This Global Media and Entertainment Company decided to utilize SAP’s Business Warehouse (BW) to develop the majority of its business critical reports – both operational and analytical – for its 30,000 reporting users. This allowed the Enterprise to both reduce requirements for custom ABAP development and the overall cost of ownership of the SAP system, which maximized their return on investment. One of the primary concerns with this decision was to ensure the same level of data protection and control on the BW system as on the R/3 modules (including HR) and other component systems (CRM, EBP, BCS, and SEM-BPS).

To ensure a successful and controlled enterprise BW reporting system, The Hermosa Beach Consulting Group (HBCG) utilized a “least privilege” security methodology and standardized roles across all component systems. So, for example, if on the R/3 system a user is a Financial Analyst, then a user also is a Financial Analyst on the BW system; transactions and workbooks are logically grouped together and assigned to roles regardless of the component system in which they exist. BW reports were then grouped appropriately to these roles. To minimize on-going maintenance demands on the security team, simple roles were used to group reports shared by multiple job functions and assigned to composites, which defined a user’s job responsibilities within the system.

Similarly, the data-security model had to be replicated from its source system. For example, if a user is running a CO report on the BW system, that user would be limited to access only the Cost Centers to which he or she is authorized on the source R/3 system. Within HR, users not only had to be limited by appropriate organizational elements, but employee master data, (e.g., wages, birth date, SSN, and other personal information) had to be limited to align with their R/3 InfoType access.

Once the data-security model was defined for BW reporting, processes and procedures were implemented to ensure that BW development efforts remained in-line with security. Security standards were set by InfoCube, including specifications for mandatory input variables for secured fields and integration test standards for security.