grant authorizations for query

components
1 Business Scenario
You have development teams (projects) working on query components in the same system. You want
to grant the users authorizations for (creating, changing, deleting etc.) query components by team.
2 The Result
Your developers are authorized to work only with the query components that members of the same
team have created but not with those that members of other teams have created.
©2002 SAP PORTALS, INC. AND SAP PORTALS EROPE !"B# 1
$ The Ste%&B'&Ste% Solution
1. Preliminary remarks
For BW 3.0A a new authorization object
S_RS_!"P# $%Business &'(lorer $ om(onents)
&nhancements to the !wner* was create+
enablin, you to ,rant authorizations -or .uery
com(onents that are +e(en+ent on the creator o-
the .uery com(onents. /he authorization object
S_RS_!"P %Business &'(lorer 0 om(onents* is
still use+1 i.e. both objects are checke+ -or
su2cient authorization when workin, with .uery
com(onents.
3- you ha4e u(,ra+e+ your system -rom BW 5.0B 6
5.# an+ you want to enable your users to ,o on
workin, as they use+ to be-ore the u(,ra+e
7without any chan,e in authorizations81 you can
a++ the new authorization object S_RS_!"P# to
a stan+ar+ role 6 (ro9le e4ery user is assi,ne+ to
an+ ,rant -ull authorizations -or this authorization
object.
For a+justments necessary a-ter an u(,ra+e
(lease also re-er to %ow to !ustomize "# $.%& after an
'pgrade from (.%")(.*!%
2. Assume you ha4e a role -or the
%Sales* team. /he team
consists o- the users Stein1
Forester1 :ami+ an+ Brehme.
/hey ha4e -ull authorizations -or
the authorization object
S_RS_!"P
©2002 SAP PORTALS, INC. AND SAP PORTALS EROPE !"B# 2
3. A++ the authorization object
S_RS_!"P# either manually by
(ressin, the %"anually* button
an+ ty(in, the object name into
the +ialo, bo' or by usin,
%Selection criteria*.
4. Assi,n the same 4alues as -or
S_RS_!"P i- a((licable 7e.,.
acti4ity 0#1 %create or ,enerate*
+oesn;t make sense -or
S_RS_!"P#8. 3n the %!wner*
9el+ enter the name o- all the
sales team users. <enerate the
(ro9le 7an+ assi,n users i- it is a
new role8.
©2002 SAP PORTALS, INC. AND SAP PORTALS EROPE !"B# $
5. 3- you want to ensure that all
users are authorize+ to work
with .ueries they ha4e create+
themsel4es1 you can a++ the
4alue %=>S&R* to the %!wner*
9el+ in a stan+ar+ role 6
(ro9le. %=>S&R* is re(lace+
with the current user name in
the authorization check. 7/his
-eature is enable+ with
su((ort (acka,e 31 BW 3.0A.8
( Su))ar'
+ranting authorizations for working with query components depending on the component creator is
possible with the authorization object ,-.,-!/01* (new with "# $.%&). You can either grant those
authorizations for a team or grant authorizations for self2created queries with low maintenance effort
by entering a variable (3',4.).
©2002 SAP PORTALS, INC. AND SAP PORTALS EROPE !"B# (