Day1-Day8

@GainingHub

Analyzing Authorization Checks • SU53 is an authorization trace of last failed authorization. • ST01 is an authorization trace of all the activities performed by user in SAP system. @GainingHub

RETURN CODE @GainingHub

ST01 @GainingHub

STAUTHTRACE • As we can see from the opening screen itself, STAUTHTRACE allows us to start a trace for multiple app servers from a single screen. @GainingHub

Organization Plan • Organizational Unit: Can be, for example, a functional unit in the company (such as Sales and Distribution) • Position: Represents a position in the staff assignments of an organizational unit that is to be occupied by a person (employee), such as Sales Manager Europe. • Job: While positions represent the concrete posts in a company that are to be occupied by holders (such as Sales Manager Europe), jobs are general classifications of functions in a company (such as sales manager) that are to be further specified by assigning properties. Jobs provide job descriptions that are applicable to multiple positions with similar tasks and properties. • . Task: Description of an activity that is to be performed within organizational units. @GainingHub

In Direct Role Assignment • If the roles are now assigned to the objects of the organizational plan, such as positions, the employees, who are indirectly assigned to these positions through the organizational plan, can inherit the roles. @GainingHub

Transaction : STAD • STAD Transaction which also used to extract the report for transactions executed by user in a week. @GainingHub

Transaction : ST03N •Step 1: Execute the ST03N •Step 2: Select Expert Mode from the Drop down on The Administrator Icon •Step 3: Double-click the sever name to expand and get the details •Step 4: Scroll down using the up/down scroll about on the left of the screen and select the appropriate month / Day •Step 5: Double-click the selected month / Day •Step 6: Expand the User and settlement Statistics option and Double-click User Profile •Step 7: Find the user for whom you want to get the list of Transaction codes executed in a stipulated period •Step 8: List of T. Codes executed by the user @GainingHub

Track the Transaction Executed by Whom • Execute Transaction : ST03N • Select the Month • Under Analysis View • Expand Transaction Profile • Select Standard • On the right pane of the window - you can click on transaction/report/program name->Double Click on any of these entries to find details of specific entry. • If we click on User and Settlement, USER PROFILE @GainingHub

LINE AUTHORIZATION We need to restrict the access for user to view only: ERP-TMC in table: T77DB Authorization object: S_TABU_LIN ACTIVITY  Define the change / display Organization Criteria Org Field 1…….N TABLE: T77DB contain field : Shift Group which having technical name: DIENSTGR therefore we need to configure this in SPRO. @GainingHub

You can define then using Tcode - S_BCE_68001484 OR via SPRO @GainingHub

@GainingHub

@GainingHub

@GainingHub

Table Authorization Group • To restrict the access for the set of tables that user can access is done by creating the authorization group and assigning the tables to this group. • S_TABU_DIS have field: DICBERCLS in which we can maintain the groups. • SE54 – Used to create authorization groups @GainingHub

Authorization Group For ABAP Program • Transaction : SE38 is used to execute the ABAP programs in SAP. • If end user having access to transaction : SE38 and client want to restrict him/her from executing the program, then we used the concept of authorization group. • We can assign program through transaction: RSCSAUTH. • S_PROGRAM contain the field P_ACTION in which we add the authorization group linked to the program. • TABLE: V_TPGP @GainingHub

Custom Transaction Codes Custom (starts with Z or Y) transactions are created in the SAP system due to the following reasons: • Standard SAP may not support that task • A particular transaction needs to be customized to suit the business requirements. • The custom transaction code will either call an ABAP program internally, or is a parameter transaction which deals with table maintenance (parameter transactions) The transaction code which has an ABAP program associated will have the authorization restriction as follows: Restriction with AUTHORITY-CHECK OBJECT (RSABAPSC program to check authority check) Restriction with calling another transaction code @GainingHub

Transaction – SE93 @GainingHub

• When one transaction called another @GainingHub transaction in the SAP System. Couple Transaction • Often one transaction call other transactions with in it using CALL Code TRANSACTION. If there is a check for authorization(TCDCOUPLES), then the called transaction will be checked. If the check is no, no authorization check will be done. You can change this behaviour through SE97.

Remote • Remote Function Call (RFC) is the standard SAP interface for Function Call communication between SAP systems. (RFC’s) Transaction: • RFC calls a function to be executed in a remote system. SM59 • The authorization check uses the authorization object S_RFC to check whether the user defined in the destination has RFC authorization for the function group of the called function module. • RFC ABAP Type 3 can be managed using transaction SM59.RFC Calls can be of two types: Trusted RFC and untrusted RFC. • S_RFC & S_RFCACL are authorization objects which does not exist in SAP_ALL. @GainingHub

Authorization check for Untrusted RFC: Authorization object checked at source system: S_ICF Authorization object checked at destination system: S_RFC Authorization fields for object S_ICF • ICF_FIELD: It can have value “Service” or “Dest“. For RFC calls the value selected is Dest. • ICF_VALUE: It can have values for ICF Services or RFC Destinations. Table RFCDES contains the list of RFC Destinations. Authorization fields for object S_RFC • ACTVT: Activity. Currently it takes value 16 (execute) • RFC_TYPE: Type of RFC object to be secured. This field has value FUGR (function group). • RFC_NAME:  Name of RFC object to be secured. Since type of RFC object to be secured is function group (FUGR), this field (RFC_NAME) contains the name of function groups to be secured. It is important to note that ‘*‘ (full authorization) is not given otherwise user would be able to execute all the function groups including critical function groups. @GainingHub

Authorization • Authorization object checked at source system: S_ICF check for • Authorization object checked at destination system: S_RFC & Trusted RFC: S_RFCACL • In case of trusted RFC, destination system trusts the source (client) system. Instead of logging into destination system using an RFC user, the user id of active dialog user is used. An additional authorization check is done in the destination system and authorization object S_RFCACL is checked to see if the dialog user has necessary authorization to log into the destination system. The authorization object S_RFCACL has following authorization fields: • RFC_SYSID : System id of the source SAP System (calling system) • RFC_CLIENT : Client of the source system (calling system) • RFC_USER : User id of the calling user in the source system. Care should be taken so that it doesn’t have ‘*‘ (full authorization). • RFC_EQUSER : Values ‘Y’=Yes or ‘N’=No. Indicates whether the RFC user can be called with a user having same id. • RFC_TCODE : Calling transaction code. • RFC_INFO : Info from the source system. • ACTVT : Activity. It takes value “16″ (execute). @GainingHub

S_RFCACL Examples: • Suppose a user User1 in source system S1, client M1 wants to call a function module in the target system under the same user User1. He or she would then need the following authorizations in the target system: RFC_SYSID : S1 RFC_CLIENT: M1 RFC_USER  : RFC_EQUSER: Yes RFC_TCODE : * RFC_INFO  : * ACTVT     : 16 • Suppose a user User1 in the source system S1, client M1 wants to call a function module in the target system as the user User2. In this case, User2 in the target system needs the following authorizations: RFC_SYSID : S1 RFC_CLIENT: M1 RFC_USER  : User1 RFC_EQUSER: No RFC_TCODE : * RFC_INFO  : * ACTVT     : 16 @GainingHub

Scheduling Background Jobs SM36 – Scheduling Jobs SM37 – View Scheduled Jobs @GainingHub

@GainingHub

@GainingHub

@GainingHub

SM37 – To View the Scheduled Jobs @GainingHub

Day6 @GainingHub

Architecture of BI BI has a multilevel architecture to provide the maximum degree of flexibility. It can extract and use data from a variety of sources. Persistent Staging Area ( PSA)  It is initially a storage area of data, where requested data is stored or saved, unchanged from the source system. Data Warehouse  The result of the first transformation is saved in the next layer. This data warehouse offer integrated, granular, stable table. Architecture Data Marts  are multidimensional reporting structures. This layer satisfy reporting requirements. Operational Data Source  In additional to analytical and strategic reporting, a data warehouse also support operative reporting by means of the operational data source. Operational data can also be forwarded to the data warehouse layer at set times. @GainingHub

BI Modeling • The BI information model is based on a fundamental building block called the InfoObject. These are business evaluation objects such as customer or sales. • InfoObjects are subdivided into characteristics, key figures, time characteristics or units, and are easily reused. • In BI, objects that provide information for reporting and analysis are called InfoProviders. There are two types of InfoProviders: physical and logical. InfoObjects, InfoCubes, and Data Store Objects contain physical data. @GainingHub

SAP BI / BW / • SAP Business Intelligence (BI) means analysing and BPC reporting of data from different heterogeneous data sources. • SAP Business Warehouse (BW) integrates data from different sources, transforms and consolidates the data, does data cleansing, and storing of data as well. It also includes data modelling, administration and staging area. The data in SAP BW is managed with the help of a centralized tool known as SAP BI Administration Workbench. • SAP Business Planning and Consolidation (BPC) tool is used to support all operational and financial activities in an organization. It leverages the power of MS Excel  @GainingHub

@GainingHub

Terminology • The BI information model is based on fundamental in BI building block called Info object. It is subdivided into characteristics ( OCTAIPROV, OCTAACTVT, OCTAVALID etc.), Key figures, Time characteristics. • In BI objects that provide information for reporting and analysis are called Info Providers. Info Providers are made up of Info objects. There are two type of Info Providers are: • Physical (Info objects, Info cubes and Data Store Objects) • Logical ( Info sets, Remote cubes, multi providers) @GainingHub

• Info cube  is a data storage area in which we maintain data which we are extracting from source system physically. An info cube can function as both as data target and an info provider. • Info Area  are branches and nodes of tree structure. It organize info cubes and info objects.  Each info object assigned to info area. • BEX Query BI Query is an enterprise query, reporting, and analytics application. BI Query provides an easy-to-use, visual way to query databases, integrate data with other applications, and generate reports. @GainingHub

@GainingHub

• Standard Authorizations are the ones based on structures delivered by SAP. They allow users to perform administration tasks or to create, change or delete meta data objects like InfoObjects or InfoCubes. • Analysis Authorizations define semantic data slices a user is allowed to see in reporting, like all data belonging to company code 1200. The structure and values are not pre-configured by SAP but completely customer-defined. It is the customers responsibility to define the components (InfoObjects) that are relevant for the authorization checks. Authorization @GainingHub

Authorization object S_RS_FOLD will allow you to disable the InfoAreas category. @GainingHub

@GainingHub

@GainingHub

@GainingHub

@GainingHub

@GainingHub

@GainingHub

Hierarchies in BI • A hierarchy is a method of displaying characteristic values structured and grouped according to individual evaluation criteria. @GainingHub

@GainingHub

@GainingHub

@GainingHub

@GainingHub