Post on 05-Apr-2018
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
1/12
Setup security in BusinessObjects XI 3.1
October 8th, 2011 | Posted byPaul BerdeninBusiness Objects
This article:
Is about setting up security in the Central Management Console (CMC)
Is best used in combination with a demo environment of BO XI 3.1
Is intended for BOBJ system administrators
Expects you to know basic browser functions. Security model knowledge is an advantage
Aims to enable you to perform security related administrative tasks in the CMC
Introduction
The Central Management Console (CMC) is a web-based tool to perform regular administrative tasks, including user, content, and server management. It
also allows you to publish, organize, and set security levels for all of your BusinessObjects Enterprise content. Because the CMC is a web-basedapplication, you can perform all of these administrative tasks through a web browser on any machine that can connect to the server. All users can log on tothe CMC to change their user preference settings. Only members of the Administrators group can change management settings, unless explicitly grantedthe rights to do so.
Authentication
Authentication is the process of verifying the identity of a user who attempts to use Business Objects system.
Authentication type can be Enterprise or Third Party Authentication such as LDAP or Windows AD.
In this training we will not deal with third party authentication
Authorization
Authorization is the process of verifying the user has sufficient rights to perform the requested action upon a given objects.
Actions can be view, refresh, edit, schedule, etc. Objects can be folder, report, instance, universe, etc.
Authorization is handled based on how the access level, application security, and content security such as users and groups, universe security, folder access,
etc. are defined using CMC.
Access Levels and Inheritance
Access level is a set of rights that users frequently need.
BO comes with pre-defined out of the box access levels such as Administrator, Full Access, Schedule, View and View on Demand.
However it is also possible to create and customize your own access levels.
Rights are set on an object for a user in order to control the access to the specific objects. It is highly impractical to set this individually when there arehundreds of objects.
Inheritance resolves this impractical situation by passing on the set of rights from a group to sub-group or from a folder to subfolder.
http://www.paulberden.nl/author/admin/http://www.paulberden.nl/author/admin/http://www.paulberden.nl/author/admin/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/author/admin/7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
2/12
Users and groups
A Group is a collection of users who share the same account privileges. A group can have sub-groups which may share the same or a sub-set of the parent
group privileges.
Users can be added to a group or sub-group or more than one groups or sub-groups.
When groups with different access levels are enabled to other contents such as folders, categories, universe or connections, the users from the group
automatically inherit the rights.
Schematic security model
Effective rights
Three possible explicit values on security commands:
Explicitly granted (G) User or group is given the right
Explicitly denied (D) User or group is denied the right
Not specified (NS) No right assignment
Effective rights (user real rights) = explicit rights aggregation
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
3/12
Where D = denied and G = granted
Best practices
Create a security matrix for each of your applications
Leverage out of the box access levels. Create new access levels based on the existing ones
Use common naming convention for your application across report folder, universe folder, user groups, and access levels.
Leverage the use of Inheritance while defining folder, subfolder, user and group security.
Simplify the security model; KISS!
Interface
The URL is: http://servername:8080/CmcApp/logon.faces
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
4/12
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
5/12
Add users
Go to Users and Groups > User list
Create a new user
Fill in details
Create and close
Add groups
Go to Users and Groups > Group Hierarchy
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
6/12
Create a new group
Be aware that the group is created in the group that iscurrently selected!
Create a new group
Assign user to group
Right click user
Join Group
Select the group and add it to the
destination group(s)
OK
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is not much to see:
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
7/12
Create Access levels
Copy an access level
Rename the access level
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
8/12
For advanced options edit Included rights
Assign security to objects
The following objects need to be assigned with a access level in order for users to successfully use them
Assign security to Folders
Go to Folders
Right click desired folder >User security
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
9/12
Click Add Principle
Select group or user and add these to the field on the
right
Add and Assign Security
Select desired Access level(s) and add these to the field on the right
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
10/12
OK
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is still not much to see.
Assign security to ROOT folder
Right click All Folders > Properties
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
11/12
Click User Security
Select Everyone > AssignSecurity
Go to Advanced tab >Add/Remove Rights
Grant View objects andView objects that and uncheck the Apply to sub object
OK > OK > Close
7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots
12/12
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is something to see
Assign security to Connections
Go to Connections
Right click desired connection >User security
Click Add Principle
Select group or user and add these to the field on the right
Add and Assign Security
Assign security to remaining objects
Repeat steps from previous slide for
Universes Applications QaaWS (if used)