BW system has 3 environments
1.WBP (Production Environment
2.WBV (Pre Production Environment)
3.WBQ (Quality Environment)
In this article let us discuss the user creation in WBP system (same procedure follows for WBV and WBQ system as well)
User creation in WBP system
Pre analysis need to be done before before creating a user in BW system:-
1. Whenever we get a ticket on BW user creation first we need to check for which BW environment he is requesting access for Production , Pre production , or Quality.
2. Next step is to check whether the requested user exist in that particular system or not , once we make confirm that user does not exist we can proceed with the ticket.
3. Once we make sure he is not exist in WBP system third analysis is to check the GBU and Location to which he is requesting access.
4. Final Analysis is to check the user details in IDM , Suppose if user not belongs to the GBU and location to which he had requested access , then we need to ask for the justification with user that Why he/she has requested access to the GBU or location which they are not belong
We have a standard BW catalogue where we get all the BW Roles , below is the G drive link to the Catalogue
Note : In WBP we have Business role and Privilege roles , One business role can have multiple privilege roles , we need to assign all the privilege roles associated with Business role.
We get to know the privileges associated with business roles from BW Catalogue.
We have two methods to create a user in WBP system
1. Using Reference use
2. Without using Reference user
1. Using Reference user
- In this case users will mention any reference user details in the ticket to mirror the same access to their profile in WBP system. Here again we need to make an analysis whether the user and reference user profile match in IDM in terms of GBU , Job Function and the location where they belong , we can only proceed if they match or else we need to ask for the justification for the roles reference user having.
- Once we make sure reference user matches the profile of user , we need to check the roles of reference user in SAP LOGON
- Lets take below is the screenshot of roles of reference user , here P01 , P02 , P04 etc represents the privilege roles which can be copied directly to the user under privilege roles , and M03 , M19 , M41 represent the business roles , So we need to get the business role associated with this privilege from BW catalogue , attached a screenshot to get the BR for M03 privilege from BW catalogue
- Business Roles in BW catalogue which have star(*) at the end represents the roles which are assigned according to the GBU of user, when we are assigning this role in IDM we get a list of GBU , we need to select the right GBU to which the user belongs.
3) In WBP or WBQ ticket, user will request access for modification or creation/deletion. Sometimes user might ask for creation too, but we need to check first if the user is exist in system or not.
4) User can provide applications name to be added or any reference user whose roles we can add.
5) Check whether user present in IDM or not. If not transfer the ticket to L0 by adding note "we cannot see user in IDM"
6) For adding roles in WBP to user via IDM: we will check with Menu roles or Application roles in BW google sheet( link is below) by comparing user old access.
And we will always assign Business roles in case of WBP (ignore Menu roles or Application roles) with given perimeter roles.
7) For adding roles in WBQ to user via IDM: we can directly assign Menu, Application and given perimeter roles by comparing user old access.
8) For example user needs access to PS-Project costs application, we have search PS application in BW-catalog. It consists MENU and PERIMETER roles, which you can see in below screenshots.
9) Even user provides specific requirement in perimeter roles, for example in this case 1111 company, 2345 plant and soda ash gbu. Then we have to open suim in sap system, then give that role name and search according to it. If he provides reference user get approval and give directly access to user by copying reference user roles to the user.
