Comparing Transactional and Analytical Security Needs

Objective

After completing this lesson, you will be able to compare transactional and analytical security needs

Business Example

Person holding a laptop thinking that the security needs for transactional tasks in SAP S/4HANA differ from those for analytical tasks in SAP BW/HANA.

This lesson discusses the differences in security needs between an Online Transactional Processing (OLTP) system (such as SAP S/4HANA) and an Online Analytical Processing (OLAP) system (such as SAP BW/HANA). It focuses on the differences in business strategy, and how security must be approached from a different perspective.

Online Transactional Processing Security Needs

SAP S/4HANA is an Online Transaction Processing (OLTP) system. This means that SAP S/4HANA focuses on completing the daily work of the business as quickly and efficiently as possible. People only need access to the specific functions that they perform in their daily work.

The figure illustrates a standard sales process comprising various steps performed by different users, each of which aligns with a specific application or transaction. To execute these tasks within the system, users must possess the necessary authorizations associated with these applications/transactions and the organizational units they represent, including Company Code and Sales Organization. These authorizations are essential for users assigned to specific organizational units where these business processes are established.

The steps in the sales process in an OLTP system are sales order, availability check, outbound delivery, picking, transportation, goods issue, billing, and payment processing. A user asks: Which of the many thousands of transactions does a sales representative need? For which company codes and sales organizations?

When establishing security measures for your SAP S/4HANA system, applications, transactions, and field values are paramount considerations. Specific users are limited to certain transaction codes, and field values cover activity fields (such as creation and modification) as well as critical business data like sales organization, business area, and plant. Most companies have a few of these fields that are integral to their entire security implementation.

SAP S/4HANA Security Focus

In general, SAP S/4HANA security is focused on:

  • Applications/Transactions

  • Specific field values

  • Activities

Online Analytical Processing Security Needs

Analytical-Based Security

SAP BW/4HANA is an Online Analytical Processing (OLAP) system. The primary activities in SAP BW/4HANA are the display of data and analysis of the results. Except for planning applications, SAP BW/4HANA users do not update business data, nor create purchase orders, sales orders, or material master records.

The core steps of the analytical-based security in OLAP System SAP BW/4HANA diagram are the collection of data from multiple sources (SAP, non-SAP, on-premise, cloud), the data is loaded or accessed virtually in SAP BW/4HANA data warehouse, and the data is processed by analytical applications (analysis, planning, predictive). One user asks: why has our sales cycle increased from 2 to 3 days?

The following points outline the core steps involved in the collection and consumption of data within SAP BW/4HANA:

  • SAP BW/4HANA data warehouse collects data from all areas and multiple sources of an enterprise.
  • Data is either loaded to the SAP BW/4HANA data warehouse periodically, or is accessed virtually (in real time).
  • Within the SAP BW/4HANA data warehouse, data is harmonized and enriched with additional calculations, aggregations, and conversions.
  • Data is consumed by analytical applications for the purpose of analysis, planning, prediction, and also distribution.

The collected and consumed data includes confidential corporate data, such as personal data from personnel administration. This data forms the basis of decisions and target-oriented actions in all enterprise areas. Secure data access and data integrity are, therefore, of paramount importance.

As an SAP BW/4HANA system has a different business purpose and business goals from an SAP S/4HANA system, the security requirements of an SAP BW/4HANA system also differ. To successfully implement SAP BW/4HANA, it is vital to understand the differences and approach security appropriately.

SAP BW/4HANA Security Focus

The security function in SAP BW/4HANA does not put the focus on transaction codes or activities. Instead, it focuses on the following objects:

  • InfoObjects (characteristics, key figures)
  • Fields (in field-based modeling)
  • InfoProvider (characteristics, DataStore objects (Advanced), CompositeProvider, and Open ODS views)
  • InfoAreas (groups of InfoProvider)
  • Queries

SAP BW/4HANA is focused on defining the data that a user can access. This data is controlled at the InfoObject level, field level, or InfoProvider level. InfoProviders are the base for queries.

Security Considerations for Different Levels of Detail

The following video explains the security levels in SAP S/4HANA and SAP BW/4HANA environments and why they are critical. In SAP BW/4HANA, the main operation is analysis, with a reporting tool allowing users to access all data in an InfoProvider for data analysis but not updating. Security in SAP S/4HANA protects detailed information in specific business units, like purchasing groups, company codes, plants, and any vital fields relating to the company's security strategy. However, applying similar security measures to SAP BW/4HANA limits its value. Thus, SAP BW/4HANA permits more flexibility by allowing security at any level, such as the company code level, to enable thorough data analysis, and gain better insights for effective decision-making. Before implementing security, discussing and laying out goals with the SAP BW/4HANA team is essential to ensure the system's security doesn't hamper its effectiveness.

Comparison between OLTP and OLAP Systems

Finally, you find a comparison between the OLTP and OLAP systems regarding the different technical and business aspects, and their security relevance.

Note

The bold properties have a strong effect on security.

Comparison between OLTP and OLAP Systems

FeatureOLTPOLAP

Primary operation

Update processAnalyze
Importance of AnalysisSubordinatedVery high
Amount of data per transactionVery smallVery large
Type of dataDetailedDifferent levels of details
Timeliness of dataMust be currentCurrent and historical
Updates to dataFrequentlyLess frequent, new, or changed data only
Database designComplexSimple
Number of transactions per userMany (100's to 1000's)Few
Response timeQuickReasonable
Database dataNormalizedDenormalized
Number of tables per transactionSeveralFew
Type of processingWell-definedAd-hoc

Log in to track your progress & complete quizzes