EVT SBOUC2012 Dallas Marks Delivering Personalized and Secure Business Intelligence

September 10-13, 2012
Cr|ando, I|or|da
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
uslng Lhe SAÞ 8uslnessCb[ecLs 8uslness lnLelllgence 4.0 lnformauon ueslgn 1ool
Sesslon 1213
8reakouL uescrlpuon
Do you need to tailor semantic layer security to
specifc users or groups within your organization?
Attend this session to learn about security profles
in the new Information Design Tool in SAP
BusinessObjects Business Intelligence 4.0 (BI4.0).
Understand how security profles can control
objects, rows, query types, and connections. See
live demonstrations of each type of restriction and
the efect they have on end users’ interactive
experience.
2
AbouL uallas Marks
! Dallas Marks is a Principal Technical Architect and Trainer
at EV Technologies, an SAP Software Solutions and
Sybase partner focusing on business intelligence and
business analytics.
! Dallas is an SAP Certifed Application Associate and
authorized trainer for Web Intelligence, Universe Design,
Dashboards, and SAP BusinessObjects BI Platform
administration. Dallas has worked with SAP
BusinessObjects tools since 2003 and presented at the
North American conference each year since 2006.
! Dallas has implemented SAP BusinessObjects solutions
for a number of industries, including energy, health care,
and manufacturing. He holds a master’s degree in
Computer Engineering from the University of Cincinnati.
! Dallas is a co-author of the upcoming SAP Press title SAP
BusinessObjects Web Intelligence, 2nd edition, and blogs
about various business intelligence topics at
http://dallasmarks.org/.
3
EV Technologies is an SAP BusinessObjects solutions frm
SAP Software Solutions Partner
SAP Certifed Solutions provider
Sybase Certifed Solutions provider
SAP BusinessObjects Enterprise Certifed
ASUG Members/Volunteers
Migration experts – classic BusinessObjects products to
SAP BusinessObjects XI R2 – XI 3.1- BI4

5
Beginning September 27, 2012,
a series of 9 free webinars to
help you improve the health
and stability of your SAP
BusinessObjects deployment.
Visit http://evtechnologies.com/webinars to register.
Weblnar Serles - 8e a 8euer SAÞ 8uslnessCb[ecLs AdmlnlsLraLor
Diversifed Semantic Layer
! A podcast devoted to
business intelligence
with SAP
BusinessObjects
! Recorded by a bunch
of folks active in the
SAP BusinessObjects
global community
! Perfect companions
for your morning
commute
! Follow on twitter at
@dslayered
http://dslayer.net

Agenda
! The Information Design Tool
! The Need for Universe Security
! Introducing Security Profles
! Creating Security Profles
! Next Steps
7
1nL INICkMA1ICN DLSIGN 1CCL
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
ulsclalmer
“I'm just a simple
man trying to
make my way in
the universe.”
―Jango Fett
9
This presentation focuses on BI 4.0
universes created with the Information
Design Tool. For XI R2 and XI 3.0/XI 3.1
universes created with Universe Design
Tool (Designer), refer to the following
presentation.
Secure Universes Using Restriction Sets
Insight 2007 BusinessObjects User Conference
October 2007, Orlando, Florida
10
ulsclalmer
Learn more abouL lnformauon ueslgn 1ool
11
! Go, Un|verse, Go!
1echn|ques for Þerformance 1un|ng
uavld 8aLhbun | Sesslon 0607
1uesday, SepLember 11, 2012 11:13 AM - 12:13 AM
! ASUG Semannc Layer Inßuence Counc||
uerek Loranca & Þlerpaolo vezzosl | Sesslon 0906
1uesday, SepLember 11, 2012 10:00 AM - 11:00 ÞM
! Informanon Des|gn 1oo| Þr|mer and kev|ew
Clndl Powson | Sesslon 0606
1uesday, SepLember 11, 2012 10:00 AM - 11:00 AM
! Þrepar|ng for L|fe on Þ|anet UNk
Alan Mayer | Sesslon 0611
Wednesday, SepLember 12, 2012 8:00 AM - 9:00 AM
! SAÞ 8us|nessCb[ects Web Inte|||gence 4.0 on
SAÞ NetWeaver 8W
Shawn ÞaLrlck uuñy | Sesslon 1209
1uesday, SepLember 11, 2012 2:43 ÞM - 3:43 ÞM
This list represents only a portion of the 22 semantic layer breakout sessions at the
ASUG SAP BusinessObjects User Group Conference. Please check the official
conference schedule for a full listing.
WhaL ls a legacy unv unlverse?
12
Connection
*.unv
WhaL ls a Lradluonal unv unlverse?
13
Created with the Universe Design Tool,
formerly known as “Universe Designer”
or simply “Designer”.
Business
Layer
Data
Foundation
WhaL ls a unx unlverse?
14
Connection
Data Foundation
Business Layer
*.cns
*.dfx
*.blx
*.unx
The term “Common Semantic Layer” is also used to
describe this new universe format.
WhaL ls a unx unlverse?
15
*.cns
*.dfx
*.blx
Created with the new
Information Design Tool
Business
Layer
Data
Foundation
Web lnLelllgence 4.0 Cuery MeLhods
! Web Inte|||gence now a||ows
8Lx (SAÞ NetWeaver
°
8W)
and Ana|ys|s V|ew to be
quer|ed d|rect|y w|thout a
un|verse
16
16
Related Sessions:

SAP BusinessObjects Web Intelligence 4.0 on SAP NetWeaver BW
Shawn Patrick Duffy | Session 1209
Tuesday, September 11, 2012 2:45 PM - 3:45 PM
! Web lnLelllgence now allows
8Lx (SAÞ neLWeaver
º
8W)
and Analysls vlew Lo be
querled dlrecLly wlLhouL a
unlverse
! Web Inte|||gence k|ch C||ent
(shown) adds support for
Lxce|, 1ext, and Web Serv|ces
17
Web lnLelllgence Cuery MeLhods (conL.)
17
! Web lnLelllgence now allows
8Lx (SAÞ neLWeaver
º
8W)
and Analysls vlew Lo be
querled dlrecLly wlLhouL a
unlverse
! Web lnLelllgence 8lch CllenL
(shown) adds supporL for
Lxcel, 1exL, and Web Servlces
! 1h|s presentanon focuses on
secur|ng un|verses created
w|th the new Informanon
Des|gn 1oo| 4.0
Web lnLelllgence Cuery MeLhods (conL.)
18
1nL NLLD ICk UNIVLkSL SLCUkI1¥
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
8esLrlcL access Lo enure unlverse by semng
unlverse rlghLs ln Lhe CenLral ManagemenL
Console (CMC)
1wo MeLhods for Securlng unlverses
20
CreaLe varlous forced and opuonal resLrlcuons
wlLhln lnformauon ueslgn 1ool
lorced
! Cb[ecL resLrlcuons
! Self-resLrlcung [olns
! lnferred exLra Lables
Cpuonal
! lllLer ob[ecLs
Þersonallzlng Ad Poc Cuerles
21
Need to secure bus|ness-cr|nca| data based on
a user’s ro|e |n the organ|zanon, but standard
un|verse des|gn so|unons añect a|| users
!"#$%&'(%$$) .
. a d|ñerent so|unon |s
requ|red to app|y secur|ty
+,"-#.,"%$$) to spec|hc users
and groups:
/'+!(#&) 0(,1$'23
Þersonallzlng Ad Poc Cuerles
22
Database-spec|hc techn|ques such as
1eradata Çuery 8and|ng and Crac|e V|rtua|
Þr|vate Databases can be used but are beyond
the scope of th|s d|scuss|on
Secur|ty Þroh|es are |dea| for
organ|zanons that use mu|np|e
database p|auorms and need a
s|ng|e, |ntegrated approach
to data secur|ty
Securlng and Þersonallzlng elashlon
23
Gotta analyze those
party pants sales!
Securlng and Þersonallzlng elashlon
24
How do we ensure
that Bennett is
limited to only
Colorado Springs
data…
Securlng and Þersonallzlng elashlon
25
While allowing
executives to look
across the
organization?
SLCUkI1¥ ÞkCIILLS
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
WhaL ls a SecurlLy Þroñle?
27
A security profile is a group of
security settings that apply to a
universe published in the repository
Similar features are available in
the Universe Design Tool for
traditional universes (UNV), known
as access restrictions or restriction
sets
WhaL ls a SecurlLy Þroñle?
28
Data Security Profiles have security
settings defined on objects in the
data foundation and on data
connections
Business Security Profiles have
security settings defined on objects
in the business layer
Type of restriction Description
Connection Override the default universe connection
with an alternate connection
Query controls Limit the size of the result set and query
execution time
SQL generation controls Control how SQL is generated by user
query
Row access Row-level security – force restrictions
into the WHERE clause of inferred SQL
Alternative table access Replace a table referenced in the universe
with another table in the database
Object access Column-level security
WhaL can be resLrlcLed ln Lradluonal unv unlverses?
29
Type of restriction Description
Connection Override the default universe connection
with an alternate connection
Query controls Limit the size of the result set and query
execution time
SQL generation controls Control how SQL is generated by user
query
Row access Row-level security – force restrictions
into the WHERE clause of inferred SQL
Alternative table access Replace a table referenced in the universe
with another table in the database
WhaL can be resLrlcLed ln new unx unlverses?
Data Foundation Restrictions
Similar restrictions exist in Universe Design Tool
30
Type of restriction Description
Create Query Defines the universe views* and business
layer objects** available to the user
in the query panel.
Display Data Grants or denies access to the data
retrieved by objects in the business layer
when the user runs a query.*
Filters Defines filters using objects in the
business layer.*
WhaL can be resLrlcLed ln new unx unlverses?
Business Layer Restrictions
* New feature of BI 4.0
** Similar to object restrictions in Universe Design Tool
31
CkLA1ING SLCUkI1¥ ÞkCIILLS
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
1) Create &
Manage
Security
Model
2) Build and
Export
Universe
3) Add
Security
Profile
4) Create
Web
Intelligence
Documents*
5) Deploy
using
Lifecycle
Manager
* Crystal Reports and SAP
BusinessObjects Dashboards
(formerly Xcelsius
®)
based on
universes can also leverage
Security Profiles
33
Securlng unlverses - ueslgn Þrocess
lmporung Secure unlverses from xl 82 & xl 3.1
Import BIAR file into BI 4.0 using
Upgrade Management Tool
Import and Convert UNV to UNX
using Information Design Tool (IDT)
Validate Converted Security Profile
Test and Deploy
34
35
35
uefaulL unlverse ÞarameLers - uaLa loundauon Layer
uefaulL unlverse ÞarameLers - 8uslness Layer
36
Editing Toolbar
Tools Menu
Access restrictions can be
accessed from either the tools
menu or the editing toolbar
Access 8esLrlcuons ln Lhe unlverse ueslgn 1ool (unv)
37
Access restrictions are available via
Security Editor on Window menu or
editing toolbar
SecurlLy Þroñles ln lnformauon ueslgn 1ool (unx)
38
lnformauon ueslgn 1ool - SecurlLy LdlLor
39
1. Select universe
and create security
profiles
uslng Lhe SecurlLy LdlLor - SLep 1 of 4
40
41
2. Assign Users or
Groups
41
uslng Lhe SecurlLy LdlLor - SLep 2 of 4
uslng Lhe SecurlLy LdlLor - SLep 3 of 4
42
3. Adjust Options
uslng Lhe SecurlLy LdlLor - SLep 4 of 4
43
4. Test Specific Users and Groups
uaLa SecurlLy Þroñle - Connecuons
! 8eplace defaulL
unlverse connecuon
! use Case:
uefaulL connecuon
may polnL Lo
producuon buL
SecurlLy Þroñle polnLs
uA1 users Lo uA1
connecuon
44
uaLa SecurlLy Þroñle - ConLrols
! LlmlL number of rows
or execuuon ume
! use Case:
Conservauve defaulL
semngs for all users
buL more aggresslve
semngs for power
users
45
uaLa SecurlLy Þroñle - SCL
! ConLrol complexlLy of
user querles
! use case:
uefaulL semngs may
allow sub-querles and
comblned querles, buL
securlLy proñle llmlLs
casual buslness users
46
uaLa SecurlLy Þroñle - 8ows
! lorce resLrlcuons lnLo
SCL WPL8L clause
! use case:
8ow level securlLy for
sales Leam so Lhey
only see ºLhelr"
numbers
! 1A8LL.CCLuMn=
[vA8lA8LL('8CuSL8')
! May also deslre Lo
dlsable ablllLy Lo vlew
SCL ln Web
lnLelllgence
47
uaLa SecurlLy Þroñle - 1ables
! ÞolnL Lo dlñerenL Lable
ln daLabase schema
! use Case:
uefaulL users polnL Lo
one year of facLs, buL
securlLy proñle polnLs
Lo Lhree years of facLs
for power users
! noL necessary for
replacemenL Lable Lo
be deñned ln unlverse
48
8uslness SecurlLy Þroñle - CreaLe Cuery
! Plde buslness layer vlews
or buslness layer ob[ecLs
from cerLaln users
! use Case:
ConLrol vlslblllLy of
sensluve measures such
as proñL margln
49
8uslness SecurlLy Þroñle - ulsplay uaLa
! ÞrevenLs dlsplay of ob[ecLs
on reporL
! lf Au1C_uÞuA1L_CuL8?
parameLer ls no, Lhen
refreshlng reporL
generaLes an error
! lf Au1C_uÞuA1L_CuL8?
parameLer ls ?es, Lhen Lhe
denled ob[ecLs are
removed from query and
any buslness layer ñlLers
50
! Filter universe objects at
the business layer, not
database columns at
data foundation layer
! Still applies flter to SQL
statement
51
8uslness SecurlLy Þroñle - lllLers
DLMCNS1kA1ICNS
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
NLk1 S1LÞS
uellverlng Þersonallzed and Secure 8uslness lnLelllgence
Additional Resources
SAP BusinessObjects Business Intelligence 4.0:
Business Intelligence Platform Administrator
Guide
54
Quick Reference Getting Around Information
Design Tool (SCN, June 2011).
SAP BusinessObjects Business Intelligence 4.0:
Web Intelligence User’s Guide
SAP BusinessObjects Business Intelligence 4.0:
Information Design Tool Guide
Cmclal ÞroducL 1uLorlals on SCn
www.sap.com/learnbi
55
uallas Marks
[dallasmarks
Þrlnclpal 1echnlcal ArchlLecL



hup://dallasmarks.org/
hup://llnkedln.com/ln/dallasmarks/

vlslL Lv 1echnologles aL 8ooLh 210 ln Lhe ÞarLner Showcase!





56
1hank ?ou!
Thank you for participating.

Please provide feedback on this session by
completing a short survey via the event
mobile application.

SESSION CODE: 1213


Learn more year-round at www.asug.com