SAP BW Authorization

SAP BW Authorization is definitely different from R/3 authorization. Why? Well, first, R/3 authorization usually involves up to the transaction code level. But for SAP BW, the mostly used transaction is "RSA1" and "RRMX". Therefore, authorization based on transaction code alone, is definitely not sufficient.

So how do we design authorization in SAP BW? There's a few authorization objects that relates to SAP BW.

For reporting, you will most probably use the following SAP BW authorization object:

1. S_RS_COMP - Reporting Component, here is where you control the query authorization blah blah.
2. S_RS_COMP1 - Reporting Component Owner, you can control users to only be able to access report created by Power Users, here.
3. S_RS_FOLD - Disable/Enable the 'InfoAreas' button.

Besides that, you will also need to configure the following authorizations:

1. S_RS_ICUBE - Infocube authorization
2. S_RS_ODSO - ODS Objects
3. S_RS_HIER - Hierarchy Authorization

For SAP BW administration purposes, aside from the above, you also need to configure the following authorization objects:

1. S_RS_ADMWB - Administrator Workbench
2. S_RS_IOBJ - Info Objects authorization
3. S_RS_ISOURCE - Transaction Infosource
4. S_RS_ISRCM - Master Data Infosource

There that's what you need for authorization. Anyway, to achieve "field level" authorization like those in R/3, you can create a customize object, select the infoobject that has been set "authorization relevant", and add it in the authorization matrix, and walla, you got "field level" authorization.