Hey all, I have a question centered around security & efficiency for Data Insight:

I’ve set up a direct application connection to ECC and it works great however it makes all the ECC tables available for profiling which is unacceptable with respect to security. Is there a way for the direct application connection to ECC to use the SAP permissions & roles already established in the source system ? In other words, when SAP user X in Data Insight tries to use the direct SAP connection for ECC, the connection will only allow read permission if user X actually has the permissions in ECC ?

It sure seems like the only options are to stage data locally and then wrap security around it with the BI/IPS platform OR create an SAP system user account (for the direct connection) that only has access to certain tables, and we would be creating many system accounts if that approach was taken.

currently if an ECC table is needed for profiling in Data Insight we import the table with BODS to a local staging area and then serve the imported table to Data Insight.

Is there a better approach to handling SAP source system connections ?

8/1/2017 update: Just went through an “expert chat” session with SAP and the recommendation was to create multiple SAP system accounts depending on the data needed: “SAP Sensitive”, “SAP general”, “SAP material”…etc.

It seems like an SAP product should be able to use established SAP security models with other SAP products.

wilsoja1 (BOB member since 2012-02-10)