Ensure Business Access Segregation by Automatically Generating SAP NetWeaver BW Analysis Authorizations

  • by Jonathan D Griffith, SAP NetWeaver BW Subject Matter Expert and BI Solutions Center Tools Team Lead, FirstEnergy Corp.
  • October 28, 2009
Learn about an alternative method for creating and maintaining complex business access segregation rules that does not involve having your employees manually assign and revoke SAP NetWeaver BW roles with every employee job transfer. Through the use of analysis authorizations and security data models, you can update your SAP NetWeaver BW security automatically to reflect the latest changes to users as well as business rules governing data access.

Recently, I was approached by a security project manager for assistance with how FirstEnergy (FE) could use its SAP NetWeaver BW implementation to achieve overall corporate business objectives and more efficiently secure access to information among its separate business units. FE had just completed a series of SAP technical and functional upgrades that included going from SAP BW 3.0B to SAP NetWeaver BW 7.0 and implementing HR structural authorizations within SAP NetWeaver BW. To satisfy the current business and security objective, we extended this HR structural authorizations model to automatically generate authorizations from data outside of SAP HR.

The true objective was to lower the high-maintenance required to provision data access within SAP NetWeaver BW. FE conducts business operations in a utility regulatory environment. One consequence is that we must restrict data access among five business unit groups in a controlled manner. The main group, shared services, has open access to all data while another group, employees on extended disability, has no access. The other three groups — regulated entities, energy affiliates, and regulated commodity sourcing — each has different access rights depending on relevant regulatory considerations.

Jonathan D Griffith

Jonathan D. Griffith is the technical lead/subject matter expert for SAP NetWeaver BW, as well as the team lead for the BI Solutions Center Tools Team at FirstEnergy Corp.  FirstEnergy Corp. is a diversified energy company headquartered in Akron, Ohio. Its subsidiaries and affiliates are involved in the generation, transmission, and distribution of electricity, energy management, and other energy-related services. Its seven electric utility operating companies comprise the nation’s fifth largest investor-owned electric system, serving 4.5 million customers within 36,100 square miles of Ohio, Pennsylvania and New Jersey, and its generation subsidiaries own or operate more than 14,000 megawatts of capacity. Jon has been the technical lead and project manager for all patch, release, and front-end add-on upgrades concerning SAP NetWeaver BW at FirstEnergy for the past four years. Jon started working with SAP as an ABAP developer in 2002 and has been involved in BW/BI development since 2003.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.