Business Intelligence

Enabling SAP BW/4HANA for SAP Analytics Cloud

SAP Analytics Cloud is built natively on SAP Business Technology Platform. It combines business intelligence, predictive, planning, and digital boardroom capabilities to analyze data from on-premise and cloud applications.


SAP Analytics Cloud provides live connections (online) and data acquisition (batch) connectivity. In SAP Analytics Cloud, you can create models from your data sources, build stories based on those models, and perform online analysis with and without any data replication. This feature allows SAP Analytics Cloud to be used in scenarios where data cannot be moved into the cloud for security or privacy reasons or where your data already exists on a different cloud system. With replication, data is imported (copied) to SAP Analytics Cloud’s SAP HANA database.


From a security perspective, SAP Analytics Cloud provides SAML 2 capabilities to enable single sign-on, simplifying authentication to SAP Analytics Cloud and connected data sources from your landscape. SAP Analytics Cloud provides the business logic and builds the queries required to see your browser’s data. Your browser in turn sends those queries, through the reverse proxy, down or through a direct live connection to the on-premise database. The results of those queries are returned to the browser, where any charts are rendered. Throughout the process, the browser is interacting with the reverse proxy or through direct live connection (cross-origin resource sharing, or CORS), which in turn sends out the requests to SAP Analytics Cloud or the remote data source, depending on each request’s path.


Older versions of SAP NetWeaver applications servers don’t support native CORS connections. SAP Note 2596285 explains how to circumvent this issue by using a so-called ICM script. However, SAP BW/4HANA supports CORS. You can quickly check it using Transaction UCONCOCKPIT for unified connectivity settings, which is shown below. Systems not supporting CORS usually don’t support this transaction.


Unified Connectivity (UCON) Administration in SAP BW/4HANA


Unified Connectivity (UCON) is a tool to secure your system against intruders. For all kinds of communication scenarios, you can specify what is allowed and what is forbidden. The configuration of UCON is beyond the scope of this book. Therefore, we refer you to the documentation found at


With SAML 2 and UCON in place, your system should be secure enough to proceed with CORS.


CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin web pages, images, stylesheets, scripts, iframes, and videos. The same-origin policy in browsers is an essential concept in the web application security model. Under the policy, a web browser permits scripts in a first web page to access data in a second web page, but only if both web pages have the same origin. It’s a critical security mechanism for isolating potentially malicious documents. In a live connection, a browser has to access both SAP Analytics Cloud for metadata and backend data sources (SAP HANA, SAP BW/4HANA, SAP S/4HANA, or universes).


If you use UCON to configure CORS, as you do with SAP BW/4HANA, you need to check that the parameter icf/cors_enabled is set to 1 in Transaction RZ11. As you can see in the figure below, the Current Value is 1.


Checking CORS Enablement for SAP Analytics Cloud in SAP BW/4HANA


On SAP Cloud Appliance Library, icf/cors_enabled is disabled by default. To permanently enable CORS in your system parameters enter Transaction RZ10 and choose your default profile. Next, select Extended maintenance and click Display. You should see the screen shown below.


Enabling CORS for SAP Analytics Cloud in Transaction RZ10


If parameter icf/cors_enabled is set to 0, change it to 1 by clicking on the Change button (icon to the left showing a pencil). If the parameter does not exist yet, simply create it with key icf/cors_enabled and value “1”. Click Save and return to activate your changed profile. If you get an error message telling you that the profiles selected don’t correspond to the profiles being used, synchronize them by choosing Import profiles > Of active servers from the Utilities menu, as shown below.


Importing Profiles from Active Servers in Transaction RZ10


Editor’s note: This post has been adapted from a section of the book SAP BW/4HANA 2.0: The Comprehensive Guide by Thorsten Lüdtke and Marina Lüdtke.


SAP BW/4HANA 2.0: The Comprehensive Guide
SAP BW/4HANA 2.0: The Comprehensive Guide

Ready for SAP BW/4HANA 2.0? Whether you’re an architect, administrator, or developer, this comprehensive guide is for you. Start with a new installation or migrate from an existing SAP BW system. Then walk through major administration, security, and data management tasks. You’ll learn to model data, convert ABAP transformations, use embedded SAP BPC for planning, connect to SAP Analytics Cloud, and more. The data warehouse of the future is here!

Learn More

SAP PRESS is the world's leading SAP publisher, with books on ABAP, SAP S/4HANA, SAP CX, intelligent technologies, SAP Business Technology Platform, and more!