setup security in businessobjects xi 3 with screenshots

7/31/2019 Setup Security in BusinessObjects XI 3 With Screenshots

1/12

Setup security in BusinessObjects XI 3.1

October 8th, 2011 | Posted byPaul BerdeninBusiness Objects

This article:

Is about setting up security in the Central Management Console (CMC)

Is best used in combination with a demo environment of BO XI 3.1

Is intended for BOBJ system administrators

Expects you to know basic browser functions. Security model knowledge is an advantage

Aims to enable you to perform security related administrative tasks in the CMC

Introduction

The Central Management Console (CMC) is a web-based tool to perform regular administrative tasks, including user, content, and server management. It

also allows you to publish, organize, and set security levels for all of your BusinessObjects Enterprise content. Because the CMC is a web-basedapplication, you can perform all of these administrative tasks through a web browser on any machine that can connect to the server. All users can log on tothe CMC to change their user preference settings. Only members of the Administrators group can change management settings, unless explicitly grantedthe rights to do so.

Authentication

Authentication is the process of verifying the identity of a user who attempts to use Business Objects system.

Authentication type can be Enterprise or Third Party Authentication such as LDAP or Windows AD.

In this training we will not deal with third party authentication

Authorization

Authorization is the process of verifying the user has sufficient rights to perform the requested action upon a given objects.

Actions can be view, refresh, edit, schedule, etc. Objects can be folder, report, instance, universe, etc.

Authorization is handled based on how the access level, application security, and content security such as users and groups, universe security, folder access,

etc. are defined using CMC.

Access Levels and Inheritance

Access level is a set of rights that users frequently need.

BO comes with pre-defined out of the box access levels such as Administrator, Full Access, Schedule, View and View on Demand.

However it is also possible to create and customize your own access levels.

Rights are set on an object for a user in order to control the access to the specific objects. It is highly impractical to set this individually when there arehundreds of objects.

Inheritance resolves this impractical situation by passing on the set of rights from a group to sub-group or from a folder to subfolder.
http://www.paulberden.nl/author/admin/http://www.paulberden.nl/author/admin/http://www.paulberden.nl/author/admin/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/category/businessobjects/http://www.paulberden.nl/author/admin/


2/12

Users and groups

A Group is a collection of users who share the same account privileges. A group can have sub-groups which may share the same or a sub-set of the parent

group privileges.

Users can be added to a group or sub-group or more than one groups or sub-groups.

When groups with different access levels are enabled to other contents such as folders, categories, universe or connections, the users from the group

automatically inherit the rights.

Schematic security model

Effective rights

Three possible explicit values on security commands:

Explicitly granted (G) User or group is given the right

Explicitly denied (D) User or group is denied the right

Not specified (NS) No right assignment

Effective rights (user real rights) = explicit rights aggregation


3/12

Where D = denied and G = granted

Best practices

Create a security matrix for each of your applications

Leverage out of the box access levels. Create new access levels based on the existing ones

Use common naming convention for your application across report folder, universe folder, user groups, and access levels.

Leverage the use of Inheritance while defining folder, subfolder, user and group security.

Simplify the security model; KISS!

Interface

The URL is: http://servername:8080/CmcApp/logon.faces


4/12


5/12

Add users

Go to Users and Groups > User list

Create a new user

Fill in details

Create and close

Add groups

Go to Users and Groups > Group Hierarchy


6/12

Create a new group

Be aware that the group is created in the group that iscurrently selected!

Create a new group

Assign user to group

Right click user

Join Group

Select the group and add it to the

destination group(s)

OK

Logon to Infoview

When the newly created user logs on to infoview you will notice that there is not much to see:


7/12

Create Access levels

Copy an access level

Rename the access level


8/12

For advanced options edit Included rights

Assign security to objects

The following objects need to be assigned with a access level in order for users to successfully use them

Assign security to Folders

Go to Folders

Right click desired folder >User security


9/12

Click Add Principle

Select group or user and add these to the field on the

right

Add and Assign Security

Select desired Access level(s) and add these to the field on the right


10/12

OK

Logon to Infoview

When the newly created user logs on to infoview you will notice that there is still not much to see.

Assign security to ROOT folder

Right click All Folders > Properties


11/12

Click User Security

Select Everyone > AssignSecurity

Go to Advanced tab >Add/Remove Rights

Grant View objects andView objects that and uncheck the Apply to sub object

OK > OK > Close


12/12

Logon to Infoview

When the newly created user logs on to infoview you will notice that there is something to see

Assign security to Connections

Go to Connections

Right click desired connection >User security

Click Add Principle

Select group or user and add these to the field on the right

Add and Assign Security

Assign security to remaining objects

Repeat steps from previous slide for

Universes Applications QaaWS (if used)

setup security in businessobjects xi 3 with screenshots

Documents