has anyone created a Task Profile or BW role definition for read only settings for production environments?
Our client, who wishes to restrict consultants and others to read-only functionality while providing us the ability to view all activity and data in the system.
I created a Task Profile and DAP that provide read only and the VIEW tasks along with a few more to be able to view the packages and schedule task statuses for all users (The DAP profiles are all read only so even if there are a few “use TP below we cannot transact in the system”.
Any other thoughts re security setup? Does anyone have a Task Profile (TP) and Data Access Profile (DAP) setup that they created and can share?
While this seems like an obvious question, we find have been adjusting the TP multiple times to arrive at the below setup to view all the necessary functions and data.
Use Input Forms and Save Data
Run Audit Reports
Run Comment Reports
Run Work Status Reports
Run BPF Reports
Run Security Reports
View Consolidation Monitor
View Ownership Manager
View Controls definition
Cancel Any User Packages
Edit Package Schedules for any users
View All Package Status
View All Detailed Package Status
View Business Rules
View Data Locks and Work Status
View Drill Throughs
View Document Types
View Audit Settings
View BPFs settings
View Journal Templates
View Equity Pick Up Monitor
View Equity Pick Up Audit Report
Use Work Status
I would like to know if you want to control access to users from the backend BW or from BPC front end?
That will be one consideration.
Secondly, if you are having CUA - Central User Administration in place. That can create complications as once CUA is in place, it is advisable to adjust access of the users from CUA only - addition or removal of DAPs, creating a new user etc.
Discuss with your security team as well as I believe they will own this aspect ultimately.