SAP BI Analysis authorizations per user

Summary

This is a quick introduction to some of the tables involved in the standard SAP authorization model and one
of the specific ones in the BI authorization model. For more details, please refer to SAP BI online documentation and to the presentation “An Expert Guide to New SAP BI Security Features” in
SDN, (you will need SDN access).

Example

This example is only for illustrative purposes. Bear in mind that when you are searching for specific authorizations, you need to consider both ranges and wild cards.
Suppose you want to know which uses are granted to access data in company code 1000. Start by looking at table RSECVAL “Authorization Value Status” in transaction SE16. Enter ‘0COMP_CODE’ in field TCTIOBJNM, ‘I’ in field TCTSIGN, ‘EQ’ in field TCTOPTION and ‘1000’ in field TCTLOW.

Figure 1 – Table RSECVAL, lookup authorization object based on Company Code

You will find one or several BI analysis authorization objects (field TCTAUTH). Suppose you got one record with TCTAUTH = ZCC_1000. Now to find the list of standard authorization objects that use the BI analysis authorization ZCC_1000, look at table UST12 “User master: Authorizations”. Enter ‘S_RS_AUTH’ in field OBJCT, ‘BIAUTH’ in FIELD, and ‘ZCC_1000’ in VON.

Figure 2 – Authorizations table UST12

in tables AGR_1250 and AGR_USERS, see picture below.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries