cancel
Showing results for 
Search instead for 
Did you mean: 

management of user authorizations when BOE is accessing a SAP BW

Former Member
0 Kudos

Hi,

I have a question regarding the management of user authorizations when BOE is accessing a SAP BW System. The situation is as follows.

  • I successfully installed BusinessObjects XI Integration for SAP Solutions on our BO system

  • I successfully configured a SAP (BW) entitlement system in BOE.

  • I am now able to import SAP users and roles into BOE

  • I am also able to logon to BO using the credentials of a sap (BW) user

  • I created a connection to the BW system in designer and generated a universe. I am able to view BW data in BO.

Now to my questions:

1.) I was a little bit surprised that I am able to access data in BW with a user that I created in my BO system. (no logon of this particular user to BW was required) This BO user should therefore be unknown in the BW system, and shouldnu2019t have any rights to view data. How is this possible? The authorizations defined in BW donu2019t seem to matter (in my example the user shouldnu2019t have any rights in BW since he doesnu2019t exists in BW)

2.) To put it in other words: I am aware that BO is capable of managing user authorizations (e.g. on universe level, on object level, on report levelu2026). Letu2019s imagine a situation where a certain user should not be allowed to view sales data for EMEA in BW. Since the user is also using BEx Analyzer this authorization is correctly defined in BW. Now, if the user logs on to BO and opens a report containing sales data, he will be able to view all regions (including EMEA), since the BW authorizations are not checked. How can this problem be solved? Do I always have to define / mange user rights both in BW and BO?

3.) In Universe Designer I am able to manage access restriction, for example on object level. Therefore if a certain user group is not allowed to access the object u201Ccountyu201D, a drill down from EMEA data downwards to data of each of the countries will not be possible for this user group. I want to go a little bit further, and allow the user to only access a certain country (e.g. France) and not all countries ( = row-level-security). How can this be designed in a universe that is based on an BW system?

Thanks in advance for you help.

Accepted Solutions (1)

Accepted Solutions (1)

IngoH
Active Contributor
0 Kudos

Hi Marc,

as of now you can not build row level security in the universe on top of BW. You would leverage SSO for the universe connection and leverage the data level security / authorization configured in BW.

Ingo

Former Member
0 Kudos

Hi there Ingo.

Thanks for the input, Am trying to figure out this myself aswell. Where could I find more info about leveraging SSO and authorizations related to BO and BI integration?

thanks,

Mikko

IngoH
Active Contributor
0 Kudos

Hi Mikko,

look in the installation guide for the SAP integration Kit and look for the chapter which talks about server side trust

ingo

Former Member
0 Kudos

Ok. BusinessObjects XI Integration for SAP Solutions Installation Guide seems to quite comprehensive document. I'll try to find solutions from there.

Br,

Mikko

Former Member
0 Kudos

Hi Ingo

I have a question about your statement below:

"as of now you can not build row level security in the universe on top of BW. You would leverage SSO for the universe connection and leverage the data level security / authorization configured in BW."

As far as I could understand, we can not have data level security in BO unless I upload from BW my data level security. So, we don´t have object authorization or something like that in BO. Am I correct?

Do you have any article that provide me more details about that subject? I´ve searched more details about that issue in your blog and site but I have not found anyone.

I hope you can help me.

Thank you and kind regards!!!!

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Marc,

In most all cases, the setup of the connection to your BW system is the culprit and this is "glue" between you and BW..

Check the connections that you have created for the user account you used to create the connection and that id it is still the account being used to access BW, and not your BO user account.

You need to specifly in the connections to use the user account of the actual user trying to use the connection and not save your credentials.

Regards

Jacques

Former Member
0 Kudos

Hello Jacques,

thanks for your reply. This was definitly of great help to me. After changing the settings in the connection of the universe, my problem was solved.

However, my third question remains unanswered. How can I achieve row-level-security in an universe in BO, that is based on a BW-system?

Regards

Marc

Former Member
0 Kudos

Hi Marc,

I am facing similar issues mentioned in ur post, can you please tell me how exactly did you fix points 1 & 2?

I tried using SSO login option while making the connection but some how i am not able to use the universe. Can you tell me how exactly did you do it.

hope I can get an answer back! thanks for your help

Shesha.

IngoH
Active Contributor
0 Kudos

Hi Shesha,

could you provide more details what your issue is ?

ingo