Scribd Logo
Importer

Bienvenue sur Scribd !

  • CMC Essentials: Dallas Marks, Integra Solutions Breakout Session #9015

    Transféré par

    Wirianto Widjaya
    109 vues40 pages
    CMC Essentials Dallas Marks, Integra Solutions Breakout Session #9015. Poll By a show of hands: How many people using version 6.x and earlier? XI R2 in production? XI 3. In development? what about XI 3.1?

    Description originale:

    Titre original

    CMCEssentials

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    CMC Essentials Dallas Marks, Integra Solutions Breakout Session #9015. Poll By a show of hands: How many people using version 6.x and earlier? XI R2 in production? XI 3. In development? what about XI 3.1?

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    109 vues40 pages

    CMC Essentials: Dallas Marks, Integra Solutions Breakout Session #9015

    Transféré par

    Wirianto Widjaya
    CMC Essentials Dallas Marks, Integra Solutions Breakout Session #9015. Poll By a show of hands: How many people using version 6.x and earlier? XI R2 in production? XI 3. In development? what about XI 3.1?

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 40

    CMC Essentials

    Dallas Marks, Integra Solutions Breakout Session #9015

    Copyright 2008 Quorum Business Solutions, Inc.

    Poll
    By a show of hands: How many people using version 6.x and earlier? Crystal Enterprise 10 and earlier? XI R2 in production? XI 3.0 in development? XI 3.0 in production? What about XI 3.1?

    Copyright 2008 Quorum Business Solutions, Inc.

    Agenda
    Brief History of Business Objects Administration Comparing XI R2 and XI 3.x Security Security Basics

    Terminology Folder and Group Inheritance Breaking Inheritance Custom Access Levels Scope of Rights
    Custom Access Levels, Permissions Explorer and Security Query

    Demonstration Best Practices Q&A

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    HISTORY OF ADMINISTRATION
    Copyright 2008 Quorum Business Solutions, Inc.

    History of BusinessObjects Administration

    Supervisor 4.0 March 1996

    Central Management Console XI Release 1 January 2005

    Central Management Console XI Release 2 November 2005

    Central Management Console XI 3.0 - February 2008 XI 3.1 September 2008

    Copyright 2008 Quorum Business Solutions, Inc.

    Yoda on BusinessObjects XI R2

    You must unlearn what you have learned

    Copyright 2008 Quorum Business Solutions, Inc.

    Yoda on BusinessObjects XI 3.x

    You must confront BusinessObjects Enterprise XI 3.1. Then, only then, a Jedi will you be.
    NOTE: There are many new management areas in the redesigned CMC XI 3.x, but this presentation focuses on security-related changes.
    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    COMPARING XI R2 AND XI 3.X SECURITY


    Copyright 2008 Quorum Business Solutions, Inc.

    Default Users and Groups


    Users Administrator Guest QaaWSServletPrincipal PMUser Set Administrator password during install? Guest user disabled by default? Groups Administrators Everyone QaaWS Group Designer Report Conversion Tool Users BusinessObjects NT Users Universe Designer users Translators XI R2 yes yes no yes no no XI R2 yes yes no yes yes yes no XI 3.x yes yes yes no yes yes XI 3.x yes yes yes yes no yes yes

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Features
    Feature Folder Inheritance Group Inheritance Predefined Access Levels No Access View Schedule View On Demand Full Control Advanced Rights Custom Access Levels Break Inheritance Scope of Rights Combined Access Levels XI R2 yes yes yes yes yes yes yes yes yes no yes no no XI 3.x yes yes yes yes* yes yes yes yes yes yes yes yes yes

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Applications
    Application Central Management Console Web Component Adapter (WCA) Administrative Launchpad Query Builder Security Viewer Add-on Security Query Permissions Explorer XI R2 yes yes yes yes yes no no XI 3.x yes! no no yes no yes yes

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    SECURITY BASICS

    Copyright 2008 Quorum Business Solutions, Inc.

    Terminology
    Principal a user or group Rights override - a rights behavior in which rights that are set on child objects override the rights set on parent objects General Global Rights access rights enforced regardless of content type Content Specific Rights access rights unique to content type (Crystal Report, Web Intelligence, etc)

    Copyright 2008 Quorum Business Solutions, Inc.

    Predefined Rights

    Rights Option

    Description Unable to access an object Able to view historical (scheduled) instances of an object Able to schedule instances of an object Able to view live data on-demand Able to change or delete an object

    XI R2 yes yes yes yes yes

    No Access View Schedule View on Demand Full Control

    XI 3.x slightly different yes yes yes yes

    Copyright 2008 Quorum Business Solutions, Inc.

    Advanced/Granular Rights
    Rights Option Granted Denied Description The right is granted to a principal. The right is denied to a principal. The right is unspecified for a principal. By default, rights set to Not Specified are denied. The right applies to the object. This option becomes available when you click Granted or Denied. The right applies to sub-objects. This option becomes available when you click Granted or Denied. XI R2 yes yes XI 3.x yes yes

    Not Specified

    yes

    yes

    Apply to Object

    no

    yes

    Apply to Sub-Objects

    no

    yes

    Copyright 2008 Quorum Business Solutions, Inc.

    Folder Inheritance
    Global Rights

    Top Level Folder Object

    Subfolder Object

    NOTE: In XI R2, global rights are set on the Rights tab in the Settings management area. In XI 3.x, global rights are set in the Folders management area as All Folders Security

    Subfolder Object

    Object

    Copyright 2008 Quorum Business Solutions, Inc.

    Group Inheritance Rules

    eFashion Sales Managers 2008

    eFashion East

    eFashion South

    eFashion West

    Barrett

    Richards

    Larry

    Leonard

    Bennett

    Steve

    Copyright 2008 Quorum Business Solutions, Inc.

    Breaking Inheritance
    Still possible in XI 3.x as it was in XI Release 2 Can disable folder inheritance, group inheritance, or both May not be as necessary in XI 3.x because of new scope of rights features

    Copyright 2008 Quorum Business Solutions, Inc.

    Custom Access Levels New Management Area in CMC XI 3.x Can create new access levels or copy existing access levels Pre-defined rights (View, Schedule, View On Demand, Full Control) levels cannot be altered Easier to manage than setting Advanced rights

    Copyright 2008 Quorum Business Solutions, Inc.

    Scope of Rights
    Scope of rights new in XI 3.x, the ability to limit the extent of rights inheritance (Apply to Object, Apply to Sub-object) In BusinessObjects Enterprise XI R2, the administrator was forced to break inheritance when they wanted to give user rights to child folders that were different to those given to the parent folder In XI 3.x, rights are effective for both the parent object and the child objects by default (same as XI R2). However

    Copyright 2008 Quorum Business Solutions, Inc.

    Scope of Rights, cont.


    With BusinessObjects Enterprise XI 3.x, the administrator can now specify that a right set on a parent object should apply to that object only.

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    DEMONSTRATION

    Copyright 2008 Quorum Business Solutions, Inc.

    Demonstration

    Custom Access Levels Permissions Explorer Security Query

    Copyright 2008 Quorum Business Solutions, Inc.

    Demonstration Users & Groups

    Copyright 2008 Quorum Business Solutions, Inc.

    Demonstration Folders and Content

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    DEMONSTRATION CUSTOM ACCESS LEVELS


    Copyright 2008 Quorum Business Solutions, Inc.

    Demonstration Custom Access Levels

    Custom Access Level demo

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    PERMISSIONS EXPLORER AND SECURITY QUERY


    Copyright 2008 Quorum Business Solutions, Inc.

    Permissions Explorer (object centric) Use the Permissions Explorer to determine the rights a principal has on an object Improvement upon Check User Rights button in XI Release 2. Check User Rights only identified the effective rights the source of the rights assignment was still unknown Available from any object (folder, document, universe, connection, etc.) that can have rights assigned

    Copyright 2008 Quorum Business Solutions, Inc.

    Permissions Explorer

    Permissions Explorer demo

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Query (User Centric)


    Use Security Query to determine the objects to which a principal has been granted or denied access. Available from Users and Groups or Query Results

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Query Query Principal

    Query Principal - the user or group that you want to run the security query for. You can specify one principal for each security query

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Query Query Permission

    Query Permission - the right or rights you want to run the security query for, the status of these rights, and the object type these rights are set on

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Query Query Context


    Query Context - the CMC areas that you want the security query to search. For each area, you can choose whether to include sub-objects in the security query. A security query can have a maximum of four areas Security Query demo

    Copyright 2008 Quorum Business Solutions, Inc.

    CMC Essentials

    BEST PRACTICES

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Best Practices XI R2 only

    Disable Guest account if there is no requirement for anonymous access Set global access (Settings management area) to NO ACCESS, then assign rights at top level folders

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Best Practices XI R2 or XI 3.x


    Grant rights to groups on folders. Although rights can be granted on individual objects or users, the security model can become difficult to maintain. Use pre-defined rights wherever possible. Understand the additional complexity that advanced rights can introduce. Avoid breaking inheritance, while understanding it is sometimes necessary Add multiple users to Administrators group rather than sharing Administrator user account to improve traceability Document and maintain your security structure outside of the CMC MS Excel is a good choice

    Copyright 2008 Quorum Business Solutions, Inc.

    Security Best Practices XI 3.x


    Allot time in your upgrade/migration for administrative staff to understand both the new CMC interface/workflows as well as its new features Use custom access levels where you would have previously resorted to advanced rights. Identify opportunities to limit the scope of rights instead of breaking inheritance Take advantage of the Permissions Explorer and Security Query tools to diagnose and correct security issues

    Copyright 2008 Quorum Business Solutions, Inc.

    For More Information


    BusinessObjects Enterprise Administrators Guide BusinessObjects Enterprise XI 3.0/3.1 Upgrade Guide BusinessObjects 5/6 to XI 3.1 Migration Guide Business Objects Education
    BusinessObjects Enterprise XI R2: Securing Users and Content (SA210R2) BusinessObjects Enterprise XI 3.0/3.1: Administration and Security (SA210V3.0 or SA210V3.1)

    My Life With Business Objects, a blog http://dallasmarks.blogspot.com/ Integra Solutions Library http://www.IntegraSolutions.net/

    Copyright 2008 Quorum Business Solutions, Inc.

    Q&A
    Questions
    Dallas Marks, Senior Consultant and Trainer Integra Solutions, a business unit of Quorum Business Solutions I will repeat questions to ensure everyone can hear

    Contact information
    Email: dallas_marks@qbsol.com

    Evaluations
    This was breakout session #9015

    Copyright 2008 Quorum Business Solutions, Inc.

    Vous aimerez peut-être aussi