SAP BW/4HANA cockpit is a Web-based interface used for administration of a BW/4HANA system. In BW/4HANA cockpit under the Modeling tab, you will find a tile named ‘Analysis Authorizations Editor’. By clicking on that we can restrict transaction data that is accessed by a large group.
Analysis Authorization helps us to create authorization variable for characteristics to restrict accessing the values for those characteristics. Analysis authorization can also be applied to a navigation attribute in a query. Below are steps to create the authorization object on BW4/HANA cockpit or using the app.
Step 1: Click on the create add button which is on the left side on the page.
And then there will 3 tabs such as,
- Special characterises
Step 2: In the General tab, we mention the technical name and description of the authorization object that we want to create.
Special Characteristics Tab
Step 3: In the Special characteristics tab, first, we can either choose “use the default” property or select properties based on our requirement.
When “use Default” is selected it automatically selects full validity, full info provider and only display activity.
If we want to have this authorization object to be valid for only a specific period, we can de-select full validity and click on expert mode to enter the validity period in the validity tab.
Step 4: If we want to have the authorisation only for a few key figures or for a few ADSO’s we can de-select full and give the key figure technical name in the info provider tab.
Step 5: We can also give either display activity or change activity for the authorization object, which decides whether the user with this authorization can change or only view the data.
Step 6: In the characteristics tab, we can mention a specific info object and give value based on which we want to restrict.
Step 7: After entering the info object we can further restrict by choosing to display only the aggregated values or the entire data. Mentioning single or multiple values and if hierarchy exists, we can restrict up to which node the data can be drilled down.
Step 8: After entering all the details click on save and activate the object. We can also transport the authorization object, so we need to capture a transport log to move the object to other systems.
After creating the authorization object, we need to assign the object to the user in SU01 and enable the authorization object in the query to restrict accessing the data. We can choose to deactivate an existing authorization object if we no longer need the authorization for a query or info provider and remove the authorization filter from the query.
Similarly, we have many other apps grouped together in BW/4HANA Cockpit to perform specific operations in BW/4HANA system.