Security Export

Some security settings within a model can be exported into an XML file using the standard export procedure. This facility is only available to Administrators and Modelbuilders with sufficient security access privileges to Import and Export data.

This facility can be exported with a normal model and will be included with the model data or can be exported separately with no other model data.

The following parameters can be exported into an XML file:

Security Descriptors (both name and type)

Model Security Descriptors (Dimension Security Descriptors assigned to dimension items) Security Descriptor Groups (Group / Descriptor access assignments)

Users and Groups information and assignments Default Book security assignments

Model Security (User Group access to a particular model) User passwords are not exported.

Managing Models

4 ^|

Managing Models Model Administration

4.1 Model Administration

Model Administration can only be performed within the Modelbuilder application by an Administrator or a Model Builder who has been given access rights to Manage Models via security. Administrator users automatically inherit these access rights and can assign them to other users (see 2.2). General model administration tasks such as creating and deleting models are performed through the Model Administration Screen.

Note: It is strongly advised that you keep the number of models on a database to an absolute minimum as each model present on a system (whether enabled or disabled) increases the number of records held in the database by significant amounts. Therefore with each separate model present on a database, response times for significant tasks such as calculation and export / import may be detrimentally affected.

Similarly regular database maintenance should be carried out on your EPM Database Server to maintain the size and to optimize performance of database and log files.

Having opened the Model Administration screen, you will have access to Model Management and Model Properties functions. You will also be able to set the Model Access for User Groups using the Security tab, and set up Model Partitioning using the Partitioning tab.

• Access to Model Administration

• Model Management functions

• Modify Model Properties

• User Model Access

• Partitioning

4.2 Access to Model Administration

Only an Administrator has access to the full range of functions provided for Model

Administration including Administration, Security and Partitioning. Model Builders may have access to a basic set of model management functions, but this is at the discretion of the Administrator.

Model Administration can be accessed only if you are logged in to the Model Builder application with no Model open. With the appropriate security privilege (see 3.3.1) you can achieve this in three different ways:

Close the model you are in and click on the Manage Models toolbar icon

Close the model you are in and select Tools | Models Admin.

Managing Models Access to Model Administration

| 4

After entering your user name and password to login, the Model Selection screen is

displayed, where you can click on the Model Admin button. (The first time EPM is entered the Available Models pane will appear blank; otherwise it will show all accessible models.)

Any of the above three methods will give you access to Model Administration.

The Model Administration screen has three tabs: Administration, Security and Partitioning. A set of Model Management functions is provided under the Administration tab through buttons displayed along the foot of the screen. These include: create a New model, Open, Copy, Rename and Delete a model. Model Maintenance functionality is also provided via the Modify button which allows you to change a model’s properties such as its description, the model server and whether or not it is enabled or audited.

The screen layout is shown below with the first few buttons visible. A list is displayed of the models you have access to. Each of these has a description, an operational status and a specific Application Server that the model has been assigned to. On creation of a model, the Creation Date is generated automatically.

To apply a Model Administration function, select the required model then either click on the appropriate button at the bottom of the screen or select your option from the right click context menu.

4 ^|

Managing Models

Model Management functions

4.3 Model Management functions

The following Model Management functions are available on the Administration tab of the Model Administration screen:

In the Model Administration screen a new Model can be created by selecting the Create New Model button. Note that without the required security privilege (see 3.3.1) this option is not displayed and that Administrators have this privilege by default. The Model Name provided must be unique.

It is possible at this point to add a description for the model and to select a specific Model Server, where more than one Model Server exists. Provided Database Auditing has been enabled during EPM Configure, you will also have the option of recording audit information for this model (please refer to your Database User Guide for further information on Database Auditing).

The model’s creation date is stored automatically when a new model is created. This is displayed in the Model Administration screen (see 4.2). Models that were created prior to Release 2.5 will appear with a default creation date of ‘01/01/1900’.

Note: You should be aware that certain characters are disallowed in Model names as they cause problems in the Web aspects of EPM Applications.

4.3.2 Open Model

A model may be opened by either double clicking a specific Model name or using the Open Model button which can also be accessed using the appropriate accelerator key.

4.3.3 Copy Model

This function is only available to users with the appropriate security privilege. It is located in the Model Administration screen described. Selecting the Copy Model option will duplicate the selected Model. Without the required security privilege this option is not enabled. The name given to the new model must be unique. All the items, values and Books created in the existing Model are reproduced in the duplicate.

4.3.4 Rename Model

This function is only available to users with the appropriate security privilege. It is located in the Model Administration screen. Selecting the Rename Model option allows the user to change the Name and Description for the Model. The new name chosen must be unique and should avoid certain characters as these can cause problems in Web use and Data Bridge import.

4.3.5 Delete Model

In the Model Administration screen, highlight the model you wish to delete and select the Delete model option. Note that without the required security privilege (see 3.3.1) this option is

Managing Models Modify Model Properties

| 4

not displayed, and that the Administrator and Model Builders have this privilege by default.

Great care should be taken when deleting a Model, as this operation cannot be undone.

Before a model is deleted you will be required to confirm the operation. You will also be offered the options to delete the Audit records or Layouts associated with this model. Should you prefer to delete individual Layouts at a later date, rather than all at once, it will still be possible to delete them from your file store, using the Delete option in View Builder | Load Layout, or to delete layouts from the database. Similarly, it will still be possible to delete Audit records from the database at a later date, if preferred. More information on selective deletion of Audit records can be found in the EPM Oracle Database User Guide.

Note: You cannot delete a Model which another user currently has open. A message box will inform you of this when Delete is selected.

4.4 Modify Model Properties

Selecting the Modify option from the Model Administration screen (see 4.2) will invoke the Model Properties screen. Note that without the required security privilege within the Model Definition Security descriptor this option is not displayed and that the Administrator has this privilege by default.

Functions available on the Model Properties screen are:

• Amend Model Description

• Change Model Server

• Enable/Disable Model

• Audit Model

4.4.1 Amend Model Description

A model’s description is displayed against the model on the Administration tab of the Model

4 ^|

Managing Models Partitioning

4.4.2 Change Model Server

This function is only available to users with the appropriate security privilege. It is located by selecting Modify from the Model Administration screen (see 4.2). The Model Properties screen then displays a drop down of the available Model Servers on which a model can run. This can be used to organize load spreading by allocating specific models to particular model servers.

As each model must operate through a single model server, this is only of use when you have several models in use and wish to separate their model server loadings.

This feature also provides a convenient means for dealing with model servers that break down or require maintenance, as it allows processing to be switched to another model server.

However you should not exercise this option on existing models that are in use. You can see which users are using which models through the EPM Monitor application.

4.4.3 Enable/Disable Model

The Model Administration screen (see 4.2) indicates whether the operational Status of a model is enabled or not. A User can only open a model if it is enabled. The model Status can be amended by selecting Modify from the Model Administration screen and the Model Properties screen is then displayed. If the Model Enabled box is cleared, the Model is disabled and is invisible to users until it is enabled again. This function is only available to users with the appropriate security privilege.

4.4.4 Audit Model

The Model Administration screen (see 4.2) indicates whether auditing is enabled or disabled for a model. The function to turn auditing on or off is located by highlighting the model and

selecting Modify from the Model Administration screen and the Model Properties screen is then displayed. Provided Database Auditing has been enabled during EPM Configure, you will have the option of recording audit information for this model (please refer to your Database User Guide for further information on Database Auditing). This function is only available to administrators.

4.5 Partitioning

Model Partitioning is available within EPM to spread the load of model calculation over several processors or machines. This is an extension to the multi threading capabilities introduced in Version 1.5.4. This is available through the Partitioning tab within the Model Administration screen.

To an end user a partitioned model will be indistinguishable from a non-partitioned model. In terms of processor power and calculation however the resources required to do this will be spread across several processors (on a multi processor machine) or machines according to Versions, Periods or Responsibility Centers depending how the model has been partitioned.

More information on how to partition models and implications regarding dependencies is available within the EPM Model Partitioning document available separately.

Language Capabilities

5 ^|

Language Capabilities Localization Issues

5.1 Localization Issues

Several additional functions have been provided to support a customized user interface. As EPM has to operate in a multi-national framework, it has been designed to operate in several international languages. When you select your preferred language, all of the EPM screen and dialog text should appear in that language providing the EPM Language Editor has been implemented. As your model is constructed new items can be given names with several selectable alternatives (Aliases) to further support individual language choice.

It is possible to rename Dimension Line Items in EPM to a preferred alternative for different users using the Data Aliases function. The original name will be retained but a user may choose to view an item under an alternative alias. An example where this might be useful is for different languages or where certain users may prefer to use codes rather than names.

The renaming of Dimension items is managed using the Data Alias functionality detailed below.

• Managing Data Aliases

5.2 Managing Data Aliases

Alternative terms are grouped according to a Data Alias which must first be created by an administrator.

To create a Data Alias, select Tools | Manage Data Aliases to bring up a window in which you can carry out several basic Data Alias functions. The predefined default Aliases are present.

To create a new Data Alias, select Add then type an Alias Name in the text box that appears, and press <Enter>.

The new Data Alias will be displayed in the Available Data Aliases area and is now available for users to select as their Primary Alias.

Data Aliases can be renamed using Manage Data Aliases. To rename an Alias, highlight the Data Alias to be renamed in the Available Data Aliases area, select Rename and then enter a name in the Alias Name text box. The selected Data Alias will now be renamed.

To delete a Data Alias you highlight the required name in the Available Data Aliases area and select Delete.

A message box will appear asking you to confirm your selected deletion. From here you can accept by selecting Yes or cancel the operation by selecting No.

Language Capabilities Managing Data Aliases

| 5

Note: It is not possible to Delete or Rename the predefined default Aliases.

5 ^|

Language Capabilities Managing Data Aliases

EPM Monitor

6 ^|

EPM Monitor

Monitoring Current Usage

6.1 Monitoring Current Usage

EPM has an additional feature available on the EPM Server, which can monitor users currently connected to the EPM suite. The EPM Monitor is an administration utility with limited but essential housekeeping functionality. It displays the Users currently logged into the EPM suite accompanied by useful information regarding User Types, the client machine that Users are connecting from and the time they logged on. It also allows you to forcibly log off connected users. The logout function also allows users who have been logged out as the result of a fault to reuse their login; however this does not constitute a forced logout.

• User Details

• Logging off a User

• License Details

The EPM System Information utility can also be used in this role (for more information, see the EPM System Information guide).

6.2 User Details

Logged in Users will appear in the User Details tab. This displays:

the User Name defined in the User and Group Maintenance screen (see 2.2.6.1) the User Type which is the application User Group the user is assigned to (i.e. Model

Builder, Book Builder, End User. See 2.2.6.2)

the Client Machine which is the workstation the User is connected to as defined within your network

the EPM Server which is the Server connected to (this could differ if the Web Server is set up on a different machine)

the Logon Date which details the date and time the user logged onto EPM the Model Name

Once you have launched the EPM Monitor you need to select Update to manually display the Users currently logged in. Here you can also choose to automatically refresh the screen using the Auto Refresh checkbox, which will display changes immediately rather than requiring a manual refresh.

EPM Monitor Logging off a User

| 6

It is also possible to filter the list of logins by checking the Apply Filter check box, selecting the column to filter on from the Filter Column drop down menu and entering a value in the Filter Value text box.

The functionality provided by the Logoff button is described in section 6.3.

6.3 Logging off a User

A function that may be of use in certain circumstances within the EPM Monitor is the Logoff function within the User Details tab. This is used to forcibly log off a User who is apparently connected to the EPM Server. Although you might not want to log off an actively working User, this function is useful when a User is apparently logged into the Server but has no client application running (e.g. for some reason the user has encountered system problems).

The server will generally monitor user activity behind the scenes and time-out a user session where no activity has occurred for some period of time. If the user needs to re-enter EPM quickly and cannot wait for this automatic log off or some additional factors have contributed towards this system discrepancy then an Administrator can log off a User.

To log off a user select the user from the list displayed in the main window of EPM Monitor, which will enable the Logoff button. Select this button and you will be prompted to enter an Administrator User name and password. Successfully entering these details and clicking OK will cause the selected User to be logged out of the EPM suite.

The user concerned will receive a message on their client machine informing them that they are about to logged out. Changes to books in the process of being edited may be lost and the book will appear to be locked the next time Model Builder or Book Builder is opened. A client application error may occur but since a user is only likely to be logged off due to database or application server issues this is of little or no significance.

Note: You must belong to the Administrator group to log off another User.

Logging out all users will allow the services to close, which will cause a forced logout for all users. Also restarting the EPM service will cause all users to be logged out.

6 ^|

EPM Monitor License Details

For example some Dimensions may be purchased as add-ons to a basic Activity Analysis license.

This screen also displays the current number of User types logged onto the system and the total number of licenses available for each of these User types.

Once you have launched the EPM Monitor you need to select the Update button to manually display the Users currently logged in.

Note: Some inbuilt groups have privileges to use other applications without requiring additional licenses i.e. a model builder can also use the web or book viewer. Users logging into an application in this way will be listed in the User Details tab but not in the License Details tab.

Business Objects Information

Resources

A ^|

Business Objects Information Resources Documentation and information services

A1. Documentation and information services

Business Objects offers a full documentation set covering its products and their deployment.

Additional support and assistance are also available to help maximize the return on your business intelligence investment. The following sections detail where to get Business Objects documentation and how to use the resources at Business Objects to meet your needs for technical support, education, and consulting.

• Documentation

• Customer support, consulting and training

• Useful addresses at a glance

A2. Documentation

You can find answers to your questions on how to install, configure, deploy, and use Business Objects products from the documentation.

What’s in the documentation set?

View or download the Business Objects Documentation Roadmap, available with the product documentation at http://www.businessobjects.com/support/ .

The Documentation Roadmap references all Business Objects guides and lets you see at a glance what information is available, from where, and in what format.

Where is the documentation?

You can access electronic documentation at any time from the product interface, the web, or from your product CD.

You can access electronic documentation at any time from the product interface, the web, or from your product CD.

In document EPM Performance Suite Profitability Administration & Security Guide (Page 32-60)