This authorisation concept is specifically designed for SAP BW. It uses authorization objects created via transaction RSECADMIN to control access to characteristics that are authorization relevant. Those objects can be assigned via roles to users or directly to user id’s. Typically this authorisation is set up along organizational data to control visibility of data.