Managing permissions in SAP NetWeaver BI can restrict user access. These limitations apply to both the possible actions (or launch a state change, etc.), functional domains available (represented by cubes), and the scope of analysis (such society, country, etc.).
In general, the assignment of permissions to users is not direct but passes through objects called "Roles". Indeed, a role for combining users, permissions and menus. It is often too complex to assign and track users directly with permissions because the number of combinations to process and lack of user-friendly graphical interface.
Thus, the role will bring together a set of users with the same need analysis, a user can belong to multiple roles. A user assigned to a role can run the state and access to performance indicators.
The Management Organization:
A solution exists yet in SAP NetWeaver BI, to assign positions and not users. This feature allows you to manage a hierarchy of positions and assign users to those positions, according to the reporting period. This management can be supported by human resources in ERP, and duplicated in all systems, or run directly into BW.
Positions are assigned to roles and not directly to users. A change in position does not require changing the allocations to authorities: the user automatically inherits the permissions associated with his position.
From a technical standpoint, the tree management positions and organizations can be achieved by the transaction PPOCW. The positions are then assigned to roles in the transaction PFCG (for extended), in the "User" button and "Organizational Mgt". The assignment of the user's position is performed by the transaction SU01.
The Security Risks Factors:
This system provides general satisfaction because it simplifies the assignment in the original draft. However, it has a major drawback: it merges the individual and the position it occupies in the organization. Maintenance requires translating the actual position of the user roles to provide the necessary permissions.
However, permission management is rarely managed by human resources, but directly between business and IT services. This produces long-term some complexity in the permissions, or a lack of visibility and gaps for authorization. A recent study moreover demonstrated that among the risks in poorly managed companies are primarily the fault of security.
0 comments:
Post a Comment