BI Authorization Objects

Security in SAP is controlled through authorization objects. The SAP Business Information Warehouse BI  has a set of authorization objects specific to BI which control security in BI. Primarily there are two classes of authorization objects in SAP BI. They are in the areas of BI – reporting and BI – administration. The BI reporting authorization objects are used for field level security in BI reporting. The BI administration objects are used to secure administration functions in business information warehouse. Below are some of the authorization objects in the above two areas of BI security.
1. SAP Business Information Warehouse Reporting
- S_RS_COMP
- S_RS_COMP1
- S_RS_FOLD
2. SAP Business Information Warehouse Administration
- S_RS_ADMWB
- S_RS_IOBJ
- S_RS_ISOUR
- S_RS_ISRCM
Apart from the above two classes of authorization objects in SAP BI, there are a set of common authorization objects which are used in BI. These common authorization objects are required by all users as these authorization objects are checked in different areas. The common set of authorization objects used in SAP BI includes S_RS_ICUBE, S_RS_ODSO and S_RS_HIER. One key point to note is that BI reporting authorization objects for field level security are created as needed whereas the BI administration authorization objects are used across the module to secure admin functions.

Also for a Developer the following Authorization   objects have to be part of their role.

S_TCODE

S_DEVELOP

S_TRANSPRT

S_APPL_LOG