BOB: Business Objects Board
Not endorsed by or affiliated with SAP

Register | Login 

Follow BOB on Twitter! 
Follow BOB on Twitter! (Opens a new window)  

General Notice: Upcoming Events: SAP TechEd: Sep 28.

XI 3.0 Security for Mere Mortals
4 members found this topic helpful
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Search this topic... | Search BOB's Downloads... | Search Box
Register or Login to Post    Forum Index -> BOB's Downloads  Previous TopicPrint TopicNext Topic
Author Message
Adious
Senior Member
Senior Member



Joined: 06 Oct 2009

Posts: 86



PostPosted: Fri Sep 24, 2010 9:43 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

I extracted the Excel file...How do we connect to CMS to extract the CMS documentation. I dont see any Login credentials in the excel sheet...
I am using XI 3.1 and Ecel 2003..

Thanks in Advance.
Back to top
Dwayne Hoffpauir
Forum Groupie
Forum Groupie



Joined: 19 Sep 2002
ASUG Icon
medal_gold.gif*2speaker.gif*5medal_bronze.gif
Posts: 8644
Location: Plano, TX USA


flag
PostPosted: Tue Oct 12, 2010 3:53 pm 
Post subject: Re: XI 3.0 Security for Mere Mortals

Adious wrote:
I extracted the Excel file...How do we connect to CMS to extract the CMS documentation. I dont see any Login credentials in the excel sheet...
I am using XI 3.1 and Ecel 2003..

The Excel sheet is just for your own development / drafting of your security model. It is not intended to interact with the repository.

_________________
Dwayne Hoffpauir
Image link
Back to top
rsa_77
Senior Member
Senior Member



Joined: 23 May 2010

Posts: 34



PostPosted: Tue Feb 08, 2011 3:33 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

hi ,

I have to set up security this way:
Two folders Folder 1 & Folder 2.
Two user groups Group 1 & Group 2.
Two users , user 1 from Group1 and user 2 from Group2.

User 1 should only see Folder 1 and not Folder 2.
User 2 should only see Folder 2 and not Folder 1.

Administrator should see all the folders, Folder 1 & Folder 2.

Please advise.

Thanks in advance...
Back to top
gauravsays
Senior Member
Senior Member



Joined: 01 Dec 2009

Posts: 42


flag
PostPosted: Fri May 13, 2011 9:55 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Hi,

What is the work around if group Administrators looses all its rights over an application (e.g. Web-I) incl. inherited?

Thanks,
Gaurav
Back to top
joepeters
Forum Fanatic
Forum Fanatic



Joined: 29 Aug 2002

Posts: 6145
Location: Connecticut, USA


flag
PostPosted: Fri May 13, 2011 9:57 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Log into CMC as "administrator" and re-set the rights.
Back to top
ahmed.zuhair
Forum Member
Forum Member



Joined: 27 Jul 2011

Posts: 6



PostPosted: Wed Jul 27, 2011 5:21 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

hi , do we have to set all these reights mannually or is there a way that all this rights mattrix could be translated into scripts which would set user security settings for BO, I heard there is some utility like that if kindly someone can confirm and share ?
Back to top
JPetlev
Forum Enthusiast
Forum Enthusiast



Joined: 01 Nov 2006

Posts: 1097



PostPosted: Wed Jul 27, 2011 9:45 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Unless something new has come out since I last set things up last year.. manually is the only way. It's sort of a PITA, but once it'd done.. it's done.

There is a 3rd party tool, called 360View which I've heard makes it easier to manage security once in place, but not sure how good it would be for a first time setup.
Back to top
samgreene
Forum Member
Forum Member



Joined: 26 Sep 2011

Posts: 26



PostPosted: Wed Oct 05, 2011 11:52 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Looking at the list of 1352 permissions, it seems very overwhelming to start building my own custom access levels to use a building blocks. Can anyone point me to resources for getting started on this? I only have a couple weeks to get this going and it looks like a whole lot of trial and error.

Any guidance on getting started?
Back to top
Andreas
Forum Advocate
Forum Advocate



Joined: 20 Jun 2002

medal_silver.gif*2medal_gold.gif
Posts: 17320
Location: *** BEEP ...Dreaming of Africa... leave No message ; ) BEEP ***


flag
PostPosted: Wed Oct 05, 2011 12:00 pm 
Post subject: Re: XI 3.0 Security for Mere Mortals

Hire me, I am available in Dec icon_wink.gif

It depends what your requirments are:
- universe designers
- report developers
- power-users
- mere report consumers
- no delegated administration

If so you should be able to set something up like that within 5-10 working days (design & build).

_________________
Follow me on Twitter
Reading "The Design Of Everyday Things" by Don Norman
Focusing on Data Visualization, Design Thinking, SAP DesignStudio + scripting, SAP BI 4.x platform & architecture, SAP connectivity, Data Modeling, and SAP HANA Certified Associate
Back to top
Andreas
Forum Advocate
Forum Advocate



Joined: 20 Jun 2002

medal_silver.gif*2medal_gold.gif
Posts: 17320
Location: *** BEEP ...Dreaming of Africa... leave No message ; ) BEEP ***


flag
PostPosted: Wed Oct 05, 2011 12:03 pm 
Post subject: Re: XI 3.0 Security for Mere Mortals

ahmed.zuhair wrote:
hi , do we have to set all these reights mannually or is there a way that all this rights mattrix could be translated into scripts which would set user security settings for BO, I heard there is some utility like that if kindly someone can confirm and share ?

There is possibly... available from SAP is a so called Consulting Solution, ask for the Workflow Assistant (it ain't for free though).

_________________
Follow me on Twitter
Reading "The Design Of Everyday Things" by Don Norman
Focusing on Data Visualization, Design Thinking, SAP DesignStudio + scripting, SAP BI 4.x platform & architecture, SAP connectivity, Data Modeling, and SAP HANA Certified Associate
Back to top
Scott_at_Pax
Senior Member
Senior Member



Joined: 27 Nov 2006

Posts: 36



PostPosted: Thu Oct 13, 2011 9:52 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Currently we have a group of duplicate accounts for users who have the ability to ONLY refresh Financial reports against a universe (FNN), but also need to have the ability to create an adhoc against another specific financial universe (FNN_MM).

We are in the processing of converting our authentication method from Enterprise (username/password) to trusted authentication using a CAC so duplicate accounts will no longer work.

If we grant adhoc access to these users primary account, they would then have it on both financial universes. Not acceptable.

Any ideas

thanks,
Scott
Back to top
Sebastien Goiffon
Forum Fanatic
Forum Fanatic



Joined: 29 Sep 2004
ASUG Icon
Posts: 6454
Location: Boston, MA


flag
PostPosted: Thu Oct 13, 2011 10:30 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

No if you are running XI3 it's possible to setup this right @universe level. Play with the security command create and edit queries based on the current universe !
_________________
360Suite: Security, backup, promotion, bursting, automated regression testing, BI on BI, version control solutions.
Fast-track migration to bi4.2 80% time saver.
Back to top
Scott_at_Pax
Senior Member
Senior Member



Joined: 27 Nov 2006

Posts: 36



PostPosted: Thu Oct 13, 2011 12:25 pm 
Post subject: Re: XI 3.0 Security for Mere Mortals

Sebastien,
Thanks for the quick response.

What I would like to have, if possible, is one of the users I have identified to login to Infoview. Run the standard reports as normal built against the FNN universe. But if they want to create a new adhoc query only the FNN_MM universe appears.

Currently as configured if the users was in both groups (refresh and adhoc), since they have the ability to refresh a report built with the FNN universe it shows as an available universe to create an adhoc against.

I would like to not even allow the users to see the universe if they cant create an adhoc against it.

Anyway that is possible?

thanks,
Scott
Back to top
JPetlev
Forum Enthusiast
Forum Enthusiast



Joined: 01 Nov 2006

Posts: 1097



PostPosted: Thu Oct 20, 2011 10:56 am 
Post subject: Re: XI 3.0 Security for Mere Mortals

Scott_at_Pax wrote:
I would like to not even allow the users to see the universe if they cant create an adhoc against it.

Anyway that is possible?

thanks,
Scott


EDIT:
After thinking about this a bit, I'm not 100% sure if XIR3 'hides' the universe from view if you don't have ad-hoc against it.. I know at the very least you get an error if you try to select it.. but it might still show in the list if that's your concern. My current environment is XIR2 so I cannot 100% sure say what XIR3 does.

However, the original post below might be helpful anyway if it's a permissions issue:

-------
Since I've not see a response yet, I'll answer this.
Yes..it's possible.

The issue sounds like it's a function of how your groups were given permissions on the universe itself, not the fact that the user is in a group.

To fix things, I'd suggest you think about the following setup:

End goal is that on each universe you want two main functions:
ADHOC or REFRESH

I'd set up the following CUSTOM ACCESS levels:

Adhoc
RefreshOnly

Giving those access levels specific persmissions from universe/webi/desk sections as needed (Only give what is relevant to creating reports from universes, nothing else. These groups only will control universe permissions! Don't fall into the trap of giving it a few folder permissions or other stuff, it'll just cause you issues in the long run).

Then create a set of USER GROUPS

FNN-Adhoc / FNN-RefreshOnly
FNN_MM-Adhoc / FNN_MM-RefreshOnly

Set the permissions on the universe objects as follows:
Universe FNN -> Group FNN-ADHOC gets attached to the "Adhoc" custom access level.
Universe FNN -> Group FNN-RefreshOnly gets attached to the "RefreshOnly" custom access level.

Do the same with the FNN_MM universe.

Then when a user needs access, you put them in either the refresh or adhoc user group for the appropriate universe.

If you need the ability for users to have ad-hoc against ALL universes, you could create other User Groups which combine the appropriate universe groups.

ie: A user is placed in a group called "Adhoc-ALLUniverses". That Group itself is a member of both the FNN-Adhoc and FNN_MM-Adhoc groups, and therefore inherits all the security from it's parent group.

That way a user only has to go into one group and get all the permissions needed.

XIR3 really added a whole new level of complexity to security, it's almost too complex for it's own good sometimes, but the benefit is, you can do almost anything from a security perspective.

The key to it all I've realized after working with several companies and multiple environments, is making sure you set everything up first on paper/excel/whiteboards so you can easily see which groups can do what before you go messing with the system itself, it'll save so much headaches.
Back to top
Scott_at_Pax
Senior Member
Senior Member



Joined: 27 Nov 2006

Posts: 36



PostPosted: Thu Oct 20, 2011 12:13 pm 
Post subject: Re: XI 3.0 Security for Mere Mortals

JPetlev,
Thanks for the reply.

I will use the information you provided and see if I can set up this security on my DEV instance.

Verify it works and then move it to our PROD environment.

thanks,
Scott
Back to top
Display posts from previous:   
Register or Login to Post    Forum Index -> BOB's Downloads  Previous TopicPrint TopicNext Topic
Page 4 of 6 All times are GMT - 5 Hours
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Jump to:  

Index | About | FAQ | RAG | Privacy | Search |  Register |  Login 

Get community updates via Twitter:

Not endorsed by or affiliated with SAP
Powered by phpBB © phpBB Group
Generated in 0.0147 seconds using 18 queries. (SQL 0.0034 Parse 0.0003 Other 0.0110)
CCBot/2.0 (http://commoncrawl.org/faq/)
Hosted by ForumTopics.com | Terms of Service
phpBB Customizations by the phpBBDoctor.com
Shameless plug for MomentsOfLight.com Moments of Light Logo