on 05-10-2012 9:09 AM
Hi,
can anyone tell me how to do security for reports...i mean to say is, i have sales data. now i want to restrict the sales data to particular persons only (like, sales manager has to see only their particular region, not for other regions and sales person has to see their own sales,etc,.. ) please help me...
Thanks in advance
Cheers,
KIRAN
Kiran:
In the Info View you can only implement object level security. A good security design would be to have the security implemented in the backed (SQL / BW) system.
As a workaround, you can create different report objects - one set for each department sales, HR etc.. with static restrictions and then create folders in info view for each department and publish respective report objects. Then within info view you can provide user access manually or using LDAP users. This is not a good design but will work.
Hope this helps.
Regards,
Rama
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rama,
thank you for reply me...actually one of my friend told me we can give the securities in infoview level also...by selecting particular report and right click on it---> select schedule...
but I dont no exactly how to do?
my requirement is
i have sales data for different regions, now i want to send the particular data to particular region only by giving some security in info view level...
plzz help me how to do...
thank you inadvance,
Cheers,
Kiran
Hi Kiran,
If you are using a non-SAP back-end database you can row level security in the universe on e.g Region. Assign the user ID to the Region Column and restrict the user to a particular region.
If you are using BW and a Bex query as source, then implement Authorisation variables the restrict data for you.
In both cases the reports will run on the universes created and only return the data the user has been granted to see.
Jacques
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kiran,
You can only assign object level security in the CMC, meaning that a report is an object. You can allow users to have access to the report by means of the previous posts on this thread by managing the access to the report.
A further step needs to be taken at a data level, and these would be your steps:
If you are using a non-SAP back-end database you can row level security in the universe on e.g Region. Assign the user ID to the Region Column and restrict the user to a particular region.
If you are using BW and a Bex query as source, then implement Authorization variables to restrict data.
On your previous question: Authorization variables are specific to when SAP BW Bex queries are used.
Regards
Jacques
k thank you for reply..
Ravi i want to do in infoview..
select particular report for giving securities...like select ur report-->right click--->click schedule..like this, i know only little bit..please give me in detail how to do
thank you, in advance
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kiran,
We can give security to report by applying security restrictions at universe level.
Here is the step by step guide of how to restrict the data to particular user or group..
Step by Step Guide to Create a Restriction:
Go to Tools -> Manage security -> Manage Access Restriction
The Manage Access Restriction dialog box opens. Create New and give restriction name.
Select the ―Object tab. This tab help in putting restriction at object level.We can apply restriction on multiple object depending on requriement.Click ― "Add".
Click Select. The selection dialog –box appears. Select the required object.Click ok.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kiran,
It is not possible to give security to BO report in infoview level, you can give secuirty to report at CMC level..
There are 2 ways of assigning access in Business Objects Enterprise
Predefined Access Levels
Predefined access levels are a collection of individual rights that have been set up in the Business Objects Enterprise system to provide common user access requirements.
Advanced rights
By going into the advanced rights, you may totally customize the type of access a user has on an object.
It is simplest to use predefined access levels, as we don’t have to manually configure every single right.
Below is a table of Predefined access levels
Access Level | Rights |
No Access | The no access level may be misleading. The no access level does not explicitly deny access, but rather, sets all permissions to “Not Specified.” This can be overridden through inheritance. |
View | When set at the folder level, the user can view the folder, the objects contained in the folder, and all generated instances of each object. At object level, the user can view the object, history of the object, and all generated instances of the object. The user cannot schedule or refresh the report, however by default; the user can edit the report and save to a personal folder to refresh there. You can deny users from copying the object by going to advanced and denying “Copy Objects to another folder” |
Schedule | A user can generate instances by scheduling the object to run against a specified data source once or on a recurring basis. The user has full access to the scheduled instances that they own. They can also schedule to different formats and destinations, set parameters, pick servers to process jobs, add contents to the folder, and copy the object or folder. |
View On Demand | A user can refresh a report in real time. Note that if a report is a WEBI document, the user will also need View On Demand access to the universe and universe connection to perform the refresh. |
Full Control | Allows users to modify all of the object’s properties. This is the only access level that allows users to delete objects. |
The security levels flow in the following manner:
The default security set for the entire system. For example when a new folder is added, its default rights come from the global level.
If there are any access levels that are common for the entire system, you should set them at the global level.
Global level rights can be set at the settings management area of the Central Management Console
Folder level security allows you to set access-level rights for a folder and objects contained within that folder. Subfolders will inherit the security of their parent folders.
Folder level security can be set by going to the “Folders” page of the CMC, then selecting a folder, and then clicking on the Rights tab.
Object level security is the access-level rights set at the object level.
It is important to understand the differences between folders and categories. Both provide a way of organizing documents and BI content. Folders provide the physical storage location of a file as well as navigation to content. Categories provide navigation only. Folders are required whereas categories are optional. Thus when using a combination of both, it is recommended that categories are used for navigation only and permissions be set at the folder level.
When you create a new folder, two sets of permissions are automatically assigned:
Since the “Everyone” group is assigned the default access level of Schedule when a folder is first created, all users are able to view, open and schedule any reports saved in the new folder. For many companies, this type of access level may not be acceptable, so the best practice is to make sure “No Access” is set for the “Everyone” group when creating a new folder. If you want to give more permission, you can tweak it later on.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.