Sie sind auf Seite 1von 32

Welcome to the Security lesson for SAP BusinessObjects Planning and

Consolidation 10.0, version for SAP NetWeaver.


1
After completing this lesson, you will be able to perform the actions listed
above.
2
You can access all the views related to the security topics under the Security
domain in the left side panel of the Administration workspace.
Users
Teams
Task Profiles
Data Access Profiles (Member Access Profiles in 7.5)
3
List of all the users assigned to the environment.
From this list, you can add or remove some users (multiple deletion is allowed).
You can also edit a user. Multiple edition of users is allowed to enable to modify
several users simultaneously (mass maintenance).
You can see in this list the IDs of the users, their last and first names and also
their email address.
These properties are those from the NW users and cannot be changed in BPC.
4
5
6
From 10.0, NW version is directly using NW user to logon BPC application from web client or
excel client. Windows AD user or CMS users are no longer supported. In 7.5,a user can either
use windows AD user/password or CMS user/password on BPC logon screen, in BPC 10.0,
NW user should be used instead. For upgrade customers, all users from 7.5 (no matter if its
windows AD user or CMS user) should be migrated, and all task profiles and data access
profiles assigned to windows AD users (or CMS users) will be assigned to NW users instead
after migration. To migrate user/security, a customer should create each windows AD user or
CMS user a NW user, and create a 1:1 mapping between windows AD user (or CMS user) and
NW user to enable migration.
For customers still using CMS, CMS side did some development for BPC 10.0 NW where
customer can customize for each CMS user a NW user with which CMS user could directly
logon to BPC application.
There are two roles parts to be assigned to a BPC business user in BW end
Static assigned role s(/POA/BUI_FLEX_CLIENT and /POA/BUI_UM_USER) when each user is
created in NW, both roles are required by BUI layer and its NOT environment related.
Dynamic assigned roles when user is added to any environment or user is assigned with any
BPC security task from admin console.
Please note that both part of roles are all backend NW roles, which should be transparent to
BPC business users. BPC business users only have task profiles and data access profiles.
Task profile is really using NW authorization objects. While detail of data access profiles are
really stored in BPC specific tables; same as what was done in 7.5.
7
8
If multiple users, you cannot manage this setting.
But, as for the teams, you can distinguish in this tab the teams to which all the
edited users are assigned (All users value).
From this tab, you can also use the Assign to all function to assign all the
edited users to a team.
9
In the Task Profiles tab, in case of a single user, you can see the task
profiles assigned to this user
Directly
But also through the teams he/she is assigned to Inherited
10
In case of multiple users, you do not have this information of inherited task
profiles. Same principle in this case, you can see the list of all the task profiles
assigned to one user in the selection at least and distinguish those that are
assigned to all the edited users.
Assign to all in this tab enables also assigns a task profile to all the edited
users.
You can of course add task profiles to assign them to all the selected users.
11
12
Here is the list of all the teams of the environment.
From this list, you can create or delete a team (multiple deletion is allowed).
You can also edit multiple teams simultaneously (mass maintenance).
In addition to the ID and the description of the teams, you see how many users
are assigned to each of them as well as the number of task profiles and data
access profiles.
13
You can edit and change multiple teams simultaneously.
Only the common changes made during the edition will be applied to the set of
teams (For example, all things that have not been changed in each team is
kept).
14
In the Users tab, you can see the list of all the users assigned to the selection
of teams.
You can add a new user that will therefore be assigned to all edited teams.
See the value All teams in the Assigned to column.
In the same way, you can assign a set of task profile to the selection of teams.
15
Same principle as in the Users tab for the Assigned to column.
If a task profile is assigned to all the edited teams All teams value.
If a task profile is not assigned to all the edited teams Some teams only
value.
In this case, Assign to all function enables to assign the task profile to all the
edited teams.
16
17
Here is the list of all the task profiles created in the environment.
18
Exactly the same behavior as in the Users and Task Profiles is implemented
in the Data Access Profiles tab.
19
20
Click the Add button to create a new task profile.
This command opens a wizard that enables to create a team through 3 distinct
steps.
In the first step, you must specify an ID and you can also add a description
(optional).
21
You can also select a node in the list to add all its tasks simultaneously to the
selection. Multiple selection is also allowed for the nodes.
22
23
24
25
This command directly opens the data access profile editor.
You can set all the settings and configure the data access for all models in this
page.
You must enter an ID and can add a description (optional).
In the left pane, are listed all the models of the environment and, for each of
them you can see the current status of its access rights.
None means that access right can be specified for the model, since some
dimensions are secured, but none has been defined or completed yet.
Restricted access means that some access rights have been specified for
the model.
Full (Unsecured Model) means that there are no secured dimensions in this
model. Therefore, unable to specify any access rights for this model.
26
27
If no hierarchy exists it is a flat list.
28
29
30
You should now be able to perform the actions listed above.
31
32

Das könnte Ihnen auch gefallen