Security Model In SAP BPC

Security Model

The language used for member formulas is MDX (Multi-Dimensional Language); however, only a subset of all the MDX instructions is available inside EPM member formulas.

Member formulas are dimension related. This means they are valid for all the models sharing those dimensions.

Once you have set up a member formula the related dimension must be processed in order to make the formula applied.

Member formulas are calculated on the fly: calculated values are not stored in the database.

Note: Pay attention to the number of member formulas you define in your model. They may dramatically decrease application performance.

Administrators must specifically assign task profiles to users or teams of users before they can access any tasks. Similarly, if they do not assign data access profiles to users or teams to define access to members of a secured dimension, no one has access to that dimension.

Steps To Define Security

These roles do not include all possible combinations with restrictions for CLM actions (for example, copy, delete, and deploy content). These roles are more generic in nature and are supplied for reference to the CLM-managed application.

In real scenarios, more strict authorization values could be needed to restrict access to specific CLM actions.

The application uses the classic authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver Application Server ABAP Security Guide also apply to the application.

The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG).

You can restrict user actions using task profiles and data access profiles:

• Task profiles define what type of activities or tasks a user or a team of users can perform.
• Data access profiles define the specific models and data within the models to which users have access.

These roles do not include all possible combinations with restrictions for CLM actions (for example, copy, delete, and deploy content). These roles are more generic in nature and are supplied for reference to the CLM-managed application.

In real scenarios, more strict authorization values could be needed to restrict access to specific CLM actions.

BPC Web UI Authorizations

A web UI URL to access BPC 10 is https://<host>:<port>/sap/bpc/web

If you want a user to perform administration tasks, you must assign them one of the predefined administrator roles. Without one of these roles, the user cannot perform any administrative tasks.

Adding a Task Profile

To create a new task profile in the Administration workspace, choose Security > Task Profiles > New. Enter data as required.

Inclined to build a profession as SAP BPC Developer? Then here is the blog post on, explore SAP BPC Training

 

Read these latest SAP BPC Interview Questions that help you grab high-paying jobs!

Data Access Profile

If you grant access to a member that has 10 children, users with access to the parent member also have access to the 10 children.

You can restrict a child member of a parent with reading Only or Write access by creating a separate data access profile and assigning the child Denied Alternatively, you can use the same data access profile as the parent, but create a new line item for the child.

When there is a conflict between data access profiles, the least restrictive profile is always applied.

Security > Data Access Profile > New

Security > Data Access Profile > Edit

Security > Data Access Profile > Copy

Security > Data Access Profile > Delete

 For in-depth understanding click on

• Models in SAP BPC
• Business Rules in SAP BPC
• Work Status in SAP BPC
• Audit Reports in SAP BPC