Analysis authorizations in SAP BW/4HANA are used to restrict access to data based on specific criteria, such as organizational units or regions. These authorizations ensure that users can only view data they are authorized to access. Below is a detailed explanation of why the correct answers are A and B:
Correct: TheRSECADMINtransaction is specifically designed for managing analysis authorizations in SAP BW/4HANA. You can assign analysis authorizations directly to auser in this transaction. This approach is useful when you need to apply fine-grained access control at the individual user level.
Option A: In transaction RSECADMIN directly to a user
Correct: ThePFCGtransaction is used for role-based authorization management in SAP systems. By assigning the authorization objectS_RS_AO(which controls access to InfoProviders and queries) to a role, you can define analysis authorizations at the role level. This ensures that all users assigned to the role inherit the same data access restrictions.
Option B: In transaction PFCG to a role using the authorization object S_RS_AO
Incorrect: WhileSU01is used to maintain user master data, it is not the appropriate transaction for assigning analysis authorizations. Analysis authorizations are managed either throughRSECADMIN(directly to users) orPFCG(via roles).
Option C: In transaction SU01 directly to a user
Incorrect: The authorization objectS_RS_AUTHis not used for managing analysis authorizations. Instead,S_RS_AOis the correct authorization object for controlling access to data in SAP BW/4HANA.
Option D: In transaction PFCG to a role using the authorization object S_RS_AUTH
SAP BW/4HANA Security Guide: Explains the use of RSECADMIN and PFCG for managing analysis authorizations.
SAP Help Portal: Provides details on the authorization objectS_RS_AOand its role in restricting data access.
SAP Data Fabric Architecture: Highlights the importance of role-based and user-based access control in ensuring data security.
References to SAP Data Engineer - Data Fabric Concepts
