Delivering Personalized and Secure Business Intelligence

(1)

September 10-‐13, 2012 Orlando, Florida

Using the SAP BusinessObjects Business Intelligence 4.0 InformaAon Design Tool Session 1213

(2)

Breakout DescripAon

Do you need to tailor semantic layer security to

specific users or groups within your organization?

Attend this session to learn about security profiles

in the new Information Design Tool in SAP

BusinessObjects Business Intelligence 4.0 (BI4.0).

Understand how security profiles can control

objects, rows, query types, and connections. See

live demonstrations of each type of restriction and

the eﬀect they have on end users’ interactive

(3)

About Dallas Marks

§  Dallas Marks is a Principal Technical Architect and Trainer at EV Technologies, an SAP Software Solutions and

Sybase partner focusing on business intelligence and business analytics.

§  Dallas is an SAP Certified Application Associate and

authorized trainer for Web Intelligence, Universe Design, Dashboards, and SAP BusinessObjects BI Platform

administration. Dallas has worked with SAP

BusinessObjects tools since 2003 and presented at the North American conference each year since 2006.

§  Dallas has implemented SAP BusinessObjects solutions for a number of industries, including energy, health care, and manufacturing. He holds a master’s degree in

Computer Engineering from the University of Cincinnati.

§  Dallas is a co-author of the upcoming SAP Press title SAP BusinessObjects Web Intelligence, 2nd edition, and blogs about various business intelligence topics at

http://dallasmarks.org/.

(4)

EV Technologies is an SAP BusinessObjects solutions firm

SAP Software Solutions Partner

SAP Certified Solutions provider

Sybase Certified Solutions provider

SAP BusinessObjects Enterprise Certified

ASUG Members/Volunteers

Migration experts – classic BusinessObjects products to

SAP BusinessObjects XI R2 – XI 3.1- BI4

(5)

5

Beginning September 27, 2012,

a series of 9 free webinars to

help you improve the health

and stability of your SAP

BusinessObjects deployment.

Visit http://evtechnologies.com/webinars to register.

(6)

Diversified Semantic Layer

§

 

A podcast devoted to

business intelligence

with SAP

BusinessObjects

§

 

Recorded by a bunch

of folks active in the

SAP BusinessObjects

global community

§

 

Perfect companions

for your morning

commute

§

 

Follow on twitter at

@dslayered

(7)

Agenda

§

 

The Information Design Tool

§

 

The Need for Universe Security

§

 

Introducing Security Profiles

§

 

Creating Security Profiles

§

 

Next Steps

(8)

THE INFORMATION DESIGN TOOL

(9)

Disclaimer

“I'm just a simple

man trying to

make my way in

the universe.

”

―Jango Fett

(10)

This presentation focuses on BI 4.0

universes created with the Information Design Tool. For XI R2 and XI 3.0/XI 3.1 universes created with Universe Design Tool (Designer), refer to the following presentation.

Secure Universes Using Restriction Sets

Insight 2007 BusinessObjects User Conference October 2007, Orlando, Florida

(11)

Learn more about InformaAon Design Tool

11

§  Go, Universe, Go!

Techniques for Performance Tuning David Rathbun | Session 0607

Tuesday, September 11, 2012 11:15 AM -‐ 12:15 AM

§  ASUG SemanMc Layer Inﬂuence Council

Derek Loranca & Pierpaolo Vezzosi | Session 0906 Tuesday, September 11, 2012 10:00 AM -‐ 11:00 PM

§  InformaMon Design Tool Primer and Review Cindi Howson | Session 0606

Tuesday, September 11, 2012 10:00 AM -‐ 11:00 AM

§  Preparing for Life on Planet UNX

Alan Mayer | Session 0611

Wednesday, September 12, 2012 8:00 AM -‐ 9:00 AM

§  SAP BusinessObjects Web Intelligence 4.0 on

SAP NetWeaver BW

Shawn Patrick Duﬀy | Session 1209

Tuesday, September 11, 2012 2:45 PM -‐ 3:45 PM

This list represents only a portion of the 22 semantic layer breakout sessions at the ASUG SAP BusinessObjects User Group Conference. Please check the official conference schedule for a full listing.

(12)

What is a legacy UNV Universe?

Connection

(13)

What is a tradiAonal UNV Universe?

13

Created with the Universe Design Tool, formerly known as “Universe Designer”

or simply “Designer”.

Business

Layer

Data

(14)

What is a UNX Universe?

Connection

Data Foundation

Business Layer

*.cns *.dfx *.blx *.unx

The term “Common Semantic Layer” is also used to

describe this new universe format.

(15)

What is a UNX Universe?

15

*.cns *.dfx *.blx

Created with the new Information Design Tool

Business

Layer

Data

(16)

Web Intelligence 4.0 Query Methods

§  Web Intelligence now allows BEx (SAP NetWeaver®_BW)

and Analysis View to be queried directly without a universe

Related Sessions:

SAP BusinessObjects Web Intelligence 4.0 on SAP NetWeaver BW Shawn Patrick Duffy | Session 1209

(17)

§  Web Intelligence now allows

BEx (SAP NetWeaver®_BW)

and Analysis View to be queried directly without a universe

§  Web Intelligence Rich Client (shown) adds support for

Excel, Text, and Web Services

17

Web Intelligence Query Methods (cont.)

(18)

§  Web Intelligence now allows

BEx (SAP NetWeaver®_BW)

and Analysis View to be queried directly without a universe

§  Web Intelligence Rich Client

(shown) adds support for

Excel, Text, and Web Services

§  This presentaMon focuses on securing universes created with the new InformaMon Design Tool 4.0

(19)

THE NEED FOR UNIVERSE SECURITY

(20)

Restrict access to enAre universe by sehng universe rights in the Central Management Console (CMC)

Two Methods for Securing Universes

Create various forced and opAonal restricAons within InformaAon Design Tool

Forced

  Object restricAons

  Self-‐restricAng joins

  Inferred extra tables

OpAonal

(21)

Personalizing Ad Hoc Queries

21

Need to secure business-‐criMcal data based on

a user’s role in the organizaMon, but standard

universe design soluMons aﬀect all users

unilaterally …

… a diﬀerent soluMon is

required to apply security

condi.onally to speciﬁc users

and groups:

Security proﬁles.

(22)

Personalizing Ad Hoc Queries

Database-‐speciﬁc techniques such as

Teradata Query Banding and Oracle Virtual

Private Databases can be used but are beyond

the scope of this discussion

Security Proﬁles are ideal for

organizaMons that use mulMple

database pladorms and need a

single, integrated approach

to data security

(23)

Securing and Personalizing eFashion

23

Gotta analyze those party pants sales!

(24)

Securing and Personalizing eFashion

How do we ensure that Bennett is limited to only Colorado Springs data…

(25)

Securing and Personalizing eFashion

25 While allowing executives to look across the organization?

(26)

SECURITY PROFILES

(27)

What is a Security Proﬁle?

27

A

security profile

is a group of

security settings that apply to a

universe published in the repository

Similar features are available in

the Universe Design Tool for

traditional universes (UNV), known

as access restrictions or restriction

(28)

What is a Security Proﬁle?

Data Security Profiles

have security

settings defined on objects in the

data foundation and on data

connections

Business Security Profiles

have

security settings defined on objects

in the business layer

(29)

Type of restriction Description

Connection Override the default universe connection

with an alternate connection

Query controls Limit the size of the result set and query execution time

SQL generation controls Control how SQL is generated by user query

Row access Row-level security – force restrictions

into the WHERE clause of inferred SQL Alternative table access Replace a table referenced in the universe

with another table in the database

Object access Column-level security

What can be restricted in tradiAonal UNV universes?

(30)

Connection Override the default universe connection

with an alternate connection

Query controls Limit the size of the result set and query execution time

SQL generation controls Control how SQL is generated by user query

Row access Row-level security – force restrictions

into the WHERE clause of inferred SQL Alternative table access Replace a table referenced in the universe

with another table in the database

What can be restricted in new UNX universes?

Data Foundation Restrictions

(31)

Create Query Defines the universe views* and business

layer objects** available to the user in the query panel.

Display Data Grants or denies access to the data

retrieved by objects in the business layer when the user runs a query.*

Filters Defines filters using objects in the

business layer.*

What can be restricted in new UNX universes?

Business Layer Restrictions

* New feature of BI 4.0

** Similar to object restrictions in Universe Design Tool

(32)

CREATING SECURITY PROFILES

(33)

1) Create & Manage Security Model 2) Build and Export Universe 3) Add Security Profile 4) Create Web Intelligence Documents* 5) Deploy using Lifecycle Manager

* Crystal Reports and SAP BusinessObjects Dashboards (formerly Xcelsius®)_{based on}

universes can also leverage Security Profiles

33

(34)

ImporAng Secure Universes from XI R2 & XI 3.1

Import BIAR file into BI 4.0 using

Upgrade Management Tool

Import and Convert UNV to UNX

using Information Design Tool (IDT)

Validate Converted Security Profile

Test and Deploy

(35)

35

(36)

(37)

Editing Toolbar Tools Menu

Access restrictions can be

accessed from either the tools menu or the editing toolbar

Access RestricAons in the Universe Design Tool (UNV)

(38)

Access restrictions are available via Security Editor on Window menu or editing toolbar

(39)

InformaAon Design Tool — Security Editor

(40)

1. Select universe

and create security

profiles

(41)

41

2. Assign Users or

Groups

41

(42)

Using the Security Editor — Step 3 of 4

(43)

Using the Security Editor — Step 4 of 4

43

(44)

Data Security Proﬁle — ConnecAons

§  Replace default

universe connecAon

§  _{Use
Case:}

Default connecAon may point to

producAon but

Security Proﬁle points UAT users to UAT

(45)

Data Security Proﬁle — Controls

§  Limit number of rows

or execuAon Ame

§  _{Use
Case:}

ConservaAve default sehngs for all users but more aggressive sehngs for power users

(46)

Data Security Proﬁle — SQL

§  Control complexity of

user queries

§  _{Use
case:}

Default sehngs may allow sub-‐queries and combined queries, but security proﬁle limits casual business users

(47)

Data Security Proﬁle — Rows

§  Force restricAons into

SQL WHERE clause

§  _{Use
case:}

Row level security for sales team so they only see “their” numbers

§  TABLE.COLUMN=

@VARIABLE(‘BOUSER’)

§  May also desire to

disable ability to view SQL in Web

Intelligence

(48)

Data Security Proﬁle — Tables

§  Point to diﬀerent table

in database schema

§  _{Use
Case:}

Default users point to one year of facts, but security proﬁle points to three years of facts for power users

§  Not necessary for

replacement table to be deﬁned in universe

(49)

Business Security Proﬁle — Create Query

§  Hide business layer views

or business layer objects from certain users

§  Use Case:

Control visibility of

sensiAve measures such as proﬁt margin

(50)

Business Security Proﬁle — Display Data

§  _{Prevents
display
of
objects}

on report

§  If AUTO_UPDATE_QUERY

parameter is No, then refreshing report

generates an error

§  If AUTO_UPDATE_QUERY

parameter is Yes, then the denied objects are

removed from query and any business layer ﬁlters

(51)

§  Filter universe objects at the business layer, not database columns at data foundation layer

§  Still applies filter to SQL

statement

51

(52)

DEMONSTRATIONS

(53)

NEXT STEPS

(54)

Additional Resources

SAP BusinessObjects Business Intelligence 4.0: Business Intelligence Platform Administrator Guide

Quick Reference Getting Around Information Design Tool (SCN, June 2011).

SAP BusinessObjects Business Intelligence 4.0: Web Intelligence User’s Guide

SAP BusinessObjects Business Intelligence 4.0: Information Design Tool Guide

(55)

Oﬃcial Product Tutorials on SCN

www.sap.com/learnbi

55

(56)

Dallas Marks

@dallasmarks

Principal Technical Architect hKp://dallasmarks.org/ hKp://linkedin.com/in/dallasmarks/