(SP-16) OutBoard Authorizations

Authorization checks can be activated in the near line storage based on standard SAP authorization objects S_ARCHIVE and OutBoard authorization object /DVD/OTB. Usually, such checks are not required because no end-users are working directly with the NLS. The NLS is used transparently by end-users where often end-users do not even know whether data they see in the report is coming from the NLS or from the online database. These authorizations are built on standard SAP authorization object S_ARCHIVE and /DVD/OTB. This authorization object S_ARCHIVE should have permitted least activities 01 (Create or generate), 02 (Change) and 03 (Display). The activities of authorization object S_ARCHIVE can be maintained in TA SU21.
The main use of OutBoard Authorization is the restriction of user-rights to archive/view data in OutBoard NLS, start Outboard transactions, reports and jobs or maintain OutBoard configurations.

Switching Authorization ON/OFF

The Authorizations can be set globally in "DEFAULT" OutBoard Settings. The OutBoard Settings are reachable from the OutBoard Cockpit (TA /dvd/outboard).

_{OutBoard Authorisations}

Parameter AUTHORIZATION determines whether OutBoard Authorizations are switched ON (value X) or OFF (value ' '). By default Authorizations are not used.

Description of OutBoard for Analytics Authorizations

There are four users groups in OutBoard, each having one of the following authorizations, to maintain, edit, display or no authorization.
Authorization roles available for OutBoard:

• OTB_FOR_ANALYTICS-MAINTAIN
• OTB_FOR_ANALYTICS-EDIT
• OTB_FOR_ANALYTICS-DISPLAY
• OTB_FOR_ANALYTICS-NO_AUTH

_{Authorizations}

Authorization to Maintain

User with this authorization can access all the OutBoard functionality:

• Can maintain all OutBoard configurations and Settings
• Can run all OutBoard transactions and reports, start all OutBoard jobs
• Can access archived Data in standard SAP BW processes (reporting, loads)
• The profile for this user should obtain activities: S_ARCHIVE - Create or generate, Change and Display and /DVD/OTB – Maintain
• SAP role: OTB_FOR_ANALYTICS-MAINTAIN

Authorization to Edit

User with this authorization can access a restriction off OutBoard functionality:

• Is allowed to maintain only the OutBoard configurations and Settings, which are specified by user with Maintain authorization (e.g., cannot change the data class used in archiving if this is forbidden by the user with the maintain authorization)
• Can run all OutBoard transactions and reports except the report for creation of OutBoard Virtual Providers, start all OutBoard jobs
• Can access archived Data in standard SAP BW processes (reporting, loads...)
• The profile for this user should obtain activities: S_ARCHIVE - Create or generate, Change and Display
• SAP role: OTB_FOR_ANALYTICS-EDIT

Authorization to Display

User with this authorization has restricted access to OutBoard:

• Is allowed only to view OutBoard configuration and Settings without the possibility to change these parameters
• Can run OutBoard transactions only in Display mode and cannot start archiving via OutBoard
• Can access archived Data in standard SAP BW processes (reporting, loads...)
• The profile for this user should obtain activity: S_ARCHIVE – Display
• SAP role: OTB_FOR_ANALYTICS-DISPLAY

No authorization

User with this authorization has no access to OutBoard functionality:

• Is not allowed to view OutBoard configuration and Settings
• Cannot run any OutBoard transactions and reports, or start OutBoard jobs (including archiving)
• Can access archived Data in standard SAP BW processes (reporting, loads)
• The profile for this user should obtain no activity
• SAP role: OTB_FOR_ANALYTICS-NO_AUTH

OutBoard Settings Maintenance

If the OutBoard authorizations are switched ON, only users with authorization to maintain or edit can modify the OutBoard Settings. A user with the maintain authorization can restrict editing of some OutBoard parameters for a user with edit authorization. This can be done only for DEFAULT settings. For OutBoard with storage management, rows marked as "not editable" in DEFAULT Settings; cannot be changed by the users who only have edit authorizations.
For example, in the following screen the first 6 OutBoard parameters are not editable and the remaining 7 are editable.
User with maintain authorization can edit all the fields in OutBoard Settings, whether editable or not (if they are not taken from DEFAULT OutBoard Settings for specific InfoProvider).

_{Default OutBoard Settings for user with authorization to edit}

User with edit authorization can modify:

• All the parameters in DEFAULT Settings, which are editable

_{Default OutBoard Settings for user with authorization to edit}

All the fields for a specific InfoProvider; that are editable and changeable (e.g., fields NLS_STATISTICS, SIZE_TO_MONEY_COEFF, SIZE_UNIT are not changeable and always taken from DEFAULT OutBoard Settings – therefore these fields are also not editable for the user).

_{InfoProvider OutBoard Settings for user with authorization to edit}

For the users with the authorizations to display or without authorization the OutBoard Settings are not editable at all.
Settings for OutBoard with storage management are divided in two parts:
1. First part of settings is done in the first tab "Global settings", On this tab it is possible to enable the authorization check. If the authorizations are enabled, only users with proper authorization role can maintain global as well as InfoProvider specific settings.

_{Storage Management: Global Settings}

2. Second part of the OutBoard with storage management settings is on tab "Near-line objects". InfoProvider specific and default settings can be found on this tab.

_{Storage Management Settings: Near-line objects}

Every default setting value can be enabled for changing. This option is controlled with the "Not editable" checkbox – when this option isn't checked, setting can be modified on InfoProvider level.