Upload
kishore-dammavalam
View
216
Download
0
Embed Size (px)
Citation preview
8/10/2019 BO Security CMC
1/37
BUSINESS OBJECTS XI R3 & 4.0
CENTRAL MANAGEMENT CONSOLE
CONTENTS
Managing Users & Groups
Authentication
Application Security
Applying Security
Managing Server Groups
Managing Objects
Managing Calendars
Scheduling Objects
Managing Events
What is CMC?
Allows users to reotely control the entire !usiness Objects Enterprise syste"
Allows to per#or User & Server Manageent $as%s publish organi'e & set security
(evels #or all Objects"
Only users with adinistrative rights can per#or anageent $as%s"
8/10/2019 BO Security CMC
2/37
MANAGING USERS AND GROUPS
$he #ollowing is covered in this section)
*e#ault Accounts
Creating Users and Groups
*eleting an Account
Adding Users to Groups
(icenses
*e#ault !OE Accounts
Users
Adinistrator
Guest
Groups
AdinistratorsMebers are able to per#or all tas%s in all o# the !OE
applications"
EveryoneMebers are allowed to access all the reports #ound in +eport
Saples #older"
Universe *esigner usersMebers are allowed access to the *esigner
application"
!OE ,$ UsersMebers are allowed to view #olders & reports"
Creating Groups
,ew groups can be created in CMC
Group -roperties
Group ,ae
*escription
Users
Subgroups
Meber o#
8/10/2019 BO Security CMC
3/37
+ights
Creating User Account
,ew users can be created in CMC
User Account -roperties
Account ,ae
.ull ,ae
*escription
/oe .older
-assword Settings
Connection $ype
Account *isabled
Assign Alias
Creating User Account in CMC
Adding Users to Groups
Clic% Users tab"
Clic% Add Users"
Select Users to add and clic% the 0 arrow"
1n the Group anageent area select Group"
Clic% o%"
*eleting User or Group Account
,ew users and groups can be deleted in CMC
2hen you delete a group
users or sub3groups that are ebers o# that group are not deleted"
2hen you delete a user account
.avorites #older personal categories and inbo4 #or that user are deleted as well
any owned recurring instances becoe owned by Adinistrator
8/10/2019 BO Security CMC
4/37
$ip ) 1# you thin% user ay need account in #uture disable rather than delete"
(icenses
$ypes o# (icenses)
,aed
-rocessor
Nai!ati"#
2e can create security #or User and Group but the best practice is Create User and join the User
under a Group"
Step5) (og on to Central Manageent Consol and go to Users and Groups
Step6) Select User (ist option
Step7) Clic% on Create new user icon
Step8) -rovide Account ,ae *escription Unchec% User ust change password at ne4t login
And clic% on Create& Close
8/10/2019 BO Security CMC
5/37
Step9) Go to Group (ist
Step:) Clic% on Create new group icon
Step;) Create Group ,ae and clic% on O< button
8/10/2019 BO Security CMC
6/37
Step=) Go to User (ist select recently created user right clic% and select join Group
Step>) Select recently created group and Clic% on O< button
Step5?) Go to CMC Access (evels
Step55) Clic% on Create a new access level icon
Step56) Give the $itle o# the Access level and clic% on O< button
8/10/2019 BO Security CMC
7/37
Step57) Select recently created acess levels and right clic% and select 1nclude +ights option
Step58) $o assign rights to our access levels Clic% on Add@+eove +ights
Step59) Select reuired restrictions and clic% on O< button
8/10/2019 BO Security CMC
8/37
Step5:) Go to Users and groups +ight clic% on recently created Group or User and select
User security
Sstep5;) Clic% on Add -rincipals
,ote) !y de#ault we will get Adinistrators security that eans user can have access to any
$hing but we want to restrict access so we need to use custo access level rather than
Adinistrator security"
8/10/2019 BO Security CMC
9/37
Step5=) Select our Group@User and clic% on A** and Assign Security button
Step5>) Select our Access (evel and clic% on Apply and O< button
AUT$ENTICATION
$ypes o# Authentication)
!usiness Objects Enterprise BStandard Authentication
2indows ,$
2indows Active *irectory Services BA*S
(ightweight *irectory Access -rotocol B(*A-
SA-
% BOE A'th(#ti)ati"#
8/10/2019 BO Security CMC
10/37
$he syste de#ault !usiness Objects Enterprise authentication is used in environents
that pre#er to aintain a distinct set o# accounts #or use with !usiness Objects Enterprise"
1t is ideal #or environents that do not currently have a hierarchy o# users and groups in a
2indows ,$@6??? or (*A- directory"
* Wi#+",s NT A'th(#ti)ati"#
!y apping ,$ accounts to !usiness Objects Enterprise users are able to log into
1n#o Diew with their ,$ user nae and password eliinating the need to recreateuser and group accounts in !OE"
,$ Authentication is enabled using the Manage Authentication sectionF o# CMC"
ou can ap ,$ accounts to !OE through 2indows by using the User Manager in
2indows ,$ or Coputer Manageent in 2in6??? or through the CMC"
,ew Alias Option
Allow user to speci#y how ,$ aliases are apped to Enterprise accounts
Options are)
Assign each added ,$ alias to an account with the sae nae
Create a new account #or every added ,$ alias
Update options
Allow user to speci#y i# ,$ aliases are autoatically created #or all new users
8/10/2019 BO Security CMC
11/37
Options are)
,ew aliases will be added and new users will be created
,o new aliases will be added and new users will not be created
,ew user options
Allow user to speci#y properties o# the new enterprise accounts that are created to
ap to ,$ accounts"
Options are)
,ew users are created as naed users
,ew users are created as concurrent users
,ote) Siilar Aliases options are available #or 2inA* and (*A- authentication"
3 Wi#+",s A)ti( Di-()t"- A'th(#ti)ati"#
2in A* security plug3in enables adinistrator to ap 2indows 6??? Active
*irectory BA* user accounts and groups to !usiness Objects Enterprise B!OE
Enables !OE to veri#y all login reuests that speci#y 2inA* Authentication
User can also create own applications that support A* Authentication
All o# !OE client tools support A* authentication e4cept the 1port 2i'ard
4 LDAP A'th(#ti)ati"#
(ight 2eight *irectory Access -rotocol B(*A- is a a set o# protocols used to access
in#oration stored in directories
(*A- groups are apped to !OE
8/10/2019 BO Security CMC
12/37
(*A- user nae and password are used to log into !usiness Objects Enterprise
*irectories that support (*A- include)
Sun i-lanet *irectory Server
(otus *oino *irectory Server
1!M Secureway
,ovell *irectory Services B,*S
(*A- Authentication 2i'ard
8/10/2019 BO Security CMC
13/37
8/10/2019 BO Security CMC
14/37
Single Sign3on
Enables user to access two or ore applications or systes while providing their login
credentials only once
Single sign3on to !OE can be provided by di##erent authentication tools such as 2in,$
2inA* or (*A- with SiteMinder"
2ithin the conte4t o# !OE the di##erent levels o# single sign3on are)
Single sign3on to !OE
Single sign3on to database
End3to3end single sign3on
/ SAP
$o do wor% on SA- systes"
APPLICATION SECURIT
Controls users@groups to access the #ollowing !usiness Objects Enterprise applications)
Central Manageent Console BCMC
Crystal +eports E4plorer
*esigner
*es%top 1ntelligence
*iscussions
Encyclopedia
1n#o view
+eport Conversion $ool
2eb 1ntelligence
8/10/2019 BO Security CMC
15/37
Clic% on Create a new access level icon
Give the $itle o# the Access level and clic% on O< button
Select recently created acess levels and right clic% and select 1nclude +ights option
$o assign rights to our access levels Clic% on Add@+eove +ights
Select reuired restrictions and clic% on O< button
8/10/2019 BO Security CMC
16/37
SECURIT
$opics covered in this section)
Security Model
+ecoendations
Global (evel +ights
.older (evel +ights
Object (evel +ights
+ights to Universes
+ights to Categories
Security Model
Object (evel Access
-rede#ined Access (evels
-rede#ined collection o# individual rights
-rovide ost coon user access reuireents
Advanced +ights
Most granular level o# access that can be assigned
Custoi'e actions that an USE+ can per#or on an O!HEC$
-rede#ined Access (evels
8/10/2019 BO Security CMC
17/37
,o Access
Diew
Schedule
Diew On *eand
.ull Control
Advanced +ights
Advanced +ights
E4plicitly Granted
E4plicitly *enied
1nherited
,ot Speci#ied
,ote)
*enied +ights override Granted rights
$o grant a right that has been speci#ically denied at a higher level you
ust deny inheritance in the advanced rights tab
+ecoendations
+educe cople4ity by
Assigning security at #older level to groups
Avoiding setting rights #or speci#ic users on speci#ic report objects
Using prede#ined Access (evels rather than Advanced rights
Grant the Everyone group ,o accessF at the global level then grant speci#ic rights to the
appropriate groups
Chec% the users or groups rights to the related Universes or !usiness Diews be#ore
securing the reports and docuents #or the users or groups
Global (evel +ights
Global security is the de#ault security set #or the entire syste"
.older (evel +ights
8/10/2019 BO Security CMC
18/37
.olders are objects used to organi'e docuents"
$hey act as logical groups to separate content"
Access rights can be set at the .older3level"
$op (evel .olders inherit security #ro global level"
Sub#olders inherit security #ro their parent #older"
+ights set e4plicitly at the #older level override inherited rights"
Object (evel +ights
Objects 1nherit Security #ro their parent #older
+ights set e4plicitly at the object level override inherited rights
Universes
$wo types o# Access +ights
Universe (evel Security) 2hich universes a user or group has rights to view or access
Object (evel Security) (evel o# access that users have to speci#ic objects or classes
within an universe
Applying +ights to Universes
Object (evel Security to Universes
8/10/2019 BO Security CMC
19/37
Access (evels
-ublic
Controlled
+estricted
Con#idential
-rivate
Categories
An alternative organi'ational structure #or users to sort and #ind docuents"
1prove security and navigation
$ypes o# categories)
Corporate Categories Bcreated by adinistrator
8/10/2019 BO Security CMC
20/37
-ersonal Categories Bcreated by each user
Creating a ,ew Category
*eleting a Category
2hen you delete a Category all the subcategories within it are reoved entirely #ro thesyste
Unli%e #older deletion the reports and other objects contained within the category are not
deleted
8/10/2019 BO Security CMC
21/37
MANAGING SER1ER GROUPS
Server Groups provide a way to organi'e servers to a%e the easier to anage"
Advantages)
Only a subset o# servers is viewed at a tie & hence easy to anage"
Custoi'es syste #or users in di##erent locations or #or objects o# di##erent
types"
/ow to create a server groupI
1n Server Groups anageent area clic% ,ew Server Group"
Enter Group nae & *escription"
1n the servers tab clic% Add@+eove Servers & select the servers to be included in the
group"
Clic% o%"
$o set access rights #or the server group go to +ights tab"
8/10/2019 BO Security CMC
22/37
8/10/2019 BO Security CMC
23/37
MANAGING OBJECTS
$ypes o# Objects)
+eport Objects) Created using a !O *esigner Coponent Be"g" Crystal
+eport O(A- 1ntelligence"
2eb 1ntelligence docuents) Created using +eport panel & /$M( Juery
panel in 1n#o view"
8/10/2019 BO Security CMC
24/37
-rogra Objects) Objects in !O which represent an application" $hey can
be E4ecutable -rogras Hava -rogras or Scripts"
Object -ac%ages) Coposed o# any cobination o# report and progra
objects published in !OE syste"
User can)
Add a new object
Copy@Move@Create shortcut #or an object
Send Object to another destination
*elete object
/ow to add a new ObjectI
Go to Objects section in CMC"
Select ,ew Object"
!rowse the Object and select the destination .older and Category #or it"
Clic% KSubitL when you are #inished"
Copy@Move@Create Shortcut o# an object
KCopyL creates a new copy in di##erent location & inherits rights #ro new parent
#older"
KMoveL changes location o# object & retains original object rights"
KCreate shortcutL creates an alternate ore convenient route #or an object"
/ow to Copy@Move@Create Shortcut o# an objectI
Go to the Objects anageent area o# the CMC"
Select the chec% bo4es associated with the object you want to copy ove orcreate a shortcut #or"
Clic% Copy@Move@Shortcut"
Select one o# the #ollowing options)
Copy to
Move to
Create shortcut in
8/10/2019 BO Security CMC
25/37
Select the appropriate destination #older then clic% O
8/10/2019 BO Security CMC
26/37
8/10/2019 BO Security CMC
27/37
SC$EDULING OBJECTS
Scheduling an object runs it autoatically at speci#ied ties"
$ypes o# Objects which can be scheduled)
+eport Objects
2eb 1ntelligence *ocuents
*es%top 1ntelligence *ocuents
-ublications
-rogra Objects
Object -ac%ages
,ote) 2hen an object is scheduled a scheduled instance is
created which contains object and schedule in#oration"
/ow to schedule an objectI
1n the Objects anageent area o# the CMC select an object by clic%ing its lin%"
Clic% the Schedule tab"
Select the recurrence pattern Bi"e" once daily onthly wee%ly etc""
Select the +un option and paraeters Be"g" on the ,th day o# onth"
8/10/2019 BO Security CMC
28/37
Clic% Schedule"
$o save the new settings as de#ault settings clic% Update"
Scheduling objects with a !usiness calendar
1n the Objects anageent area o# the CMC
Clic% the Schedule tab
Select the Calendar option
1n the +un list select either
o Calendar
o Calendar with events
1n the Calendar to run #or list choose the calendar that provides the scheduled dates you
want
Coplete these #ields
o ,uber o# retries allowed
o +etry interval in seconds
Clic% Schedule to schedule the object
$o update the de#ault scheduling in#oration clic% Update
Nai!ati"#2
8/10/2019 BO Security CMC
29/37
8/10/2019 BO Security CMC
30/37
8/10/2019 BO Security CMC
31/37
8/10/2019 BO Security CMC
32/37
8/10/2019 BO Security CMC
33/37
MANAGING E1ENTS
Events provide additional control over scheduling objects"
2or%ing with events consists o# two steps)
Creating an Event"
Scheduling an object based on that event"
$ypes o# Events)
.ile Events
Schedule Events
Custo Events
.ile Events)
2ait #or a particular #ile to appear be#ore event occurs"
8/10/2019 BO Security CMC
34/37
Monitored by Event Server"
1# #ile e4ists prior to creation o# event then event is not triggered"
Schedule Events)
An objectLs e4isting recurrence schedule serves as trigger #or the event"
!ased on KsuccessL or K#ailureL o# the scheduled object or siply copletion o# job"
Always associated with two objects) one serves as trigger #or the event and one is
dependent on the event"
/elps in setting conditions between scheduled objects"
Custo Events)
$riggered anually by adinistrator or particular user"
/elps to set up shortcut which when clic%ed triggers any dependent schedule reuests"
/ow to create a #ile3based eventI
Go to the Events anageent area o# the CMC"
Clic% ,ew Event"
1n the $ype list select .ile"
$ype a nae #or the event in the Event ,ae #ield"
Coplete the *escription #ield"
1n the Server list select the Event Server that will onitor the speci#ied #ile"
$ype a #ilenae in the .ilenae #ield"
Clic% O
8/10/2019 BO Security CMC
35/37
Coplete the *escription #ield"
1n the Event based onF area select #ro three options)
Success
.ailure
Success or .ailure"
Clic% O
8/10/2019 BO Security CMC
36/37
C-(ati#! "5+(-2
(at'-(s "6 B'si#(ss O78()ts 4.02
Ma4iu all options #or SA- !O N1 +7 and SA- !O 8"? are sae
/ere we have one e4tra #eature called *ata services
SA- has integrated *SB*ata Services and !O so we can do soe operations li%e
creating repositories #or #or SA- *S in !O CMC
8/10/2019 BO Security CMC
37/37