1793kalvin dallas marks bi2012 information design tool security
DESCRIPTION
1793Kalvin Dallas Marks BI2012 Information Design Tool SecurityTRANSCRIPT
-
2012 Wellesley Information Services. All rights reserved.
Guidelines to Secure and Personalize Your BusinessObjects Universes
Dallas Marks Kalvin Consulting
-
About Dallas Marks
Dallas is an SAP Certified Application Associate and authorized
trainer for Web Intelligence, Information Design Tool, Universe
Design Tool, Dashboards (formerly Xcelsius), and SAP
BusinessObjects Business Intelligence administration. A
seasoned consultant and speaker, Dallas has worked with SAP
BusinessObjects tools since 2003 and presented at the North
American conference each year since 2006.
Dallas has implemented SAP BusinessObjects solutions for a
number of industries, including retail, energy, health care, and
manufacturing. He holds a masters degree in Computer Engineering from the University of Cincinnati.
Dallas blogs about various business intelligence topics at
http://www.dallasmarks.org/. You can follow him on Twitter at
@dallasmarks. 1
-
In This Session
Learn how to leverage the new information design tool in SAP
BusinessObjects BI 4.0
Review key differences between the new information design tool
and the previous BusinessObjects universe design tool and gain
insight into how these differences impact universe security
Understand how to restrict access to sensitive KPIs in the
universe
See demos to understand how each restriction type configured on
the back end impacts user interactivity on the front end
2
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
3
-
Disclaimer
4
I'm just a simple man trying to make
my way in the
universe. Jango Fett
-
What Is a Legacy UNV Universe?
5
Connection
*.unv
-
What Is a Traditional UNV Universe?
6
Created with the Universe Design Tool,
formerly known as Universe Designer or simply Designer
Business
Layer
Data
Foundation
-
What Is a UNX Universe?
7
Connection
Data Foundation
Business Layer
*.cns
*.dfx
*.blx
*.unx
The term Common Semantic Layer is also used to describe the new universe format
-
What Is a UNX Universe? (cont.)
8
*.cns
*.dfx
*.blx
Created with the new
Information Design Tool
Business
Layer
Data
Foundation
8
-
Web Intelligence 4.0 Query Methods
Web Intelligence now allows
BEx (SAP NetWeaver BW) and
Analysis View to be queried
directly without a universe
9
-
Web Intelligence 4.0 Query Methods (cont.)
Web Intelligence now allows
BEx (SAP NetWeaver BW) and
Analysis View to be queried
directly without a universe
(cont.)
Web Intelligence Desktop
edition (shown) adds support
for Excel, Text, and Web
Services
10
-
Web Intelligence 4.0 Query Methods (cont.)
Web Intelligence now allows
BEx (SAP NetWeaver BW) and
Analysis View to be queried
directly without a universe
Web Intelligence Desktop
edition (shown) adds support
for Excel, Text, and Web
Services (cont.)
This presentation focuses on
securing universes created
with the new Information
Design Tool 4.0
11
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
12
-
Two Methods for Securing Universes
13
Restrict access to entire
universe by setting universe
rights in the Central
Management Console (CMC)
Create various forced and
optional restrictions within
Information Design Tool
Forced
Object restrictions
Self-restricting joins
Inferred extra tables
Optional
Filter objects
-
Personalizing Ad Hoc Queries
14
Need to secure business-critical data based on a
users role in the organization, but standard universe design solutions affect all users
unilaterally
a different solution is required to apply security
conditionally to specific
users and groups:
Security profiles.
-
Personalizing Ad Hoc Queries (cont.)
15
Security Profiles are ideal for
organizations that use multiple
database platforms and need a
single, integrated approach
to data security
Database-specific techniques
such as Teradata Query Banding
and Oracle Virtual Private
Databases can be used but are
beyond the scope of this
discussion
-
Securing and Personalizing eFashion
16
Gotta analyze those
party pants sales!
-
Securing and Personalizing eFashion (cont.)
17
How do we
ensure that
Bennett is limited
to only Colorado
Springs data
-
Securing and Personalizing eFashion (cont.)
18
While allowing
executives to look
across the
organization?
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
19
-
What Is a Security Profile?
A security profile is a group of security settings that apply to a
universe published in the repository
Similar features are available in the Universe Design Tool for
traditional universes (UNV), known as access restrictions or
restriction sets
Data Security Profiles have security settings defined on objects in
the data foundation and on data connections
Business Security Profiles have security settings defined on
objects in the business layer
20
-
What Can Be Restricted in Legacy UNV Universes?
21
Type of Restriction Description
Connection Override the default universe connection
with an alternate connection
Query controls Limit the size of the result set and query
execution time
SQL generation controls Control how SQL is generated by user
query
Row access Row-level security force restrictions into the WHERE clause of inferred SQL
Alternative table access Replace a table referenced in the universe
with another table in the database
Object access Column-level security
-
What Can Be Restricted in New UNX Universes?
Data Foundation Restrictions
Similar restrictions exist in Universe Design Tool
Type of Restriction Description
Connection Override the default universe connection
with an alternate connection
Query controls Limit the size of the result set and query
execution time
SQL generation controls Control how SQL is generated by user
query
Row access Row-level security force restrictions into the WHERE clause of inferred SQL
Alternative table access Replace a table referenced in the universe
with another table in the database
22
-
What Can Be Restricted in New UNX Universes? (cont.)
Business Layer Restrictions
* New feature of BI 4.0
** Similar to object restrictions in Universe Design Tool
Type of Restriction Description
Create Query Defines the universe views* and business
layer objects** available to the user
in the query panel.
Display Data Grants or denies access to the data
retrieved by objects in the business layer
when the user runs a query.*
Filters Defines filters using objects in the business
layer.*
23
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
24
-
Securing Universes Design Process
25
1) Create & Manage Security Model
2) Build and Export
Universe
3) Add Security Profile
4) Create Web
Intelligence Documents*
5) Deploy using
Lifecycle Manager
* Crystal Reports and SAP
BusinessObjects
Dashboards (formerly
Xcelsius) based on
universes can also
leverage Security Profiles
-
Importing Secure Universes from XI R2 or XI 3.x
26
Import BIAR file into BI 4.0 using Upgrade Management Tool
Import and Convert UNV to UNX using Information Design Tool (IDT)
Validate Converted Security Profile
Test and Deploy
-
Default Universe Parameters Data Foundation Layer
27
-
Default Universe Parameters Business Layer
28
-
Access Restrictions in Universe Design Tool (UNV)
29
Editing Toolbar
Tools Menu
Access restrictions can be
accessed from either the tools
menu or the editing toolbar
-
Access Restrictions in Information Design Tool (UNX)
30
Access restrictions are available via
Security Editor on Window menu or
editing toolbar
-
Using the Security Editor Step 1 of 4
31
1. Select
universe and
create security
profiles
-
Using the Security Editor Step 2 of 4
32
2. Assign Users or
Groups
-
Using the Security Editor Step 3 of 4
33
3. Adjust Options
-
Using the Security Editor Step 4 of 4
34
4. Test Specific Users and Groups
-
Information Design Tool Security Editor
35
-
Data Security Profile Connections
36
Replace default
universe connection
Use Case:
Default connection
may point to
production but
Security Profile
points UAT users to
UAT connection
-
Data Security Profile Controls
37
Limit number of
rows or execution
time
Use Case:
Conservative default
settings for all users
but more aggressive
settings for power
users
-
Data Security Profile SQL
38
Control complexity
of user queries
Use case:
Default settings may
allow sub-queries
and combined
queries, but security
profile limits casual
business users
-
Data Security Profile Rows
39
Force restrictions
into SQL WHERE
clause
Use case:
Row level security
for sales team so
they only see their numbers
May also desire to
disable ability to
view SQL in Web
Intelligence
-
Data Security Profile Tables
40
Point to different
table in database
schema
Use Case:
Default users point
to one year of facts,
but security profile
points to three years
of facts for power
users
Not necessary for
replacement table to
be defined in
universe
-
Business Security Profile Create Query
41
Hide business layer
views or business
layer objects from
certain users
Use Case:
Control visibility of
sensitive measures
such as profit
margin
-
Business Security Profile Display Data
42
Prevents display of
objects on report
If AUTO_UPDATE_QUERY
parameter is No, then
refreshing report
generates an error
If AUTO_UPDATE_QUERY
parameter is Yes, then
the denied objects are
removed from query and
any business layer filters
-
Business Security Profile Filters
43
Filter universe
objects at the
business layer, not
database columns at
data foundation
layer
Still applies filter to
SQL statement
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
44
-
Demonstration: Creating Security Profile in IDT
45
-
Demonstration: Testing Security Profile in IDT
46
-
Demonstration: Using Security Profile in Web Intelligence
47
-
Demonstration: Using Security Profile in Crystal Reports
48
-
Demonstration: Using Security Profile in Dashboards
49
-
What Well Cover
The Information Design Tool
The Need for Universe Security
Introducing Security Profiles
Creating Security Profiles
Demonstrations
Wrap-up
50
-
Additional Resources
SAP BusinessObjects Business Intelligence 4.0: Business Intelligence
Platform Administrator Guide
http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_bi
p_admin_en.pdf
SAP BusinessObjects Business Intelligence 4.0: Information Design
Tool Guide
http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_inf
o_design_tool_en.pdf
SAP BusinessObjects Business Intelligence 4.0: Web Intelligence Users Guide
http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_ia
_en.pdf
Suzanna Rijk, Quick Reference Getting Around Information Design Tool
(SCN, June 2011).
www.sdn.sap.com/irj/scn/index?rid=/library/uuid/309c9725-f647-2e10-
4daf-c9d201062370
51
-
Additional Resources (cont.)
Dallas Marks, Secure Universes Using Restriction Sets, (Insight 2007 BusinessObjects User Conference, October 2007, Orlando,
Florida).
www.dallasmarks.org/blog/presentations
The presentation covered XI R2 (and therefore XI 3.0/3.1
universe security)
52
-
Official Product Tutorials on SCN
www.sap.com/learnbi
Access free tutorials on SAP BusinessObjects Information
Design Tool
53
-
Relevant Training
54
54
Official SAP BusinessObjects curriculum is available on-site at your
location or at authorized education centers around the world.
Virtual classroom and E-learning options are also available.
SAP BusinessObjects Business Intelligence 4.0:
Administration and Security 2 days course code BOE310
Information Design Tool 4.0 Introduction 3 days course code BOID10 Advanced 2 days course code BOID20
Web Intelligence 4.0 Introduction 2 days course code BOW310 Advanced 1 day course code BOW320
-
55
7 Key Points to Take Home
The new common semantic layer can be tailored to deliver secure
and personalized experience for each user
The Information Design Tool performs familiar tasks (universe
design) but using unfamiliar workflows. Plan for the learning curve.
Legacy universes with restriction sets can be imported into SAP
BusinessObjects BI 4.0 using the Upgrade Management Tool
Once imported, legacy universes can be converted from UNV to UNX
format using Information Design Tool. Restriction sets are
automatically converted to security profiles.
All features of legacy restriction sets are available with security
profiles, plus some new features unique to new semantic layer
Row restrictions can be added using @Variable(BOUSER)
Column restrictions can prevent certain users from seeing sensitive
data
-
56
Your Turn!
How to contact me:
Dallas Marks
-
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
57
TEAM AT KALVIN
One of the Largest W2 Staff Specializing in BI
We have 39 W-2 consultants on staff.
16 Business Objects certified consultants.
16 ex-Business Objects consultants with
experience at clients on BOBJ Global services
engagements. (We have a sub-contracting
relationship with Business Objects/SAP).
We pride ourselves on delivery and exceeding
our customers expectations. Dedicated Project Management Office to
oversee the project deliverables and client
expectations
Repository of documentation as part of business
continuity plan for clients, project and
consultants
Focus on Long Term Partnership
Kalvin believes each client is unique and
leverages best practices and customizes a
solution that is successful for our customers organization.
Build strong and long-lasting relationships
with clients and partners by creating a
productive work environment that
encourages innovation and great attitudes.
Kalvin believes in investing our time to
ensure
YOUR BI success.
Customer satisfaction/success is our #1
priority.
Kalvin believes through your BI
success will Kalvin be successful.
Best of Breed solution provider for Business Intelligence and Data Warehousing
Mission
Vision
Creating intelligent data to power an
intelligent world
To partner with you to create intelligent data
that will empower your business to:
Maximize operational performance Increase not just revenue but profit Help identify and serve your clients better
-
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
58
Core Competencies
Kalvin is an expert in Application development
Java/J2EE enterprise solutions .NET Solutions Customized solutions using Java, .NET, Web services , SDK
Infrastructure and Best Practices SAP BW integration Business Object architecture, center of excellence and Implementation OBIEE Architecture and Implementations Cognos architecture and implementation
Data Integration Data warehouse/Data mart design and implementation using Kimball or Inmon methodology Master data Management Data governance ETL using Data Integrator, Informatica, Data Stage & PL/SQL Data Quality & Data cleansing
SAP BW End to end BW & BOBJ solution design and implementation Complete documentation of BW transport documents and technical content
SAP NetWeaver BI Upgrades and implementation, toolsets and authorization Advanced ABAP design and code solutions SAP R/3 Data Analysis, extraction, custom extractor design and implementation
-
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
59
Kalvin specializes and is an expert in Reporting & Dashboards
SAP Business Objects SAP BW as a data source Reporting, Analytics & executive dashboards (WebI, crystal, Xcelsius, Predictive Workbench etc.) BO mobile Sharepoint integration
Descriptive Analytics (What?) Data Mining and Pattern Recognition Clustering and Segmentations Decision Trees
Predictive Analytics (Why? and What Next?) Marketing Mix Modeling and Demand Forecasting Promotion/Price/Product/Campaign/Operational Effectiveness Customer Behavior/Attrition Predictive Modeling
Training SAP Certified - BI 4.0 SAP Certified - BI 3.0/3.1 E-learning Mentor/Knowledge Transfer
Core Competencies Contd
-
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
Capabilities Matrix
60 60
Services
SAP BW & Enterprise Data Warehouse (Oracle, dB2, SQL) X X X X X X X
ETL (SAP Data Services, IBM DataStage, Informatica) X X X X X X X X
Custom Report Portals (WebSphere, SharePoint, Weblogic) X X X X X
Enterprise BI Platforms (SAP Business Objects, IBM Cognos)
X X X X X X X
Reporting and Dashboards X X X X X X X X
Predictive Analytics (IBM SPSS, SAS, R) X X X X X X
Descriptive Analytics (IBM SPSS, SAS, R) X X X X X X
-
This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .
61
Behavioral Data EMR / Clinical Data Attitudinal/Research Market Research Psychographics Macro economics Data Integration Data mart /Data models ETL/Data warehousing
Who are my core customers and how do the behave?
What drives their behavior?
Can I predict change? Segmentation (Value,
lifestyle) Promotion Impact
/Marketing Mix Predictive Analysis
Brand Loyalty Promotion scorecard
Customer 1st KPIs (Key Drivers) Risk Scorecard Loyalty Promotion
Loyalty Programs One to one customer
communication Technology(RFID, POS,
Mobile, Location based) Surprise and Delight
ACTIVATION
STRATEGY
INTELLIGENT REPORTING
BUSINESS / ANALYTICAL INSIGHTS
INTELLIGENT DATA MODELING
Kalvins holistic approach to your BI needs we start with data foundation to delivering strategic insights to further activating upon your quintessential customers.
Kalvin Business Solution
Activation
Strategy
Intelligent Business Reporting
Business Analytics
Intelligent Data
-
8573 Mason-Montgomery Road Mason, OH 45040 P: (513) 492-9120 F: (513) 492-9122
http://www.facebook.com/kalvinconsulting
http://twitter.com/kalvinsoft
http://www.linkedin.com/company/kalvinsoft
-
63
Disclaimer
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG
in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective
companies. Wellesley Information Services is neither owned nor controlled by SAP.