When finished, click Apply

3.9 Security and Catalog Organization

Because permissions are granted in the catalog, it is very important to be aware of this design when creating roles for your organization and when structuring the catalog.

For example, assume that your organization requires the roles that are described in Table 3–3.

You might consider setting up the catalog structure as described in Table 3–4.

Set up the roles as follows:

Example Role Configuration Sales Report Consumer:

Grant catalog permissions:

■ To the Sales Reports folder add the Sales Report Consumer and grant:

Read

Schedule Report Run Report Online View Report Online

Table 3–3 Example Role Requirements

Role Required Permissions

Sales Report Consumer Needs to view and schedule Sales department reports.

Financial Report Consumer Needs to view and schedule Financial department reports.

Needs access to the Excel Analyzer.

Executive Report Consumer Needs to consume both Sales and Financial reports and executive level reports.

Sales Report Developer Needs to create data models and reports for Sales department only.

Financials Report Developer Needs to create data models and reports for Financials department only. Needs to create some reports using the Excel Analyzer.

Layout Designer Needs to design report layouts for all reports.

Table 3–4 Example Catalog Setup

Folder Contents

Sales Reports All reports for Sales Report Consumer. Also contains any Sub Templates and Style Templates associated with Sales reports.

Sales Data Models All data models for Sales reports.

Financials Reports All reports for Financials Report Consumer. Also contains any Sub Templates and Style Templates associated with Financials reports.

Financials Data Models All data models for Financials reports Executive Reports All executive-level reports and data models.

Security and Catalog Organization

Read

Grant Data Access:

On the Roles page, locate the role, then click Add Data Sources. Add all data sources used by Sales reports.

Financials Report Consumer Assign Roles:

On the Roles tab assign the Financials Report Consumer the BI Publisher Excel Analyzer role.

Grant catalog permissions:

■ To the Financials Reports folder add the Financials Report Consumer and grant:

Read

Schedule Report Run Report Online View Report Online

Select Apply permissions to items within this folder

■ To the Financials Data Models folder add the Financials Report Consumer and grant:

Read

Grant Data Access:

On the Roles page, locate the role, then click Add Data Sources. Add all data sources used by Financials reports.

Executive Report Consumer Assign Roles:

On the Roles tab, assign the Executive Report Consumer the Sales Report Consumer and the Financials Report Consumer roles.

Grant catalog permissions:

■ To the Executive Reports folder add the Executive Report Consumer and grant:

Read

Schedule Report Run Report Online View Report Online

Select Apply permissions to items within this folder Grant Data Access:

On the Roles tab, locate the role, then click Add Data Sources. Add all data sources used by Executive reports.

Sales Report Developer Assign Roles:

On the Roles tab, assign the Sales Report Developer the BI Publisher Developer Role and the BI Publisher Template Designer Role.

Grant Data Access:

On the Roles tab, locate the Sales Report Developer and click Add Data Sources. Add all data sources from which Sales data models are built.

Grant Catalog Permissions:

■ In the catalog, to the Sales Data Models folder add the Sales Report Developer and grant:

Read, Write, Delete

■ To the Sales Reports folder, add the Sales Report Developer and grant:

Read, Write, Delete Financials Report Developer Assign Roles:

On the Roles tab, assign the Financials Report Developer the BI Publisher Developer Role, the BI Publisher Excel Analyzer Role, and the BI Publisher Template Designer Role.

Grant Data Access:

On the Roles tab, locate the Financials Report Developer and click Add Data Sources.

Add all data sources from which Financials data models are built.

Grant Catalog Permissions:

■ In the catalog, to the Financials Data Models folder add the Financials Report Developer and grant:

Read, Write, Delete

■ To the Financials Reports folder, add the Financials Report Developer and grant:

Read, Write, Delete Layout Designer Assign Roles:

On the Roles tab, assign the Layout Designer the BI Publisher Template Designer Role and the BI Publisher Developer Role.

Grant Catalog Permissions:

■ In the catalog, to the Financials Data Models and the Sales Data Models folders add the Layout Designer Role and grant:

Read

■ To the Financials Reports and Sales Reports folders, add the Layout Designer and grant:

Read, Write, Delete

3.10 Using LDAP with BI Publisher

You can use BI Publisher with an LDAP provider for authentication only or for both authentication and authorization.

Using LDAP with BI Publisher

■ Section 3.10.1, "Configuring BI Publisher to Use an LDAP Provider for Authentication Only"

■ Section 3.10.2, "Configuring BI Publisher to Use an LDAP Provider for Authentication and Authorization"

3.10.1 Configuring BI Publisher to Use an LDAP Provider for Authentication Only

To use an LDAP provider for authentication in conjunction with another security model for authorization, perform the following in BI Publisher:

To configure BI Publisher to use LDAP for authentication only: