Introduction

This chapter contains basic information on access restrictions and safety within OutBoard. As a general rule, a user in any IT system should only be provided with access to functions this user really needs in order to achieve success in their daily IT tasks.

To inspect the user's privileges for specific activities Datavard's OutBoard uses the authorization object S_ARCHIVE which is to be included in Roles and Profiles. Then the particular Role is assigned to the users. OutBoard authorization object S_ARCHIVE contains 3 levels of authorization, which can be set according to Role needs:

No authorization
Display (View the data)
Change (Nearly Full functionality)
Maintain (Full functionality)

However, additional scenarios will need to be considered with OutBoard:

Authorizations during the initial OutBoard implementation
Authorizations on non-production systems
Authorizations on production systems

The user can also use the extended Outboard authorizations concept using the OutBoard authorization object /DVD/OTB.

Initial Implementation of OutBoard for Analytics

For implementing OutBoard with Storage Management and to use all the functions of the SAP Add-On Installation tool a user must exist in client 000. It must have the following authorizations:

S_ TRANSPRT
S_CTC_ADMIN

Both authorizations can be found in authorization profile S_A.SYSTEM.
For using Datavard OutBoard during the initial implementation and initial archiving a user needs at least the authorization for:

Calling reports (SE38)
RSA1
/DVD/OUTBOARD

OutBoard for Analytics Authorizations

Authorization checks can be activated in the near line storage based on standard SAP authorization objects S_ARCHIVE and OutBoard authorization object /DVD/OTB. Usually, such checks are not required because no end-users are working directly with the NLS. The NLS is used transparently by end-users where often end-users do not even know whether data they see in the report is coming from the NLS or from the online database. These authorizations are built on standard SAP authorization object S_ARCHIVE and /DVD/OTB. This authorization object S_ARCHIVE should have permitted least activities 01 (Create or generate), 02 (Change) and 03 (Display). The activities of authorization object S_ARCHIVE can be maintained in TA SU21.
The main use of OutBoard Authorization is the restriction of user-rights to archive/view data in OutBoard NLS, start Outboard transactions, reports and jobs or maintain OutBoard configurations.

Switching Authorization ON/OFF

The Authorizations can be set globally in "DEFAULT" OutBoard Settings. The OutBoard Settings are reachable from the OutBoard Cockpit (TA /dvd/outboard).

_{OutBoard Authorizations}

Parameter AUTHORIZATION determines whether OutBoard Authorizations are switched ON (value X) or OFF (value ' '). By default Authorizations are not used.

If Authorizations are switched ON and Settings are saved, it is not possible to maintain OutBoard Settings for a user without proper authorizations.

Description of Authorizations

There are four groups of users in OutBoard, each having one of the following authorizations: maintain, edit, display or no authorization.

Authorization roles available for OutBoard:

OTB_FOR_ANALYTICS-MAINTAIN
OTB_FOR_ANALYTICS-EDIT
OTB_FOR_ANALYTICS-DISPLAY
OTB_FOR_ANALYTICS-NO_AUTH

_{Authorizations}

Authorization to Maintain
User with this authorization can access all the OutBoard functionality:

Can maintain all OutBoard configurations and Settings
Can run all OutBoard transactions and reports, start all OutBoard jobs
Can access archived Data in standard SAP BW processes (reporting, loads)
The profile for this user should obtain activities: S_ARCHIVE - Create or generate, Change and Display and /DVD/OTB - Maintain
SAP role: OTB_FOR_ANALYTICS-MAINTAIN

Authorization to Edit
User with this authorization can access a restriction off OutBoard functionality:

Is allowed to maintain only OutBoard configurations and Settings, which are specified by user with Maintain authorization (e.g., cannot change the data class used in archiving if this is forbidden by the user with the maintain authorization)
Can run all OutBoard transactions and reports expect report for creation of OutBoard Virtual Providers, start all OutBoard jobs
Can access archived Data in standard SAP BW processes (reporting, loads...)
The profile for this user should obtain activities: S_ARCHIVE - Create or generate, Change and Display
SAP role: OTB_FOR_ANALYTICS-EDIT

Authorization to Display:
User with this authorization has restricted access to OutBoard:

Is allowed only to view OutBoard configuration and Settings without the possibility to change these parameters
Can run OutBoard transactions only in Display mode and can not start archiving via OutBoard
Can access archived Data in standard SAP BW processes (reporting, loads...)
The profile for this user should obtain activity: S_ARCHIVE - Display
SAP role: OTB_FOR_ANALYTICS-DISPLAY

No authorization:
User with this authorization has no access to OutBoard functionality:

Is not allowed to view OutBoard configuration and Settings
Cannot run any OutBoard transactions and reports, or start OutBoard jobs (including archiving)
Can access archived Data in standard SAP BW processes (reporting, loads)
The profile for this user should obtain no activity
SAP role: OTB_FOR_ANALYTICS-NO_AUTH

OutBoard for Analytics Settings maintenance

If the OutBoard authorizations are switched ON, only users with authorization to maintain or edit can modify the OutBoard Settings. A user with the maintain authorization can restrict editing of some OutBoard parameters for a user with edit authorization. This can be done only for DEFAULT settings. For OutBoard with storage management, rows marked as "not editable" in DEFAULT Settings; cannot be changed by the users who only have edit authorizations.
For example, in the following screen the first 6 OutBoard parameters are not editable and the remaining 7 are editable.
User with maintain authorization can edit all the fields in OutBoard Settings, whether editable or not (if they are not taken from DEFAULT OutBoard Settings for specific InfoProvider).

_{Default OutBoard Settings for user with authorisation to edit}

User with edit authorization can modify:

All the parameters in DEFAULT Settings, which are editable

_{Default OutBoard Settings for user with authorisation to edit}

All the fields for a specific InfoProvider; that are editable and changeable (e.g., fields NLS_STATISTICS, SIZE_TO_MONEY_COEFF, SIZE_UNIT are not changeable and always taken from DEFAULT OutBoard Settings – therefore these fields are also not editable for the user).

_{InfoProvider OutBoard Settings for user with authorisation to edit}

For the users with the authorizations to display or without authorization the OutBoard Settings are not editable at all.
Settings for OutBoard with storage management are divided in two parts:
1. First part of settings is done in the first tab "Global settings", On this tab it is possible to enable the authorization check. If the authorizations are enabled, only users with proper authorization role can maintain global as well as InfoProvider specific settings.

_{Storage Management: Global Settings}

2. Second part of the OutBoard with storage management settings is on tab "Near-line objects". InfoProvider specific and default settings can be found on this tab.

_{Storage Management Settings: Near-line objects}

Every default setting value can be enabled for changing. This option is controlled with the "Not editable" checkbox – when this option isn't checked, setting can be modified on InfoProvider level.

License Check

License to use OutBoard can be provided for a certain period of time or indefinitely (until 31. 12. 9999). The license is bound to the system, so for every new system you have to obtain a new license.
As of spring release in May 2013, the license can be also system size dependent. This information will be provided to you together with the license key.

Browser not supported