Академический Документы
Профессиональный Документы
Культура Документы
Dallas is an SAP Certified Application Associate and authorized trainer for Web Intelligence, Information Design Tool, Universe Design Tool, Dashboards (formerly Xcelsius), and SAP BusinessObjects Business Intelligence administration. A seasoned consultant and speaker, Dallas has worked with SAP BusinessObjects tools since 2003 and presented at the North American conference each year since 2006. This is Dallas first appearance at an SAP Insider event. Dallas has implemented SAP BusinessObjects solutions for a number of industries, including retail, energy, health care, and manufacturing. He holds a masters degree in Computer Engineering from the University of Cincinnati. Dallas blogs about various business intelligence topics at http://www.dallasmarks.org/. You can follow him on Twitter at @dallasmarks. 1
In This Session
In this presentation, learn how the Business Objects security model works Leverage features such as inheritance, scope of rights, and custom access levels to secure the business intelligence system while reducing overall complexity and maintenance Techniques will be demonstrated using SAP BusinessObjects Business Intelligence 4.0 that are also applicable to SAP BusinessObjects Edge BI 4.0 and previous releases of SAP BusinessObjects Enterprise (XI R2 and XI 3.x)
Business Objects Security Basics Demonstration: Business Objects Security Basics Troubleshooting Your Security Model Best Practices Wrap-up
Terminology
Principal A user or group Rights override A rights behavior in which rights that are set on child objects override the rights set on parent objects General Global Rights Access rights enforced regardless of content type Content Specific Rights Access rights unique to content type (Crystal Report, Web Intelligence, etc.)
Predefined Rights
Rights Level
No Access View Schedule
Description
Unable to access an object (default) Able to view historical (scheduled) instances of an object Able to schedule instances of an object
XI R2 XI 3.x/BI 4.0
Yes Yes Yes Yes Yes Slightly different Yes Yes Yes Yes
View on Demand Able to view and re-query live data ondemand Full Control Able to change or delete an object
Advanced/Granular Rights
XI R2 XI 3.x/BI 4.0
Yes
Yes Yes
Yes
Yes Yes
Apply to Object
No
Yes
Apply to SubObjects
Yes
Yes
Folder Inheritance
Global Rights
Object
Subfolder Object
Subfolder Object
In XI 3.x and higher, global rights are set in the Folders management area as All Folders Security In XI R2, global rights were set on the Rights tab in the Settings management area
Object
Group Inheritance
eFashion East
eFashion South
eFashion West
Barrett
Richards
Larry
Leonard
Bennett
Steve
Breaking Inheritance
Still possible in BI 4 and XI 3.x as it was in XI Release 2 Can disable folder inheritance, group inheritance, or both May not be as necessary in XI 3.x because of new scope of rights features
10
New Central Management Console (CMC) feature in XI 3.x Can create new access levels or copy existing access levels Combines object rights (folder, report, etc.) and application rights (BI Launchpad, Web Intelligence) into single access level Predefined rights levels (View, Schedule, View On Demand, Full Control) cannot be altered Easier to manage than setting Advanced rights
11
Scope of Rights
Scope of rights New in XI 3.x, the ability to limit the extent of rights inheritance (Apply to Object, Apply to Sub-Object) In SAP BusinessObjects Enterprise XI R2, the administrator was forced to break inheritance when they wanted to give user rights to child folders that were different to those given to the parent folder In XI 3.x, rights are effective for both the parent object and the child objects by default (same as XI R2). However
12
With SAP BusinessObjects Enterprise XI 3.x and higher, the administrator can now specify that a right set on a parent object should apply to that object only
13
Business Objects Security Basics Demonstration: Business Objects Security Basics Troubleshooting Your Security Model Best Practices Wrap-up
14
15
Business Objects Security Basics Demonstration: Business Objects Security Basics Troubleshooting Your Security Model Best Practices Wrap-up
16
Use the Permissions Explorer to determine the rights a principal has on an object Improvement upon Check User Rights button in XI Release 2 Check User Rights only identified the effective rights The source of the rights assignment was still unknown Available from any object (folder, document, universe, connection, etc.) that can have rights assigned
17
Permissions Explorer
18
Use Security Query to determine the objects to which a principal has been granted or denied access Available from Users and Groups or Query Results
19
Query Principal The user or group that you want to run the security query for. You can specify one principal for each security query.
20
Query Permission The right or rights you want to run the security query for, the status of these rights, and the object type these rights are set on
21
Security Query Query Context Query Context The CMC areas that you want the security query to search. For each area, you can choose whether to include sub-objects in the security query. A security query can have a maximum of four areas. Security Query demo
22
Business Objects Security Basics Demonstration: Business Objects Security Basics Troubleshooting Your Security Model Best Practices Wrap-up
23
Grant rights to groups on folders Although rights can be granted on individual objects or users, the security model can become difficult to maintain Use pre-defined rights wherever possible Understand the additional complexity that advanced rights can introduce Avoid breaking inheritance while understanding that it is sometimes necessary Add multiple users to Administrators group rather than sharing Administrator user account to improve traceability Document and maintain your security structure outside of the CMC Microsoft Excel is a good choice
24
Allot time in your upgrade/migration for administrative staff to understand both the new CMC interface/workflows as well as its new features Use custom access levels where you would have previously resorted to advanced rights Identify opportunities to limit the scope of rights instead of breaking inheritance Take advantage of the Permissions Explorer and Security Query tools to diagnose and correct security issues
25
Business Objects Security Basics Demonstration: Business Objects Security Basics Troubleshooting Your Security Model Best Practices Wrap-up
26
Additional Resources
Business Intelligence Platform Administrator Guide (SAP AG, October 2011). http://help.sap.com/businessobject/product_guides/boexir4/en/xi4 _bip_admin_en.pdf Business Intelligence Platform Upgrade Guide (SAP AG, April 2011). http://help.sap.com/content/bobj/bi/business_intelligence_platform .htm Scroll to SAP BusinessObjects Business Intelligence platform 4.0 Knowledge Center Installation, Upgrade, Deployment BusinessObjects 5/6 to XI 3.1 Migration Guide (SAP AG, September 2008). http://help.sap.com/boe31 Scroll to Installation, Upgrade, Deployment Upgrade Guide BusinessObjects 5/6 to XI 3.1 Migration Guide
27
Relevant Education
Official SAP BusinessObjects curriculum is available onsite at your location or at authorized education centers around the world
28
29
Leverage folder and group inheritance to simplify rights administration Use Custom Access Levels to simplify rights administration Replace any Advanced Rights created in older versions with Custom Access Levels Permissions Explorer is an object-centric way to view security Security Query is a user-centric way to view security Review the free tutorials for Central Management Console on SAP SCN site Document and maintain your security structure outside of the CMC Microsoft Excel is a good choice
30
Your Turn!
TEAM AT KALVIN
Mission
To partner with you to create intelligent data that will empower your business to:
Maximize operational performance Increase not just revenue but profit Help identify and serve your clients better
Best of Breed solution provider for Business Intelligence and Data Warehousing
Vision
Creating intelligent data to power an intelligent world
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
Core Competencies
Kalvin is an expert in Application development
Java/J2EE enterprise solutions .NET Solutions Customized solutions using Java, .NET, Web services , SDK
Data Integration
Data warehouse/Data mart design and implementation using Kimball or Inmon methodology Master data Management Data governance ETL using Data Integrator, Informatica, Data Stage & PL/SQL Data Quality & Data cleansing
SAP BW
End to end BW & BOBJ solution design and implementation Complete documentation of BW transport documents and technical content
SAP
NetWeaver BI Upgrades and implementation, toolsets and authorization Advanced ABAP design and code solutions SAP R/3 Data Analysis, extraction, custom extractor design and implementation
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
33
Core Competencies
Kalvin specializes and is an expert in Reporting & Dashboards
Contd
SAP Business Objects SAP BW as a data source Reporting, Analytics & executive dashboards (WebI, crystal, Xcelsius, Predictive Workbench etc.) BO mobile Sharepoint integration
Training
SAP Certified - BI 4.0 SAP Certified - BI 3.0/3.1 E-learning Mentor/Knowledge Transfer
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
34
Capabilities Matrix
Services
SAP BW & Enterprise Data Warehouse (Oracle, dB2, SQL) ETL (SAP Data Services, IBM DataStage, Informatica) Custom Report Portals (WebSphere, SharePoint, Weblogic) Enterprise BI Platforms (SAP Business Objects, IBM Cognos) Reporting and Dashboards Predictive Analytics (IBM SPSS, SAS, R) Descriptive Analytics (IBM SPSS, SAS, R) X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
35
Activation ACTIVATION
Brand Loyalty Promotion scorecard
Who are my core customers and how do the behave? What drives their behavior? Can I predict change? Segmentation (Value, lifestyle) Promotion Impact /Marketing Mix Predictive Analysis
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
36
8573 MasonMontgomery Road Mason, OH 45040 P: (513) 492-9120 F: (513) 492-9122 contact@kalvinsoft.com
Disclaimer
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.
38