BO Security CMC

8/10/2019 BO Security CMC

1/37

BUSINESS OBJECTS XI R3 & 4.0

CENTRAL MANAGEMENT CONSOLE

CONTENTS

Managing Users & Groups

Authentication

Application Security

Applying Security

Managing Server Groups

Managing Objects

Managing Calendars

Scheduling Objects

Managing Events

What is CMC?

Allows users to reotely control the entire !usiness Objects Enterprise syste"

Allows to per#or User & Server Manageent $as%s publish organi'e & set security

(evels #or all Objects"

Only users with adinistrative rights can per#or anageent $as%s"


2/37

MANAGING USERS AND GROUPS

$he #ollowing is covered in this section)

*e#ault Accounts

Creating Users and Groups

*eleting an Account

Adding Users to Groups

(icenses

*e#ault !OE Accounts

Users

Adinistrator

Guest

Groups

AdinistratorsMebers are able to per#or all tas%s in all o# the !OE

applications"

EveryoneMebers are allowed to access all the reports #ound in +eport

Saples #older"

Universe *esigner usersMebers are allowed access to the *esigner

application"

!OE ,$ UsersMebers are allowed to view #olders & reports"

Creating Groups

,ew groups can be created in CMC

Group -roperties

Group ,ae

*escription

Users

Subgroups

Meber o#


3/37

+ights

Creating User Account

,ew users can be created in CMC

User Account -roperties

Account ,ae

.ull ,ae

*escription

/oe .older

-assword Settings

Connection $ype

Account *isabled

Assign Alias

Creating User Account in CMC

Adding Users to Groups

Clic% Users tab"

Clic% Add Users"

Select Users to add and clic% the 0 arrow"

1n the Group anageent area select Group"

Clic% o%"

*eleting User or Group Account

,ew users and groups can be deleted in CMC

2hen you delete a group

users or sub3groups that are ebers o# that group are not deleted"

2hen you delete a user account

.avorites #older personal categories and inbo4 #or that user are deleted as well

any owned recurring instances becoe owned by Adinistrator


4/37

$ip ) 1# you thin% user ay need account in #uture disable rather than delete"

(icenses

$ypes o# (icenses)

,aed

-rocessor

Nai!ati"#

2e can create security #or User and Group but the best practice is Create User and join the User

under a Group"

Step5) (og on to Central Manageent Consol and go to Users and Groups

Step6) Select User (ist option

Step7) Clic% on Create new user icon

Step8) -rovide Account ,ae *escription Unchec% User ust change password at ne4t login

And clic% on Create& Close


5/37

Step9) Go to Group (ist

Step:) Clic% on Create new group icon

Step;) Create Group ,ae and clic% on O< button


6/37

Step=) Go to User (ist select recently created user right clic% and select join Group

Step>) Select recently created group and Clic% on O< button

Step5?) Go to CMC Access (evels

Step55) Clic% on Create a new access level icon

Step56) Give the $itle o# the Access level and clic% on O< button


7/37

Step57) Select recently created acess levels and right clic% and select 1nclude +ights option

Step58) $o assign rights to our access levels Clic% on Add@+eove +ights

Step59) Select reuired restrictions and clic% on O< button


8/37

Step5:) Go to Users and groups +ight clic% on recently created Group or User and select

User security

Sstep5;) Clic% on Add -rincipals

,ote) !y de#ault we will get Adinistrators security that eans user can have access to any

$hing but we want to restrict access so we need to use custo access level rather than

Adinistrator security"


9/37

Step5=) Select our Group@User and clic% on A** and Assign Security button

Step5>) Select our Access (evel and clic% on Apply and O< button

AUT$ENTICATION

$ypes o# Authentication)

!usiness Objects Enterprise BStandard Authentication

2indows ,$

2indows Active *irectory Services BA*S

(ightweight *irectory Access -rotocol B(*A-

SA-

% BOE A'th(#ti)ati"#


10/37

$he syste de#ault !usiness Objects Enterprise authentication is used in environents

that pre#er to aintain a distinct set o# accounts #or use with !usiness Objects Enterprise"

1t is ideal #or environents that do not currently have a hierarchy o# users and groups in a

2indows ,$@6??? or (*A- directory"

* Wi#+",s NT A'th(#ti)ati"#

!y apping ,$ accounts to !usiness Objects Enterprise users are able to log into

1n#o Diew with their ,$ user nae and password eliinating the need to recreateuser and group accounts in !OE"

,$ Authentication is enabled using the Manage Authentication sectionF o# CMC"

ou can ap ,$ accounts to !OE through 2indows by using the User Manager in

2indows ,$ or Coputer Manageent in 2in6??? or through the CMC"

,ew Alias Option

Allow user to speci#y how ,$ aliases are apped to Enterprise accounts

Options are)

Assign each added ,$ alias to an account with the sae nae

Create a new account #or every added ,$ alias

Update options

Allow user to speci#y i# ,$ aliases are autoatically created #or all new users


11/37

Options are)

,ew aliases will be added and new users will be created

,o new aliases will be added and new users will not be created

,ew user options

Allow user to speci#y properties o# the new enterprise accounts that are created to

ap to ,$ accounts"

Options are)

,ew users are created as naed users

,ew users are created as concurrent users

,ote) Siilar Aliases options are available #or 2inA* and (*A- authentication"

3 Wi#+",s A)ti( Di-()t"- A'th(#ti)ati"#

2in A* security plug3in enables adinistrator to ap 2indows 6??? Active

*irectory BA* user accounts and groups to !usiness Objects Enterprise B!OE

Enables !OE to veri#y all login reuests that speci#y 2inA* Authentication

User can also create own applications that support A* Authentication

All o# !OE client tools support A* authentication e4cept the 1port 2i'ard

4 LDAP A'th(#ti)ati"#

(ight 2eight *irectory Access -rotocol B(*A- is a a set o# protocols used to access

in#oration stored in directories

(*A- groups are apped to !OE


12/37

(*A- user nae and password are used to log into !usiness Objects Enterprise

*irectories that support (*A- include)

Sun i-lanet *irectory Server

(otus *oino *irectory Server

1!M Secureway

,ovell *irectory Services B,*S

(*A- Authentication 2i'ard


13/37


14/37

Single Sign3on

Enables user to access two or ore applications or systes while providing their login

credentials only once

Single sign3on to !OE can be provided by di##erent authentication tools such as 2in,$

2inA* or (*A- with SiteMinder"

2ithin the conte4t o# !OE the di##erent levels o# single sign3on are)

Single sign3on to !OE

Single sign3on to database

End3to3end single sign3on

/ SAP

$o do wor% on SA- systes"

APPLICATION SECURIT

Controls users@groups to access the #ollowing !usiness Objects Enterprise applications)

Central Manageent Console BCMC

Crystal +eports E4plorer

*esigner

*es%top 1ntelligence

*iscussions

Encyclopedia

1n#o view

+eport Conversion $ool

2eb 1ntelligence


15/37

Clic% on Create a new access level icon

Give the $itle o# the Access level and clic% on O< button

Select recently created acess levels and right clic% and select 1nclude +ights option

$o assign rights to our access levels Clic% on Add@+eove +ights

Select reuired restrictions and clic% on O< button


16/37

SECURIT

$opics covered in this section)

Security Model

+ecoendations

Global (evel +ights

.older (evel +ights

Object (evel +ights

+ights to Universes

+ights to Categories

Security Model

Object (evel Access

-rede#ined Access (evels

-rede#ined collection o# individual rights

-rovide ost coon user access reuireents

Advanced +ights

Most granular level o# access that can be assigned

Custoi'e actions that an USE+ can per#or on an O!HEC$

-rede#ined Access (evels


17/37

,o Access

Diew

Schedule

Diew On *eand

.ull Control

Advanced +ights

Advanced +ights

E4plicitly Granted

E4plicitly *enied

1nherited

,ot Speci#ied

,ote)

*enied +ights override Granted rights

$o grant a right that has been speci#ically denied at a higher level you

ust deny inheritance in the advanced rights tab

+ecoendations

+educe cople4ity by

Assigning security at #older level to groups

Avoiding setting rights #or speci#ic users on speci#ic report objects

Using prede#ined Access (evels rather than Advanced rights

Grant the Everyone group ,o accessF at the global level then grant speci#ic rights to the

appropriate groups

Chec% the users or groups rights to the related Universes or !usiness Diews be#ore

securing the reports and docuents #or the users or groups

Global (evel +ights

Global security is the de#ault security set #or the entire syste"

.older (evel +ights


18/37

.olders are objects used to organi'e docuents"

$hey act as logical groups to separate content"

Access rights can be set at the .older3level"

$op (evel .olders inherit security #ro global level"

Sub#olders inherit security #ro their parent #older"

+ights set e4plicitly at the #older level override inherited rights"

Object (evel +ights

Objects 1nherit Security #ro their parent #older

+ights set e4plicitly at the object level override inherited rights

Universes

$wo types o# Access +ights

Universe (evel Security) 2hich universes a user or group has rights to view or access

Object (evel Security) (evel o# access that users have to speci#ic objects or classes

within an universe

Applying +ights to Universes

Object (evel Security to Universes


19/37

Access (evels

-ublic

Controlled

+estricted

Con#idential

-rivate

Categories

An alternative organi'ational structure #or users to sort and #ind docuents"

1prove security and navigation

$ypes o# categories)

Corporate Categories Bcreated by adinistrator


20/37

-ersonal Categories Bcreated by each user

Creating a ,ew Category

*eleting a Category

2hen you delete a Category all the subcategories within it are reoved entirely #ro thesyste

Unli%e #older deletion the reports and other objects contained within the category are not

deleted


21/37

MANAGING SER1ER GROUPS

Server Groups provide a way to organi'e servers to a%e the easier to anage"

Advantages)

Only a subset o# servers is viewed at a tie & hence easy to anage"

Custoi'es syste #or users in di##erent locations or #or objects o# di##erent

types"

/ow to create a server groupI

1n Server Groups anageent area clic% ,ew Server Group"

Enter Group nae & *escription"

1n the servers tab clic% Add@+eove Servers & select the servers to be included in the

group"

Clic% o%"

$o set access rights #or the server group go to +ights tab"


22/37


23/37

MANAGING OBJECTS

$ypes o# Objects)

+eport Objects) Created using a !O *esigner Coponent Be"g" Crystal

+eport O(A- 1ntelligence"

2eb 1ntelligence docuents) Created using +eport panel & /$M( Juery

panel in 1n#o view"


24/37

-rogra Objects) Objects in !O which represent an application" $hey can

be E4ecutable -rogras Hava -rogras or Scripts"

Object -ac%ages) Coposed o# any cobination o# report and progra

objects published in !OE syste"

User can)

Add a new object

Copy@Move@Create shortcut #or an object

Send Object to another destination

*elete object

/ow to add a new ObjectI

Go to Objects section in CMC"

Select ,ew Object"

!rowse the Object and select the destination .older and Category #or it"

Clic% KSubitL when you are #inished"

Copy@Move@Create Shortcut o# an object

KCopyL creates a new copy in di##erent location & inherits rights #ro new parent

#older"

KMoveL changes location o# object & retains original object rights"

KCreate shortcutL creates an alternate ore convenient route #or an object"

/ow to Copy@Move@Create Shortcut o# an objectI

Go to the Objects anageent area o# the CMC"

Select the chec% bo4es associated with the object you want to copy ove orcreate a shortcut #or"

Clic% Copy@Move@Shortcut"

Select one o# the #ollowing options)

Copy to

Move to

Create shortcut in


25/37

Select the appropriate destination #older then clic% O


26/37


27/37

SC$EDULING OBJECTS

Scheduling an object runs it autoatically at speci#ied ties"

$ypes o# Objects which can be scheduled)

+eport Objects

2eb 1ntelligence *ocuents

*es%top 1ntelligence *ocuents

-ublications

-rogra Objects

Object -ac%ages

,ote) 2hen an object is scheduled a scheduled instance is

created which contains object and schedule in#oration"

/ow to schedule an objectI

1n the Objects anageent area o# the CMC select an object by clic%ing its lin%"

Clic% the Schedule tab"

Select the recurrence pattern Bi"e" once daily onthly wee%ly etc""

Select the +un option and paraeters Be"g" on the ,th day o# onth"


28/37

Clic% Schedule"

$o save the new settings as de#ault settings clic% Update"

Scheduling objects with a !usiness calendar

1n the Objects anageent area o# the CMC

Clic% the Schedule tab

Select the Calendar option

1n the +un list select either

o Calendar

o Calendar with events

1n the Calendar to run #or list choose the calendar that provides the scheduled dates you

want

Coplete these #ields

o ,uber o# retries allowed

o +etry interval in seconds

Clic% Schedule to schedule the object

$o update the de#ault scheduling in#oration clic% Update

Nai!ati"#2


29/37


30/37


31/37


32/37


33/37

MANAGING E1ENTS

Events provide additional control over scheduling objects"

2or%ing with events consists o# two steps)

Creating an Event"

Scheduling an object based on that event"

$ypes o# Events)

.ile Events

Schedule Events

Custo Events

.ile Events)

2ait #or a particular #ile to appear be#ore event occurs"


34/37

Monitored by Event Server"

1# #ile e4ists prior to creation o# event then event is not triggered"

Schedule Events)

An objectLs e4isting recurrence schedule serves as trigger #or the event"

!ased on KsuccessL or K#ailureL o# the scheduled object or siply copletion o# job"

Always associated with two objects) one serves as trigger #or the event and one is

dependent on the event"

/elps in setting conditions between scheduled objects"

Custo Events)

$riggered anually by adinistrator or particular user"

/elps to set up shortcut which when clic%ed triggers any dependent schedule reuests"

/ow to create a #ile3based eventI

Go to the Events anageent area o# the CMC"

Clic% ,ew Event"

1n the $ype list select .ile"

$ype a nae #or the event in the Event ,ae #ield"

Coplete the *escription #ield"

1n the Server list select the Event Server that will onitor the speci#ied #ile"

$ype a #ilenae in the .ilenae #ield"

Clic% O


35/37

Coplete the *escription #ield"

1n the Event based onF area select #ro three options)

Success

.ailure

Success or .ailure"

Clic% O


36/37

C-(ati#! "5+(-2

(at'-(s "6 B'si#(ss O78()ts 4.02

Ma4iu all options #or SA- !O N1 +7 and SA- !O 8"? are sae

/ere we have one e4tra #eature called *ata services

SA- has integrated *SB*ata Services and !O so we can do soe operations li%e

creating repositories #or #or SA- *S in !O CMC


37/37

Documents

BO Security CMC