cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to do security for reports in SAP BO

Go to solution
former_member213260
Explorer

on ‎05-10-2012 9:09 AM

0 Kudos

Hi,

     can anyone tell me how to do security for reports...i mean to say is, i have sales data. now i want to restrict the sales data to particular persons only (like, sales manager has to see only their particular region, not for other regions and sales person has to see their own sales,etc,.. )  please help me...

Thanks in advance

Cheers,

KIRAN

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

rama_shankar3
Active Contributor
‎05-10-2012 2:46 PM
0 Kudos

Kiran:

In the Info View you can only implement object level security. A good security  design would be to have the security implemented in the backed (SQL / BW) system.

As a workaround, you can create different report objects - one set for each department sales, HR etc.. with static restrictions and then create folders in info view for each department and publish respective report objects. Then within info view you can provide user access manually or using LDAP users. This is not a good design but will work.

Hope this helps.

Regards,

Rama

Show replies
Show replies
former_member213260
Explorer
‎05-10-2012 5:51 PM
0 Kudos

Hi Rama,

              thank you for reply me...actually one of my friend told me we can give the securities in infoview level also...by selecting particular report and right click on it---> select schedule...

but I dont no exactly how to do?

my requirement is

i have sales data for different regions, now i want to send the particular data to particular region only by giving some security in info view level...

plzz help me how to do...

thank you inadvance,

Cheers,

Kiran

Answers (3)

Answers (3)

Former Member
‎05-24-2012 9:29 AM
0 Kudos

Hi Kiran,

If you are using a non-SAP back-end database you can row level security in the universe on e.g Region. Assign the user ID to the Region Column and restrict the user to a particular region.

If you are using BW and a Bex query as source, then implement Authorisation variables the restrict data for you.

In both cases the reports will run on the universes created and only return the data the user has been granted to see.

Jacques

Show replies
Show replies
former_member213260
Explorer
‎05-24-2012 1:22 PM
0 Kudos

Hi Jacques,

what ever the source it is, i want to give security at infoview level (report level) not cmc.

how to implement Authorization variables??

plz help me for this question...

thanks

kiran

Former Member
‎05-24-2012 6:23 PM
0 Kudos

Hi Kiran,

Explain how you have developed the sales data report...is there a report per region or is it all in one report and you want to restrict the the data in the report depending on the user running the report?

Jacques

former_member213260
Explorer
‎05-25-2012 6:40 AM
0 Kudos

Hi Jacques,

exactly jacques, the regions are all in one report only. now, i want to restrict the data in the report depending on the user running report.

Former Member
‎05-25-2012 7:06 AM
0 Kudos

Hi Kiran,

You can only assign object level security in the CMC, meaning that a report is an object. You can allow users to have access to the report by means of the previous posts on this thread by managing the access to the report.

A further step needs to be taken at a data level, and these would be your steps:

If you are using a non-SAP back-end database you can row level security in the universe on e.g Region. Assign the user ID to the Region Column and restrict the user to a particular region.

If you are using BW and a Bex query as source, then implement Authorization variables to restrict data.

On your previous question: Authorization variables are specific to when SAP BW Bex queries are used.

Regards

Jacques

Former Member
‎09-23-2013 8:06 AM
0 Kudos

HI Kiran,

Use variable in report level.

var=if(currentuser()inlist("x;y;z)then("south") else if (.) ...else.....

hope this will help you for sure..

Regards

Subbarao M

former_member213260
Explorer
‎05-10-2012 10:44 AM
0 Kudos

k thank you for reply..

Ravi i want to do in infoview..

select particular report for giving securities...like select ur report-->right click--->click schedule..like this, i know only little bit..please give me in detail how to do

thank you, in advance

Show replies
Show replies
Former Member
‎05-10-2012 1:25 PM
0 Kudos

Hi Kiran,

Can you elaborate your requirement? I am little bit confused with your question.

Former Member
‎05-10-2012 9:22 AM
0 Kudos

Hi Kiran,

We can give security to report by applying security restrictions at universe level.

Here is the step by step guide of how to restrict the data to particular user or group..

Step by Step Guide to Create a Restriction:

Go to Tools -> Manage security -> Manage Access Restriction

The Manage Access Restriction dialog box opens. Create New and give restriction name.

Select the ―Object tab. This tab help in putting restriction at object level.We can apply restriction on multiple object depending on requriement.Click ― "Add".

Click Select. The selection dialog –box appears. Select the required object.Click ok.

Show replies
Show replies
former_member213260
Explorer
‎05-10-2012 9:50 AM
0 Kudos

k thank you for reply..

Ravi i want to do in infoview..

select particular report for giving securities...like select ur report-->right click--->click schedule..like this, i know only little bit..please give me in detail how to do

thank you, in advance

Former Member
‎05-18-2012 6:03 PM
0 Kudos

Hi Kiran,

It is not possible to give security to BO report in infoview level, you can give secuirty to report at CMC level..

There are 2 ways of assigning access in Business Objects Enterprise

Predefined Access Levels

Predefined access levels are a collection of individual rights that have been set up in the Business Objects Enterprise system to provide common user access requirements.

Advanced rights

By going into the advanced rights, you may totally customize the type of access a user has on an object.



It is simplest to use predefined access levels, as we don’t have to manually configure every single right.

Below is a table of Predefined access levels

Access LevelRights
No AccessThe no access level may be misleading.   The no access level does not explicitly   deny access, but rather, sets all permissions to “Not Specified.”  This can be overridden through inheritance.
ViewWhen set at the folder level, the user can view the folder, the   objects contained in the folder, and all generated instances of each object.

At object level, the user can view the object, history of the object,   and all generated instances of the object.

The user cannot schedule or refresh the report, however by default; the user can edit the report and save to a personal folder to refresh there.  You can deny users from copying   the object by going to advanced and denying “Copy Objects to another folder”

ScheduleA user can generate instances by scheduling the object to run against   a specified data source once or on a recurring basis.  The user has full access to the scheduled   instances that they own.  They can also   schedule to different formats and destinations, set parameters, pick servers   to process jobs, add contents to the folder, and copy the object or folder.
View On DemandA user can refresh a report in real time.  Note that if a report is a WEBI document,   the user will also need View On Demand access to the universe and universe   connection to perform the refresh.
Full ControlAllows users to modify all of the object’s properties.  This is the only access level that allows   users to delete objects.

Security Hierarchy

The security levels flow in the following manner:

  • Global security
  • Folder-level security
  • Object-level security

Global Security

The default security set for the entire system.   For example when a new folder is added, its default rights come from the global level.

If there are any access levels that are common for the entire system, you should set them at the global level.

Global level rights can be set at the settings management area of the Central Management Console

Folder-level security

Folder level security allows you to set access-level rights for a folder and objects contained within that folder.  Subfolders will inherit the security of their parent folders.

Folder level security can be set by going to the “Folders” page of the CMC, then selecting a folder, and then clicking on the Rights tab.

Object Level security

Object level security is the access-level rights set at the object level.

Folders and Categories

It is important to understand the differences between folders and categories.  Both provide a way of organizing documents and BI content.  Folders provide the physical storage location of a file as well as navigation to content.  Categories provide navigation only.  Folders are required whereas categories are optional.  Thus when using a combination of both, it is recommended that categories are used for navigation only and permissions be set at the folder level.

When you create a new folder, two sets of permissions are automatically assigned:

  • Administrators are given the access level Full Control
  • Everyone is given the access level Schedule

Since the “Everyone” group is assigned the default access level of Schedule when a folder is first created, all users are able to view, open and schedule any reports saved in the new folder.  For many companies, this type of access level may not be acceptable, so the best practice is to make sure “No Access” is set for the “Everyone” group when creating a new folder.  If you want to give more permission, you can tweak it later on.

former_member213260
Explorer
‎05-22-2012 2:11 PM
0 Kudos

thank you ravi.it ll be helpful for me

Former Member
‎05-23-2012 12:52 PM
0 Kudos

Hi Kiran,

Does your problem resolved?

Former Member
‎12-15-2014 3:06 PM
0 Kudos

Very helpful ravi....if you know can you please tell me  about connection level restrictions in business objects.....

Thanks,

Lavankumar

Ask a Question