This is a quick introduction to some of the tables involved in the standard SAP authorization model and one of the specific ones in the BI authorization model. For more details, please refer to the BI online documentation and to the presentation “An Expert Guide to New SAP BI Security Features”, this presentation is available in the second link below (copy and paste in a browser, you will need SDN access).
This example is only for illustrative purposes. Bear in mind that when you are searching for specific authorizations, you need to consider both ranges and wild cards.
Suppose you want to know which uses are granted to access data in company code 1000. Start by looking at table RSECVAL “Authorization Value Status” in transaction SE16. Enter ‘0COMP_CODE’ in field TCTIOBJNM, ‘I’ in field TCTSIGN, ‘EQ’ in field TCTOPTION and ‘1000’ in field TCTLOW.
You will one or several BI analysis authorization objects (field TCTAUTH). Suppose you got one record with TCTAUTH = ZCC_1000. Now to find the list of standard authorization objects that use the BI analysis authorization ZCC_1000, look at table UST12 “User master: Authorizations”. Enter ‘S_RS_AUTH’ in field OBJCT, ‘BIAUTH’ in FIELD, and ‘ZCC_1000’ in VON.
You will get a list of standard authorizations, that you can use to get the roles and the users for these roles in tablesAGR_1250 and AGR_USERS, see picture below.
Other tables that are relevant for the authorization model are:
AGR_AGRS2: role parent-child relationship
AGR_HIER contains the folder hierarchy, AGR_HIERT contains the texts
AGR_1250 contains the authorization assignment to roles
AUTHX contains the authorization field mapping to data elements (DD04T contains the texts)
TSECTXT Authorization texts (BI)
RSECVAL Authorization Value Status contains the "InfoObject" values (RSECVAL -> UST12 -> AGR_1250)
SMEN_BUFFC user favorites
TACTT contains the activity texts
TOBCT contains the text for the classes
TOBJ contains the assignment of objects to classes
TOBJT contains the fields for the authorizations objects
USH04 contains last changed info
UST12 contains the field values
UST13 contains the texts for the authorizations
USR21 Contains the mapping of user to personnel number (ADRP)
No comments:
Post a Comment