Escolar Documentos
Profissional Documentos
Cultura Documentos
5
Administrators Guide
Copyright 2002 Crystal Decisions, Inc., 895 Emerson St., Palo Alto, California,
USA 94301. All rights reserved.
Issue 1.
No part of this documentation may be stored in a retrieval system, transmitted or
reproduced in any way, except in accordance with the terms of the applicable
software license agreement. This documentation contains proprietary information
of Crystal Decisions, Inc., and/or its suppliers.
Trademark Acknowledgements
2002 Crystal Decisions, Inc. All rights reserved. Crystal Decisions, Crystal,
Crystal Reports, Crystal Enterprise, Seagate Info, Seagate Software, Seagate, and
the Seagate and Crystal logos are trademarks or registered trademarks of Crystal
Decisions, Inc. and/or Seagate Technology, Inc. All other trademarks referenced
are the property of their respective owner.
Contents
Chapter 1: Welcome to Crystal Enterprise
What is Crystal Enterprise? ............................................................... 2
Who should use this guide? ............................................................... 2
About this guide ................................................................................ 2
Chapter contents ................................................................................................... 2
iii
iv
vi
vii
viii
ix
xi
Glossary ..........................................................................325
Index ..............................................................................335
xii
Chapter contents
The following list provides a short description of each of the remaining chapters in
this guide.
Chapter 2: Administering Crystal Enterprise
This chapter provides a general description of system administration as it relates
to Crystal Enterprise. It then introduces the administration tools that allow you to
manage and configure Crystal Enterprise, and it shows how to make some
common changes to the systems default security settings.
Product registration
There are several ways you can register your product:
Fill out the Product Registration form on the Crystal Decisions, Inc. web site at:
http://www.crystaldecisions.com/register/
Print the Product Registration form and fax it to the registration fax number
closest to you. Crystal Decisions will then fax you a registration number that
can be entered into the product the next time you use it.
Registration fax numbers
USA/Canada +1 (604) 681-5147
United Kingdom +44 (0) 20 8231 0601
Australia +6 2 9955 7682
Germany +49 (0) 69 9509 6182
Hong Kong +852 2893 2727
Singapore +65 777 8786
Registration is required to access online or telephone technical support. In
addition, registering the product ensures that you are kept up-to-date with
product advancements.
Document conventions
This guide uses the following conventions:
Commands and buttons
For easy recognition within procedures, User Interface (UI) features appear in
bold type. For example: On the File menu, click New.
Keyboard shortcuts
Delete means the Delete key, or the Del key on your numeric keypad. Enter
means the Enter, Return, or CR key, depending on which of these keys appears
on your keyboard.
Key combinations
CTRL+KEY, SHIFT+KEY, and ALT+KEY are examples of key combinations.
Hold down the first key in the combination and, at the same time, press the
second key in the combination (designated above as KEY). For example:
CTRL+C means hold the Control key down and press the letter C on your
keyboard (CTRL+C is the Windows Copy command).
Key terms are italicized when first defined.
Monospaced font indicates data that you enter using your keyboard. For
example: In the Formula Editor, type If Sales > 1000 Then crRed
Monospaced, italicized font indicates variable data that you must replace with
data appropriate to your current settings, environment, or task. For example,
in the following URL, you would replace webserver
http://webserver/crystal/enterprise/
Administration overview
Administration overview
The regular administrative tasks associated with Crystal Enterprise can be roughly
divided into three major categories: user management, content management, and
server management. The remainder of this guide provides technical and procedural
information corresponding to each of these management categories. This chapter
briefly introduces new Crystal Enterprise administrators to some of the available
management tools. It also shows you how to make initial security settings, such as
setting the password for the systems default Administrator account.
You will typically use the following applications to manage Crystal Enterprise:
Crystal Management Console (CMC)
This web application is the most powerful administrative tool provided for
managing a Crystal Enterprise system. It offers you a single interface through
which you can perform almost every task related to user management, content
management, and server management.
For an introduction to the CMC, see Working with the Crystal Management
Console on page 8.
Crystal Configuration Manager (CCM)
This server administration tool is provided in two forms. In a Windows
environment, the CCM allows you to manage local and remote servers through its
Graphical User Interface (GUI) or from a command line. In a UNIX environment,
the CCM shell script (ccm.sh) allows you to manage servers from a command line.
For an introduction to the CCM, see Working with the Crystal Configuration
Manager on page 11.
Crystal Publishing Wizard
This application allows you to publish your reporting content to Crystal Enterprise
quickly. It also allows you to specify a number of options on each report that you
publish. Although this application runs only on Windows, you can use it to publish
reports to Crystal Enterprise servers that are running on Windows or on UNIX.
For more information on publishing content to Crystal Enterprise, see
Publishing overview on page 74.
Replace webserver with the name of the web server machine that has the Web
Connector component installed. If you changed this default virtual directory on
the web server, you will need to type your URL accordingly.
Tip: On Windows, you can click Start > Programs > Crystal Enterprise > Crystal
Launchpad, and then click the Crystal Management Console link.
2 When the Log On page appears, select Enterprise in the Authentication Type
list.
Windows NT and LDAP authentication also appear in the list; however, you
must map your third-party user accounts and groups to Crystal Enterprise
before you can use these types of authentication.
3 Type your User Name and Password.
For this example, type Administrator as the User Name. This default Enterprise
account does not have a password until you create one. For details, see Setting
the Administrator password on page 13.
If youre using LDAP or Windows NT authentication, you may log on using an
account that has been mapped to the Crystal Enterprise Administrators group.
4 Click Log On.
The CMC Home page appears.
Once you leave the Home page, your location within the CMC is indicated by a
path that appears above the title of each page. For example, Home > Users > New
User indicates that youre on the New User page. You can click the hyperlinked
portions of the path to jump quickly to different parts of the application. In this
example, you could click Home or Users to go to the corresponding page.
Time zone
If you are managing Crystal Enterprise remotely, use this list to specify your
time zone. Crystal Enterprise synchronizes scheduling patterns and events
appropriately. For instance, if you select Eastern Time (US & Canada), and you
schedule a report to run at 5:00 a.m. every day on a server that is located in San
Francisco, then the server will run the report at 2:00 a.m. Pacific Time.
For more information about time zones, see Supporting ePortfolio users in
multiple time zones on page 321.
10
Menu style
These options change the ways in which menus are displayed in the CMC. You
can view buttons, text, or both.
My Password
Click the Change Password link to change the password for the account under
which you are currently logged on.
11
Note: The main options for the CCM are covered in more detail in UNIX
Tools on page 279.
12
13
14
15
Security overview
Security overview
The Crystal Enterprise architecture addresses the many security concerns that
affect todays businesses and organizations. The current release supports features
such as distributed security, Single Sign On (SSO), resource access security,
granular object rights, and third-party Windows NT and LDAP authentication in
order to protect against unauthorized access. To allow for further customization of
security, Crystal Enterprise supports dynamically loaded processing extensions.
And, for monitoring and auditing purposes, Crystal Enterprise allows you to log
various web statistics, thus enabling you to detect potential security concerns.
Because Crystal Enterprise provides the framework for an increasing number of
components from the Enterprise family of Crystal products, this chapter details the
security features and related functionality to show how the framework itself
enforces and maintains security. As such, this chapter does not provide explicit
procedural details; instead, it focuses on conceptual information and provides
links to key procedures.
Related topics
For key procedures that show how to modify the default accounts, passwords,
and other security settings, see Making initial security settings on page 13.
For procedures that show how to set up authentication, users, and groups, see
Managing User Accounts and Groups on page 33.
For procedures that show how to set object rights for your Crystal Enterprise
content, see Controlling Users Access to Objects on page 95.
16
Primary authentication
Primary authentication occurs when a user first attempts to access the system. The
user provides a user name and password and specifies an authentication type. The
authentication type may be Enterprise, Windows NT, or LDAP authentication,
depending upon which type(s) you have enabled and set up in the Authorization
management area of the Crystal Management Console (CMC). The users web
browser sends the information by HTTP to your web server, which routes the
information through the Web Connector to the Web Component Server (WCS).
Note: All communication between the users web browser and the WCS is
similarly routed through the web server and the Web Connector. For clarity, the
web server and the Web Connector are explicitly discussed only when necessary.
The WCS passes the users information to logon.csp and runs the script. Internally,
this script communicates with the SDK and, ultimately, the appropriate security
plug-in authenticates the user against the user database.
For instance, if the user specifies Enterprise Authentication, the SDK ensures that
the Crystal Enterprise security plug-in performs the authentication. The plug-in
component verifies the user name and password against the system database and
notifies the Automated Process Scheduler (APS) of the results. Alternatively, if the
user specifies Windows NT or LDAP Authentication, the SDK uses the
corresponding security plug-in to authenticate the user. The plug-in verifies the
user name and password against the external user database and notifies the APS
of the results.
If the security plug-in reports a successful match of credentials, the APS grants the
user an active identity on the system and the system performs several actions:
The APS stores the users information in memory in an APS session variable.
While active, this session consumes one user license on the system.
The APS generates and encodes a logon token and sends it to the WCS.
The WCS stores the users information in memory in a WCS session variable.
While active, this session stores information that allows Crystal Enterprise to
respond to the users requests.
Note: If you are familiar with the SDK, you should note that the WCS here
instantiates the InfoStore object and stores it in the WCS session variable.
The WCS sends the logon token to the users web browser, and the web
browser caches the token in a cookie. Until the logon token expires, its
encoded information serves as the users valid ticket for the system.
Each of these steps contributes to the distributed security of Crystal Enterprise,
because each step consists of storing information that is used for secondary
identification and authorization purposes. This is the model used in ePortfolio.
However, if you are developing your own client application and you prefer not to
store session state on the WCS, you can design your application such that it avoids
using WCS session variables.
17
Note:
The third-party Windows NT and LDAP security plug-ins work only once you
have mapped users and groups from the external user database to Crystal
Enterprise. For details, see Available authentication types on page 36.
In a Single Sign On situation, users credentials are retrieved by other means
and authenticated against the user database automatically. Hence, users are
not prompted for their credentials.
18
If a different server component must process the request, the WCS sends the
request and the users logon token to the appropriate server component. That
server component then queries the APS database for the rights associated with
the object that the user requested.
For instance, if the user attempts to refresh a reports data, the WCS passes the
request along to the Page Server. The Page Server passes the logon token to the
APS to ensure that the user is authorized to refresh the report.
For details about how the APS calculates a users effective rights to an object,
see Calculating a users effective rights on page 106.
This secondary authentication and authorization process begins similarly to initial
identification; here, however, the authentication algorithm followed by the WCS
maintains system security in the fewest number of steps, thereby providing the
most efficient response to the users initial request.
Note: If the user does not have the right to perform the requested action, the WCS
displays an appropriate message. For details about setting object rights, see
Controlling Users Access to Objects on page 95.
19
Security plug-ins
Security plug-ins expand and customize the ways in which Crystal Enterprise
authenticates users. Crystal Enterprise currently ships with the system default
Crystal Enterprise security plug-in and with the Windows NT and LDAP security
plug-ins. Each security plug-in offers several key benefits.
Security plug-ins facilitate account creation and management by allowing you to
map user accounts and groups from third-party systems into Crystal Enterprise.
You can map third-party user accounts or groups to existing Crystal Enterprise
user accounts or groups, or you can create new Enterprise user accounts or groups
that corresponds to each mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings.
So, once you map a Windows NT or LDAP group into Crystal Enterprise, all users
who belong to that group can log on to Crystal Enterprise. When you make
subsequent changes to the third-party group membership, you need not update or
refresh the listing in Crystal Enterprise. For instance, if you map a Windows NT
group to Crystal Enterprise, and then you add a new NT user to the NT group, the
security plug-in dynamically creates an alias for that new user when he or she first
logs on to Crystal Enterprise with valid NT credentials.
20
Moreover, security plug-ins enable you to assign rights to users and groups in a
consistent manner, because the mapped users and groups are treated as if they
were Enterprise accounts. For example, you might map some user accounts or
groups from Windows NT, and some from an LDAP directory server. Then, when
you need to assign rights or create new, custom groups within Crystal Enterprise,
you make all of your settings in the CMC.
Each security plug-in acts as an authentication provider that verifies user credentials
against the appropriate user database. When users log on to Crystal Enterprise,
they choose from the available authentication types that you have enabled and set
up in the Authorization management area of the CMC: Enterprise (the system
default), Windows NT, or LDAP.
Note: The Windows NT security plug-in cannot authenticate users if the Crystal
Enterprise server components are running on UNIX.
21
22
Note: IIS performs the Challenge/Response authentication for every web page
viewed. This can result in severe performance degradation.
For details on configuring IIS for Single Sign On, Setting up NT Single Sign
On on page 52.
Note: ePortfolio provides its own form of anonymous Single Sign On, which
uses Enterprise authentication, as opposed to Windows NT authentication.
Design your own web applications accordingly (or modify ePortfolio) if you want
to use NT Single Sign On. For information on NT Single Sign On, see Setting up
NT Single Sign On on page 52.
23
LDAP is based on the X.500 standard, which uses a directory access protocol
(DAP) to communicate between a directory client and a directory server. LDAP is
an alternative to DAP because it uses fewer resources and simplifies and omits
some X.500 operations and features.
The directory structure within LDAP has entries arranged in a specific schema.
Each entry is identified by its corresponding distinguished name (DN) or common
name (CN). Other common attributes include the organizational unit name (OU),
and the organization name (O). For example, a member group may be located in a
directory tree as follows: cn=Crystal Enterprise Users, ou=Enterprise Users A,
o=Research. Refer to your LDAP documentation for more information.
Because LDAP is application-independent, any client with the proper authorization
can access its directories. LDAP offers you the ability to set up users to log on to
Crystal Enterprise through LDAP authentication. It also enables users to be
authorized when attempting to access objects in Crystal Enterprise. As long as you
have an LDAP server (or servers) running, and use LDAP in your existing
networked computer systems, you can use LDAP authentication (along with
Enterprise and NT authentication).
Processing extensions
Crystal Enterprise offers you the ability to further secure your reporting
environment through the use of customized processing extensions. A processing
extension is a dynamically loaded library of code that applies business logic to
particular Crystal Enterprise view or schedule requests before they are processed
by the system.
Note: On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded
libraries are often referred to as shared libraries (.so file extension). You must
include the .dll or .so file extension when you name your processing extensions.
Through its support for processing extensions, the Crystal Enterprise
administration SDK essentially exposes a handle that allows developers to
intercept the request. Developers can then append selection formulas to the
request before the report is processed.
A typical example is a report-processing extension that enforces row-level
security. This type of security restricts data access by row within one or more
database tables. The developer writes a dynamically loaded library that intercepts
view or schedule requests for a report (before the requests are processed by the
Page Server or the Job Server). The developers code first determines the user who
owns the processing job; then it looks up the users data-access privileges in a
third-party system. The code then generates and appends a record selection
formula to the report in order to limit the data returned from the database. In this
case, the processing extension serves as a way to incorporate customized row-level
security into the Crystal Enterprise environment.
24
The CMC provides methods for registering your processing extensions with
Crystal Enterprise and for applying processing extensions to particular object. For
details, see Applying processing extensions to reports on page 142.
By enabling processing extensions, you configure the appropriate Crystal
Enterprise server components to dynamically load your processing extensions at
runtime. Included in the SDK is a fully documented API that developers can use
to write processing extensions. For details, see the Crystal Enterprise Web
Developers Guide.
Note: In the current release, processing extensions can be applied only to Crystal
report (.rpt) objects.
Logon tokens
A logon token is an encoded string that defines its own usage attributes and
contains a users session information. The logon tokens usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users. The current logon token usage attributes are:
Number of minutes
This attribute restricts the lifetime of the logon token.
Number of logons
This attribute restricts the number of times that the logon token can be used to
log on to Crystal Enterprise.
Both attributes hinder malicious users from gaining unauthorized access to Crystal
Enterprise with logon tokens retrieved from legitimate users.
25
26
credentials. The remaining Web Component Server can then authorize and carry
out the users request. In this way, the logon token enables the systems loadbalancing and fault-tolerance mechanisms to maintain a secure environment
without affecting the users experience.
In this scenario, when the original Web Component Server is brought back online,
the Web Connector automatically resumes its load-balancing responsibilities by
routing each subsequent request to the least used Web Component Server.
Note: Crystal Enterprise supports implementations of the Secure Sockets Layer
(SSL) protocol that rely upon affinity or sticky connections. However, in these
scenarios, the Web Connector may be prevented from automatically load
balancing across WCS machines.
27
Environment protection
Environment protection
Environment protection refers to the security of the overall environment in which
client and server components communicate. Although the Internet and web-based
systems are increasingly popular due to their flexibility and range of functionality,
they operate in an environment that can be difficult to secure. When you deploy
Crystal Enterprise, environment protection is divided into two areas of
communication:
Web browser to web server
Web server to Crystal Enterprise
28
29
Password restrictions
Password restrictions ensure that Enterprise users create passwords that are
relatively complex. You can enable the following options:
Enforce mixed-case passwords
This option ensures that passwords contain at least two of the following
character classes: upper case letters, lower case letters, numbers, or punctuation.
Must contain at least N characters
By enforcing a minimum complexity for passwords, you decrease a malicious
users chances of simply guessing a valid users password.
Logon restrictions
Logon restrictions serve primarily to prevent dictionary attacks (a method
whereby a malicious user obtains a valid user name and attempts to learn the
corresponding password by trying every word in a dictionary). With the speed of
modern hardware, malicious programs can guess millions of passwords per
minute. To prevent dictionary attacks, Crystal Enterprise has an internal
mechanism that enforces a time delay (0.51.0 second) between logon attempts. In
addition, Crystal Enterprise provides several customizable options that you can
use to reduce the risk of a dictionary attack:
Disable accounts after N failed attempts to log on
Reset failed logon count after N minute(s)
Re-enable account after N minute(s)
30
User restrictions
User restrictions ensure that Enterprise users create new passwords on a regular
basis. You can enable the following options:
Must change password every N day(s)
Cannot reuse the N most recent password(s)
Must wait N minute(s) to change password
These options are useful in a number of ways. Firstly, any malicious user
attempting a dictionary attack will have to recommence every time passwords
change. And, because password changes are based on each users first logon time,
the malicious user cannot easily determine when any particular password will
change. Additionally, even if a malicious user does guess or otherwise obtain
another users credentials, they are valid only for a limited time.
31
32
33
Default users
There are two default users included with Crystal Enterprise: Administrator and
Guest. These users and any new users (created or mapped users) are members of
a group or groups. For procedures on managing users, see Managing Enterprise
and general accounts on page 37.
34
Administrator
The Administrator user belongs to the Administrators and Everyone groups. This
user is able to perform all of the tasks in all of the Crystal Enterprise applications
(for example, the Crystal Management Console, Crystal Configuration Manager,
Crystal Publishing Wizard, and ePortfolio). By default, the administrator is not
assigned a password. To assign a password, see Setting the Administrator
password on page 13.
Guest
The Guest user is a member of the Everyone group. This user can view reports that
are found within the Report Samples folder. Generally, the Guest user accesses
reports through ePortfolio. This account is enabled by default. To disable this
default setting, see Disabling the Guest account on page 43.
Note: If users in multiple time zones use the Guest account, see Supporting
ePortfolio users in multiple time zones on page 321.
Default groups
There are three default groups created in Crystal Enterprise: Administrators,
Everyone, and New Sign-Up Accounts. In addition to organizing users and
simplifying administration, groups enable you to determine the functionality a
user has access to. For procedures on managing groups, see Managing Enterprise
and general accounts on page 37.
Administrators
Users who belong to the Administrators group are able to perform all tasks in all
of the Crystal Enterprise applications (Crystal Management Console, Crystal
Configuration Manager, Crystal Publishing Wizard, and ePortfolio).
Note: To use the Crystal Configuration Manager, you may be required to have
additional rights on the local machine. For more information, see Working with
the Crystal Configuration Manager on page 11.
Everyone
Each user is a member of the Everyone group by default. Users are able to access
all of the Crystal Enterprise applications. By default, the Everyone group allows
access to all the reports that are found in the Report Samples folder.
35
enable automatic tracking of users who have signed themselves up through the
sign-up feature in ePortfolio.
Note: Members of the New Sign-Up Accounts group also belong to the Everyone
group. If you restrict access to the New Sign-Up accounts group, ensure that the
change is also made for the Everyone group. You can also restrict access by
specifying the Advanced rights for the New Sign-Up Accounts group. For more
information on rights, see Setting advanced object rights on page 100.
Crystal NT Users
When NT authentication is enabled, Crystal NT Users can use their NT accounts to
log on to Crystal Enterprise. By default, members of this group are able to view
folders and reports.
36
37
38
39
Minimum
Recommended
Maximum
0 characters
64 characters
1 day
100 days
1 password
100 passwords
1 minute
100 minutes
1 failed
100 failed
1 minute
100 minutes
1 minute
100 minutes
4 Click Update.
40
Creating a group
Groups are collections of users who share the same account privileges. For
instance, you may create groups that are based on department, role, or location.
Groups enable you to make changes in one place (a group) instead of modifying
each user account individually. Also, you can assign object rights to a group or
groups. For information on object rights, see Report object management on
page 139.
After creating a new group, you can add users, add subgroups, or specify group
membership so that the new group is actually a subgroup. Because subgroups
provide you with additional levels of organization, they are useful when you set
object rights to control users access to your Crystal Enterprise content.
41
Modifying a group
You can modify a group by making changes to any of the settings.
Note: The users who belong to the group will be affected by the modification if
they are logged on when you are making changes.
To modify a group
1 Go to the Groups management area of the CMC.
2 Under the Group Name column, click the link to the group whose
configuration you want to change.
3 Make the necessary changes in one of the four tabs:
Properties
Users
Subgroups
Member of
4 Depending on which tab you have selected, click OK or Update after you have
made your changes.
42
Deleting a group
You can delete a group when that group is no longer required.
Note: The users who belong to the group will be affected by the change if they are
logged on when the group is deleted.
To delete a group
1 Go to the Groups management area of the CMC.
2 Select the check box associated with the group you want to delete.
3 Click Delete.
The delete confirmation dialog box appears.
4 Click OK.
43
Managing NT accounts
Managing NT accounts
This section provides an overview of NT authentication and the tasks related to
managing it. For information on how NT authentication works in conjunction with
Crystal Enterprise, see Windows NT security plug-in on page 22.
Note: NT authentication only works for servers running on Windows systems. If
you install Crystal Enterprise on a Windows NT/2000 machine, NT authentication
is installed and enabled by default.
Mapping NT accounts
To simplify administration, Crystal Enterprise supports user and group accounts
that are created using Windows NT/2000. However, before users can use their NT
user name and password to log on to Crystal Enterprise, their NT user account
needs to be mapped to Crystal Enterprise. When you map an NT account, you can
choose to create a new Crystal Enterprise account or link to an existing Crystal
Enterprise account.
There are two ways to map NT accounts to Crystal Enterprise: you can use either
the User Manager in Windows NT or Computer Management in Windows 2000,
or you can use the Crystal Management Console in Crystal Enterprise.
44
45
Managing NT accounts
46
8 Click Update.
A message appears stating that it will take several seconds to update the
member groups.
9 Click OK.
47
Managing NT accounts
To view users and groups that have been added using Windows NT/
2000 or Crystal Enterprise
1 Go to the Groups management area of the CMC.
2 If you added users and groups through Windows NT/2000, then click Crystal
NT Users.
If you added users and groups through the CMC, then select the appropriate group.
3 Click the Users tab.
4 Click OK to the message which states that accessing the user list may take
several seconds.
5 Click Refresh User List.
6 Click OK.
To view users and groups that have been added using Crystal Enterprise
1 Go to the Authorization management area of the CMC.
2 Click the Windows NT tab.
The Mapped NT Member Groups area displays the groups that have been
mapped to Crystal Enterprise.
Note: You can view the groups and users by selecting the appropriate group
from the Groups management area and then clicking the Users tab.
48
To assign an NT alias
1 Go to the Users management area of the CMC.
2 Select the user you want to create an alias for.
3 Click the Assign Alias button.
4 Select the appropriate NT alias or aliases.
5 Click the > arrow.
Tip:
To select multiple users, use the SHIFT+click or CTRL+click combination.
To search for a specific user, use the Look For field.
If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
6 Click OK.
Note: If the user you choose from the Available aliases list has only one
assigned alias, you will receive a message asking you to confirm that you wish
to continue. By continuing, the users account will be deleted.
The Properties tab appears with the new alias listed. By default, NT, LDAP, and
Enterprise authentication methods are available.
49
Managing NT accounts
To reassign an NT alias
1 Go to the Users management area of the CMC.
2 Select the user whose alias you would like to change.
3 Click the Reassign Alias button.
Note: If there is only one alias for the user, you will receive a message asking
you to confirm that you wish to continue.
4 Click either Assign the Alias to a new user or select an existing user.
Note:
If you choose to assign the alias to a different user, and the original user
had only one NT alias and does not have an Enterprise alias, the users
original favorites folder will be deleted. As a result, the user will not be able
to access any reports that used to be in the original favorites folder.
When you assign an alias, you are moving an alias to the current user;
when you reassign an alias, you are moving the alias away from the
current user.
Tip:
To select multiple users, use the SHIFT+click or CTRL+click combination.
To search for a specific user, use the Look For field.
If there are many users on your system, click the Previous and Next buttons
to navigate through the list of users.
5 Click OK.
50
Troubleshooting NT accounts
Creating a new NT user account
If you create a new NT user account, and the account does not belong to a
group account that is mapped to Crystal Enterprise, add it to Crystal
Enterprise. For more information, see Mapping NT accounts on page 44.
If you create a new NT user account, and the account belongs to a group
account that is mapped to Crystal Enterprise, refresh the user list. For more
information, see Viewing mapped NT users and groups in Crystal
Enterprise on page 48.
51
Managing NT accounts
52
6 Click OK.
7 Restart the Web Component Server by selecting the Crystal Web Component
Server and then clicking the Start button.
53
54
55
5 In the LDAP Hosts area, type your LDAP host and port information in the
Add LDAP host (hostname:port) field (for example, myserver:123); then
click Add.
You can add more than one LDAP host of the same server type by repeating this
step. If you want to remove a host, highlight the host name and click Delete. For
more information on multiple hosts, refer to Managing multiple LDAP hosts
on page 58.
6 In the LDAP Server Administration Credentials area, enter the
distinguished name in the Distinguished Name field and the appropriate
password in the Password field.
If your LDAP Server allows querying and comparing for anonymous users,
leave this area blankCrystal Enterprise servers and clients will bind to the
primary host via anonymous logon.
7 Enter another distinguished name and password in the LDAP Referral
Credentials area if all of the following apply:
The primary host has been configured to refer to another directory server
that handles queries for entries under a specified base.
The host being referred to has been configured to not allow querying and
comparing for anonymous users.
A group from the host being referred to will be mapped to Crystal
Enterprise.
Although groups can be mapped from multiple hosts, only one set of referral
credentials can be set.
8 Enter the number of referral hops in the Maximum Referral Hops field.
If this field is set to zero, no referrals will be followed.
9 In the Base LDAP Distinguished Name field, type the distinguished name
(for example, o=SomeBase).
Note: If you are setting up LDAP authentication for the first time, before you
add any groups, you must click Update before you can continue to the next
step. This updates Crystal Enterprise with the LDAP host and base name.
10 In the Mapped LDAP Member Groups area, specify your LDAP group
(either by common name or distinguished name) in the Add LDAP group (by
cn or dn) field; click Add.
You can add more than one LDAP group by repeating this step. To remove a
group, highlight the LDAP group and click Delete.
56
11 Select either:
Assign each added LDAP alias to an account with the same name
Use this option when you know users have an existing Enterprise account
with the same name; that is, LDAP aliases will be assigned to existing users
(auto alias creation is turned on). For users who do not have an existing
Enterprise account, or who do not have the same name in their Enterprise
and LDAP account, they will be added as a user to the Enterprise account
(with the user information that is stored in the LDAP account).
or
Create a new account for every added LDAP alias
Use this option when you want to create a new account for each user. If the
user has already created an account through the sign-up feature in
ePortfolio, the user will have separate LDAP and Enterprise accounts.
12 Click Update.
13 Click OK to confirm your changes to the member groups.
57
58
59
60
61
62
63
Folders overview
Folders overview
Folders provide you with the ability to organize and facilitate content administration.
They are useful when there are a number of reports that a department or area
requires frequent access to, because you can set object rights and limits once, at the
folder level, rather than setting them for each report or object within the folder.
By default, new objects that you add to a folder inherit the object rights that are
specified for the folder.
64
4 Click OK.
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Reports, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
2 In the Title column, click the link to the folder where you want to add a
subfolder.
3 Click the Subfolders tab.
Tip: You can browse through existing subfolders to add a new folder elsewhere
in the folder hierarchy. When you have found the right parent folder, go to its
Subfolders tab.
The Subfolders tab appears.
65
The new folder is added to the system, and its Properties tab is refreshed. You
can now use the Reports, Subfolders, Limits, and Rights tabs to add objects and
to change settings for this folder.
Deleting folders
When you delete a folder, all subfolders, reports, and other objects contained
within it are removed entirely from the system.
To delete folders
1 Go to the Folders management area of the CMC.
2 Select the check box associated with the folder you want to delete.
If the folder you want to delete is not at the top level, locate its parent folder.
Then make your selection on the parent folders Subfolders tab.
Tip: Select multiple check boxes to delete several folders from their parent
folder.
3 Click Delete, and click OK to confirm.
66
67
3 In the File name field, type the full path to the report.
If you do not know the path, click Browse to perform a search.
4 If you do not want the user to see a thumbnail preview of the report in
ePortfolio, clear the Generate thumbnail for the report check box.
Tip: To display thumbnails for a report, you must save the report with data and
select the Save preview picture check box in Crystal Reports. To locate this
check box in Crystal Reports 8.x, open a report and click Summary Info on the
File menu. The Save Data with Report option is also on the File menu.
5 Ensure that the correct folder name appears in the Destination field.
Tip: If there are many folders on your system, use the Look for field to search,
or click Previous, Next, and Show Subfolders to browse the folder hierarchy.
6 Click OK.
The report is published to Crystal Enterprise.
68
69
2 Modify the available settings according to the types of instance limits that you
want to implement, and click Update after each change.
The available settings are:
Delete excess instances when there are more than N instances of an object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
Delete excess instances for the following users/groups
To limit the number of instances per user or group, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
Delete instances after N days for the following users/groups
To limit the age of instances per user or group, click Add/Remove in this
area. Select from the available users and groups and click OK. Then type
the maximum age of instances in the Maximum Days column. (The default
value is 100.)
70
71
72
73
Publishing overview
Publishing overview
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. The
objects that you publish may be individual reports created with Crystal Reports,
analytical applications designed with Crystal Analysis, other objects that youve
created using Crystal Enterprise plug-in components, or directories containing
multiple objects.
When you publish an object to Crystal Enterprise, an entry is made in the Automated
Process Scheduler (APS) database. The File Repository Server stores the new object
below the \Enterprise\FileStore\Input\data\ directory. When a user schedules an
instance of any object, Crystal Enterprise checks the APS database for the location of
the object file; the appropriate server component then retrieves and processes the
object file from the File Repository. The processed instance is stored by the File
Repository Server below the \Enterprise\FileStore\Output\data\ directory.
You can publish objects to Crystal Enterprise in three ways:
Use the Crystal Publishing Wizard when you:
Have access to the locally installed application.
Are adding multiple objects or an entire directory.
For details, see Publishing with the Crystal Publishing Wizard on page 75.
Use the Crystal Management Console (CMC) when you are:
Publishing a single object.
Taking care of other administrative tasks.
Performing tasks remotely.
For details, see Publishing with the Crystal Management Console on page 82.
Save directly to your Enterprise folders when you are:
Designing reports with Crystal Reports.
Creating other objects with Crystal Enterprise plug-in components such as
Crystal Analysis.
For details, see Saving objects directly to the APS on page 84.
Note: Crystal Enterprise supports reports created in versions 6 through 8.5 of
Crystal Reports. Reports will appear in version 8 format when they are launched
from Crystal Enterprise.
Publishing options
During the publishing process, you specify how often the data in the report is
updated. You can choose to force users to see specific instances based on a schedule
that you determine (recurring), or you can choose to let users set the schedule
themselves (on demand).
74
75
Adding objects/folders
1 From the Crystal Enterprise program group, click Crystal Publishing Wizard.
2 Click Next.
3 Enter the path for the object you want to add.
If youre not sure of the location, click Find File to search.
Note: If the directory or file you entered cannot be found by the wizard, the
Add Directory button is disabled.
4 Select the check boxes associated with the objects you want to publish.
Click the Select All button if you have a large number of files and want to add
them all.
5 Click Next.
The Select an APS dialog box appears.
76
4 Click Next.
The Creating Objects dialog box appears indicating the progress of the object
creation process.
If it is possible to duplicate the folder structure, the Folder Hierarchy dialog box
appears. Otherwise, the APS Folder dialog box appears when the processing is
complete.
77
Note: You can delete only folders added manually (folders added manually
are green; those added by the wizard are yellow).
If you are adding multiple objects and want to place them in separate
directories, you can do so in the next section.
2 Click Next.
The Location Preview dialog box appears.
78
You can also add and delete folders by selecting a parent folder and clicking the
New Folder or Delete Folder buttons. You can drag-and-drop objects to place
them where you want. And you can right-click objects to rename them.
By default, objects are displayed using their titles. You can display the objects
local file names by clicking the Show file names button.
2 Click Next when you are finished.
The Schedule Interval dialog box appears.
79
80
2 Select the database and change the logon information in the appropriate fields.
If the database does not require a user name or password, leave the fields blank.
Note: Enter user name and password information carefully. If it is entered
incorrectly, the object cannot retrieve data from the database.
3 Select the Apply this information to all reports check box if you have a
number of objects requiring logon to the same database.
4 Once you have completed the logon information for each object using a
different database, click Next.
The Set Report Parameters dialog box appears if it is needed.
Setting parameters
Some objects contain parameters for data selection. Before such an object can be
scheduled, you must set the parameters in order to determine the default prompts.
1 Select the object whose prompts you want to change.
The objects prompts and default values appear in a list on the right-hand side
of the screen.
2 Click Edit Prompt to change the value of a prompt.
Depending on the type of parameter you have chosen, different dialog boxes
appear.
81
3 If you want to set the prompts to contain a null value (where possible), then
click Set Prompts to NULL.
4 Click Next after you have finished editing the prompts for each object.
82
3 In the File name field, type the full path to the report.
If you do not know the path, click Browse to perform a search.
4 If you do not want the user to see a thumbnail preview of the report in
ePortfolio, clear the Generate thumbnail for the report check box.
Tip: To display thumbnails for a report, you must save the report with data and
select the Save preview picture check box in Crystal Reports. To locate this
check box in Crystal Reports 8.x, open a report and click Summary Info on the
File menu. The Save Data with Report option is also on the File menu.
5 Ensure that the correct folder name appears in the Destination field.
Tip: To expand a folder, select it and click Show Subfolders.
6 Click OK.
When the object has been added to the system, the CMC displays the Properties
screen. If necessary, you can now modify the objects properties, such as its title
and description, the database logon information, scheduling information, user
rights, and so on.
83
84
85
86
User licensing can affect the behavior of the Crystal Import Wizard. If the source
environment uses Concurrent licensing, the wizard imports all users as Concurrent
Users. However, if the source environment uses Named User licensing, the wizard
first checks the number of Named User license keys in the destination environment.
If there are enough Named User licenses in the destination environment, the wizard
imports all users as Named Users. If there are not enough Named User licenses in
the destination environment, the wizard imports all users as Concurrent Users. For
more information about licensing, see Licensing overview on page 270.
Folders
Folders are imported, whether or not they exist already in the destination
environment. However, so as not to overwrite existing folders, the Crystal Import
Wizard appends a number to the end of any duplicated folder names to indicate
the number of copies. For example, if you import a folder called Sales Reports
when a folder called Sales Reports already exists, then the imported folder is
added to Crystal Enterprise with the name Sales Reports(2).
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, or OLAP data sources. You have the choice
to import the report instances for each report object, and the scheduling patterns
that you have set up in the source environment are imported automatically.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
Rights
When you import folders and reports from one Crystal Enterprise system to another,
the associated object rights are imported for every user or group who is imported at
the same time. If the user or group is not imported at the same time, the object rights
are discarded. For instance, suppose that you import a report that explicitly grants
View On Demand rights to the Everyone group in the source environmentbut you
do not import the Everyone group. In this case, the newly imported report in the
destination environment will not grant the same explicit rights to the Everyone
group. Instead, the report inherits any rights that have been set on its parent folder.
If you do import the appropriate user or group, and it already exists by name in
the destination environment, then the corresponding object rights are imported
and applied to the existing user or group. For instance, modifying the example
above, suppose that you import the report and the Everyone group. In this case, the
Crystal Import Wizard imports the object rights along with the report. So the
newly imported report in the destination environment will explicitly grant the
View On Demand right to the Everyone group.
87
Folders
Folders are imported, whether or not they exist already in Crystal Enterprise.
However, so as not to overwrite existing folders, the Crystal Import Wizard
appends a number to the end of any duplicated folder names to indicate the
number of copies. For example, if you import a folder called Sales Reports, when
a folder called Sales Reports already exists in Crystal Enterprise, then the imported
folder is added to Crystal Enterprise with the name Sales Reports(2).
88
Report objects
The Crystal Import Wizard can import Crystal report objects only if they are based
on native drivers, ODBC data sources, or OLAP data sources.
Supported reports are always imported with their parent folders, whether or not
they exist already in the destination environment. However, so as not to overwrite
existing folders, the Crystal Import Wizard appends a number to the end of any
duplicated folder names to indicate the number of copies.
Rights
Crystal Enterprise enforces security through object rights, which differ from the
user rights used within Seagate Info. Consequently, the Crystal Import Wizard
does not import any of the folder security that is set up within the Seagate Info
environment.
If you transfer reports from Seagate Info to Crystal Enterprise, the rights associated
with the report are not transferred, only the ownership. If the owner of a report is
the Administrators group, the Administrators group will have Full Control access
to it. If the owner of the report is not an administrator, the report will be transferred
and the View On Demand access mode will be associated with the report.
Other objects
The Crystal Import Wizard cannot import Seagate Info objects that are not
supported by Crystal Enterprise. Such objects include report packages, query
objects, Info cubes, Open OLAP cubes, Holos Applications, Crystal reports based
on query files, and Crystal reports based on Info Views.
The Crystal Import Wizard does not import existing instances or existing schedule
information from Seagate Info systems. Any scheduled jobs, such as recurring
instances, will need to be rescheduled in Crystal Enterprise.
89
90
6 Click Next.
The Specify destination environment dialog box appears.
7 In the APS Name field, type the name of the destination environments Crystal
APS.
8 Type the User Name and Password of an Enterprise account that provides you
with administrative rights to the Crystal Enterprise system; then click Next.
91
This example imports all but one of the users in the Seagate Info Administrators
group.
4 If you chose to import folders and objects, the Select Folders and Objects
dialog box appears. Select the check boxes for the folders and reports that you
want to import. Then click Next.
Tip: If the source environment is Crystal Enterprise 8 or later, you can also
choose to Import all instances of each selected report.
This example imports the Seagate Info Samples folder and a subset of its
contents.
92
5 When the Information collection complete dialog box appears, click Finish
to begin importing the information.
The Import Progress dialog box displays status information and creates an
Import Summary while the Crystal Import Wizard completes its tasks.
6 If the Import Summary shows that some information was not imported
successfully, click View Detail Log for a description of the problem.
Otherwise, click Done.
Note: The information that appears in the Detail Log is also written to a text
file called ImportWiz.log, which you will find in the directory from which the
Crystal Import Wizard was run. By default, this directory is:
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\
93
94
95
96
Click the link that corresponds to the folder or other object whose rights you want
to see, then click the objects Rights tab. A page similar to the following appears:
This example shows the rights for the Report Samples folder. The Name column
lists all users and groups who have been given rights to the object. The Object
column shows whether the entry is a User or a Group. In this case, users have not
been specified individually; instead, users have been divided into two groups
Everyone and Administratorswhich have been granted rights to the folder
object. Click Add/Remove to add or remove a user or group to this object.
The Access Level column shows how each users or groups rights are determined.
In this example, both groups possess Inherited Rights. You can change the rights
for either group by selecting a predefined access level (or by selecting Advanced)
from the list in the Access Level column. When you change an entry in the Access
Level column, click Update to effect your changes. For more information, see
Setting common access levels on page 98.
The Net Access column displays the net effect of whatever is selected in the Access
Level column. That is, the Net Access column shows the effective rights that each
user or group has to the object. The Net Access column is particularly useful when
you are working with inheritance. In this example, the Everyone group inherits
rights from a parent folderone that is not displayed on this screen. The Net
Access column shows that the rights inherited from the parent folder are
equivalent to the View On Demand access level.
Tip: If you want to view the individual object rights that make up a users (or
groups) Net Access, click the corresponding Access Level list and select Advanced.
The Advanced Rights page displays the users full array of object rights that have
been specified explicitly and/or inherited. Click Cancel to exit without making
changes. For more information, see Setting advanced object rights on page 100.
For detailed tutorials that walk you through sample implementations of object
rights, see Customizing a top-down inheritance model on page 108.
97
98
pause the scheduling of instances that they own. They can also schedule to
different formats and destinations, set parameters and database logon
information, pick servers to process jobs, add contents to the folder, and copy
the object or folder.
View On Demand
In addition to the rights provided by the Schedule access level, the user gains
the right to refresh data on demand against the data source.
Full Control
This access level grants all of the available advanced rights. It is the only access
level that allows users to delete objects (folders, objects, and instances). This
access level also allows users to modify all of the objects properties, including
the object rights that are set on the folder or object.
Basically, this access level is designed to provide a user or group with
administrative control over one or more folders or objects. Users can then log
on to the CMC and add, edit, and remove content as required, without being
members of the actual Administrators group.
Advanced
This access level does not include a predefined set of object rights. Instead, it
allows you to customize a users or groups access to an object by selecting from
the complete range of available object rights. For more information, see Setting
advanced object rights on page 100.
For a detailed listing of the object rights that make up each access level, see Object
Rights and Access Levels on page 273.
Note: In the Crystal Enterprise Web Developers Guide, access levels are referred to
as roles.
99
100
The first two options specify which types of inheritance affect the Guest users
rights to this object. In this example, the Guest user cannot inherit rights by virtue
of group membership. But, the Guest user may inherit any rights that he or she has
been granted to this reports parent folder.
The remainder of the Advanced Rights page lists all available object rights and
shows how each right applies to the Guest user. To customize the overall security
levels, you can explicitly grant or deny any given right, or you can specify that you
want certain rights to be inherited.
The Inherited column serves as an indicator to show how inherited rights affect the
Guest users effective rights to this report object. A user or group can be granted or
denied a right by virtue of inheritance. In addition, some rights may remain not
specifiedthat is, they are neither granted nor denied. If an inherited right is
101
102
On the Advanced Rights pages, you will find that all of the available rights are
displayed for every object on the system. For example, the rights displayed for a
folder object seem to correspond exactly to the rights displayed for a report object,
even though object-specific rights such as Refresh the reports data do not apply
to folder objects.
Available rights are displayed for every object on the system for purposes of
inheritance, so that you can set object security at the folder level (rather than
repeating the same settings for every object in the folder). Although certain objectspecific rights do not strictly apply to the folder object itself, these rights may apply
to objects that inherit rights from the folder. In other words, the Refresh the reports
data right is displayed for the folder object so that you can grant a user the right to
refresh the data in all reports for which the user inherits rights from this folder.
Note: This is only one type of object inheritance. For more information, see
Group and folder inheritance on page 103.
103
When group inheritance is enabled for a user who belongs to more than one group,
the rights of both groups are considered when the system checks credentials. The
user is denied any right that is explicitly denied in any group, and the user is
denied any right that remains completely not specified; thus, the user is granted
only those rights that are granted in one or more groups (explicitly or through
access levels) and never explicitly denied.
Folder inheritance allows users to inherit any rights that they have been granted on
an objects parent folder. Folder inheritance proves especially powerful when you
organize Crystal Enterprise content into a folder hierarchy that reflects your
organizations current security conventions. For example, suppose that you create a
folder called Sales Reports, and you provide your Sales group with View On Demand
access to this folder. By default, every user that has rights to the Sales Reports folder
will inherit the same rights to the reports that you subsequently publish to this folder.
Consequently, the Sales group will have View On Demand access to all of the reports,
and you need only set the object rights once, at the folder level.
Note: If you need to disable or modify inheritance patterns for a particular folder
or object within your folder hierarchy, you can do so with access levels or with
advanced rights.
104
105
106
When you disable folder inheritance for a user, you reduce this algorithm to three
steps (1, 3, and 5). When you disable group inheritance for a user, you reduce this
algorithm to three different steps (1, 2, and 5). In both cases, the APS grants the user
only those rights that are explicitly granted in one or more locations and never
explicitly denied.
This pseudocode is provided as another way to illustrate and describe the
algorithm that the APS follows in order to determine whether a user is authorized
to perform an action on a particular object:
IF {
(User granted right to object = True)
OR [
(Inherit Parent Folder Rights = True) AND (User granted right to
parent folder = True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to object =
True)
]
OR [
(Inherit Group Rights = True) AND (Group granted right to parent
folder = True)
]
}
AND {
(User denied right to object = False)
AND [
(Inherit Parent Folder Rights = False)
OR ((Inherit Parent Folder Rights = True) AND (User denied right to
parent folder = False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to object
= False))
]
AND [
(Inherit Group Rights = False)
OR ((Inherit Group Rights = True) AND (Group denied right to parent
folder = False))
]
}
THEN
{
User action authorized = True
}
ELSE
{
User action authorized = False
}
107
108
You can use your own Enterprise, NT, or LDAP groups when following along with
these tutorials, or you can create new groups that correspond to those used in the
tutorial. For details on setting up these groups and subgroups, see Creating
groups for the tutorials on page 109.
In each tutorial, you will specify the object rights that particular groups have to
certain folders on the system. By making all of your security settings at the group
and folder levels, you reduce the administrative efforts now and later. After
finishing each tutorial, you may decide to add users to each group and to publish
objects to each folder. If you do so, each user will inherit the appropriate rights for
every folder and object on the system.
109
4 In the Description field, type This group contains all users who work in
Marketing.
5 Click OK.
The Marketing group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
6 Repeat steps 1 to 5 to create another group called Sales. Use this description
for the group: This group contains all users who work in Sales (worldwide).
5 Click OK.
The Sales USA group is added to the system and the page is refreshed.
Tip: Click the Users tab if you want to add your own users to this group.
110
8 Click OK.
You are returned to the Member of tab. The Sales USA group is now a
member (or subgroup) of the Sales group.
9 Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials.
Use the following values for the Group Name and Description fields:
Group Name
Description
Sales Japan
Sales Managers
Sales Report
Designers
111
If you now return to the Groups management area of the CMC, all of the new
groups are displayed as follows:
You are now ready to proceed to either of the object security tutorials:
Setting up an open system of decreasing rights.
Setting up a closed system of increasing rights on page 131.
112
By default, the Everyone and the Administrators groups are granted access to
this folder. You now need to reduce the rights of the Everyone group and to
increase the rights of the Sales Managers.
113
3 Click the Access Level list that corresponds to the Everyone group, and select
View.
4 Click Update.
The rights for the Everyone group are reduced and the View access level is now
displayed in the Net Access column.
Now you will customize the top-level rights for the Sales Managers group.
5 Click Add/Remove.
The Add/Remove page appears.
114
Now, your system meets your first three security requirements. The Everyone,
Administrators, and Sales Managers groups will initially inherit these rights for any
folders, subfolders, or reports that you subsequently publish to Crystal Enterprise.
You might, for instance, create folders for all of your generally accessible inventory
reports, customer list reports, purchasing order reports, and so on.
Now that you have created an open basis for your object security model, you will
proceed to restricting access to certain folders within the system.
115
7 In the Access Level column, select the following rights for each group:
Administrators: (Inherited Rights)
Everyone: No Access
Sales Managers: No Access
8 Click Update.
The Net Access column shows that you have secured this folder from all users
other than Administrators.
Next, you will grant the Marketing group Full Control access to this folder.
9 Click Add/Remove.
The Add/Remove page appears.
116
The Marketing group is granted access to the folder. You need to change the
default setting to grant them Full Control access.
13 Click the Access Level list that corresponds to the Marketing group, and select
Full Control.
14 Click Update.
The Net Access column shows that you have granted the Marketing group Full
Control access to this folder.
Members of this group now have the ability to perform all tasks in this folder. They
can add and delete reports, folders, and subfolders, and they can view, schedule,
and export reports to all available destinations and formats.
To complete this tutorial, you need to customize the rights that various Sales
groups have to a hierarchical set of Sales folders. Before setting the rights for each
group, you will see how to create multiple folders quickly when you publish a set
of reports to Crystal Enterprise.
117
2 Arrange your reports (.rpt files) in the new folders on your local hard drive.
If you do not have any of your own reports, use some of the sample reports
included with Crystal Enterprise. The sample reports are typically installed to
C:\Program Files\Crystal Decisions\Enterprise\Samples\<language>\Reports
(replace <language> with en, de, fr, or jp, depending upon your version of
Crystal Enterprise).
Note: To complete this procedure, you must place at least one report file in
each of the folders that you have created on your local hard drive. Otherwise,
the Crystal Publishing Wizard will not create the appropriate directories on
the Crystal Enterprise system.
118
3 From the Crystal Enterprise Programs group, start the Crystal Publishing
Wizard and, when it appears, click Next.
4 In the Select A File dialog box, select the Add multiple reports check box to
view the entire set of options.
5 Click Find Directory to access the Browse for Folder dialog box.
6 Select the top level Worldwide Sales folder that you created on your local
hard drive, and click OK.
You are returned to the Select A File dialog box.
119
7 Select the Include subfolders check box, and then click Add Directory.
All of the reports are added to the list.
120
10 Select Yes to duplicate the local folder hierarchy on the Crystal Enterprise
system; then click Next.
11 In the APS folder dialog box, click New Folder.
12 Name the folder Worldwide Sales and ensure that it is located at the top of the
directory tree, as shown here:
13 Click Next.
The Location Preview dialog box appears. You can see here that the Regional
Sales folders will be created below the Worldwide Sales folder, and the
121
14 Click Next.
15 Proceed through the rest of the Crystal Publishing Wizard and make any
desired changes to your reports.
Tip: If you are publishing sample reports for the purpose of this tutorial, click
Next to accept all the default values. For more information on the rest of the
Crystal Publishing Wizard, see Publishing with the Crystal Publishing
Wizard on page 75.
When the Crystal Publishing Wizard has added the reports and folders to the
system, it displays a summary:
122
123
7 In the Access Level column, select the following rights for each group:
Administrators: Inherited Rights
Everyone: No Access
Sales: View
Sales Managers: Inherited Rights
Sales Report Designers: This group requires additional rights to publish
content to this folder. You will use advanced rights to make these changes
in the next procedure. For now, leave the Access Level list with the default
settings.
8 Click Update.
The Net Access column is updated to show your new security settings.
You now need to grant the Sales Report Designers group a set of advanced rights,
so group members can administer all the Sales folders.
124
You will use this page to grant group members a high level of control over the
folder and its contents. However, you will not let any group member delete
objects that have been added to a Sales folder.
3 To ensure that you completely break all inheritance patterns, clear these two
check boxes:
Respect current security by inheriting rights from parent groups
Respect current security by inheriting rights from parent folders
4 Click Apply.
Now that you have disabled all rights inheritance, the advanced rights that you
specify will be the only rights that group members have to the folder.
125
7 Click OK.
You are returned to the Rights tab for the Worldwide Sales folder. The Net
Access column now shows that the Sales Report Designers group has
Advanced rights to this folder.
126
Tip: Click the Advanced link in the Net Access column when you need to review or
modify a set of advanced rights that have already been applied to a user or group.
Now that you have set object rights on the uppermost Sales folder, you will
proceed to decrease rights as you descend the folder hierarchy.
2 Click Add/Remove.
127
128
As required, the Sales Japan and the Sales Managers groups have View On
Demand access, which allows them to refresh reports against the database to view
the latest data. The Sales Report Designers retain their advanced rights, and all
other users are prevented from accessing the folder (except for Administrators).
8 Repeat steps 1 to 6 for the Regional Sales - USA folder, but grant View On
Demand access to the Sales USA group (instead of to the Sales Japan group).
When you have finished, the Rights tab of the Regional Sales - USA folder
should look like this:
You are now ready to complete the tutorial by customizing security for the final
level of Sales foldersthe Managers Only folders.
129
5 Go to the Regional Sales - USA folder and click its Subfolders tab.
6 Click the link to the Managers Only folder and click its Rights tab.
7 In the Access Level column, select the following rights for each group:
Administrators: Inherited Rights
Everyone: Inherited Rights
Sales: Inherited Rights
Sales Managers: Full Control
Sales Report Designers: Inherited Rights
Sales USA: No Access
8 Click Update. The Rights tab of this Managers Only folder shows again that
the Administrators, Sales Managers, and Sales Report Designers groups all
have Full Control access to the folder. Members who do not belong to one of
these groups are completely restricted from the folder.
130
131
Now, your system meets your first two security requirements. The Everyone
group is prevented from seeing all subsequently published content, and the
Administrators group retains Full Control in order to maintain the system.
Now that you have created a closed basis for your object security model, you will
increase access to certain folders within the system.
132
133
Now you need only create folders for the regional reports and grant access to the
appropriate regional Sales groups.
134
10 Click Update.
The Rights tab now shows that the Sales Japan group has View access to this
folder and to any objects that you subsequently publish to it. The
Administrators, Everyone, and Sales Managers groups automatically inherit
the appropriate rights for this folder.
11 Repeat this procedure to create a subfolder called Regional Reports - USA and
to provide the Sales USA group with View access to the folder.
When you finish, the Rights tab of the Regional Reports - USA folder shows that
you have set the rights as required for this tutorial.
135
136
137
138
Typically, report objects are designed such that you can create several instances
with varying characteristics. You can schedule a report object to have several
instances. For example, if you run a report object with parameters, you can
schedule one instance that contains report data that is specific to one department
and schedule another instance that contains information that is specific to another
department, even though both instances originate from the same report object.
Changes that are made to the report object affect the scheduled instances. These
changes also affect instances that users schedule through a Crystal Enterprise
application, such as ePortfolio or a custom web application.
The sections that follow explain how to manage either a report object or an instance
of a report object.
139
3 In the File name field, type the full path of the report.
To search for a path, click Browse.
4 If you do not want the user to see a thumbnail preview of the report in
ePortfolio, clear the Generate thumbnail for the report check box.
Tip: To display thumbnails for a report, you must save the report with data
and select the Save preview picture check box in Crystal Reports. To locate
this check box in Crystal Reports 8.x, open a report and click Summary Info on
the File menu. The Save Data with Report option is also available on the File
menu.
5 Ensure that the correct folder name appears in the Destination field.
Tip:
To expand a folder, select it and click Show Subfolders.
To search for a specific folder, use the Look For field.
If there are many folders on your system, click the Previous and Next
buttons to navigate through the list of folders.
6 Click OK.
Note: When the object has been added to the system, the CMC displays the
Properties screen. You can now modify the objects properties, such as its title
and description, the database logon information, scheduling information, user
rights, and so on. For more information, see Managing a report object and its
instances on page 146.
140
141
Tip: You may want to create a shortcut if you want to give someone access to a
report object without giving them access to the entire folder that the report
object is located in. After you create the shortcut, users who have access to the
folder where the shortcut is located can now be able to access this report object
and its instances. For more information on folder rights, see Specifying folder
rights on page 68.
5 Select the appropriate destination folder; then click OK.
Tip:
To expand a folder, select it and click Show Subfolders.
To search for a specific folder, use the Look For field.
If there are many folders on your system, click the Previous and Next
buttons to navigate through the list of folders.
142
Depending upon the functionality that you have written into the extension, copy
the library onto the following machines:
If your processing extension intercepts schedule requests only, copy your
library onto each machine that is running as a Job Server.
If your processing extension intercepts view requests only, copy your library
onto each machine that is running as a Page Server.
If your processing extension intercepts schedule and view requests, copy your
library onto each machine that is running as a Job Server and/or as a Page
Server.
Note: If the processing extension is required only for schedule/view requests
made to a particular Server Group, you need only copy the library onto each Job
Server/Page Server in the group.
3 In the Name field, type a display name for your processing extension.
4 In the Location field, type the file name of your processing extension along
with any additional path information:
If you copied your processing extension into the default directory on each of
the appropriate machines, just type the file name (but not the file extension).
If you copied your processing extension to a subfolder below the default
directory, type the location as: subfolder/filename
Note: Although the actual file name must include the .dll or .so extension (as
appropriate to the servers operating system), you must not include the file
extension in the Location field.
5 Use the Description field to add information about your processing extension.
6 Click Add.
Tip: You can now select this processing extension to apply its logic to particular
objects.To delete a processing extension, select its check box and click Delete.
143
144
To delete a report
1 Go to the Objects management area of the CMC.
The Objects page appears.
2 Select the check boxes associated with the report object.
3 Click Delete.
4 Click OK.
145
3 Select your search criteria in the Field Name list and Matching method list.
4 Complete the Text to search for field; then click Search.
146
The Preview button enables you to view a report on demand with all of your
current report settings. The report will be generated from saved data; if there is no
saved data available (for example, if there are no instances of the report), Crystal
Enterprise will connect to the specified database to obtain the necessary data
required for generating the report. In order to use the Preview function, the user
will need to have rights at the Schedule level or higher. (To preview a report with
147
saved data, the user will need to have rights at the View level or higher.) By
default, administrators have rights at the Full Control level (the highest rights
setting) for all report objects.
When you click the Refresh button, the page will be updated with the latest
information. The Show thumbnail check box is selected by default. If you do not
want a thumbnail preview of this report to be available in ePortfolio or another
web application, clear the Show thumbnail check box.
Note: A thumbnail is a graphical representation of the first page of a report. If the
original report does not contain a thumbnail, then a thumbnail will not be stored
on Crystal Enterprise.
In the Properties page, you have the option of specifying the default job servers
that Crystal Enterprise will use when scheduling and processing report instances.
You can also specify the default job servers for Crystal Enterprise to use when you
view a report. You can choose your settings so that Crystal Enterprise will use the
first available server, attempt to use the servers belonging to a selected group first
(and, if the servers from that group arent available, use any available server), or
use only servers that belong to a specific group.
By selecting a particular server or server group, you can balance the load of your
scheduling or viewing, as specific reports can be processed using specific job servers.
You must first create server groups by going to the Server Groups management area
in the CMC before you are able to select servers that belong to a selected group. You
can also set the maximum number of jobs a job server will accept. For more
information, see Modifying the number of jobs per Job Server on page 222.
Note: If you choose the Use the first available server option, the Automated
Process Scheduler (APS) will check the job servers to see which one has the lowest
load. The APS does this by checking the percentage of the maximum load on each
job server. If all of the job servers have the same load percentage, then the APS
will randomly pick a job server.
148
149
150
Updating parameters
Parameter fields (with preset values) enable users to view and to specify the data
that they want to see. If a report contains parameters, you can set the default
parameter value for each field or fields (which is used whenever a report instance
is generated). Through a Crystal Enterprise application such as ePortfolio, your
users are either able to use the report with the preset default value(s) or choose
another value or values. If you do not enter a default value, users will have to
choose a value when they schedule the report.
Note: The Parameters tab is available only if the report object contains parameters.
3 Under the Value column, select the value associated with the parameter you
want to change.
Depending on the parameter value type, you either enter a value in the field or
choose a value from a list. If there is a list, you can also click Edit to enter a new
value.
4 Select the Clear the current parameter value(s) check box if you want to clear
the current value that is set for the specified parameter.
5 Select the Prompt the user for new value(s) when viewing check box if you
want your users to be prompted when they view a report instance through a
Crystal Enterprise application such as ePortfolio.
6 Click OK.
7 Click Update.
151
Using filters
In the Filters page, you set the default selection formulas for the report. Selection
formulas are similar to parameter fields in that they are used to filter results so that
only the required information is displayed. Unlike parameters, end users will not
be prompted for selection formula values when they view or refresh the report.
When users schedule reports through a web-based client such as ePortfolio, they
can choose to modify the selection formulas for the reports. By default, if any
formulas are set in the CMC, they will be used by the web-based client. For more
information on selection formulas, see the Crystal Reports Users Guide.
In addition to changing selection formulas, if you have developed your own
processing extensions, you can select the processing extensions that you want to
apply to your report. For more information, see Applying processing extensions
to reports on page 142. When you use filters in conjunction with processing
extensions, a subset of the processed data is returned. Selection formulas and
processing extensions act as filters for the report.
To use filters
1 In the Objects management area of the CMC, select a report object by clicking
its link.
2 Click the Filters tab.
The Filters tab appears.
152
Scheduling on demand
When you select the schedule On Demand option, a report instance runs only
when users schedule a report through their web application (ePortfolio or a
custom web application). For more information on ePortfolio, see the Crystal
Enterprise ePortfolio Users Guide.
153
154
155
156
157
6 Click Schedule to schedule the report; click Update to update the schedule
information.
158
159
160
will be run on the 15th of every month). If you use 31 as your value for N,
then the report will run only on months that have 31 days, and skip the
months that dont have 31 days. Similarly, if you choose either 29, 30, or 31
for N, the report will skip February (on non-leap years). If you wish to have
a report run on the last day of every month, select On the last day of the
month, with events in the Run list.
You specify a start date in the Start Date area and an optional end date for
the report in the End Date area. To select a date, you can either enter a date
in the date field, or click the Popup Calendar button to select a date from
the calendar that appears in a separate window.
On the X of the Nth week of the month
When you select this option, the report will be run once a month. You select
the day of the week and which week the report will be run. Select a day of
the week from the Where X list and the particular week of the month from
the Where N list. By default, reports will be run on Monday (X) of the first
(N) week of the month. You also specify a start date in the Start Date area
and an optional end date for the report in the End Date area. To select a date,
you can either enter a date in the date field, or click the Popup Calendar
button to select a date from the calendar that appears in a separate window.
On the X of the Nth week of the month, with events
Choose this option to use the event or events that you have already defined.
When you select this option, the report will be run once a month. You select
the day of the week and which week the report will be run. Select a day of
the week from the Where X list and the particular week of the month from
the Where N list. By default, reports will be run on Monday (X) of the first
(N) week of the month. You also specify a start date in the Start Date area
and an optional end date for the report in the End Date area. To select a date,
you can either enter a date in the date field, or click the Popup Calendar
button to select a date from the calendar that appears in a separate window.
Every N months
For this option, a report will be run every set number of months. By default,
the Where N is field has a value of one, so a report will be run every
month. You specify a start date in the Start Date area and an optional end
date for the report in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
Every N months, with events
Choose this option to use the event or events that you have already defined.
For this option, a report will be run every set number of months. By default,
the Where N is field has a value of one, so a report will be run every
month. You specify a start date in the Start Date area and an optional end
date for the report in the End Date area. To select a date, you can either
enter a date in the date field, or click the Popup Calendar button to select a
date from the calendar that appears in a separate window.
161
162
163
5 In the Available Events area, select from the list of events and click Add.
For example, the report above is set to wait for a Custom-based event to occur
before the report is processed.
6 Click Schedule to schedule the report; click Update to update the schedule
information.
164
5 In the Available Schedule Events area, select from the list of events and click
Add.
For example, the report above is set to trigger a Schedule-based event only if the
report is successfully processed.
Note: You can only select schedule-based events in this list.
6 Click Schedule to schedule the report; click Update to update the schedule
information.
165
Selecting a destination
Using Crystal Enterprise, you can specify the output destination of a scheduled
report. By default, when you schedule a report, the report instances will be saved
on the File Repository Server (FRS). The option to choose a destination provides
you with the flexibility to deliver reports across your enterprise solution in
different and applicable ways. For example, you are able to schedule reports that
will be sent via email to other users. You can also schedule reports that, upon
generation, will be printed.
When users schedule objects to specific destinations (other than the default FRS
location), Crystal Enterprise generates a unique name for each output file. To
generate a file name, users can use a combination of ID, name or title of the object,
owner information, or the date and time information.
The following destination support locations are available:
Default destination support on page 166
Unmanaged disk destination support on page 167
FTP support on page 168
Email (SMTP) support on page 170
Printer support on page 172
Note: You can change your destination settings either in the Crystal Management
Console (CMC) or in ePortfolio. When you specify the destination settings through
the CMC, these settings are also reflected in the default scheduling settings for
ePortfolio; that is, if a user selects the Default destination setting in ePortfolio, the
report will be delivered to the specified destination (set by the CMC).
166
167
4 Select either Use the Crystal Job Servers defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule a report using the
Job Servers default settings. You can change these settings in the Servers
management area. For more information, see Setting default scheduling
destinations for Job Servers on page 223.
If you select the second option, you can set the file name properties and enter
user information:
Destination Directory
Enter a local location, mapped location, or a UNC path.
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
Specified File Name
Select this option if you want to specify a file nameyou can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add. When the instance is run, the
variable will be replaced with the specified information from the instance.
For example, if you add the variable Owner, when you schedule the
report, the file name of report will include the report owners name.
User Name
Specify a user who has permission to write files to the destination directory.
Password
Type the password for the user.
5 Click Update.
FTP support
Crystal Enterprise enables you and your users to schedule a report to a File
Transfer Protocol (FTP) server. To connect to the FTP server, you must specify a
user who has the necessary rights to upload files to the server.
Note: You must have this destination feature enabled in the Job Server in order to
schedule a report to an FTP server.
168
4 Select either Use the Crystal Job Servers defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule a report using the
Job Servers default settings. You can change these settings in the Servers
management area. For more information see Setting default scheduling
destinations for Job Servers on page 223.
If you select the second option, you can set the FTP and file name properties:
Host
Enter the FTP host information.
Port
Enter the FTP port number (the default is 21).
FTP User Name
Specify a user who has the necessary rights to upload a report to the FTP
server.
169
FTP Password
Enter the users password.
Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
Destination Directory
Enter the FTP directory that you want the report to be saved to.
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
Specified File Name
Select this option if you want to enter a file nameyou can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
5 Click Update.
170
4 Select either Use the Crystal Job Servers defaults or Set the values to be used
at schedule time here.
If you select the first option, Crystal Enterprise will schedule a report using the
Job Servers default settings. You can change these settings in the Servers
management area. For more information, see Setting default scheduling
destinations for Job Servers on page 223.
171
If you select the second option, you can specify the email settings and the file
name properties:
From
Enter a return address.
To
Enter an address or addresses that you wish to send the report to.
Cc
Enter an address or addresses that you wish to send a carbon copy of the
report to.
Subject
Complete the subject field.
Message
Type a short message, if required.
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
Specified File Name
Select this option if you want to enter a file nameyou can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
5 Click Update.
Printer support
You can specify printers that are referenced from within Crystal Enterprise as your
report destination. Enter the name of your printer (and the path) when you specify
the destination for your report. By selecting the Printer destination, Crystal
Enterprise prints your report after it is processed.
Note: If you select Printer as your destination, the report must be scheduled using
the Crystal Reports format. For information on formats, see Choosing a format
on page 173.
172
4 Complete the Printer Name field (with the path/name of your printer), select
the number of copies, and choose the print page range.
If your Job Server is using Windows, in the Printer Name field, type:
\\printserver\printername
Where printserver is the name of your printer server, and printername is the
name of your printer.
If your Job Server is running on UNIX, in the Printer Name field, type the print
command that you normally use. For instance, type:
lp -d printername
Note: Ensure that the printer you are using (on UNIX) is shown and not
hidden.
5 Click Update.
Choosing a format
You can select the format that a report will be saved in when it is generated by
Crystal Enterprise. This format will be saved to the destination you have selected
for the report object and its instances. For more information on destinations, see
Selecting a destination on page 166. You can select from the following formats:
Crystal Report
Excel
Word
Acrobat
Rich Text
Plain Text
173
Paginated Text
Tab-separated Values
Character-separated Values
For Excel, Paginated Text, Tab-separated Values, and Character-separated Values,
you specify certain formatting properties for the report. For example, if you select
Character-separated Values, you can enter characters for the separator and
delimiter; you can also select the two check boxes: Same number formats as in
report and Same date formats as in report.
Note: If you select Printer as your destination, the report must be scheduled using
the Crystal Report format.
174
(including any objects found within the subfolders). For information on setting
folder limits, see Setting limits for folders, users, and groups on page 70.
Note: When you set the limits at the report object level, the report object will
override the limits set for the folder; that is, the report object will not inherit the
limits of the folder.
3 Make your settings according to the types of limits you want to set for your
report instances. The options are as follows:
Delete excess instances when there are more than N instances of an object
To limit the number of instances per object, select this check box. Then type
the maximum number of instances that you want to remain on the system.
(The default value is 100.)
Delete excess instances for the following users/groups
To limit the number of instances for users or groups, click Add/Remove in
this area. Select from the available users and groups and click OK. Then
type the maximum number of instances in the Instance Limit column. (The
default value is 100.)
Delete instances after N days for the following users/groups
To limit the number of days that instances are saved for users or groups,
click Add/Remove in this area. Select from the available users and groups
and click OK. Then type the maximum age of instances in the Maximum
Days column. (The default value is 100.)
4 Click Update.
175
176
3 Change the access level for a group or user by selecting a right from the
appropriate list in the Access Level column; then click Update.
If you select Advanced from the list, you grant or deny granular rights from the
Advanced Rights page. If this page doesnt appear automatically after you click
Update, click the Advanced link (in the Net Access column). For more
information, see Setting advanced object rights on page 100.
177
178
Managing Events
10
179
180
File-based events
File-based events wait for a particular file (the trigger) to appear before the event
occurs. Before scheduling a report that waits for a file-based event to occur, you
must first create the file-based event in the Events management area of the CMC.
Then you can schedule the report and select this event. For more information on
scheduling a report with events, see Scheduling a report with events on page 163.
File-based events are monitored by the Event Server. When the file that you specify
appears, the Event Server triggers the event. The Automated Process Scheduler
(APS) then releases any schedule requests that are dependent on the event.
For instance, suppose that you want your daily reports to run after your database
analysis program has finished and written its automatic log file. To do this, you
specify the log file in your file-based event, and then schedule your daily reports
with this event as a dependency. When the log file appears, the event is triggered
and the reports are processed.
Note: If the file already exists prior to the creation of the event, the event is not
triggered. In this case, the event is triggered only when the file is removed and
then recreated. If you want an event to be triggered multiple times, you must
remove and recreate the file each time.
181
Schedule-based events
Schedule-based events
Schedule-based events are dependent upon scheduled reports. That is, a schedulebased event is triggered when a particular report has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
report, or it can be based simply on the completion of the job.
Most importantly, you must associate your schedule-based event with at least two
scheduled reports. The first report serves as the trigger for the event: when the
report is processed, the event occurs. The second report is dependent upon the
event: when the event occurs, this second report runs. For more information on
scheduling reports with events, see Scheduling a report with events on page 163.
For instance, suppose that you want reports A and B to run only after report C has
run. To do this, you create a schedule-based event in the Events management area.
You specify the Success option for the event, which means that the event is
triggered only when report C runs successfully. Then, you schedule reports A and
B with events, and select your new schedule-based event as the dependency.
Schedule report C with events, and set report C to trigger the schedule-based event
upon successful completion. Now, when report C runs successfully, the schedulebased event is triggered, and reports A and B are subsequently processed.
182
183
Custom events
Custom events
A custom event occurs only when you explicitly click its Trigger this event
button. As with all other events, a report based on a custom event runs only when
the event is triggered within the time frame established by the reports schedule
parameters. Custom events are useful because they allow you to set up a shortcut
that, when clicked, triggers any dependent schedule requests.
Tip: When developing your own web applications, you can trigger Custom events
from within your own code, as required. For details, see the Crystal Enterprise Web
Developers Guide.
For instance, you may have a scenario where you want to schedule a number of
reports, but you want to run them after you have updated information in your
database. To do this, create a new custom event, and schedule the reports with that
event. When you update the data in the database and you need to run the reports,
return to the event in the CMC and trigger it manually. Crystal Enterprise then
runs the reports. For more information on event-based scheduling, see
Scheduling a report with events on page 163.
Note: You can trigger a custom event multiple times. For example, you might
schedule two sets of event-based reports to run dailyone set runs in the morning,
and one set runs in the afternoon. When you first trigger the related custom event in
the morning, one set of reports is run; when you trigger the event again in the
afternoon, the remaining set of reports is run. If you neglect to trigger the event in
the morning and trigger it only in the afternoon, both sets of reports run at that time.
184
11
185
The servers are services that run on Windows machines and daemons that run
on UNIX machines. These services can be vertically scaled to take full advantage
of the hardware that they are running on, and they can be horizontally scaled to
186
Client tier
The client tier is the only part of the Crystal Enterprise system that administrators
and end users interact with directly. This tier is made up of the applications that
enable people to administer, publish, and view reports and other objects.
ePortfolio
ePortfolio is the web-based interface that end users access to view, schedule, and
keep track of published reports. Each Crystal Enterprise request that a user makes
in ePortfolio is directed by the web server to the Web Connector, which then
forwards the request to the Web Component Server.
ePortfolio also serves as a demonstration of the ways in which you can use the
Crystal Enterprise Software Development Kit (SDK) to create a custom web desktop
for end users. For more information about the SDK, see the Crystal Enterprise Web
Developers Guide. You can access the guide by clicking its link on the Crystal
Enterprise Launchpad.
Note: Crystal Enterprise supports reports created in versions 6 through 8.5 of
Crystal Reports. Reports created using version 6 and 7 of Crystal Reports appear
in version 8 format when they are launched from ePortfolio.
187
Client tier
188
Intelligence tier
The intelligence tier manages the Crystal Enterprise system. It maintains all of the
security information, sends requests to the appropriate servers, and stores report
instances.
189
Intelligence tier
Web Connectors
To communicate with the different types of web servers, the WCS uses a Web
Connector. Crystal Enterprise includes different Web Connectors for different
operating systems and web servers.
If you are running multiple WCS machines, the Web Connector automatically
balances the load across the available servers. Each subsequent Crystal Enterprise
request is sent to the least used WCS. For details about fault-tolerance as it
relates to security, see Ticket mechanism for distributed security on page 26.
For details on installing and configuring Web connectors, see the Crystal Enterprise
Installation Guide. For additional troubleshooting steps, see Troubleshooting path
mappings on page 297.
190
The APS database should not be accessed directly. System information should
only be retrieved using the API calls that are provided in the Crystal Enterprise
Software Development Kit (SDK). See the Crystal Enterprise Web Developers
Guide for details.
On Windows, the Setup program can install and configure its own Microsoft Data
Engine (MSDE) database if necessary. APS clustering is automatically supported
by the default MSDE database. MSDE is a client/server data engine that provides
local data storage and is compatible with Microsoft SQL Server. If you already
have the MSDE or SQL Server installed, the installation program uses it to create
the APS database. You can migrate your default APS database to a supported
database server later.
For details about configuring the APS, its database, and APS clusters, see
Configuring the intelligence tier on page 204.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the APS that
the file-based event has occurred. The APS then starts any jobs that are dependent
upon your file-based event.
After notifying the APS of the event, the Event Server resets itself and again
monitors the directory for the appropriate file. When the file is newly created in the
monitored directory, the Event Server again triggers your file-based event.
191
Processing tier
Cache Server
The Cache Server is responsible for handling all viewing requests from the WCS.
The Cache Server checks whether or not it can fulfill the request with a cached
report page. If it cannot, it passes the request along to the Page Server. The Page
Server runs the report and returns the results to the Cache Server. The Cache
Server then caches the information and returns the data to the WCS. By storing
report pages in a cache, Crystal Enterprise avoids accessing the database each and
every time a report is requested.
If you are running multiple Page Servers for a single Cache Server, the Cache
Server automatically balances the processing load across Page Servers. For more
information, see Modifying Cache Server performance settings on page 216.
Processing tier
The processing tier accesses the data and generates the reports. It is the only tier
that interacts directly with the databases that contain the report data.
Note: If you install Crystal Analysis, your OLAP data is accessed from the WCS in
the intelligence tier.
Job Server
The Job Server processes scheduled reports, as requested by the APS, and
generates report instances (instances are versions of a report object that contain
saved data). To generate a report instance, the Job Server communicates with the
database to retrieve the current data.
Page Server
The Page Servers primary responsibility is to receive page requests from the
Cache Server and to generate Encapsulated Page Format (EPF) pages. The Page
Server then returns the EPF pages to the Cache Server. The EPF pages contain
formatting information that defines the layout of the report. The data for the report
is saved with the report or retrieved on demand from the database.
192
Data tier
The data tier is made up of the databases that contain the data used in the reports.
Crystal Enterprise supports a wide range of corporate databases.
See the Platforms.txt file included with your product distribution for a complete
list of tested database software and version requirements.
Information Flow
This section describes the interaction of the server components in order to
demonstrate how report-processing is performed. This section covers two
different scenarios:
What happens when you view a report? on page 193
What happens when you schedule a report? on page 194
193
Information Flow
View On Demand rights to the report object, then the Page Server will refresh the
report against the database.
If the user has sufficient rights, the Page Server generates the .epf pages and
forwards them to the Cache Server. The Cache Server then caches the .epf files and
sends them to the WCS.
Once the WCS receives the cached or generated .epf files from the Cache Server, it
forwards the pages through the Web Connector to the users web browser. (If the user
is using the DHTML Viewer, the WCS first converts the .epf file to an HTML page.)
194
12
195
196
For some servers, the Metrics tab includes additional server-specific information:
Input and Output File Repository Servers
The Metrics tab of each File Repository Server lists the root directory of the files
that the server maintains, indicates the maximum idle time, and displays the
number of active files and active client connections. It also lists the total
available hard disk space, as well as the number of bytes sent and received.
Each File Repository Server also has an Active Files tab, which lists the
filename, the number of readers, and the number of writers for each active file.
Web Component Server
The Metrics tab of the Web Component Server (WCS) includes statistical data
about the requests that it handles. It lists the total number of requests, the
current number of requests, the total number of bytes sent, the average bytes
per request, the total time taken, and the average time taken per request. This
information is useful in determining how efficiently the WCS is handling the
requests that are sent to it.
197
Cache Server
The Metrics tab of the Cache Server displays the maximum number of
processing threads, the maximum cache size, the minutes before an idle job is
closed, the minutes between refreshes from the database, whether or not the
database is accessed whenever a viewers file (object) is refreshed, the location
of the cache files, the total threads running, the number of requests served, the
number of bytes transferred, the cache hit rate, the number of current
connections, and the number of requests that are queued.
The Metrics tab also provides a table that lists the Page Servers that the Cache
server has connections to, along with the number of connections made to each
Page Server.
Event Server
The Metrics tab of the Event Server contains statistics on the files that the server
is monitoring. This tab includes a table showing the file name, the number of
clients using the event, and the last time the event occurred.
Page Server
The Metrics tab of the Page Server contains information on how the server is
running. It lists the maximum number of simultaneous processing threads, the
location of temporary files, the number of minutes before an idle job is closed,
the number of current connections, the number of requests queued, the current
number of processing threads running, the total number of requests served,
and the total bytes transferred.
Job Server
The Metrics tab of the Job Server lists the current number of jobs that are being
processed, the total number of requests received, the total number of failed job
creations, the processing mode, and the location of its temporary files.
APS
The Metrics tab of the APS lists only the general information about the machine
it is running on. The Properties tab, however, shows a list of users who have
active sessions on the system. Click any users link to view the associated
account details.
198
Related topics
For more information about licenses and account activity, see Licensing
overview on page 270.
For information about APS clusters, see Clustering Automated Process
Schedulers on page 204.
199
Description
Stopping a server
Starting a server
Restarting a server
For example, if you want to change the name of an APS, or if you want to configure
the WCS to support NT Single Sign On, then you must first stop the server. Once
you have made your changes, you start the server again to effect your changes.
Tip: When you stop (or restart) a server, you terminate the servers Process ID,
thereby stopping the server completely. If you want to prevent a server from
receiving requests without actually stopping the server process, you can also enable
and disable servers. For details, see Enabling and disabling servers on page 201.
200
Action
Start the selected server.
Stop the selected server.
Restart the selected server.
You may be prompted for network credentials that allow you to start and stop
services running on the remote machine.
The CCM performs the action and refreshes the list of servers.
201
2 Select the check box for the server whose status you want to change.
3 Depending upon the action you need to perform, click Enable or Disable.
This dialog box lists all of the Crystal Enterprise servers that are registered with
your APS. By default, servers running on remote machines are displayed as
MACHINE.servertype. So, in this example, LCONNORS02.eventserver is an Event
Server running on a remote machine called LCONNORS02. The server named Input
is the Input File Repository Server running on the local machine. In this
example, all of the listed servers are currently enabled.
202
5 To disable a server, clear the check box in the Server Name column.
This example disables all servers running on LCONNORS02.
203
The majority of the settings discussed here allow you to integrate Crystal Enterprise
more effectively with your current hardware, software, and network configurations.
Consequently, the settings that you choose will depend largely upon your own
requirements.
Note: This section does not show how to configure your web server with the Web
Connector, nor does it show how to set up effective communication between the
Web Connector and the Web Component Server. These tasks are typically
performed when you install Crystal Enterprise. For details, see the Crystal
Enterprise Installation Guide. For further troubleshooting, see Working with
Firewalls on page 259 and Path mapping overview on page 298.
204
support helps to ensure that Crystal Enterprise users can still access information
when there is equipment failure.
This section shows how to add a new APS cluster member to a production system
that is already up and running. When you add a new APS to an existing cluster,
you instruct the new APS to connect to the existing APS database and to share the
processing workload with any existing APS machines. For information about your
current APS and APS cluster, go to the Settings management area of the CMC and
click the Cluster tab.
Before clustering APS machines, note the following clustering requirements:
Run each APS cluster member on the same operating system.
Configure each machine similarly:
Install the same operating system service packs and patches.
Install the same version of Crystal Enterprise (including patches, if
applicable).
Ensure that each APS connects to the APS database in the same manner:
whether you use native or ODBC drivers, ensure that the drivers are the
same on each machine.
Check that each APS uses the same database user account and password to
connect to the APS database.
Run each APS service/daemon under the same account. (On Windows, the
default is the LocalSystem account.)
Install each and every APS cluster member on the same subnet.
If the database server is multihomed, add one of its valid IP addresses to the
hosts file on each APS machine. This ensures that each cluster member
communicates with the database on the same IP address, without relying upon
a WINS server for name to IP resolution.
Tip: By default, an APS cluster name reflects the name of the first APS that you
install, but the cluster name is prefixed by the @ symbol. For instance, if your
existing APS is called CRYSTALAPS, then the default cluster name is @CRYSTALAPS. To
modify the default name, see Changing the name of an APS cluster on page 208.
There are two ways to add a new APS cluster member. Follow the appropriate
procedure, depending upon whether or not you have already installed a second APS:
Installing a new APS and adding it to a cluster on page 206
See this section if you have not already installed the new APS on its own machine.
Adding an installed APS to a cluster on page 206
Follow this procedure if you have already installed a second, independent APS
on its own machine. While testing various server configurations, for instance,
you might have set up an independent Crystal Enterprise system with its own
APS. Follow this procedure when you want to incorporate this independent
APS into your production system.
Note: Back up your current APS database before making any changes. If
necessary, contact your database administrator.
205
206
207
208
To copy APS data from a different APS database (version 8.0 or 8.5 of Crystal
Enterprise) into your current APS database, follow the procedure that corresponds
to your operating system and to the version of Crystal Enterprise whose data you
want to copy. In this scenario, your current APS database is the destination database
whose tables are deleted before they are replaced with the copied data:
Copying data from a Crystal Enterprise 8.5 APS on Windows
Copying data from a Crystal Enterprise 8 APS on Windows on page 211
Copying data from a Crystal Enterprise 8.5 APS on UNIX on page 212
To copy the current APS database from one database server to another, follow the
procedure that corresponds to your operating system. This is also the procedure to
follow if you want to move the default APS database (on Windows) from the
Microsoft Database Engine (MSDE) to a dedicated database server, such as
Microsoft SQL Server or Oracle. In this scenario, your current APS database is the
source environment. Its contents are copied to the destination database, which is
then established as the active database for the APS:
Copying data from a Crystal Enterprise 8.5 APS on Windows on page 209
Copying data from a Crystal Enterprise 8 APS on Windows on page 211
Before starting these procedures, ensure that you have a database user account
with Create, Delete, and Update rights to the database storing the Crystal
Enterprise tables. Ensure also that you can connect to both databasesthrough
your database client software or through ODBC, according to your
configurationfrom the APS machine whose database you are replacing.
Note:
When you copy data from one database to another, the destination database is
initialized before the new data is copied in. Thus, any existing contents of the
destination database are permanently deleted. (If the APS database is stored in
Oracle, all the Crystal Enterprise tables are deleted.)
Back up both APS databases before beginning this procedure. If necessary,
contact your database administrator.
When you migrate an APS database, none of the objects on the system (report
objects, report instances, folders, and so on) are actually moved. If you want to
import users, groups, folders, and reports from one system to another, see
Importing with the Crystal Import Wizard on page 89.
209
3 Click Copy data from another Data Source; then click OK.
The Specify Data Source dialog box appears.
210
12 The next steps depend upon the connection type you selected:
If you selected ODBC, the Windows Select Data Source dialog box
appears. Select the ODBC data source that corresponds to the destination
APS database; then click OK. If prompted, provide your database
credentials and click OK.
If you selected a native driver, provide your database Server Name, your
Login ID, and your Password; then click OK.
You are returned to the Specify Data Source dialog box. You are now ready to
copy the APS data.
13 Click OK and, when prompted to confirm, click Yes.
The SvcMgr dialog box notifies you when the APS database setup is complete.
14 Click OK.
15 Start the Crystal APS.
211
212
213
Generally, there are only a few times when you need to complete these steps:
If you have changed the password for the current APS database, these steps
allow you to disconnect from, and then reconnect to, the current database.
When prompted, you can provide the APS with the new password.
If you want to select and initialize an empty database for Crystal Enterprise,
these steps allow you to select that new data source.
If you have restored an APS database from backup (using your standard
database administration tools and procedures) in a way that renders the
original database connection invalid, you will need to reconnect the APS to the
restored database. (This might occur, for instance, if you restored the original
APS database to a newly installed database server.)
Note: These steps are essentially the same as adding an APS to an existing cluster;
in this case, however, there are no other APS machines already maintaining the
database. For complete details about APS clusters, see Clustering Automated
Process Schedulers on page 204.
214
6 The remaining steps depend upon the connection type you selected:
If you selected ODBC, the Windows Select Data Source dialog box
appears. Select the ODBC data source that you want to use as the APS
database; then click OK. (Click New to configure a new DSN.) When
prompted, provide your database credentials and click OK.
If you selected a native driver, you are prompted for your database Server
Name, your Login ID, and your Password. Provide this information and
then click OK.
The SvcMgr dialog box notifies you when the APS database setup is complete.
7 Click OK.
8 Start the Crystal APS.
Setting root directories and idle times of the File Repository Servers
The Properties tabs of the Input and Output File Repository Servers enable you to
change the locations of the default root directories. These root directories contain
all of the report objects and instances on the system. You may change these settings
if you want to use different directories after installing Crystal Enterprise, or if you
upgrade to a different drive (thus rendering the old directory paths invalid).
Note:
The Input and Output File Repository Servers must not share the same root
directory, because modifications to the files and subdirectories belonging to
one server could have adverse effects on the other server. In other words, if the
Input and Output File Repository Servers share the same root directory, then
one server might damage files belonging to the other.
The root directory should be on a drive that is local to the server.
You can also set the maximum idle time of each File Repository Server. This setting
limits the length of time that the server waits before it closes inactive connections.
215
216
recommended that you contact your Crystal Decisions, Inc. sales representative
and request information about the Crystal Enterprise Sizing Guide. A Crystal
Services consultant can then assess your reporting environment and assist you in
customizing these advanced configuration and performance settings.
The Minutes Before an Idle Job is Closed setting alters the length of time that the
Cache Server waits for further requests from an idle connection. Before you change
this setting, it is important to understand that setting a value too low can cause a
users request to be closed prematurely, and setting a value that is too high can
cause requests to be queued while the server waits for idle jobs to be closed.
The Minutes Between Refreshes from Database setting determines how long
cached report pages are used before new data is requested from the database.
Generally, the default value is acceptable: as with other performance settings, the
optimal value is largely dependent upon your reporting requirements.
217
218
This example shows the Logging area of the Properties tab. Here, the log files
are saved to the default file location for a WCS that is running on Windows.
DHTML Viewer
ActiveX Viewer
Java Viewer
Supported
Supported
Supported
Supported
Supported
Supported
Group Tree
Not Supported
Supported
Supported
Not Supported
Supported
Supported
Not Supported
Supported
Supported
Not Supported
Supported
Supported
Zoom
Not Supported
Supported
Supported
Not Supported
Supported
Supported
219
Viewer Property
DHTML Viewer
ActiveX Viewer
Java Viewer
Product logo
(if applicable)
Not Supported
Supported
Supported
Report Navigation
toolbar
Supported
Not Supported
Not Supported
Tip: On the Properties tab, use the NT Single Sign On check box only when you are
running more than one WCS. (If you are running a single WCS, use the CCM
instead.) This feature requires your web server to support NT Challenge/
Response or Integrated Windows Authentication. For more information on NT
Single Sign On, see Setting up NT Single Sign On on page 52.
220
The majority of the settings discussed here allow you to integrate Crystal
Enterprise more effectively with your current hardware, software, and network
configurations. Consequently, the settings that you choose will depend largely
upon your own requirements.
221
222
223
Password
Type the password for the user.
In this example, the destination directory is on a network drive that is accessible
to the Job Server machine through a UNC path. Each file name will be
randomly generated, and a user name and password have been specified to
grant the Job Server permission to write files to the remote directory.
5 Click Update.
224
Account
Enter the FTP account information, if required.
Account is part of the standard FTP protocol, but it is rarely implemented.
Provide the appropriate account only if your FTP server requires it.
Destination Directory
Enter the FTP directory that you want the report to be saved to. A relative
path is interpreted relative to the root directory on the FTP server.
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
Specified File Name
Select this option if you want to enter a file nameyou can also add a
variable to the file name. To add a variable, choose a placeholder for a
variable property from the list and click Add.
In this example, all of the required FTP information is provided. Reports
scheduled to this destination are randomly named and uploaded to the
ftp.crystaldecisions.com site.
5 Click Update.
225
4 On the Properties tab, complete these required fields with the information that
corresponds to your SMTP server:
Domain Name
Enter the fully qualified domain of the SMTP server.
Server Name
Enter the name of the SMTP server.
Port
Enter the port that the SMTP server is listening on. (This standard SMTP
port is 25.)
Authentication
Select Plain or Login if the Job Server must be authenticated using one of
these methods in order to send email.
SMTP User Name
Provide the Job Server with a user name that has permission to send email
and attachments through the SMTP server.
SMTP Password
Provide the Job Server with the password for the SMTP server.
From
Provide the return email address.
In this example, the SMTP server resides in the crystaldecisions.com domain.
Its name is EMAIL_SERV and it is listening on the standard SMTP port. Plain text
authentication is being used, and an account called CrystalJobAccount has been
created on the SMTP server for use by the Job Server.
5 Complete the optional email fields (To, Cc, Subject, and Message) if you want
to set default values for users who schedule reports to this SMTP destination.
Note: Users can override these defaults with their own values when they
schedule reports to this SMTP destination.
6 Select one of these required fields to specify file names:
Default File Name (randomly generated)
Select this option if you want Crystal Enterprise to generate a random file
name.
226
Driver
Oracle
None
Native
ODBC (CROR8)
OLE DB
Sybase
Native
ODBC (CRSYB)
None
Lotus
Domino
Native
None
Microsoft
SQL Server
Native
ODBC (CRSS)
OLE DB
DB2
Native
None
227
Database
Driver
DB2
ODBC (CRDB2) For on-demand viewing, configure the Page Server to close
idle jobs after one minute, thereby allowing other users to
access the database. For details, see Modifying Page Server
performance settings on page 221.
Tip: IBM offers several client applications for connecting to DB2.
The recommended client is IBM DB2 Direct Connect, whose
ODBC drivers were written for actual programmatic interaction
with products like Crystal Enterprise. See the Crystal Care
Knowledge Base for discussions of this and other DB2 clients.
Informix
Native
Informix
ODBC
(CRINF9)
Microsoft
Exchange
PC databases
(Btrieve,
Microsoft
Access,
Paradox,
XML)
Tip: Running a service under an Administrator account does not inadvertently grant
administrative privileges to another user, because users cannot impersonate services.
228
Native drivers
If you design reports using native drivers, you must install the appropriate database
client software on each Job Server and/or Page Server machine that will process the
reports. The server loads the client software at runtime in order to access the database
that is specified in the report. The server locates the client software by searching the
library path environment variable that corresponds to your operating system
(LD_LIBRARY_PATH on Sun Solaris, LIBPATH on IBM AIX, and so on), so this variable
must be defined for the login environment of each Job Server and Page Server.
Depending on your database, additional environment variables may be required
for the Job Server and Page Server to use the client software. These include:
Oracle
The ORACLE_HOME environment variable must define the top-level directory of
the Oracle client installation.
Sybase
The SYBASE environment variable must define the top-level directory of the
Sybase client installation. The SYBPLATFORM environment variable must define
the platform architecture.
DB2
The DB2INSTANCE environment variable must define the DB2 instance that is
used for database access. Use the DB2 instance initialization script to ensure
that the DB2 environment is correct.
229
Note: For complete details regarding these and other required environment
variables, see the documentation included with your database client software.
As an example, suppose that you are running reports against both Sybase and
Oracle. The Sybase database client is installed in /opt/sybase, and the Oracle client
is installed in /opt/oracle/app/oracle/product/8.0.3. You installed Crystal
Enterprise under the crystal user account (as recommended in the Crystal
Enterprise Installation Guide).
If the crystal users default shell is a C shell, add these commands to the crystal
users login script:
setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8.0.3/lib:opt/sybase/
lib:$LD_LIBRARY_PATH
setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.0.3
setenv SYBASE /opt/sybase
setenv SYBPLATFORM sun_svr4
If the crystal users default shell is a Bourne shell, modify the syntax accordingly:
LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8.0.3/lib:opt/sybase/
lib:$LD_LIBRARY_PATH;export LD_LIBRARY_PATH
ORACLE_HOME=/opt/oracle/app/oracle/product/8.0.3;export ORACLE_HOME
SYBASE=/opt/sybase;export SYBASE
SYBPLATFORM=sun_svr4;export SYBPLATFORM
ODBC drivers
If you design reports off ODBC data sources (on Windows), you must set up the
corresponding data sources on the Job Server and Page Server machines. In
addition, you must ensure that each server is set up properly for ODBC. During
the installation, Crystal Enterprise installs ODBC drivers for UNIX, creates
configuration files and templates related to ODBC reporting, and sets up the
required ODBC environment variables. This section discusses the installed
environment, along with the information that you need to edit.
Note:
Detailed documentation covering the various ODBC drivers is included in the
Merant Connect ODBC Reference (odbcref.pdf). This is installed below the
crystal/enterprise/platform/odbc directory; it is also located in the doc
directory of your product distribution.
If you report off DB2 using ODBC, your database administrator must first bind
the UNIX version of the driver to every database that you report against (and
not just each database server). The bind packages are installed below the
crystal/enterprise/platform/odbc/lib directory; their filenames are
iscsso.bnd, iscswhso.bnd, isrrso.bnd, isrrwhso.bnd, isurso.bnd, and
isurwhso.bnd. Because Crystal Reports runs on Windows, ensure also that the
Windows version of the driver has been bound to each database.
230
The following example shows the contents of a system information file that defines
a single ODBC DSN for servers running on UNIX. This DSN allows the Job Server
and Page Server to process reports based on a System DSN (on Windows) called
CRDB2:
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
[CRDB2]
Driver=/opt/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=myDB2server
LogonID=username
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/opt/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/opt/crystal/enterprise/platform/odbc
231
As shown in the example above, the system information file is structured in three
major sections:
The first section, denoted by [ODBC Data Sources], lists all the DSNs that are
defined later in the file. Each entry in this section is provided as dsn=driver,
and there must be one entry for every DSN that is defined in the file. The value
of dsn must correspond exactly to the name of the System DSN (on Windows)
that the report was based off.
The second section sequentially defines each DSN that is listed in the first
section. The beginning of each definition is denoted by [dsn]. In the example
above, [CRDB2] marks the beginning of the single DSN that is defined in the file.
Each DSN is defined through a number of option=value pairs. The options that
you must define depend upon the ODBC driver that you are using. These pairs
essentially correspond to the Name=Data pairs that Windows stores for each
System DSN in the registry:
\\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc.ini\dsn
However, the options for a particular ODBC driver on UNIX may not
correspond by name to the options available for a Windows version of the same
driver. For example, some Windows drivers store a UID value in the registry,
and on UNIX you may need to specify this value with the LogonID option.
Note: For detailed documentation on each ODBC driver, see the Merant
Connect ODBC Reference (odbcref.pdf). The PDF is installed below the crystal/
enterprise/platform/odbc directory; it is also located in the doc directory of
your product distribution.
The final section of the file, denoted by [ODBC], includes ODBC tracing
information. You need not modify this section.
When the installation creates the system information file, it completes some fields
and sets up a number of default DSNsone for each of the installed ODBC drivers.
The standard options that are commonly required for each driver are included in
the file (Database=, LogonID=, and so on). Edit the file and provide the
corresponding values that are specific to your reporting environment.
This example shows the entire contents of a system information file created when
Crystal Enterprise was installed to the /usr/local directory.
[ODBC Data Sources]
CRDB2=MERANT 3.70 DB2 ODBC Driver
CRINF_CL=MERANT 3.70 Informix Dynamic Server ODBC Driver
CROR8=MERANT 3.70 Oracle8 ODBC Driver
CRSS=MERANT 3.70 SQL Server ODBC Driver
CRSYB=MERANT 3.70 Sybase ASE ODBC Driver
CRTXT=MERANT 3.70 Text ODBC Driver
[CRDB2]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crdb216.so
Description=MERANT 3.70 DB2 ODBC Driver
Database=
LogonID=
232
[CRINF_CL]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crifcl16.so
Description=MERANT 3.70 Informix Dynamic Server ODBC Driver
ServerName=
HostName=
PortNumber=
Database=
LogonID=
[CROR8]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=
ProcedureRetResults=1
LogonID=
[CRSS]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crmsss16.so
Description=MERANT 3.70 SQL Server ODBC Driver
Address=
Database=
QuotedId=Yes
LogonID=
[CRSYB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crase16.so
Description=MERANT 3.70 Sybase ASE ODBC Driver
NetworkAddress=
Database=
LogonID=
[CRTXT]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/crtxt16.so
Description=MERANT 3.70 Text ODBC Driver
Database=
[ODBC]
Trace=0
TraceFile=odbctrace.out
TraceDll=/usr/local/crystal/enterprise/platform/odbc/lib/odbctrac.so
InstallDir=/usr/local/crystal/enterprise/platform/odbc
233
For example, suppose that you have a Crystal report that uses ODBC drivers to
report off your Oracle8 database. The report is based off a System DSN (on
Windows) called SalesDB. To create the corresponding DSN, first append this line
to the [ODBC Data Sources] section of the system information file:
SalesDB=MERANT 3.70 Oracle8 ODBC Driver
Then define the new DSN by adding the following lines just before the system
information files [ODBC] section:
[SalesDB]
Driver=/usr/local/crystal/enterprise/platform/odbc/lib/cror816.so
Description=MERANT 3.70 Oracle8 ODBC Driver
ServerName=MyServer
ProcedureRetResults=1
LogonID=MyUserName
Once you have added this information, the new DSN is available to the Job Server
and Page Server, so they can process reports that are based off the SalesDB System
DSN (on Windows).
234
Each server also logs assert messages to the logging directory of your product
installation. The programmatic information logged to these files is typically useful
only to Crystal Decisions support staff for advanced debugging purposes. The
location of these log files depends upon your operating system:
On Windows, the default logging directory is C:\Program Files\Crystal
Decisions\Logging
Replace <# of bytes> with 0 (zero) to eliminate the log files. The procedure for
making this modification depends upon your operating system:
On Windows, use the CCM to stop the server. Then open the servers Properties
to modify the command line. Start the server again when you have finished.
On UNIX, run ccm.sh to stop the server. Then edit ccm.config to modify the
servers command line. Start the server again when you have finished. For
reference, see ccm.sh on page 280.
235
On Windows, you view and modify server command lines with the CCM. The
Command field appears on each servers Properties tab. On UNIX, you view and
modify server command lines (also referred to as launch strings) in the ccm.config
file, which is installed in the crystal directory.
This table summarizes the command-line options as they relate to port usage for
specific server types.
Option
APS
WCS
Other Servers
-port
n/a
236
Replace number with the port that you want the APS to listen on. (The default
port is 6400.)
3 Add (or modify) the following option in the command line of all of the
remaining non-APS Crystal Enterprise servers:
-ns hostname:number
Replace hostname with the host name of the machine that is running the APS.
The host name must resolve to a valid IP address within your network. Replace
number with the port that the APS is listening on.
4 Start and enable all the Crystal Enterprise servers.
The APS begins listening on the port specified by number, and the non-APS
servers broadcast to that port when attempting to register with the APS.
Replace number with the port that you want the WCS to listen on. (The default
port is 6401.)
3 Reconfigure the Web Connector so that it forwards Crystal Enterprise requests
to the WCS host on the new port specified by number.
For details, see Path mapping overview on page 298.
Replace number with the port that you want the server to listen on.
3 Start and enable the server.
The server binds to the new port specified by number. It then registers with the APS
and begins listening for Crystal Enterprise requests on the new port.
By default, each server registers itself with the APS by IP address, rather than by
name. This typically provides the most reliable behavior. If you need each server to
register with the APS by fully qualified domain name instead, use the -requestPort
237
If the machine has multiple network interfaces, interface can be the fully qualified
domain name or the IP address of the interface that you want the server to bind to.
If the machine has a single network interface, interface must be the IP address
that you want the server to bind to.
Note: To retain the default port numbers, replace port with 6400 for the APS, and
with 6401 for the WCS. If you change the default port numbers, you will need to
make additional configuration changes. For details, see Changing the default
server port numbers on page 235.
238
Replace interface with the same value that you specified for the APS and the
WCS. Ensure that each servers -ns parameter points to the APS, and that the DNS
resolves the value to the appropriate network address.
239
240
13
241
Scalability overview
Scalability overview
The Crystal Enterprise architecture is scalable in that it allows for a multitude of
server configurations, ranging from stand-alone, single-machine environments, to
large-scale deployments supporting global organizations. The flexibility offered
by the products architecture allows you to set up a system that suits your current
reporting requirements, without limiting the possibilities for future growth and
expansion.
This chapter details common scalability scenarios for administrators who want to
expand beyond a stand-alone installation of Crystal Enterprise. These three
scenarios have received the most testing, and are recommended for the majority of
deployments. For details, see Common configurations on page 243.
It must be emphasized, however, that the optimal configuration for your
deployment will vary depending upon your hardware configuration, your
database software, and your reporting requirements. It is recommended that you
contact your Crystal Decisions sales representative and request information about
the Crystal Enterprise Sizing Guide. A Crystal Services consultant can then assess
your reporting environment and assist in determining the configuration that will
best integrate with your current environment.
Note: If you customize or expand your system beyond these common
configurations without first contacting Crystal Services, your deployment may
not be officially supported.
This chapter also provides the related procedures for adding and deleting servers
from your Crystal Enterprise installation. Follow these steps when you need to add
server components to a machine that is already running Crystal Enterprise.
Tip: If you are adding new hardware to Crystal Enterprise by installing server
components on additional machines, run the Crystal Enterprise installation and
setup program. The setup program allows you to perform an Expand installation.
During the Expand installation, you specify the existing APS whose system you
want to expand, and you select the components that want to install on the local
machine. For details, see the Crystal Enterprise Installation Guide.
242
Live data
On-demand reporting gives users real-time access to live data, straight from the
database server. Use live data to keep users up-to-date on constantly changing data,
so they can access information thats accurate to the second. For instance, if the
managers of a large distribution center need to keep track of inventory shipped on a
continual basis, then live reporting is the way to give them the information they need.
Before providing live data for all your reports, however, consider whether or not
you want all of your users hitting the database server on a continual basis. If the
data isnt rapidly or constantly changing, then all those requests to the database do
little more than increase network traffic and consume server resources. In such
cases, you may prefer to schedule reports on a recurrent basis so that users can
always view recent data (report instances) without hitting the database server.
For more information about optimizing the performance of reports that are viewed
on demand, see the Designing Optimized Web Reports section in the Crystal
Reports Users Guide (version 8.5 and later).
Tip: Users require View On Demand access to refresh reports against the database.
Saved data
Report instances are useful for dealing with data that isnt continually updated.
When users navigate through report instances, and drill down for details on
columns or charts, they dont access the database server directly; instead, they
access the saved data. Consequently, reports with saved data not only minimize
data transfer over the network, but also lighten the database servers workload.
You can schedule these reports within Crystal Enterprise so that they automatically
refresh from the database on a predetermined basis. For example, if your sales
database is only updated once a day, or once a week, then you can run the report
on a similar schedule. Sales representatives then always have access to current sales
data, but they arent hitting the database every time they open a report.
Tip: Users require only View access to display report instances.
Common configurations
This section details the common ways in which you should begin to scale, or
expand, your Crystal Enterprise system. The scenarios described are those that
have been most thoroughly tested by Crystal Decisions, Inc. As a baseline, this
section assumes that you have not yet distributed the Crystal Enterprise servers
across multiple machines; however, this section does assume familiarity with the
Crystal Enterprise architecture, installation, and server configuration. For
preliminary installation information, see the Crystal Enterprise Installation Guide.
Tip: If you are deploying multi-processor machines, you may also want to run one
or more Crystal Enterprise servers in multiple instances on that machine. For
details, see Adding a server on page 249.
243
Common configurations
One-machine setup
This basic configuration separates the Crystal Enterprise servers from the rest of
your reporting environment and from your web server. This grants the Crystal
Enterprise servers their own set of processing resources, which they do not have to
share with database and web server processes. These are the general steps to
setting up this configuration:
Install all of the Crystal Enterprise servers on a single, dedicated machine.
Install and configure the Web Connector on your web server machine.
Run the APS database on your database server.
If you are still using the MSDE APS database on Windows, migrate the APS
database to a supported database server. See the Platforms.txt file included
with your product distribution for a list of supported database servers.
Three-machine setup
This second configuration divides the Crystal Enterprise processing load in a
logical manner, based on the types of work performed by each server. In this way,
you prevent the server components from having to compete with each other for the
same hardware and processing resources. In addition, this scenario prepares your
system for further expansion to provide redundancy.
Note: It is recommended that you use three multi-processor machines (dual-CPU
or better), with at least 2 GB RAM installed on each machine.
These are the general steps to setting up this configuration:
Install the APS and the Event Server on one machine.
Tip: Here, the Event Server is installed on the same machine as the APS. In
general, however, the Event Server should be installed on the machine where
your monitored, file-based events occur.
Install the WCS and the Cache Server on the second machine.
Install the Page Server, the Job Server, and the Input and Output File
Repository Servers on the third machine.
Six-machine setup
This third configuration mirrors the three-machine setup. You maintain the logical
breakdown of processing based on the types of work performed by each server,
but you increase the number of available machines and servers for redundancy
and fault-tolerance. For instance, if a server stops responding, or if you need to take
one or two machines offline completely, you need not interrupt Crystal Enterprise
requests in order to service the system.
This tested configuration is designed to meet the reporting requirements of 85% of
all deployment scenarios. If you have further requirements or more advanced
configuration needs, contact your Crystal Decisions sales representative for
additional assistance.
244
245
APS clusters can improve overall system performance because every Crystal
Enterprise request results, at some point, in a server component querying the APS
for information that is stored in the APS database. When you cluster two APS
machines, you instruct the new APS to share in the task of maintaining and
querying the APS database.
For more information, see Clustering Automated Process Schedulers on
page 204.
246
247
248
Adding a server
These steps add a server (service or daemon) to the local machine. You can run
multiple instances of the same Crystal Enterprise server on the same machine
(except for the File Repository Servers).
249
4 Click the Server Type list and select the kind of server you want to add.
The drop-down list includes the following servers:
APS
Cache Server
Input File Repository Server
Output File Repository Server
Page Server
Report Job Server
Web Component Server
Event Server
5 Change the default Display Name field if you want a different name to appear
in the list of servers in the CCM.
Note: The display name for each server on the local machine must be unique.
6 Change the default Server Name field if required.
Note: Each server on the system must have a unique name. The default naming
convention is HOSTNAME.servertype (a number is appended if there is more than
one server of the same type on the same host machine). This Server Name is
displayed when you manage servers over the Web in the Crystal Management
Console (CMC).
7 Click Next.
The Set Configuration for this server dialog box appears. The contents of this
dialog vary slightly, depending upon the type of server that you are installing.
Note: If port number options are displayed in this dialog box, do not modify
them. Instead, change ports through each servers command line. For details,
see Changing the default server port numbers on page 235.
8 Type the name of the APS that you want the server to communicate with.
9 Click Next to accept any other default values, or modify them to suit your
environment.
10 Confirm the summary information is correct; then click Finish.
The new server appears in the list, but it is neither started nor enabled
automatically.
11 Use the CCM (or the CMC) to start and then to enable the new server when
you want it to begin responding to Crystal Enterprise requests. For details, see
Viewing and changing the current status of servers on page 199.
250
Deleting a server
To delete a Windows server
1 Start the CCM on the Crystal Enterprise machine that you want to delete a
server from.
2 Stop the server that you want to delete from the system.
3 With the server selected, click Delete Server on the toolbar.
4 When prompted for confirmation, click Yes.
251
252
14
253
254
3 In the Server Group Name field, type a name for the new group of servers.
4 Use the Description field to include additional information about the group.
5 Click OK.
6 On the Servers tab, click Add/Remove Servers.
7 Select the servers that you want to add to this group; then click the > arrow.
Tip: Use CTRL+click to select multiple servers.
This example adds the servers running on PBROWNSEYA to a server group called
Northern Office Servers.
8 Click OK.
You are returned to the Servers tab, which now lists all the servers that you
added to the group. You can now change the status, view server metrics, and
change the properties of the servers in the group. For more information, see
Server management overview on page 196.
255
5 Click OK.
You are returned to the Member of tab, which now lists all the server groups
that the initial group is now a member of.
256
5 Move server groups from one list to another to specify which groups the
server is a member of.
6 Click OK.
257
258
15
259
Firewalls overview
Firewalls overview
Crystal Enterprise works with firewall systems to provide reporting across
intranets and the Internet without compromising network security. This chapter
provides general information about firewalls, packet filtering, Network Address
Translation (NAT), and SOCKS proxy server firewalls. It then explains how to
configure these firewalls and Crystal Enterprise to work together.
If you are already familiar with firewalls and the configuration used in your
network, proceed directly to Configuring Crystal Enterprise to work with
firewalls on page 263.
What is a firewall?
A firewall is a security system that protects one or more computers from unauthorized
network access. A firewall restricts people to entering and leaving your network at a
carefully controlled point. It also prevents attackers from getting close to your other
defenses. Typically, a firewall protects a companys intranet from being improperly
accessed through the Internet. A firewall can enforce a security policy, log Internet
activity, and be a focus for security decisions. A firewall cant protect against malicious
insiders or connections that dont go through it. A firewall also cant set itself up
correctly or protect against completely new threats. To help explain how firewalls
work, some basic networking termsTCP/IP, packets, and portsare described here.
If you are already familiar with these topics see Configuring Crystal Enterprise to
work with firewalls on page 263.
260
Ports
Ports are logical connection points that a computer uses to send and receive
packets. With TCP/IP, ports allow a client program to specify a particular server
program on a computer in a network. High-level applications that use TCP/IP
have ports with pre-assigned numbers. For instance, when you visit a typical
HTTP site over the Web, you communicate with the web server on port 80, which
is the pre-assigned port for HTTP communication.
Other application processes are given port numbers dynamically for each
connection. When a service or daemon initially is started, it binds to its designated
port number. When any client program wants to use that server, it must also
request to bind to the designated port number. Valid port numbers range from 0
to 65536, but ports 0 to 1024 are reserved for use by certain privileged services.
Firewall types
Firewalls primarily function using at least one of three methods: packet filtering,
Network Address Translation (NAT), and proxy services. Crystal Enterprise
works with these firewall types. Packet filtering rejects TCP/IP packets from
unauthorized hosts and rejects connection attempts to unauthorized services. NAT
translates the IP addresses of internal hosts to hide them from outside monitoring.
NAT is also called IP masquerading. Proxy services make high-level application
connections on behalf of internal hosts to completely break the network layer
connection between internal and external hosts.
Packet filtering
Packet filtering deletes packets before they are delivered to the destination
computer. Packet filtering can delete packets based on the following:
The address the data is coming from.
The address the data is going to.
The session and application ports being used to transfer the data.
The data contained within the packet.
Typically there are two types of packet filtering: stateful and stateless. Stateful
packet filters remember the state of connections at the network and session layers
by recording the established session information that passes through the filter
gateway. The filter then uses that information to discriminate valid return packets
from invalid connection attempts. Stateless packet filters do not retain information
about connections in use; instead, they make determinations packet-by-packet
based only on the information contained within the packet. Firewalls that employ
packet filtering will work with Crystal Enterprise.
261
Firewalls overview
262
original client as if it were the originating external server. This effectively hides the
identity and the number of clients on the internal network from examination by
anyone on the external network.
For configuration steps, see Configuring for SOCKS servers on page 265.
263
through the firewall. (The WCS requires no special configuration, because the Web
Connectors IP address is not hidden by the NAT firewall.)
Note: You can configure the Web Connector to communicate properly across
NAT firewalls that use static IP translation; however, the Web Connector cannot
communicate across a firewall whose IP translation is dynamic.
264
265
5 In the SOCKS Proxy dialog box, type the Server Name or IP Address of your
SOCKS server.
6 In the Server Port field, type the number of the port that the SOCKS server is
listening on.
7 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
8 Click OK.
If you have more than one SOCKS server, repeat steps 4 to 8 for each additional
server. Then click Up and Down to order the SOCKS servers from the
outermost (closest to the Web Connector) to the innermost (closest to the APS).
9 Click OK in all three dialog boxes to return to the CCM.
10 Start the Web Component Server.
266
10 Select the SOCKS version that you are running (Ver 4 or Ver 5).
If you are using version 5 and you would like to secure access to the server, select
the authentication check box, and then enter your user name and password.
11 Click OK.
If more than one SOCKS server separates the Web Connector from the WCS,
repeat steps 7 to 11 for each SOCKS server. Then click Up and Down to order
the SOCKS servers. The SOCKS server closest to the Web Connector must
appear at the top of the list, and the SOCKS server closest to the WCS must be
at the bottom of the list.
12 Click OK in all three dialog boxes to return to the CCM.
13 Start the World Wide Web Publishing Service.
Path
crystal/enterprise/platform/wcs/conf/
asapi.conf
crystal/enterprise/platform/wcs/bin/wcscgi.cgi
For more information about the configuration files for your web server, see Web
Connector virtual path mappings on page 304.
The syntax that denotes the WCS through a SOCKS server can be considerably
complex. This section shows a complete connection string and then describes its
component parts. The complete connection string for specifying the WCS through
a SOCKS server is as follows:
socks://Version;User:Password@SOCKSServer:Port/WCSmachine:Port
This string consists of two main parts: the SOCKS connection information
(Version;User:Password@SOCKSServer:Port) followed by the WCS destination
(WCSmachine:Port). The variable components in this string are as follows:
Version is the SOCKS version in use (4 or 5).
User is a SOCKS user name of length < 256 characters.
Password is the corresponding password of length < 256 characters.
SOCKSServer:Port is the name or IP4 of the SOCKS server, along with its port.
WCSmachine:Port is the name or IP4 of the WCS, along with its port.
267
For example, suppose that you are running SOCKS version 5 on a server called
socksmachine. You need to provide the user name socksuser and the password
secret to connect to a WCS named sales1. The WCS is listening on its default port
(6401). In this case, in the configuration file appropriate to your web server, you
would type the following definition for the WCSHOST or WCSHosts variable:
socks://5;socksuser:secret@socksmachine/sales1:6401
268
Licensing Information
16
269
Licensing overview
Licensing overview
Crystal Enterprise is a scalable product that provides you with the ability to add
license keys as the demand for report information increases in your organization.
You can purchase concurrent, named, and processor licenses.
Concurrent licenses specify the number of people who can connect to Crystal
Enterprise at the same time. This type of licensing is very flexible because a small
concurrent license can support a large user base. For example, a 100 user
concurrent license could support 250, 500, or 700 users depending on the frequency
with which the system is accessed and the number and size of the reports.
Named user licenses are associated with specific users and allow people to access
the system based on their user name and password. This provides named users
with access to the system regardless of how many other people are connected.
You may want to purchase named user licenses for people in your organization
who require access to Crystal Enterprise at all times. For example, you could
purchase a named user license for each of the 25 managers and a concurrent license
for 175 general users.
Processor licenses are based on the number of processors that are running Crystal
Enterprise. To determine the number of processor licenses you require, count the
number of processors on any servers running any component of Crystal Enterprise
(except the Web Connector).
Note: If you are upgrading from a trial version of the product, be sure to delete
the Evaluation key prior to adding any new license keys or activation codes.
For more information about licenses, sessions, and session handling see Crystal
Enterprise Security Concepts on page 15.
270
271
Licensing overview
272
273
Object rights
Object rights
This table lists the object rights that are available within the Advanced Rights page
of the Crystal Management Console (CMC). Other Crystal Enterprise plug-in
components may in future add their own, object-specific rights to this list. The
table matches the descriptions used in the CMC with the programmatic name that
developers use when assigning rights with the Crystal Enterprise SDK.
274
AdvancedInheritGroups
AdvancedInheritFolders
ceRightAdd
View objects
ceRightView
Edit objects
ceRightEdit
ceRightModifyRights
ceRightSchedule
Delete objects
ceRightDelete
ceRightPickMachines
Delete instances
ceRightDeleteInstance
ceRightCopy
Schedule to destinations
ceRightSetDestination
ceRightViewInstance
ceRightPauseResumeSchedule
ceReportRightPrintReport
ceReportRightRefreshOnDemandReport
ceReportRightPageServerExport
ceRightOwnerView
ceRightOwnerEdit
ceRightOwnerModifyRights
ceRightOwner
ceRightOwnerDeleteInstance
ceRightOwnerViewInstance
ceRightOwnerPauseResumeSchedule
Access levels
This section lists the object rights that constitute each of the predefined access
levels that are available through the Advanced Rights page of the Crystal
Management Console (CMC).
No Access
Description used in the CMC
AdvancedInheritGroups
AdvancedInheritFolders
View
Description used in the CMC
AdvancedInheritGroups
AdvancedInheritFolders
View objects
ceRightView
ceRightViewInstance
Schedule
Description used in the CMC
AdvancedInheritGroups
AdvancedInheritFolders
ceRightAdd
View objects
ceRightView
ceRightSchedule
ceRightCopy
ceRightPickMachines
Schedule to destinations
ceRightSetDestination
ceRightOwnerPauseResumeSchedule
275
Access levels
ceRightOwnerDeleteInstance
ceRightViewInstance
ceReportRightPageServerExport
ceReportRightPrintReport
View On Demand
Description used in the CMC
AdvancedInheritGroups
AdvancedInheritFolders
ceRightAdd
View objects
ceRightView
ceRightSchedule
ceRightCopy
ceRightPickMachines
Schedule to destinations
ceRightSetDestination
ceRightOwnerPauseResumeSchedule
ceRightOwnerDeleteInstance
ceRightViewInstance
ceReportRightRefreshOnDemandReport
ceReportRightPageServerExport
ceReportRightPrintReport
Full Control
276
AdvancedInheritGroups
AdvancedInheritFolders
ceRightAdd
View objects
ceRightView
ceRightViewInstance
Edit objects
ceRightEdit
ceRightModifyRights
ceRightSchedule
Delete objects
ceRightDelete
Delete instances
ceRightDeleteInstance
ceRightPickMachines
ceRightCopy
Schedule to destinations
ceRightSetDestination
ceRightPauseResumeSchedule
ceReportRightPrintReport
ceReportRightRefreshOnDemandReport
ceReportRightPageServerExport
277
278
UNIX Tools
279
Script utilities
This section describes the administrative scripts that assist you in working with
Crystal Enterprise on UNIX. The remainder of this guide discusses the concepts
behind each of the tasks that you can perform with these scripts. This reference
section provides you the main command-line options and their arguments.
ccm.sh
The ccm.sh script is installed to the crystal directory of your installation. This
script provides you with a command-line version of the CCM. This section lists the
command-line options and provides some examples.
Note:
Arguments in square brackets [ ] are optional.
Replace server with the complete name of the Crystal Enterprise server
component that you want to configure. By default, servers are named with a
hostname.servertype convention. If you are unsure of a servers name, look in
the ccm.config file, locate the servers launch string, and use the value that
appears after the -name option.
Arguments denoted by other authentication information are provided in
the second table.
CCM Option
Valid Arguments
Description
-help
n/a
-start
all or server
-stop
all or server
-restart
all or server
-enable
280
CCM Option
Valid Arguments
Description
-disable
-display
-apsfriendlyname
-selectdb
-srcconn
-srcdbdriver
-copydb
-setcluster
-getcluster
-reinitialize
-socksserver
-listall
-wcssocks
-wcsfriendlyname
-getsocks
-wcssocks
-deletesocks
-moveup
-movedown
-create
-modify
-port
-version
-useauth
This table describes the options that make up the argument denoted by other
authentication information.
Authentication
Option
Valid arguments
Description
-aps
apsname:port#
-username
username
281
Script utilities
Authentication
Option
Valid arguments
Description
-password
password
-authentication
secEnterprise, secWindowsNT,
secLDAP
The CCM reads the server launch strings and other configuration values from the
ccm.config file. For details, see ccm.config on page 282.
Examples
These two commands start and enable all the servers. The Automated Process
Scheduler (APS) is started on the local machine and the default port (6400):
ccm.sh -start all
ccm.sh -enable all
These two commands start and enable all the servers. The APS is started on port
6701, rather than on the default port:
ccm.sh -start all
ccm.sh -enable all -aps MACHINE01:6701
These two commands start and enable all the servers with a specified
administrative account named SysAdmin:
ccm.sh -start all
ccm.sh -enable all -aps MACHINE01:6701 -username SysAdmin -password 35%bC5@5
-authentication LDAP
ccm.config
This configuration file defines the server launch strings and other values that are
used by the CCM when you run its commands. This file is maintained by the CCM
itself, and by the other Crystal Enterprise script utilities. You typically edit this file
only when you need to modify a servers command line. For details, see
Command lines overview on page 290.
282
apsdbsetup.sh
The apsdbsetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the APS
database and APS clusters. You can add an APS to a cluster by selecting a new data
source for its APS database. You can also delete and recreate (re-initialize) an APS
database, copy data from another data source, or change the existing cluster name.
Note: Before running this script, back up your current APS database. Also be sure
to see Configuring the intelligence tier on page 204 for additional information
about APS clusters and configuring the APS database.
The script will prompt you for the name of your APS. By default, the APS name is
hostname.aps. That is, the default name of an APS installed on a machine called
MACHINE01 is MACHINE01.aps. To check the name of your APS (or any other server),
view the contents of ccm.config and look for the servers launch string. The servers
current name appears after the -name option.
For information about each of these topics, see Configuring the intelligence tier
on page 204.
serverconfig.sh
The serverconfig.sh script is installed to the crystal directory of your installation.
This script provides a text-based program that enables you to view server
information and to add and delete servers from your installation. This script adds,
deletes, modifies, and lists information from the ccm.config file.
283
Script utilities
5 Once you have added or modified a server, use the CCM to ensure that the
server is both started and enabled.
For more information about each of these topics, see Scalability overview on
page 242.
sockssetup.sh
The sockssetup.sh script is installed to the crystal directory of your installation.
The script provides a text-based program that enables you to configure the Web
Component Server (WCS) and the Automated Process Scheduler (APS) when they
must communicate across one or more SOCKS proxy server firewalls. For technical
information about Crystal Enterprise and firewalls, see Firewalls overview on
page 260.
This script does not configure the Web Connector to communicate with the WCS
through a SOCKS server. If a SOCKS server separates your web server from the
WCS, you must manually configure the Web Connector configuration file that
corresponds to your web server. For more information, see Configuring the Web
Connector for SOCKS servers on page 266.
3 Type wcs to configure the communication between the WCS and the APS. Or,
type servers to configure SOCKS information between the remaining servers.
The script may prompt you for the name or friendly name of the server. By
default, each servers name is hostname.servertype. To check the name of a
server, view the contents of ccm.config and look for the servers launch string.
The servers current name appears after the -name option.
4 Specify one of the available actions:
Type show to display any SOCKS servers that have already been entered
with this script. A blank list is displayed if no servers have been added.
Type create to add a new SOCKS server to the list.
Type modify to change one of the SOCKS servers in the list.
Type delete to remove a SOCKS server from the list.
Type moveup or movedown to modify the sequence of SOCKS servers.
5 Proceed through the script and provide any additional information that it
requests:
If you are creating a new entry in the list, you will typically need to provide
the name or IP address of the SOCKS server, the port number it is listening
on, the version number of the SOCKS server (4 or 5), and any
284
uninstall.sh
The uninstall.sh script is installed to the crystal directory of your installation.
This script deletes all of the Crystal Enterprise files by running a long sequence of
rm -f and rmdir commands. Before running this script, you must disable and stop
all of the Crystal Enterprise servers. In addition, you should stop your web server,
because the Web Connector modules and related files will be deleted.
Note: When you uninstall Crystal Enterprise, you must manually remove any
changes that you made to your web servers configuration files when you set up
Crystal Enterprise. Failure to remove these changes may result in web server
errors, because the uninstall.sh script deletes the Web Connector modules and
configuration files that your web server loads when it starts. Thus, you should
remove these entries manually before restarting the web server. If someone else in
your organization installed and set up Crystal Enterprise, see the Crystal Enterprise
Installation Guide for details about the Web Connector entries for your web server.
Script templates
These scripts are provided primarily as templates upon which you can base your
own automation scripts.
startservers
The startservers script is installed to the crystal directory of your installation.
This script can be used as a template for your own scripts: it is provided as an
example to show how you could set up your own script that starts the Crystal
Enterprise servers by running a series of CCM commands. For details on writing
CCM commands for your servers, see ccm.sh on page 280.
stopservers
The stopservers script is installed to the crystal directory of your installation. This
script can be used as a template for your own scripts: it is provided as an example
to show how you could set up your own script that stops the Crystal Enterprise
servers by running a series of CCM commands. For details on writing CCM
commands for your servers, see ccm.sh on page 280.
285
silentinstall.sh
The silentinstall.sh script is installed to the crystal directory of your installation.
Once you have set up Crystal Enterprise on one machine, you can use this template
to create your own scripts that install Crystal Enterprise automatically on other
machines. Essentially, once you have edited the silentinstall.sh template
accordingly, it defines the required environment variables, runs the installation
and setup scripts, and sets up Crystal Enterprise according to your specifications,
without requiring any further input.
env.sh
The env.sh script is installed to the crystal directory of your installation. This
script sets up the Crystal Enterprise environment variables that are required by
some of the other scripts. You need not run this script, because the other scripts run
it as required.
initlaunch.sh
The initlaunch.sh script is installed to the crystal directory of your installation.
This script copies the run control scripts to your rc# directories for automated
startup. This script is run automatically by the setup.sh script, when you run the
system installation.
Note: You must have root privileges to run this script.
patchlevel.sh
The patchlevel.sh is installed to the crystal/enterprise/generic directory of your
installation. This script reports on the patch level of your UNIX distribution. This
script is intended primarily for use by Crystal Decisions, Inc. support staff.
286
Option
Valid Arguments
Description
list
n/a
query
patch #
check
textfile
postinstall.sh
The postinstall.sh script is installed to the crystal directory of your installation.
This script runs automatically at the end of the installation script and launches the
setup.sh script. You need not run this script yourself.
crystalrestart.sh
This script is run internally by the CCM when it starts the Crystal Enterprise server
components. If a server process ends abruptly without returning its normal exit
code, this script automatically restarts a new server process in its place. Do not run
this script yourself.
setup.sh
The setup.sh script is installed to the crystal directory of your installation. This
script provides a text-based program that allows you to set up your Crystal
Enterprise installation. This script is run automatically when you install Crystal
Enterprise. It prompts you for the information that is required in order to set up
Crystal Enterprise for the first time.
For complete details on responding to the setup script when you install Crystal
Enterprise, see the Crystal Enterprise Installation Guide.
287
288
289
Valid Arguments
Behavior
-name
string
290
apsname[:port]
Specify the APS that the server should register with. Add
port if the APS is not listening on the default (6400). This
option does not apply to the APS itself.
Option
Valid Arguments
Behavior
-requestPort
port
Specify the port that the server listens on. The server
registers this port with the APS. If unspecified, the server
chooses any free port > 1024.
Note: Before changing, see Changing the default server port
numbers on page 235.
-port
Note:
Before changing, see Configuring Crystal Enterprise on a
multihomed machine on page 238.
Use -psport to differentiate a Page Server from a Cache
Server. For details, see Page Server and Cache Server on
page 293.
-maxlogfilesize bytes
-restart
-fg
291
Option
-threads
number
-reinitializedb
-addkey
licensekey
-quit
-connect
Option
Valid Arguments
Behavior
-defaultSessionTimeout
minutes
292
Option
Valid Arguments
Behavior
Enable Cache Server functionality.
-cache
-cs
hostname:port
-dir
absolutepath
Specify the cache directory for a Cache Server and the temp
directory for the Page Server. The directories created are
absolutepath/cache and absolutepath/temp
Delete the cache directory every time the server starts and
stops.
-deleteCache
-psdir
absolutepath
Specify the temp directory for the Page Server. This option
overrides -dir.
-size
kilobytes
-refresh
minutes
-maxthreads
number
-maxidletime
minutes
293
Job Server
Job Server
This section provides the command-line options that are specific to the Job Server.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\WCS\JobServer.exe
Option
Valid Arguments
Behavior
-dir
absolutepath
-lib
processinglibrary
-objectType
progID
-maxJobs
number
-requestJSChildPorts
lowerboundupperbound
294
The default path to the program that provides both servers on UNIX is:
INSTALL_ROOT/crystal/enterprise/platform/crystalfilesd
Note: Do not modify -name for Input or Output File Repository Servers.
Option
Valid Arguments
Behavior
-rootDir
absolutepath
Set the root directory for the various subfolders and files that
are managed by the server. File paths used to refer to files in
the File Repository Server are interpreted relative to this root
directory.
-maxidle
minutes
Event Server
This section provides the command-line options that are specific to the Event Server.
The default path to the server on Windows is:
C:\Program Files\Crystal Decisions\Enterprise\win32_x86\EventServer.exe
Option
Valid Arguments
Behavior
-poll
seconds
-cleanup
minutes
295
Event Server
296
297
298
Replace webserver with the name of your web server machine, and replace
language with the information appropriate to your version of Crystal
Enterprise: use en for English, fr for French, de for German, and ja for Japanese.
If you cannot access this page, ensure that the /crystal virtual directory is
configured correctly on your web server. For additional details on creating or
editing virtual directories, see your web server documentation.
Replace webserver with the name of your web server machine, and replace
language with the information appropriate to your version of Crystal
Enterprise: use en for English, fr for French, de for German, and ja for Japanese.
2 Click the Crystal Offline Viewer link.
You should be prompted to download the cvwsetup.exe file, which is located in
the viewers directory of your Crystal Enterprise installation. If the web server
cannot find this file, you may need to check the configuration of the /viewer
virtual directory. For additional details on creating or editing virtual
directories, see your web server documentation.
299
300
301
5 On the App Mappings tab, look in the Extension list for the .rpt, .csp, .cwr,
and .cri entries. These entries are typically created by the Crystal Enterprise
setup program.
6 If the entries are not there, or if you need to modify an existing entry, click Add
or Edit.
The Add/Edit Application Extension Mapping dialog box appears.
7 In the Executable field, type the absolute path to the ISAPI Web Connector.
The default path is:
C:\Program Files\Crystal Decisions\WCS\wcsisapi.dll
302
This line instructs Apache to pass all requests for Crystal Enterprise file types to
the ASAPI Web Connector.
fn="req_handler"
fn="req_handler"
fn="req_handler"
fn="req_handler"
method="(GET|POST)"
method="(GET|POST)"
method="(GET|POST)"
method="(GET|POST)"
type="magnus-internal/rpt"
type="magnus-internal/csp"
type="magnus-internal/cri"
type="magnus-internal/cwr"
Also ensure that the following lines appear in the iPlanet mime.types file:
type=magnus-internal/rpt
type=magnus-internal/csp
type=magnus-internal/cri
type=magnus-internal/cwr
exts=rpt
exts=csp
exts=cri
exts=cwr
Together, these configuration entries serve to define the Crystal Enterprise file
types and to allow the NSAPI Web Connector to handle requests for such files.
303
Note: ePortfolio and the CMC do not contain all .csp, .rpt, .cwr, and .cri files to a
single cgi-bin directory. Therefore, these default applications will not function
properly if your web server requires you to specify executable files by directory.
In such cases, however, you can still deploy your own web applications that
reference .csp scripts from the cgi-bin, so long as you map the Crystal Enterprise
file types in the cgi-bin to the wcscgi.cgi script.
If you are successfully redirected to ePortfolio or its logon page, then the path
mapping between the Web Connector and the WCS is configured to process
.csp files properly.
304
If the redirection is unsuccessful, you should check not only the virtual path
mappings, but also the configuration of the virtual directory and of the
application mappings on your web server.
3 In the Web Component Servers area, ensure that the WCS Host Name and Port
number correspond to your system configuration.
In the example above, the WCS is running on a machine named PBROWNSEYA,
and it is listening on the default port (6401).
305
306
307
This Init line provides the NSAPI Web Connector module with the instructions
necessary for mapping paths correctly. The relevant portions can be broken down
as follows:
WCSHosts="WCSLIST"
This line defines the Web Component Server(s) that the NSAPI module must
communicate with. WCSLIST is a list of one or more WCS hosts, specified as
machinename:portnumber (separate multiple entries with semicolons).
WCSPathMap="/crystal;.csp;WCS_INSTALL_ROOT/webcontent,..."
The WCSPathMap command maps paths from the web server to the WCS based on
file type. The portion quoted here defines how the NSAPI module translates file
paths for each Crystal Server Page (.csp file). Any .csp request made to http://
webserver/crystal must be mapped relative to the webcontent directory on the
WCS. The virtual directory on the web server is specified first (/crystal); the
file extension is specified second (.csp); and the absolute path of the Crystal
Enterprise web content directory on the Web Component Server is specified last
(WCS_INSTALL_ROOT/webcontent).
Note: The entries for each mapped file type are separated by commas, but all
entries are contained within double-quotes.
This line sets the WCSHOST1 environment variable, which specifies the host machine
that is running the Web Component Server (WCS). Replace machinename with the
fully qualified domain name (or IP address) of the machine that is running the
WCS. Replace portnumber with the port that the WCS is listening on (by default,
this is port 6401). You may specify additional WCS machines by defining similar
environment variables with names WCSHOST2, WCSHOST3, and so on.
Second, ensure that the following line appears in the wcscgi.cgi script:
WCSPATHMAP1="/crystal;csp;WCS_INSTALL_ROOT/webcontent"; export WCSPATHMAP1
This line defines how the CGI Web Connector handles a request for a Crystal
Server Page (.csp files). Any .csp request made to http://webserver/crystal must
be mapped relative to the webcontent directory on the WCS. The virtual directory
on the web server is specified first (/crystal); the file extension is specified second
(csp); and the absolute path of the Crystal Enterprise web content directory on the Web
Component Server is specified last (WCS_INSTALL_ROOT/webcontent).
To map different paths or different file extensions, add a new environment
variable with the prefix WCSPATHMAP. For instance, to make unmanaged Crystal
reports available on your web site, you would add a line similar to this:
WCSPATHMAP2="/crystal;rpt;WCS_INSTALL_ROOT/webcontent"; export WCSPATHMAP2
308
General Troubleshooting
309
Troubleshooting overview
Troubleshooting overview
Crystal Enterprise is designed to integrate with a multitude of different operating
systems, web servers, network and firewall configurations, database servers, and
reporting environments. Thus, any troubleshooting that you may need to undertake
will likely reflect the particularities of your deployment environment. This
appendix includes general troubleshooting steps along with solutions to some
specific configuration issues.
In general, consider the following key points when troubleshooting:
Ensure that client and server machines are running supported operating
systems, database servers, database clients, and appropriate server software.
For details, consult the Platforms.txt file, included with your product
distribution.
Verify that the problem is reproducible, and take note of the exact steps that
cause the problem to recur.
On Windows NT/2000, use the sample reports and sample data included with
the product to confirm whether or not the same problem exists.
Determine whether the problem is isolated to one machine or is occurring on
multiple machines. For instance, if a report fails to run on one processing
server (Job Server or Page Server), see if it runs on another processing server.
If the problem is isolated to one machine, pay close attention to any
configuration differences in the two machines, including operating system
versions, patch levels, and general network integration.
If the problem relates to connectivity or functionality over the Web, check that
Crystal Enterprise is integrated properly with your web environment. For
details, see Troubleshooting path mappings on page 297 and Web
accessibility issues on page 311.
If the problem relates to report viewing or report processing, verify your
database connectivity and functionality from each of the affected machines.
Use Crystal Reports to verify that the report can be viewed properly. If the Job
or Page Servers are running on Windows, open the report in Crystal Reports
on the server machine and check that you can refresh the report against the
database. For details, see Reporting viewing and processing issues on
page 313.
Look for solutions in the documentation included with your product. For
details, see Documentation resources on page 311.
Check out the Crystal Care technical support web site for white papers, files
and updates, user forums, and Knowledge Base articles:
http://support.crystaldecisions.com
310
Documentation resources
The Crystal Enterprise Release Notes are provided in two formats (release.pdf
and release.htm) in the root directory of your product distribution, as is the
Platforms.txt file. These documents list supported third-party software along
with any known issues or implementation-specific configuration details.
Crystal Enterprise also includes four manuals:
Crystal Enterprise ePortfolio Users Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Getting Started Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Administrators Guide (printed copy, HTML, CHM, and PDF)
Crystal Enterprise Installation Guide (HTML, CHM, and PDF)
CHM and PDF files are located in the doc directory of your product distribution.
Online HTML Help versions are installed with the Web Connector and the Web
Component Server. Access the HTML versions from the Crystal Enterprise
Launchpad, or look in the appropriate directory on your Web Connector or Web
Component Server machine:
On Windows, the files are installed by default below the C:\Program
Files\Crystal Decisions\Web Content\Enterprise\Help\ directory of your
installation.
On UNIX, the files are installed below the INSTALL_ROOT/crystal/webcontent/
enterprise/help/ directory of your installation.
Additional Compiled HTML Help (CHM) files are provided with the following
client tools:
Crystal Configuration Manager
Crystal Publishing Wizard
Crystal Import Wizard
Crystal Offline Viewer
Press F1 or click Help to launch the online help from within these applications.
311
This error indicates that the WCS is offline or that the Web Connector is not
configured correctly. First, use the CCM to start the WCS and then enable it. (If the
WCS was already started and enabled, use the CCM to restart it.) If restarting the WCS
does not correct the situation, check the mappings between the web server, the Web
Connector, and the WCS. For details, see Path mapping overview on page 298.
Use the CCM to start the APS. (If the APS was already started, use the CCM to
restart it.)
312
This error may occur for various reasons. Investigate these common solutions:
Ensure that the specified authentication type corresponds to the user name
and password provided on the log on page. To log on with a Windows NT
user name, verify that the authentication type is set to Windows NT
Authentication and not Enterprise.
Netscape users must provide a valid Windows NT user name in the form of
Domain\User.
Microsoft Internet Explorer users must provide a valid Windows NT user
name. It must be in the form of Domain\User if the user account does not reside
in the default domain of the APS.
If Windows NT Integrated security (NT Challenge/Response) is enabled in
Internet Information Services (IIS) and in the Web Component Server (WCS),
then users must use Microsoft Internet Explorer. In addition, users must log on
to the client machine with a valid NT domain user account before logging on
to Crystal Enterprise. Users must log on to Crystal Enterprise with a valid
Windows NT user name. It must be in the form of Domain\User if the user
account does not reside in the default domain of the APS.
The web server and all Crystal Enterprise components must be running on
Windows NT/2000 for Windows NT authentication to work.
313
Consult your Windows documentation for information about working with the
registry. Additional configuration may be required, depending upon the
database that you are reporting off of. For details, see Configuring Windows
processing servers for your data source on page 227.
314
315
To troubleshoot a report
1 Start Crystal Reports on the appropriate machine:
If the report runs successfully on demand, but fails when scheduled, start
Crystal Reports on the Job Server.
If the report fails when viewed on demand, but runs successfully when
scheduled, start Crystal Reports on the Page Server.
If the report fails when viewed on demand or scheduled, complete these
troubleshooting steps on both the Job Server and the Page Server.
316
317
This section provides some common troubleshooting steps for resolving this issue.
Before completing these steps, verify your database connectivity and general
reporting configuration (as described in Troubleshooting reports and looping
database logon prompts on page 314).
318
Once you enable tracing, run the report again from a browser to generate the
tracing log. After you run the report, disable tracing and review the log file for
additional Error or Busy messages. Tracing may provide additional details
that allow you to troubleshoot the problem.
6 If the report is based off Informix 7.3, check the database driver.
If a report that uses the Informix database driver (Windows version) causes a
database driver error, modify the report to use the Crystal Reports CR
Informix driver.
7 Verify the table definition of the database that the report is based off.
If your web application dynamically changes a reports data source at runtime,
ensure that the schema of each database matches the schema of the database
that the report was originally designed for. Rather than running the same
report against diverse data sources, consider designing a separate report for
each database.
8 Verify the data type of parameter values passed through code.
If your web application passes parameter values to a report, ensure that you are
casting the correct data type for the parameter value. It is always a good idea to
cast values to ensure they are of the correct type. For specific details, see the
function reference for your development language.
319
entire operating system. So, when you log on and map a local or network drive, the
mapped drive is accessible to the LocalSystem account, and hence to the Crystal
Enterprise servers running on the local machine. When you log off the local
machine, the servers may retain access to the mapped drive for some time
(Windows will release the drive mapping if no application maintains a persistent
connection to the mapped resource). However, when you restart the local machine,
the mapped drive is not restored until you log back on.
Note: Changing a servers log on account from the LocalSystem account to a
Windows NT/2000 user account with network privileges will not resolve the
problem, because the servers do not actually log on to the network with that
account. Instead, the servers perform account impersonation. This provides
access to some profile-specific resources (such as printers and email profiles), but
not others (such as ODBC User Data Source Names and mapped drives).
This error indicates that the Page Server is not started and enabled. Use the CCM
to start the Page Server and then enable it. (If the Page Server was already started
and enabled, use the CCM to restart it.)
320
ePortfolio considerations
Supporting ePortfolio users in multiple time zones
Avoid granting Schedule access to the default Guest account if you deploy
ePortfolio as the web desktop for users in different time zones. Instead, ensure that
each user who is allowed to schedule reports has a dedicated account on the
system, and that each user's ePortfolio preferences include the appropriate timezone setting. To view or modify the time-zone setting for any user account, use the
ePortfolio Preferences Manager, which is available as an Administrative Sample
on the Crystal Enterprise Launchpad. Dedicated accounts are recommended
because the default Guest account does not allow users to modify account
preferences that would affect other users. For more information about using
specific time-zone properties in your custom web applications, see the Crystal
Enterprise Web Developer's Guide.
321
322
To specify the Web Component Server the web server should use
This procedure assumes that the Web Connector has been installed on each of the
web server machines. For more information on performing a custom installation,
see the Crystal Enterprise Installation Guide.
1 Start the CCM.
2 Click Configure Web Connector.
3 Click Add in the Web Component Servers area.
4 Enter the IP address or host name where the Web Component Server you
would like to communicate with resides.
5 Enter the port number.
This is the Web Component Server port number.
6 Click OK.
The Web Component Server is added to the list.
Note: Repeat this procedure for each Web Component Server the web server
should have access to.
323
324
Glossary
ActiveX Control
A Custom Control for Visual Basic 4.0 and above that incorporates Object Linking
and Embedding (OLE) technology. Formerly known as an OLE Control (OCX).
alias
An alias is an alternate name that is assigned to a user to enable him or her to log
on to Crystal Enterprise. For example, a user may have both an Enterprise alias and
an LDAP alias that he or she can access the system with.
Cache Server
The Cache Server is responsible for handling all viewing requests from the Web
Component Server (WCS). The Cache Server checks whether or not it can fulfill the
request with a cached report page. If it cannot, it passes the request along to the
Page Server. The Page Server runs the report and returns the results to the Cache
Server. The Cache Server then caches the information and returns the data to the
WCS. By storing report pages in a cache, Crystal Enterprise avoids accessing the
database each and every time a report is requested.
325
CCM
The Crystal Configuration Manager (CCM) is a server administration tool. It is
provided in two forms. In a Windows environment, the CCM allows you to
manage local and remote servers through its Graphical User Interface (GUI) or
from a command line. In a UNIX environment, the CCM shell script (ccm.sh)
allows you to manage servers from a command line.
CMC
The Crystal Management Console (CMC) web application is the most powerful
administrative tool provided for managing a Crystal Enterprise system. It offers
you a single interface through which you can perform almost every task related to
user management, content management, and server management.
Crystal Analysis
Crystal Analysis is a design tool for creating OLAP applications that allow you to
view and analyze data from different data sources. They can be distributed as
desktop applications, or published on the Web using Crystal Enterprise.
326
custom event
A custom event is an event that is triggered manually by a user through the CMC,
or triggered directly through CSP code. A scheduled report that is dependent on a
custom event will run only when the event is triggered.
database
A database is a bank of related data. Each unit (record) of the database is typically
organized in a fixed format to make it easier to retrieve selected portions of the
data on demand. Each record is made up of one or more data fields, and each data
field can hold one piece of data (known as a value).
data source
A data source is a database, table, query, or stored procedure result set that
provides the data for a report.
Enterprise authentication
Enterprise authentication is the default authentication method used by Crystal
Enterprise. You can create distinct accounts and groups for use with Crystal
Enterprise. Crystal Enterprise also supports NT authentication and LDAP
authentication.
327
ePortfolio
ePortfolio is a web-based interface that end users access to view, schedule, and
keep track of published reports. Each Crystal Enterprise request that a user makes
in ePortfolio is directed by the web server to the Web Connector, which then
forwards the request to the Web Component Server.
event
An event is a preset trigger for scheduling and processing objects. Event-based
scheduling provides you with additional control over scheduling reports: you can
set up events so that reports are processed only after a specified event occurs.
Working with events consists of two steps: creating an event and scheduling a
report with events. That is, once you create an event, you can select it as a
dependency when you schedule a report. The scheduled job is then processed only
when the event occurs. You can schedule a report with a file event, a custom event,
and/or a schedule event.
Event Server
The Event Server manages file-based events. When you set up a file-based event
within Crystal Enterprise, the Event Server monitors the directory that you
specified. When the appropriate file appears in the monitored directory, the Event
Server triggers your file-based event: that is, the Event Server notifies the APS that
the file-based event has occurred. The APS then starts any jobs that are dependent
upon your file-based event.
file event
A file-based event waits for a particular file (the trigger) to appear before the event
occurs. Before scheduling a report that waits for a file-based event to occur, you
must first create the file-based event in the Events management area of the CMC.
When you define a file-based event, you specify a filename that the Event Server
should monitor for a particular file. When the file appears, the Event Server
triggers the event.
328
group
A group is a collection of users who share the same account privileges. For instance,
you can create groups that are based on department, role, or location. Groups
enable you to make changes in one place (a group) instead of modifying each user
account individually. Also, you can assign object rights to a group or groups.
instance
An instance is a copy or version of an object that contains report data that is
retrieved from one or more databases. Each instance contains data that is current
at the time the report, query, or program is processed. In Crystal Enterprise, you
publish objects to the system, and then schedule those objects to generate instances
on a recurring basis.
Job Server
The Job Server processes scheduled reports, as requested by the Automated
Process Scheduler, and generates report instances (instances are versions of a
report object that contain saved data). To generate a report instance, the Job Server
communicates with the database to retrieve the current data.
LDAP authentication
Lightweight Directory Access Protocol (LDAP) authentication enables you to use
existing LDAP user accounts and groups (on an LDAP directory server) in Crystal
Enterprise. When you map LDAP accounts to Crystal Enterprise, users are able to
access ePortfolio and other Crystal Enterprise applications with their LDAP user
name and password. This eliminates the need to recreate individual user and
group accounts within Crystal Enterprise.
logon token
A logon token is an encoded string that defines its own usage attributes and
contains a users session information. The logon tokens usage attributes are
specified when the logon token is generated. These attributes allow restrictions to
be placed upon the logon token to reduce the chance of the logon token being used
by malicious users.
mapping accounts
Mapping an account enables a user with an NT or LDAP account to access Crystal
Enterprise. Typically, you map NT or LDAP user accounts to Crystal Enterprise
through the CMC. When you map an NT or LDAP account, you can choose to create
a new Crystal Enterprise account or link to an existing Crystal Enterprise account.
329
NT authentication
NT authentication is a Windows-specific authentication method that enables you
to use existing NT user accounts and groups in Crystal Enterprise. When you map
NT accounts to Crystal Enterprise, users are able to log on to ePortfolio and other
Crystal Enterprise applications with their NT user name and password. This
eliminates the need to recreate individual user and group accounts within Crystal
Enterprise.
NT Single Sign On
NT Single Sign On enables users to use various Crystal Enterprise applications
without being prompted to log on. Users need only to enter their NT user name
and password information once at the beginning of the NT session. Note that
ePortfolio provides its own form of anonymous Single Sign On, which uses
Enterprise authentication, as opposed to Windows NT authentication.
object
From an administrative perspective, objects in Crystal Enterprise are the folders
you create on the system and the content you publish to the system. For example,
a typical object is a report object which is stored in the Input File Repository Server.
A report object is an .rpt file that you publish to the system and schedule in order
to create instances with report data.
ODBC
ODBC stands for Open Database Connectivity. It is an interface that gives
applications the ability to use SQL to retrieve data from data management systems.
Such an interface allows a developer to develop, compile, and ship applications
without targeting specific database management systems. Also called
interoperability.
Page Server
The Page Servers primary responsibility is to respond to on-demand page requests
from the Cache Server and to generate Encapsulated Page Format (EPF) pages. The
Page Server then returns the EPF pages to the Cache Server. The EPF pages contain
formatting information that defines the layout of the report. The data for the report
is saved with the report or retrieved on demand from the database.
330
parameter field
A parameter field is a special kind of field that prompts the user for a value. You
can use parameter fields for report titles, record selection, sorting, and a variety of
other uses. Using parameter fields enables you to create a single report that you
can modify quickly to fit a variety of needs.
processing extension
A processing extension is a dynamically loaded library of code that applies
business logic to particular Crystal Enterprise view requests or schedule requests
before they are processed by the system.
publishing
Publishing is the process of adding objects such as Crystal reports to the Crystal
Enterprise environment and making them available to authorized users. The
objects that you publish may be individual reports created with Crystal Reports,
analytical applications designed with Crystal Analysis, or other objects that youve
created using Crystal Enterprise plug-in components.
record
In a database, a record is a complete unit of related information, an electronic file
folder that holds all of the data on a given entity. Each record contains one or more
fields that contain the specific pieces of data of interest. In a customer database, for
example, a record would store all of the data on a single customer. In an inventory
database, a record would store all of the data on a single inventory item. Data from
an individual record is displayed or printed as a row of data on a columnar report.
report
A report is an organized presentation of data. As a management tool, a report is
used to provide management with the insight it needs to run an organization
effectively. In Crystal Enterprise, you publish objects to the system, and then
schedule those objects to generate instances on a recurring basis.
331
report object
A report object is an object that is created using a Crystal designer component
(such as Crystal Reports or Crystal Analysis). Report objects contain report
information (such as database fields). When you schedule a report, Crystal
Enterprise generates an instance or instances of the object. When you publish a
report object to Crystal Enterprise, only the structure of the report (the template
information) is saved; that is, the published report object contains no saved data.
schedule event
Schedule-based events are dependent upon scheduled reports. That is, a schedulebased event is triggered when a particular report has been processed. When you
create this type of event, it can be based on the success or failure of a scheduled
report, or it can be based simply on the completion of the job. A report that is
dependent on a schedule-based event will run only when the schedule-based
event is triggered.
selection formula
A selection formula is a formula that specifies the records, or groups of records,
you want included in your report.
server-side processing
Server-side processing is a feature that allows you to set up reports that perform
the majority of their processing on the database server. These reports push only
relevant details to your computer, thus saving you time and memory.
Sign Up feature
The Sign Up feature in ePortfolio enables users to sign up and create a new account
on Crystal Enterprise. You have the option to disable this feature to prevent guest
users from creating their own accounts.
Single Sign On
Single Sign On enables users to automatically log on to an application without
entering a user name or password. In Crystal Enterprise, there are two forms of
Single Sign On: NT Single Sign On, and ePortfolios Single Sign On feature. With
ePortfolios Single Sign On feature, users are logged on automatically under the
Guest account (Enterprise authentication).
332
subreport
A subreport is a report within a report. It has all of the characteristics of a report
with one exception: it cannot itself include a subreport. Subreports can be freestanding or they can be linked to the data in the primary report. Using Crystal
Reports, you can insert as many subreports as you wish.
Web Connector
To communicate with the different types of web servers, the WCS uses a Web
Connector. Crystal Enterprise includes different Web Connectors for different
operating systems and web servers.
333
334
Index
A
Access Level column ........................................... 96
access levels........................................................ 96
Advanced...............................................99, 100
available in the CMC .................................. 275
described ...................................................... 98
enabling and disabling inheritance.............. 104
Full Control................................................... 99
inheritance.................................................. 103
No Access..................................................... 98
reference..................................................... 273
Schedule ....................................................... 98
setting ........................................................... 98
specifying on folders ..................................... 68
tutorials....................................................... 108
View ............................................................. 98
View On Demand......................................... 99
when copying/moving folders ....................... 66
access, restricting from the top-level folder ........ 131
account management .......................................... 34
active sessions, viewing ..................................... 198
active trust relationship........................................ 25
ActiveX viewer, modifying options .................... 219
activity, viewing current metrics ........................ 196
adding
APS cluster members................................... 204
license keys................................................. 272
servers......................................................... 249
AddPathMap directive ....................................... 307
administering
remote UNIX machines................................. 12
remote Windows machines........................... 11
administration........................................................ 8
configuration tools ...................................... 196
delegated .................................................... 125
over the Web .................................................. 8
tools................................................................ 8
Administrator, setting password ........................... 13
Administrators group, default rights ................... 277
Advanced access level......................................... 99
advanced rights ................................................. 100
and inheritance ........................................... 103
priorities affecting................................... 107
denied by default ........................................ 108
enabling and disabling inheritance.............. 105
precedence ................................................. 108
reference..................................................... 274
setting ..........................................................100
viewing........................................................100
Advanced Rights page ........................................100
reference......................................................274
affinity, and SSL....................................................26
aliases
LDAP accounts ..............................................59
NT accounts ..................................................49
Apache
application mappings on UNIX....................302
reinitializing child processes........................248
virtual paths on UNIX ..................................307
application mappings .........................................300
applications........................................................187
CCM ............................................................188
CMC ............................................................188
Crystal Import Wizard..................................188
Crystal Publishing Wizard............................188
ePortfolio.....................................................187
APS .............................................................. 20, 190
adding to a cluster .......................................206
and authentication ...................................17, 18
and authorization...........................................18
and distributed security..................................26
and security ...................................................20
and security plug-ins......................................20
as nameserver..............................................235
base rights and available rights ....................102
calculating effective rights............................106
changing cluster name .................................208
clustering.....................................................204
configuring ..........................................213, 235
SOCKS ....................................................268
copying system database..............................208
default port ..................................................235
installing a new cluster member...................206
metrics.................................................198, 199
requirements for clustering...........................204
unable to connect ........................................312
when enabling and disabling other servers..... 201
APS database......................................................190
changing password ......................................213
configuring ..................................................208
deleting........................................................213
migrating .....................................................208
recreating.....................................................213
selecting ......................................................213
335
B
base rights.......................................................... 102
Btrieve ............................................................... 228
C
cache files settings ............................................. 216
Cache Server...................................................... 192
configuring .................................................. 216
metrics ........................................................ 198
performance settings.................................... 216
CCM .................................................................. 188
accessing .......................................................11
adding a server ............................................ 249
changing
server startup type................................... 240
Windows server dependencies ...............239
copying server status ................................... 203
deleting a server ..........................................251
enabling and disabling servers..................... 201
for UNIX................................................ 12, 280
336
D
daemons, signal handling .................................. 291
data
allowing users to refresh ................................ 75
cache files ................................................... 216
choosing live/saved .....................................242
live .............................................................. 243
refreshing on a schedule................................ 75
saved........................................................... 243
data sources
on UNIX...................................................... 229
on Windows................................................ 227
data tier ............................................................. 193
databases
changing settings .........................................150
configuring servers for .................................227
copying APS data ........................................ 208
initializing the APS ...................................... 213
selecting for the APS.................................... 213
troubleshooting
driver errors ............................................ 318
logon ...................................................... 314
DB2 ................................................................... 227
default settings
authentication ............................................... 21
Enterprise accounts........................................ 21
groups ........................................................... 34
Administrators .......................................... 35
Crystal NT Users....................................... 36
Everyone................................................... 35
New Sign-Up Accounts ............................ 35
modifying security ......................................... 14
NT account ................................................... 22
337
E
effective rights, calculating................................. 106
email destination ............................................... 170
setting defaults............................................. 225
enabling
inheritance .................................................. 104
servers .........................................................201
encoding logon tokens......................................... 25
environment variables, ODBC ...........................231
env.sh ................................................................ 286
ePortfolio ........................................................... 187
authentication model..................................... 16
considerations ............................................. 321
disabling Guest account ................................ 14
338
F
fail over, Web Connector and WCS ..................... 26
Favorites folders................................................... 71
fax numbers, registration........................................ 5
file events .................................................. 180, 181
File Repository Servers....................................... 191
metrics ........................................................ 197
setting maximum idle times......................... 215
setting root directories ................................. 215
firewalls....................................................... 29, 260
configuring.................................................. 263
NAT ....................................................... 263
Network Address Translation.................. 263
SOCKS ................................................... 265
forcing servers to register by name .............. 237
types of ....................................................... 261
NAT ....................................................... 262
packet filtering ....................................... 261
SOCKS ................................................... 262
folder inheritance .............................................. 103
folder rights ......................................................... 68
folders ................................................................. 64
adding a report.............................................. 67
changing top-level rights ............................. 113
copying/moving ............................................ 66
creating ......................................................... 64
default rights at top level ............................. 277
default user folders ........................................ 71
delegated administration ............................. 125
deleting .........................................................66
Favorites folder ..............................................71
importing
from Crystal Enterprise ..............................87
from Seagate Info ......................................88
moving ..........................................................66
object rights...................................................96
access levels .............................................98
advanced settings....................................100
inheritance..............................................103
setting access levels ..................................98
viewing .....................................................96
when copying/moving ..............................66
setting instance limits.....................................70
specifying rights .............................................68
format, choosing ................................................173
FTP destination...................................................168
setting defaults.............................................224
Full Control access level.......................................99
reference .....................................................276
G
granted rights .....................................................108
group inheritance ...............................................103
group rights ..........................................................96
grouping servers .................................................254
groups
creating .........................................................41
for tutorials .............................................109
deleting .........................................................43
importing
from Crystal Enterprise ..............................86
from Seagate Info ......................................88
modifying ......................................................42
object rights
access levels .............................................98
advanced rights.......................................100
inheritance..............................................103
of servers .....................................................254
setting
instance limits on folders ..........................70
object rights ............................................176
viewing members ..........................................42
Guest account
default rights ................................................277
disabling .................................................. 14, 43
disabling Sign Up ..........................................13
H
help
documentation resources .............................311
product registration..........................................5
technical support .............................................6
Holos applications, from Seagate Info ..................89
HTTP.............................................................. 17, 27
I
idle times
Cache Server ............................................... 216
File Repository Servers.................................215
Page Server.................................................. 221
importing
Crystal Import Wizard ................................... 86
from Crystal Enterprise................................... 86
from Seagate Info........................................... 88
selecting information ..................................... 91
specifying source and destination .................. 90
index, setting CMC preferences............................ 10
Info cubes, from Seagate Info ............................... 89
Info Views, from Seagate Info............................... 89
information flow, between servers ..................... 193
Informix ............................................................. 228
inheritance......................................................... 103
and advanced rights ............................ 100, 105
base rights and available rights .................... 102
enabling and disabling ................................ 104
priorities affecting........................................ 108
tutorials ....................................................... 108
Inherited column ............................................... 100
initializing APS database .................................... 213
initlaunch.sh ...................................................... 286
Input File Repository Server ............................... 191
metrics ........................................................197
setting maximum idle time .......................... 215
setting root directory.................................... 215
instances ............................................................138
from Seagate Info........................................... 89
importing from Crystal Enterprise................... 87
setting limits at the folder level ...................... 70
intelligence tier .................................................. 189
configuring .................................................. 204
Internet Information Services (IIS)
and NT Single Sign On .................................. 22
application mappings .................................. 300
default web site ........................................... 311
iPlanet Enterprise Server
UNIX
application mappings on UNIX............... 303
virtual paths............................................ 307
Windows
application mappings .............................300
virtual paths............................................ 305
J
Java viewer, modifying options .......................... 219
Job Server .......................................................... 192
configuring .......................................... 223, 227
configuring on UNIX ................................... 229
maximum number of jobs............................ 222
metrics ........................................................198
report objects .............................................. 147
339
K
key combinations................................................... 6
keyboard shortcuts ................................................. 6
L
launchpad, accessing ............................................. 9
LDAP ...................................................................23
about............................................................. 23
authentication ............................................... 36
managing accounts........................................54
LDAP accounts .................................................... 23
aliases
reassigning................................................60
using......................................................... 59
viewing..................................................... 60
configuring .................................................... 54
groups
creating .................................................... 61
disabling................................................... 61
managing ...................................................... 54
mapping ........................................................ 54
modifying
connection parameters .............................58
member groups......................................... 58
troubleshooting ............................................. 61
unmapping .................................................... 57
users
creating .................................................... 61
disabling................................................... 61
LDAP authentication plug-in ................................ 23
LDAP groups
mapping ........................................................ 54
unmapping .................................................... 57
LDAP hosts, managing multiple ........................... 58
LDAP security plug-in .......................................... 23
LDAP users
mapping ........................................................ 54
unmapping .................................................... 57
license keys ....................................................... 270
adding .........................................................272
viewing account activity .............................. 272
licensing ............................................................ 270
accessing information ..................................271
Lightweight Directory Access Protocol. See LDAP
limits, setting at the folder level............................ 70
live data .............................................................243
load balancing
and distributed security ................................. 26
APS clustering ............................................. 204
web farm .....................................................322
Local System account ........................................ 227
log on
authentication ............................................... 16
processing server accounts .......................... 227
protection against malicious attempts ............ 30
with token ..................................................... 18
340
logging
server activity .............................................. 234
web activity .......................................... 29, 218
logon tokens ........................................................ 25
and authentication ........................................ 17
and authorization .......................................... 18
and distributed security ................................. 26
and secondary authentication ....................... 18
and session tracking ...................................... 27
logon.csp............................................................. 17
Lotus Domino.................................................... 227
M
malicious logon attempts, protection against ....... 30
management areas, defined ................................... 9
mapped drives ................................................... 319
mapped LDAP groups, viewing............................ 58
mapped LDAP users, viewing .............................. 58
mapped NT groups, viewing ................................ 48
mapped NT users, viewing .................................. 48
mapping
LDAP accounts ............................................. 54
NT accounts.................................................. 44
troubleshooting web server paths ................ 297
virtual paths ................................................ 304
mappings
application .................................................. 300
virtual directories ........................................ 298
virtual paths ................................................ 304
menu styles, setting CMC preferences.................. 10
metrics............................................................... 196
system ......................................................... 199
viewing
account activity ...................................... 272
for servers............................................... 197
Microsoft Access................................................ 228
Microsoft Exchange ........................................... 228
Microsoft SQL Server ......................................... 227
migrating ............................................................. 86
APS database .............................................. 208
from Crystal Enterprise .................................. 86
from Seagate Info .......................................... 88
selecting information..................................... 91
specifying source and destination.................. 90
multihomed machines ....................................... 238
My Password, setting CMC preferences ............... 10
N
nameserver, role of APS..................................... 235
NAT. See Network Adress Translation
native drivers ..................................................... 227
on UNIX ..................................................... 229
Net Access column.............................................. 96
Network Address Translation ..............261, 262, 263
No Access level ................................................... 98
reference ..................................................... 275
O
object rights .........................................................96
advanced setting ..........................................100
available in the CMC ...................................274
base and available .......................................102
calculating effective .....................................106
importing
from Crystal Enterprise ..............................87
from Seagate Info ......................................89
inheritance .......................................... 103, 105
predefined access levels ................................98
reference .....................................................273
setting ............................................................98
specifying for a folder ....................................68
tutorials .......................................................108
decreasing rights .....................................112
increasing rights......................................131
viewing..........................................................96
when copying/moving folders........................66
P
packet filtering ................................................... 261
page index, setting CMC preferences ................... 10
Page Server ........................................................192
configuring .......................................... 221, 227
configuring on UNIX ................................... 229
metrics ........................................................198
pages, setting CMC preferences ........................... 10
Paradox ............................................................. 228
passwords
changing
for APS database.....................................213
settings ..................................................... 40
restrictions..................................................... 30
setting
CMC preferences ...................................... 10
for Administrator account ......................... 13
patchlevel.sh...................................................... 286
path mapping..................................................... 298
troubleshooting ........................................... 297
PC databases...................................................... 228
341
Q
.qry files .............................................................316
query objects, from Seagate Info .......................... 89
R
refreshing cache files ......................................... 216
registration .............................................................5
re-initializing, APS database............................... 213
Remote Procedure Call ......................................239
remote resources, troubleshooting ..................... 319
remote servers
CCM for UNIX............................................... 12
CCM for Windows......................................... 11
CMC................................................................ 8
342
rights ....................................................................96
Advanced ......................................................99
available ......................................................102
base .............................................................102
Full Control ...................................................99
importing
from Crystal Enterprise ..............................87
from Seagate Info ......................................89
No Access .....................................................98
Schedule........................................................98
setting object rights......................................176
specifying for a folder ....................................68
tutorials .......................................................108
View ..............................................................98
View On Demand .........................................99
rights. See also object rights
Rights tab .............................................................96
root directories, File Repository Servers ..............215
root folders
default rights ................................................277
modifying security .........................................14
row-level security, processing extensions .............24
.rpt files, application mappings...........................300
S
saved data ..........................................................243
scalability...........................................................242
common scenarios.......................................243
general considerations .................................245
scaling, the system .............................................241
Schedule access level...........................................98
reference .....................................................275
schedule events.......................................... 180, 182
schedules
from Seagate Info ...........................................89
importing from Crystal Enterprise ...................87
scheduling
daily report ..................................................156
events ..........................................................163
information flow ..........................................194
monthly report .............................................159
on demand ..................................................153
report instances ...........................................153
run once ......................................................154
setting default
destinations.............................................223
disk destination .......................................223
FTP destination .......................................224
SMTP destinations...................................225
weekly report...............................................158
scripts for UNIX..................................................279
Seagate Info, importing information......................88
secEnterprise.dll ...................................................21
secLDAP.dll .........................................................23
secondary authentication .....................................18
343
344
T
technical support ................................................... 6
temporary files, configuring Page Server ............ 221
third-party security plug-ins ................................. 20
three-machine setup .......................................... 244
thumbnails, adding with reports........................... 67
tickets
for distributed security................................... 26
logon tokens ................................................. 25
tiers ................................................................... 186
client........................................................... 187
data............................................................. 193
intelligence ................................................. 189
processing ................................................... 192
time zone, setting CMC preferences..................... 10
time zones, supporting multiple......................... 321
toolbars, customizing for report viewers ............ 219
tools
administration ................................................. 8
Crystal Configuration Manager (CCM) ........... 11
Crystal Management Console (CMC) ............... 8
UNIX .......................................................... 280
top-level folder, modifying security...................... 14
top-level, creating new folders............................. 64
tracking, sessions ................................................. 27
transfer of trust..................................................... 26
troubleshooting.................................................. 310
application mappings .................................. 300
ePortfolio deployments ............................... 321
LDAP accounts ............................................. 61
NT accounts.................................................. 51
path mappings ............................................ 297
report viewing and processing..................... 313
virtual directories ........................................ 298
web accessibility ......................................... 311
web servers ......................................... 298, 300
trust, active trust relationship ............................... 25
tutorials ............................................................. 108
U
UNC paths .........................................................319
uninstall.sh.........................................................285
UNIX
administrative scripts ...................................279
and NT authentication ...................................22
command reference .....................................279
Crystal Configuration Manager ......................12
syslog ..........................................................234
tools ............................................................279
UNIX web servers
application mappings ..................................302
configuring virtual paths ..............................307
unmanaged disk destination ...............................167
setting defaults.............................................223
unmapping
LDAP accounts ..............................................57
NT accounts ..................................................47
upgrading
Crystal Import Wizard....................................86
from Crystal Enterprise ...................................86
from Seagate Info ...........................................88
user accounts .......................................................34
creating .........................................................37
deleting .........................................................39
modifying ......................................................39
user databases, NT4 and Windows 2000 Active
Directory .........................................................22
user folders...........................................................71
user rights.............................................................96
users.....................................................................34
delegated administrators ..............................125
importing
from Crystal Enterprise ..............................86
from Seagate Info ......................................88
logging activity ............................................218
object rights
access levels .............................................98
advanced rights.......................................100
effective rights.........................................106
inheritance..............................................104
setting
instance limits on folders ..........................70
object rights ............................................176
viewing active sessions ................................198
utilities, UNIX reference .....................................279
V
View access level .................................................98
reference .....................................................275
View On Demand access level.............................99
reference .....................................................276
viewer virtual directory ......................................299
viewers
modifying settings ........................................219
setting CMC preferences ................................10
viewing
active users.................................................. 198
advanced object rights.................................100
APS cluster details ....................................... 199
current account activity ............................... 272
current metrics ............................................ 196
information flow.......................................... 193
licensing information................................... 271
object rights................................................... 96
server metrics .............................................. 197
system metrics .............................................199
virtual directories ............................................... 298
crystal.......................................................... 299
viewer ......................................................... 299
virtual path mappings ........................................ 304
W
WCS ............................................................ 19, 189
and authentication......................................... 17
and authorization .......................................... 18
and load balancing........................................ 26
and logon tokens ........................................... 19
and multiple web servers.............................322
and security................................................... 19
auditing web activity ..................................... 29
configuring .......................................... 218, 235
configuring SOCKS...................................... 265
default port.................................................. 235
logging web activity .................................... 218
WCS session variables ......................................... 27
and authentication................................... 17, 18
tracking ......................................................... 28
WCSHOST variable, CGI Web Connector ......... 308
WCSHosts
Apache ........................................................307
NSAPI Web Connector ................................ 307
WCSPATHMAP variable, CGI Web Connector .... 308
WCSPathMap, NSAPI Web Connector............... 307
web activity, logging .......................................... 218
Web Component Server
and security................................................... 19
metrics ........................................................197
Web Component Server. See WCS
Web Connectors ................................................ 190
and load balancing........................................ 26
application mappings .................................. 300
CGI virtual paths .........................................308
configuring
NAT ....................................................... 263
SOCKS....................................................266
troubleshooting ........................................... 298
virtual path mappings .................................. 304
web distribution, Crystal Reports 8..................... 320
web farm, load balancing .................................. 322
345
346
Windows NT
mapping accounts......................................... 44
unmapping accounts ..................................... 47
Windows NT Challenge/Response
authentication........................................... 22, 29
Windows NT security plug-in .............................. 22
and UNIX...................................................... 22
Windows NT Single Sign On, and ePortfolio ..... 322
Windows web servers
application mappings .................................. 300
configuring virtual paths.............................. 305
X
XML................................................................... 228