SAP’s Business Intelligence Server Platform allows end users to schedule reports via the web – run web applications and can provide direct access to:
- View On Demand
- Full Control
- Full Control (Owner)
In many situations, these features give too much access to users, which automatically increase data theft, spam, virus and hack risks. Setting access levels, adds security to each business transaction and then adds ‘Advanced Rights’ as a cherry on the top. To ensure the data within the BI platform remains safe it is important for users to have a good handle on access level even during SAP Business object Training.
Types of Access Rights
Content Rights applied on files, folders, reports and various other documents. All these rights are applicable to only one type of object & can override the existing content. This type of right provides the answer to the question “What can I work with and see.”
General Rights are applied on most or at least all type of objects available in the BI platform. Though the couple like “Change password” and “change preference” are quite limited in their scope. The most used right is “view object” as it is applicable to every object.
Application Rights are applied to different applications within BI platforms. These include BI Launchpad, Web intelligence, IDT, etc. They basically answer the question like “What can I do?”
System Rights comes in two general categories; Data Access Right applied to various data connections. They answer the question “what can I use?” All Other System Right applied over various system-level objects such as a server, access, profile levels, etc.
Each access might contain two versions – “Full” & “Owner” views. The Full version allows access to every object and owner version allows access to only those objects the user owns. In case a user is having both these versions, the owner version will be redundant as full version already provides access to every available object.
There are various useful practices that you should perform during your SAP Business object training to ensure you manage daily security threats within the BI platform to a high-level.
Provide separate access levels for Application, Content and System Rights.
Don’t use explicit denying access right, as it can lead to some serious consequences. Use ‘Not Assigned’ instead.
It’s crucial to provide a general view object to all the access levels because users have to able to view object so that they can use it.
There should be two DATA access levels. One is for providing permission to various connection types and other allowing users to create queries to create reports.
Provide separate access level for each application.
Use General Rights for content access level and evade overriding the general rights, available in each content type’s right.
Use custom level instead of ‘Advanced Security.’ Custom levels make it easier to understand the type of access being granted and are absolutely reusable.
Careful planning and awareness of access rights working, SAP BI platform security configuration is easy to understand and maintain.
So, use these tips during your SAP Business object training and stay ahead of data security threats.