system and is authenticated against that system. Authentication is the process of assigning the user and validating the credentials (username and password) of that user upon logon. The term authorization refers to the activities a user can perform once authenticated. It also refers to the region of data to which the user has access to read and write. Within SAP BusinessObjects Planning and Consolidation, authorization is separated into the concept of task profiles, to control the activities to which users have access, and member access profiles, to control the data regions to which a user has access.
SAP BusinessObjects Planning and Consolidation is designed to empower the business by reducing its dependency on the IT department for making system changes. Authentication and authorization assignments are usually an area that the IT department of a company controls. With SAP BusinessObjects Planning and Consolidation, authorized business users can directly configure security. This allows them to help themselves and avoid having the IT department become a bottleneck in setting up or making changes to the system. Typically, a power user within a line of business handles this task because he knows the users within the business and the data with which they should or should not be working. (See the article “SAP BusinessObjects Planning and Consolidation: An Overview of How It Works with SAP NetWeaver BW” for a more detailed discussion on this topic.)
Throughout this article, we focus on the tasks an administrator or power user in the line of business performs. This includes adding a user to an application set, assigning the user to a team, and then assigning member access profiles and task profiles to that team. We discuss the best practices of setting up authorizations as well. See the “Key Terms” sidebar for definitions of user, team, task profile, and member access profile.
The user experience is almost identical (even for administration) between SAP BusinessObjects Planning and Consolidation, version for the Microsoft platform, and SAP BusinessObjects Planning and Consolidation, version for SAP NetWeaver. However, the back-end implementations are quite different. All the content and behavior we describe in this article apply just to the version for SAP NetWeaver.
Would you like to see this full item?