Escolar Documentos
Profissional Documentos
Cultura Documentos
1
October 8th, 2011 | Posted by Paul Berden in Business Objects This article: Is about setting up security in the Central Management Console (CMC) Is best used in combination with a demo environment of BO XI 3.1 Is intended for BOBJ system administrators Expects you to know basic browser functions. Security model knowledge is an advantage Aims to enable you to perform security related administrative tasks in the CMC
Introduction
The Central Management Console (CMC) is a web-based tool to perform regular administrative tasks, including user, content, and server management. It also allows you to publish, organize, and set security levels for all of your BusinessObjects Enterprise content. Because the CMC is a web-based application, you can perform all of these administrative tasks through a web browser on any machine that can connect to the server. All users can log on to the CMC to change their user preference settings. Only members of the Administrators group can change management settings, unless explicitly granted the rights to do so.
Authentication
Authentication is the process of verifying the identity of a user who attempts to use Business Objects system. Authentication type can be Enterprise or Third Party Authentication such as LDAP or Windows AD. In this training we will not deal with third party authentication
Authorization
Authorization is the process of verifying the user has sufficient rights to perform the requested action upon a given objects. Actions can be view, refresh, edit, schedule, etc. Objects can be folder, report, instance, universe, etc. Authorization is handled based on how the access level, application security, and content security such as users and groups, universe security, folder access, etc. are defined using CMC.
Effective rights
Three possible explicit values on security commands: Explicitly granted (G) User or group is given the right Explicitly denied (D) User or group is denied the right Not specified (NS) No right assignment
Best practices
Create a security matrix for each of your applications Leverage out of the box access levels. Create new access levels based on the existing ones Use common naming convention for your application across report folder, universe folder, user groups, and access levels. Leverage the use of Inheritance while defining folder, subfolder, user and group security. Simplify the security model; KISS!
Interface
The URL is: http://servername:8080/CmcApp/logon.faces
Add users
Go to Users and Groups > User list
Fill in details
Add groups
Go to Users and Groups > Group Hierarchy
Create a new group Be aware that the group is created in the group that is currently selected! Create a new group
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is not much to see:
Select group or user and add these to the field on the right
Select desired Access level(s) and add these to the field on the right
OK
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is still not much to see.
Grant View objects and View objects that and uncheck the Apply to sub object
Logon to Infoview
When the newly created user logs on to infoview you will notice that there is something to see
Select group or user and add these to the field on the right