1793kalvin dallas marks bi2012 information design tool security

2012 Wellesley Information Services. All rights reserved.

Guidelines to Secure and Personalize Your BusinessObjects Universes

Dallas Marks Kalvin Consulting

About Dallas Marks

Dallas is an SAP Certified Application Associate and authorized

trainer for Web Intelligence, Information Design Tool, Universe

Design Tool, Dashboards (formerly Xcelsius), and SAP

BusinessObjects Business Intelligence administration. A

seasoned consultant and speaker, Dallas has worked with SAP

BusinessObjects tools since 2003 and presented at the North

American conference each year since 2006.

Dallas has implemented SAP BusinessObjects solutions for a

number of industries, including retail, energy, health care, and

manufacturing. He holds a masters degree in Computer Engineering from the University of Cincinnati.

Dallas blogs about various business intelligence topics at

http://www.dallasmarks.org/. You can follow him on Twitter at

@dallasmarks. 1

In This Session

Learn how to leverage the new information design tool in SAP

BusinessObjects BI 4.0

Review key differences between the new information design tool

and the previous BusinessObjects universe design tool and gain

insight into how these differences impact universe security

Understand how to restrict access to sensitive KPIs in the

universe

See demos to understand how each restriction type configured on

the back end impacts user interactivity on the front end

2

What Well Cover

The Information Design Tool

The Need for Universe Security

Introducing Security Profiles

Creating Security Profiles

Demonstrations

Wrap-up

3

Disclaimer

4

I'm just a simple man trying to make

my way in the

universe. Jango Fett

What Is a Legacy UNV Universe?

5

Connection

*.unv

What Is a Traditional UNV Universe?

6

Created with the Universe Design Tool,

formerly known as Universe Designer or simply Designer

Business

Layer

Data

Foundation

What Is a UNX Universe?

7

Connection

Data Foundation

Business Layer

*.cns

*.dfx

*.blx

*.unx

The term Common Semantic Layer is also used to describe the new universe format

What Is a UNX Universe? (cont.)

8

*.cns

*.dfx

*.blx

Created with the new

Information Design Tool

Business

Layer

Data

Foundation

8

Web Intelligence 4.0 Query Methods

Web Intelligence now allows

BEx (SAP NetWeaver BW) and

Analysis View to be queried

directly without a universe

9

Web Intelligence 4.0 Query Methods (cont.)





(cont.)

Web Intelligence Desktop

edition (shown) adds support

for Excel, Text, and Web

Services

10

Web Intelligence 4.0 Query Methods (cont.)





Web Intelligence Desktop

edition (shown) adds support

for Excel, Text, and Web

Services (cont.)

This presentation focuses on

securing universes created

with the new Information

Design Tool 4.0

11

What Well Cover





Demonstrations

Wrap-up

12

Two Methods for Securing Universes

13

Restrict access to entire

universe by setting universe

rights in the Central

Management Console (CMC)

Create various forced and

optional restrictions within

Information Design Tool

Forced

Object restrictions

Self-restricting joins

Inferred extra tables

Optional

Filter objects

Personalizing Ad Hoc Queries

14

Need to secure business-critical data based on a

users role in the organization, but standard universe design solutions affect all users

unilaterally

a different solution is required to apply security

conditionally to specific

users and groups:

Security profiles.

Personalizing Ad Hoc Queries (cont.)

15

Security Profiles are ideal for

organizations that use multiple

database platforms and need a

single, integrated approach

to data security

Database-specific techniques

such as Teradata Query Banding

and Oracle Virtual Private

Databases can be used but are

beyond the scope of this

discussion

Securing and Personalizing eFashion

16

Gotta analyze those

party pants sales!

Securing and Personalizing eFashion (cont.)

17

How do we

ensure that

Bennett is limited

to only Colorado

Springs data

Securing and Personalizing eFashion (cont.)

18

While allowing

executives to look

across the

organization?

What Well Cover





Demonstrations

Wrap-up

19

What Is a Security Profile?

A security profile is a group of security settings that apply to a

universe published in the repository

Similar features are available in the Universe Design Tool for

traditional universes (UNV), known as access restrictions or

restriction sets

Data Security Profiles have security settings defined on objects in

the data foundation and on data connections

Business Security Profiles have security settings defined on

objects in the business layer

20

What Can Be Restricted in Legacy UNV Universes?

21

Type of Restriction Description

Connection Override the default universe connection

with an alternate connection

Query controls Limit the size of the result set and query

execution time

SQL generation controls Control how SQL is generated by user

query

Row access Row-level security force restrictions into the WHERE clause of inferred SQL

Alternative table access Replace a table referenced in the universe

with another table in the database

Object access Column-level security

What Can Be Restricted in New UNX Universes?

Data Foundation Restrictions

Similar restrictions exist in Universe Design Tool


Connection Override the default universe connection

with an alternate connection

Query controls Limit the size of the result set and query

execution time

SQL generation controls Control how SQL is generated by user

query

Row access Row-level security force restrictions into the WHERE clause of inferred SQL

Alternative table access Replace a table referenced in the universe

with another table in the database

22

What Can Be Restricted in New UNX Universes? (cont.)

Business Layer Restrictions

* New feature of BI 4.0

** Similar to object restrictions in Universe Design Tool


Create Query Defines the universe views* and business

layer objects** available to the user

in the query panel.

Display Data Grants or denies access to the data

retrieved by objects in the business layer

when the user runs a query.*

Filters Defines filters using objects in the business

layer.*

23

What Well Cover





Demonstrations

Wrap-up

24

Securing Universes Design Process

25

1) Create & Manage Security Model

2) Build and Export

Universe

3) Add Security Profile

4) Create Web

Intelligence Documents*

5) Deploy using

Lifecycle Manager

* Crystal Reports and SAP

BusinessObjects

Dashboards (formerly

Xcelsius) based on

universes can also

leverage Security Profiles

Importing Secure Universes from XI R2 or XI 3.x

26

Import BIAR file into BI 4.0 using Upgrade Management Tool

Import and Convert UNV to UNX using Information Design Tool (IDT)

Validate Converted Security Profile

Test and Deploy

Default Universe Parameters Data Foundation Layer

27

Default Universe Parameters Business Layer

28

Access Restrictions in Universe Design Tool (UNV)

29

Editing Toolbar

Tools Menu

Access restrictions can be

accessed from either the tools

menu or the editing toolbar

Access Restrictions in Information Design Tool (UNX)

30

Access restrictions are available via

Security Editor on Window menu or

editing toolbar

Using the Security Editor Step 1 of 4

31

1. Select

universe and

create security

profiles


32

2. Assign Users or

Groups


33

3. Adjust Options


34

4. Test Specific Users and Groups

Information Design Tool Security Editor

35

Data Security Profile Connections

36

Replace default

universe connection

Use Case:

Default connection

may point to

production but

Security Profile

points UAT users to

UAT connection

Data Security Profile Controls

37

Limit number of

rows or execution

time

Use Case:

Conservative default

settings for all users

but more aggressive

settings for power

users

Data Security Profile SQL

38

Control complexity

of user queries

Use case:

Default settings may

allow sub-queries

and combined

queries, but security

profile limits casual

business users

Data Security Profile Rows

39

Force restrictions

into SQL WHERE

clause

Use case:

Row level security

for sales team so

they only see their numbers

May also desire to

disable ability to

view SQL in Web

Intelligence

Data Security Profile Tables

40

Point to different

table in database

schema

Use Case:

Default users point

to one year of facts,

but security profile

points to three years

of facts for power

users

Not necessary for

replacement table to

be defined in

universe

Business Security Profile Create Query

41

Hide business layer

views or business

layer objects from

certain users

Use Case:

Control visibility of

sensitive measures

such as profit

margin

Business Security Profile Display Data

42

Prevents display of

objects on report

If AUTO_UPDATE_QUERY

parameter is No, then

refreshing report

generates an error

If AUTO_UPDATE_QUERY

parameter is Yes, then

the denied objects are

removed from query and

any business layer filters

Business Security Profile Filters

43

Filter universe

objects at the

business layer, not

database columns at

data foundation

layer

Still applies filter to

SQL statement

What Well Cover





Demonstrations

Wrap-up

44

Demonstration: Creating Security Profile in IDT

45

Demonstration: Testing Security Profile in IDT

46

Demonstration: Using Security Profile in Web Intelligence

47

Demonstration: Using Security Profile in Crystal Reports

48

Demonstration: Using Security Profile in Dashboards

49

What Well Cover





Demonstrations

Wrap-up

50

Additional Resources

SAP BusinessObjects Business Intelligence 4.0: Business Intelligence

Platform Administrator Guide

http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_bi

p_admin_en.pdf

SAP BusinessObjects Business Intelligence 4.0: Information Design

Tool Guide

http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_inf

o_design_tool_en.pdf

SAP BusinessObjects Business Intelligence 4.0: Web Intelligence Users Guide

http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_ia

_en.pdf

Suzanna Rijk, Quick Reference Getting Around Information Design Tool

(SCN, June 2011).

www.sdn.sap.com/irj/scn/index?rid=/library/uuid/309c9725-f647-2e10-

4daf-c9d201062370

51

Additional Resources (cont.)

Dallas Marks, Secure Universes Using Restriction Sets, (Insight 2007 BusinessObjects User Conference, October 2007, Orlando,

Florida).

www.dallasmarks.org/blog/presentations

The presentation covered XI R2 (and therefore XI 3.0/3.1

universe security)

52

Official Product Tutorials on SCN

www.sap.com/learnbi

Access free tutorials on SAP BusinessObjects Information

Design Tool

53

Relevant Training

54

54

Official SAP BusinessObjects curriculum is available on-site at your

location or at authorized education centers around the world.

Virtual classroom and E-learning options are also available.

SAP BusinessObjects Business Intelligence 4.0:

Administration and Security 2 days course code BOE310

Information Design Tool 4.0 Introduction 3 days course code BOID10 Advanced 2 days course code BOID20

Web Intelligence 4.0 Introduction 2 days course code BOW310 Advanced 1 day course code BOW320

55

7 Key Points to Take Home

The new common semantic layer can be tailored to deliver secure

and personalized experience for each user

The Information Design Tool performs familiar tasks (universe

design) but using unfamiliar workflows. Plan for the learning curve.

Legacy universes with restriction sets can be imported into SAP

BusinessObjects BI 4.0 using the Upgrade Management Tool

Once imported, legacy universes can be converted from UNV to UNX

format using Information Design Tool. Restriction sets are

automatically converted to security profiles.

All features of legacy restriction sets are available with security

profiles, plus some new features unique to new semantic layer

Row restrictions can be added using @Variable(BOUSER)

Column restrictions can prevent certain users from seeing sensitive

data

56

Your Turn!

How to contact me:

Dallas Marks

[email protected]

This document is a result of using our specialized expertise and contains intellectual ideas prepared solely for your use. This document represents valuable work by Kalvin Consulting and may not be disseminated to any external entity without the prior written consent of Kalvin Consulting .

57

TEAM AT KALVIN

One of the Largest W2 Staff Specializing in BI

We have 39 W-2 consultants on staff.

16 Business Objects certified consultants.

16 ex-Business Objects consultants with

experience at clients on BOBJ Global services

engagements. (We have a sub-contracting

relationship with Business Objects/SAP).

We pride ourselves on delivery and exceeding

our customers expectations. Dedicated Project Management Office to

oversee the project deliverables and client

expectations

Repository of documentation as part of business

continuity plan for clients, project and

consultants

Focus on Long Term Partnership

Kalvin believes each client is unique and

leverages best practices and customizes a

solution that is successful for our customers organization.

Build strong and long-lasting relationships

with clients and partners by creating a

productive work environment that

encourages innovation and great attitudes.

Kalvin believes in investing our time to

ensure

YOUR BI success.

Customer satisfaction/success is our #1

priority.

Kalvin believes through your BI

success will Kalvin be successful.

Best of Breed solution provider for Business Intelligence and Data Warehousing

Mission

Vision

Creating intelligent data to power an

intelligent world

To partner with you to create intelligent data

that will empower your business to:

Maximize operational performance Increase not just revenue but profit Help identify and serve your clients better


58

Core Competencies

Kalvin is an expert in Application development

Java/J2EE enterprise solutions .NET Solutions Customized solutions using Java, .NET, Web services , SDK

Infrastructure and Best Practices SAP BW integration Business Object architecture, center of excellence and Implementation OBIEE Architecture and Implementations Cognos architecture and implementation

Data Integration Data warehouse/Data mart design and implementation using Kimball or Inmon methodology Master data Management Data governance ETL using Data Integrator, Informatica, Data Stage & PL/SQL Data Quality & Data cleansing

SAP BW End to end BW & BOBJ solution design and implementation Complete documentation of BW transport documents and technical content

SAP NetWeaver BI Upgrades and implementation, toolsets and authorization Advanced ABAP design and code solutions SAP R/3 Data Analysis, extraction, custom extractor design and implementation


59

Kalvin specializes and is an expert in Reporting & Dashboards

SAP Business Objects SAP BW as a data source Reporting, Analytics & executive dashboards (WebI, crystal, Xcelsius, Predictive Workbench etc.) BO mobile Sharepoint integration

Descriptive Analytics (What?) Data Mining and Pattern Recognition Clustering and Segmentations Decision Trees

Predictive Analytics (Why? and What Next?) Marketing Mix Modeling and Demand Forecasting Promotion/Price/Product/Campaign/Operational Effectiveness Customer Behavior/Attrition Predictive Modeling

Training SAP Certified - BI 4.0 SAP Certified - BI 3.0/3.1 E-learning Mentor/Knowledge Transfer

Core Competencies Contd


Capabilities Matrix

60 60

Services

SAP BW & Enterprise Data Warehouse (Oracle, dB2, SQL) X X X X X X X

ETL (SAP Data Services, IBM DataStage, Informatica) X X X X X X X X

Custom Report Portals (WebSphere, SharePoint, Weblogic) X X X X X

Enterprise BI Platforms (SAP Business Objects, IBM Cognos)

X X X X X X X

Reporting and Dashboards X X X X X X X X

Predictive Analytics (IBM SPSS, SAS, R) X X X X X X

Descriptive Analytics (IBM SPSS, SAS, R) X X X X X X


61

Behavioral Data EMR / Clinical Data Attitudinal/Research Market Research Psychographics Macro economics Data Integration Data mart /Data models ETL/Data warehousing

Who are my core customers and how do the behave?

What drives their behavior?

Can I predict change? Segmentation (Value,

lifestyle) Promotion Impact

/Marketing Mix Predictive Analysis

Brand Loyalty Promotion scorecard

Customer 1st KPIs (Key Drivers) Risk Scorecard Loyalty Promotion

Loyalty Programs One to one customer

communication Technology(RFID, POS,

Mobile, Location based) Surprise and Delight

ACTIVATION

STRATEGY

INTELLIGENT REPORTING

BUSINESS / ANALYTICAL INSIGHTS

INTELLIGENT DATA MODELING

Kalvins holistic approach to your BI needs we start with data foundation to delivering strategic insights to further activating upon your quintessential customers.

Kalvin Business Solution

Activation

Strategy

Intelligent Business Reporting

Business Analytics

Intelligent Data

8573 Mason-Montgomery Road Mason, OH 45040 P: (513) 492-9120 F: (513) 492-9122

[email protected]

http://www.facebook.com/kalvinconsulting

http://twitter.com/kalvinsoft

http://www.linkedin.com/company/kalvinsoft

63

Disclaimer

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG

in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective

companies. Wellesley Information Services is neither owned nor controlled by SAP.

1793kalvin dallas marks bi2012 information design tool security

Documents

universe designer

unx universe

universe rights

entire universe

new universe format

query methods web intelligence

legacy unv universe

traditional unv universe