Bobj09 xi3.x security what is new


Published on

Presentation done during the last ASIAPAC SAP BO user conference - Sydney. New boxi3 security concepts and 360suite demo.

More info on 360suite to streamline and extend SAP BusinessObjects software around: security with 360view alternative of CMC
backup and promotion with 360plus alternative of LCM
bursting with 360cast
metadata query and analysis, audit with 360eyes to optimize migration to BI4

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bobj09 xi3.x security what is new

  1. 1. New BOE Xi 3.x security concepts Goiffon Sebastien President 360suite
  2. 2. What We’ll Cover … • • • • • • • Introduction & Overview BO5 or BO6 security concepts BOE Xi R2 security concepts BOE Xi 3.x security: What’s new? Migration and Implementation: Challenges 360suite: Streamline and extend SAP BO software Wrap-up
  3. 3. Introduction With XI 3.x coming out, did security change? - Yes! Business Objects has made some important changes to the security model. The changes are not as major as when we had to migrate from BOBJ 5.x/6.x to XIR2, but you will need to take some things into account.   Attend this session will help you to understand the new concepts and take advantage of them.
  4. 4. BO5 or BO6 security: Reminder • Security definition: User rights and restrictions = links between actors (user or group) and universes - universe overloads, documents, applications - security commands and domains. • Supervisor: User centric vision and implementation. • Only 3 ways to implement security. Easy to administrate. • A user can belong to more than one group: User instances. • Effective right calculation depending on object.
  5. 5. BOE Xir2 security concepts: Folders • Universes and documents are stored within folders. • Objects can be stored in one folder only. There are four folder trees. • Think like Windows. It is a set of doors.
  6. 6. BOE Xir2 security concepts: Groups • Group structure is no longer a classic tree. A group can belong to more than one group. A kind of acyclic graph. • Create two group trees: Functional groups and technical groups.
  7. 7. BOE Xir2 security concepts: Users • A user can belong to more than one group (the Everyone group, a technical group and a functional one).
  8. 8. BOE Xir2 security concepts: Security matrix Explicit right Closed system Rights double inheritance: Folder and Group Inherited right
  9. 9. BOE Xir2 security concepts: Rights overloads
  10. 10. BOE Xir2 security concepts: Rights • Three possible explicit values on security commands:    • Explicitly granted (G): User or group is given the right. Explicitly denied (D): User or group is denied the right. Not specified (NS): No right assignment. Effective rights (user real rights) = explicit rights aggregation. NS Xir2 Objects G D G + NS D + NS G+D D G D G D D
  11. 11. BOE Xi 3.x security: General info • New CMC interface: Training session needed. • No modification on contents / actors:     • Folders organization remains the same: 4 folder trees. No change on groups structure. Still 2 category trees. Servers and connections unchanged. New kind of objects: Access level are objects like others.     Predefined Access Level (NA, VOD, FC …). Custom profiles. Set of security commands. Security on them within a matrix. Advanced rights still exist.
  12. 12. BOE Xi 3.x security: Rights • • • Rights are now divided in collection: General, Content, Application and System. Rights have been duplicated on content: Hundreds of rights. Content rights overload general rights. General right set: Schedule Objects prohibited. Content right overloads General settings: Schedule Deski Documents allowed. Net result: Schedule documents not allowed except Deski documents.
  13. 13. BOE Xi 3.x security: Folder/Object • • • Content rights possible on Folders. Descending right: Add object. Ascending right: Delete object. General right set: Add Objects allowed. Content right overloads General settings: Add Subfolder not allowed. Net result: Add Subfolder not allowed. Add Documents allowed.
  14. 14. BOE Xi 3.x security: Universes list • Granularity possible on accessible Universes. List of universes to refresh documents: • List of universes to create / modify queries: •
  15. 15. BOE Xi 3.x security: Folder inheritance 1/2 • You can specify whether or not a right is applied at:  Object level (only at door level).  Sub Object level.  Or both.
  16. 16. BOE Xi 3.x security: Folder inheritance 2/2 • Impact on rights inheritance: Right only applied for one door and not to sub doors!
  17. 17. BOE Xi 3.x security: Inheritance • It is possible to override explicitly denied rights. You can explicitly deny a right at a top level and then explicitly granted the same right at a lower level (without breaking inheritance like in Xi r2):
  18. 18. BOE Xi 3.x security: Security settings • First door is no longer transparent. You can no longer applied NA access level to all top level doors. • You can apply multiple rights at one intersection.
  19. 19. BOE Xi 3.x security: Effective rights • Effective rights (user real rights) = explicit rights aggregation. NS Xi3.x Objects G D G + NS D + NS G+D D G D G D D • Rights inherited from groups. Could be multiple rights. • Effective rights calculation now also depends on:   Rights set on Content. Type of folder inheritance.
  20. 20. BOE Xi 3.x security: What’s new? • You can apply right at content level. Content rights override general rights. • You can override an explicitly denied right at a lower level. • You can apply a right at folder level and at sub folders level. • You can apply multiple rights between a folder and a group. • You can apply granularity on the list of universes you want to use for report creation or modification.
  21. 21. BOE Xi 3.x security: Tips and tricks • • • • • • • Apply rights at group and folder level. Folders structure: Content driven. Use Not Specified right instead of Denied whenever possible. Create Recycle Bin folders and groups. Take advantage of the Everyone group. Do not manage universe overloads in Designer but directly in the DB. Implement a closed system of increasing rights to navigate through folders and not through categories.
  22. 22. BOE Xi 3.x implementation/migration: Challenges • • BOE Xi 3.x security model is powerful. Understand the new security concepts. Take advantage of them. Redesign your security model. • Challenges of security migration or implementation: Challenge 1: Manage the repository post migration or post implementation, whilst limiting administration tasks and by offering an optimum quality of service to end-users. Challenge 2: Implement and Document your Xi security.
  23. 23. Like 300+ customers world wide you can use our suite to optimize SAP BO project costs around: Manage and document security • Backup and restore objects • Change management control (promotion of content) • Schedule reports • Link BO admin tasks with Enterprise Job Schedulers • Audit your system and your BO metadata • Follow the evolution of BO deployments over time • Perform your migration projects • Run impact analysis • Ensure license compliance •
  24. 24. 360view: Replace your CMC
  25. 25. • User friendly web interface to manage your security • Document your deployed security • Audit and clean your CMS • Address any kind of GRC
  26. 26. • Backup, version and restore content • Restore deleted content using our unique recycle bin • Drag and drop objects between CMS or schedule promotion • Compare SAP BusinessObjects environments
  27. 27. • Schedule SAP BusinessObjects reports from an Excel, CSV spreadsheet or a SQL query distribution list • Dynamic scheduling and bursting • • • Fill in prompts, filter, format and destination values within Excel, CSV or SQL Any modification within Excel, CSV or SQL will dynamically impact your results Schedule your reports using your enterprise scheduler (ControlM, DollarU, Vtom, UC4, TWS …)
  28. 28. • Load all your SAP BusinessObjects data (CMS, universes, documents and audit data) within a datawarehouse • Query and analyze this data using pre built BO universes and Webi reports • Document your deployment: • • Detect unused documents and universes, dormant users Perform impact analysis • Follow the evolution of your metadata through time • Compare environment or BO versions during migration
  29. 29. • • Compare your SAP BO license pool with the licenses you have deployed License compliance is just a mouse click away
  30. 30. • SAP BusinessObjects custom portals. Infoview or BI Launch Pad substitution • Fully integrated within intranet
  31. 31. BI4 Migration Pack •The fusion of 360view and 360eyes in the same package •Find out exactly what you need to migrate •Prepare the Deski EOL. •Benefits: • • As usual the less objects you migrate the faster and cheaper the migration will be. Migrate universes, document and security. Test and compare them with the source BO deployment.
  32. 32. Top 10 360suite awesome features: 1.Manage security using web matrices 2.Document (Excel export) your CMS (security matrices, groups, users, universe overloads …) 3.Schedule backup of your entire Business Objects platform 4.Selective restore of any version including deleted or corrupt content (like personal documents) 5.Perform impact analysis (universe object and SQL, unv and unx) 6.Run jobs (backup, import users, Excel exports …) using an Enterprise Job Scheduler (Control-M, Dollar Universe, UC4, TWS…) 7.Promote content using a drag and drop or schedule promotion. 8.Dynamically burst BO reports. 9.Optimize migration: audit, clean, compare versions. 10.Follow your BOE metadata evolution through time.
  33. 33. 3 Key Points to Take Home The new BOE Xi 3.x security model is powerful. Don’t forget to think about the future daily administration. Give a try to 360suite to see how it’s easy to manage your environment and optimize migration. Visit us at our booth.
  34. 34. QUESTIONS? How to contact me: Sebastien Goiffon