SAP Community Network Wiki - Business Intelligence (BusinessObjects)...

http://wiki.sdn.sap.com/wiki/display/BOBJ/Permissions+and+authorizat...

Welcome, Guest Login Register Getting Started Newsletters Store

Solutions Services & Support About SCN Downloads Industries Training & Education Partnership Developer Center Lines of Business University Alliances Events & Webinars Innovation

Permissions and authorizations requirements for BEx Web into BI 4.x

Added by Patrice Le Bihan, last edited by Patrice Le Bihan on May 04, 2011
Product versions: Business Intelligence 4.0 Business Warehouse 7.x

Introduction
This article presents the user security settings required to access BEx Web applications stored in a BW ABAP system from a BI 4.x (aka Business Objects Enterprise) system.

Introduction Security settings (BI Authorizations) on BW ABAP backend BI Authorizations required for end users BI Authorizations required for RFC connections Security settings (user rights) on BI 4.0 User Security on BEx Web Applications References and links

Security settings (BI Authorizations) on BW ABAP backend

BI Authorizations required for end users
End users do not require any additional authorization to what they currently have when the BEx Web Template runs on the NetWeaver Java Application Server and from the Portal. It is very likely they will be assigned a role that contains the following profile information (or a subset):

BI Authorizations required for RFC connections

The user specified in the OLAP Connection (see steps in Configuration steps to integrate BEx Web applications into BI 4.x) is required to open RFC connections to the BW system. In our example, we are using the BW user account "BEXATBOE".

1 of 3

4/25/2013 5:22 PM

SAP Community Network Wiki - Business Intelligence (BusinessObjects)...

http://wiki.sdn.sap.com/wiki/display/BOBJ/Permissions+and+authorizat...

That user account requires one role : SAP_BC_JSF_COMMUNICATION_RO. Below is a screen shot of the SU01 transaction.

One can define more granular authorizations if absolutely necessary by using the authorizations highlighted in this screen shot (details of the pre-configured SAP_BC_JSF_COMMUNICATION_RO role).

Note : By default this role does not include the function groups RSOLAP_BICS_*. You may need to add them to the RFC access authorization object to prevent core dumps being generated on the backend system and indicating permissions are missing to allow RFC connections : RFC_NO_AUTHORITY. The problem is currently under investigation but adding that function group made the problem go away.

Security settings (user rights) on BI 4.0

On the BI 4 system, we are using a User Group "BEx Web Users" to which we assign the required permissions. All of the permissions are set from the Central Management Console (CMC).

User Security on BEx Web Applications

1. from the CMC, go to Applications, select Bex Web Applications, right click and User Security

2. we assign the View Access to the User Group "BEx Web Users", note that the User Group "Everyone" has No Access.

3. this permission is sufficient to grant access to BEx Web Applications to end users. Once granted, it allows them to see the BEx Web Applications icon from the default home page of BI Launch Pad and "BEx Web Applications" from the "Applications" top menu

2 of 3

4/25/2013 5:22 PM

SAP Community Network Wiki - Business Intelligence (BusinessObjects)...

http://wiki.sdn.sap.com/wiki/display/BOBJ/Permissions+and+authorizat...

Note: the User Group does not need any permission on either the OLAP Connection or Adaptive Processing Server configured in earlier steps (refer to this article for details).

References and links

<<<<==== Previous Article Configuration steps to integrate BEx Web applications into BI 4.x Next Article ====>>>> Troubleshooting and Known Errors with BEx Web applications in BI 4.x

Follow SCN Contact Us SAP Help Portal Privacy Terms of Use Legal Disclosure Copyright

3 of 3

4/25/2013 5:22 PM