Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
22 July 2012

Unlocking Information In BW

BW systems present some very specific challenges when authorising access to data, so for this series I want to talk about some of the key points of control to consider.

The first of these, as you will see, is about ensuring your reporting users understand the system and its uses:

BW is not your operational database!

While this may seem an obvious statement to make, it is important at all stages of designing your reporting solution to consider the purpose of the BW reports, it is very easy to lose focus on the purpose of a data warehousing and reporting system.

Many organisations have implemented SAP BW to provide reporting capabilities, but have fallen into the all-too-easy trap of using BW to provide data which is already accessible in the source system. Operational reporting such as this does not take advantage of the data warehousing capabilities of the tool while presenting unnecessary challenges to the authorisation design:

e.g. The need to secure fields within BW requires activation of multiple characteristics to attempt to replicate the authorisations in the source system, while this level of protection may not be essential to deliver the management information required and, due to the “all or nothing” rule in BW, can impact the delivery of other reports.

If you have identified that there are large volumes of ad-hoc reporting taking place from the BW system, take the time to understand the requirements of the highest volume users and explore options for providing similar reporting capabilities from source ERP systems. Solutions such as ad-hoc query or tailored reports from tables in the ERP can provide much more effective solutions for these users and ensure you can focus on delivering the strategic and tactical reporting for which you have invested in BW.

Why is this important?

Without a clear understanding of the data consumers, it is extremely difficult to design all components in a way which will support not only the reports themselves, but the authorisation for the data contained in those reports. It is common for operational reports to act simply as a “data-dump” tool for business users to see all detailed data pertaining to a specific operational requirement, be it tracing all information about an account, or seeing all data relating to employees. Management information often does not require this level of detail and inclusion of these details in reports presents the first point of challenge in designing authorisations – the need to secure details is often greater than that to secure aggregate data within the BW system.

An example:

Management teams would like to track bonus payments per team, but do not require the details of the payments to individuals to meet these KPI requirements. Knowing how a team is performing against a metric will tell management what they need to know, dealing with an individual case within that team takes us to a level of detail which is more appropriately handled at the detailed information level which is already available for individuals within the source system (with appropriate authorisations in place)

In this example, it is possible for the data warehousing architects to ensure that only the high-level or summary level information is presented in the reports to managers, to provide a view which will show how each organisation, branch and /or team is performing against the metrics defined. Because we do not need to display specific details of individual records, the need to secure the data within the report is lessened, which allows us to keep the authorisation concept simple. This drives cost savings in terms of support and greater transparency in the event of an audit, helping to demonstrate control across your SAP landscape.

By adhering to the first principle: Ensuring data is appropriate for the needs of the report, your authorisation specialists will be able to focus on areas where there is greater need to provide technical solutions and let the processes and understanding of BW take the lead in these high-level reports.

As we continue this series, we will look into other fundamental principles in achieving a secure and compliant BW landscape which will complement your wider SAP architecture. If you have any comments or questions, please feel free to use the comment submission below.