Page tree
Skip to end of metadata
Go to start of metadata

A live connection directly connects to the SAP BW system from SAP Analytics Cloud. Queried data from SAP BW always remains behind the corporate firewall and does not enter into the cloud.

The configuration steps depend on the Netweaver Basis release and can be found in the Official Documentation.
SameSite Cookie Configuration for BW Live Data Connection and can be found in the Official Documentation.
The Troubleshooting steps for BW Live Connectivity can be found in this Wiki page.


This page is intended to describe CORS concept in general.

Customer's network is typically blocked from the internet. This where customer's BW and the User's browser is running inside customer's corporate network, but getting all the Javascript and configuration from SAP cloud, where SAP Analytics Cloud resides. When customer loads a page in SAC, Javascript is loaded from Cloud to the Browser and Browser knows where the javascript comes from.

It is important from the security point of view, tha the BW data does not leave customer's network, only Javascript comes from the cloud. When Javascript is loaded to the Browser and it finds the connection, it starts firing INA HTTP requests to the backend (sap/bw/ina/GetServerInfo, sap/bw/ina/GetResponse, etc.), but the browser does not allow this, because of CORS (Cross-Origin Resource Sharing).  Javascript that comes from outside customer's network should not be allowed to fire HTTP requests to the customer's backend.

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.

CORS (Cross-Origin Resource Sharing)

The specification mandates that browsers "preflight" the request, soliciting supported methods from the server with the HTTP OPTIONS request method, and then, upon "approval" from the server, sending the actual request. Servers can also inform clients whether "credentials" (such as Cookies and HTTP Authentication) should be sent with requests.

CORS (Preflight)


  • No labels