Wednesday, April 30, 2014

SAP BusinessObjects Security - Access Levels

By Rick Epstein


Resolvit Inc. - Rick Epstein
An access level is a set of permissions that apply to a user or group concerning an object such as a folder or report. SAP BusinessObjects lets you create custom access levels -- something I will write about in a future post -- but for now, let's restrict ourselves to the five pre-defined Access Levels in SAP BusinessObjects:
  • View: Can see the object and view instances of reports
  • View on Demand: Inherits rights of the View Access level and can run reports real time
  • Schedule: Inherits rights of the View On Demand Access level and can schedule reports
  • Full Control (owner): Inherits rights of the Schedule Access level and can add, copy, delete content if the user is also the owner
  • Full Control: Inherits rights of the Schedule Access level and can add, copy, and delete content regardless of the content's owner

Nothing too controversial there, but it does open up the topic of inheritance, a topic which will be important in all that follows, and which may be the source of many unintended consequences. So let's be clear about what we mean by inheritance:
  • Inheritance: Getting the rights of the parent group(s) and/or parent folder(s)

Access levels apply to users and groups. My next post will deal with rights settings, which are assigned at the object level.

Monday, April 28, 2014

Security Knowledge Framework

By Rick Epstein


Resolvit Inc. - Rick Epstein
It is always difficult to dive into a topic that is both very large and very granular in nature. SAP BusinessObjects security is just such a topic. Where do we start?
Experienced administrators will have a good grasp on the basics of security administration, and will want to get granular very quickly. Those who are just coming to the topic of SAP BusinessObjects security, or who are not hands-on administrators, but need a better understanding of security to ensure corporate data governance objectives are being met, will benefit from more high-level discussion.

Well, as they say, you can't please everyone.

At the risk of alienating some security veterans, I'm going to start at the 30,000-foot level, just so we can all get onto the same page as quickly as possible. If we're going to have a meaningful conversation about security, we first have to make sure we're all speaking the same language. I promise we will get granular quickly, with tips and tricks that both veterans and beginners will be able to appreciate.

To start, let's establish a frame of reference -- a Security Knowledge Framework.

What is the Security Knowledge Framework? It is the collection of concepts and definitions that you need to understand to implement and manage an efficient and effective security model in SAP BusinessObjects. It helps you establish your security requirements and develop your security model.

At its most basic, security is about access -- ensuring that the appropriate people have access to the appropriate information. But the converse is equally important -- ensuring that sensitive information does not fall into inappropriate hands. Access is all-important, so my next post will examine access levels in SAP BusinessObjects.

Monday, April 21, 2014

Security Blogging with Rick Epstein

SAP BusinessObjects Security expert Rick Epstein of ResolvIT Inc. recently co-hosted a webinar with APOS concerning Security Architecture & Management in SAP BI 4. (View the recorded webinar.) The webinar touched on many areas of SAP BusinessObjects security., including security model design and migration, data governance, and regulatory compliance. Rick will be following up on that very well received webinar with a series of security-related guest posts on this blog.

Rick's professional focus is on SAP BusinessObjects security, report and universe design, process streamlining and data consolidation -- all with the objective of helping organizations establish their SAP BusinessObjects deployment as the single source of truth for operational excellence and efficient planning. He has implemented SAP BusinessObjects security models in numerous industries, including healthcare, aerospace and defense, and manufacturing.



Why You Need to Focus on Security

Those of you who attended the webinar, or watched the recorded webinar, will know that we started out with an overview of how growing BI volume and complexity have made the work of BI platform managers and administrators much more difficult. BI volume and complexity raise many issues for system analysis, administration, storage, query management and publishing, but none is more important than ensuring that the right people -- and only the right people -- have access to appropriate information within your system.

With the increasing emphasis on mobile and self-serve BI, the roles of BI platform managers and administrators will become even more demanding. If you are one of these people, the security of your BI platform has to be very high on your list of concerns.

Our first focus is generally on the accessibility of data -- getting our data into data warehouses, moving our reports between environments, bursting reports to a wide variety of information consumers, etc. We spend so much time getting these things right that we may not fully consider what can go wrong. Worse still, we may not know something can go wrong until it does. Bringing resources to bear on the issue of security is part of the solution. The other, equally important, parts are knowledge and experience.



Topics for Discussion

Rick will start his series of blog posts by taking a deeper look at the Security Knowledge Framework. What is the Security Knowledge Framework? It is the collection of concepts and definitions that you need to understand to implement and manage an efficient and effective security model in SAP BusinessObjects. It helps you establish your security requirements and develop your security model. The first order of business is to make sure we're speaking the same language.

Future entries will drill down into areas such as:
  • Security model design and implementation
  • Security model migration
  • Security assessment
  • Regulatory compliance
  • Data governance

Do you have a specific security-related question? Contact Rick Epstein at repstein@resolvitinc.com

Case Study: Social Services Agency, Santa Clara County

The Social Services Agency (SSA) of Santa Clara County, CA, spoke to us recently about their experience with our APOS Storage Center and APOS Insight solutions.

The SSA's 600-plus BI accounts currently use Desktop Intelligence and Web Intelligence as their primary report delivery media. At the time of writing, the SSA was in the process of planning its migration to BI 4, so investigation of and preparation for the inevitable full adoption of Web Intelligence was also under way. More recently, the BI team has been delivering BI to the agency's information consumers via SAP BusinessObjects Dashboards (formerly Xcelsius).

In 2011, after receiving recommendations from peers at an SAP BusinessObjects conference, SSA implemented APOS Storage Center. SSA needed a strategy and solution for backing up, archiving, and selectively restoring reports. Aside from needing to implement a reliable backup solution, they wanted to optimize system performance and have the means to comply quickly and easily with regulatory requirements through selective restore.

In 2013, as SSA was preparing for their migration to SAP BusinessObjects BI 4, they were looking for a means of doing an inventory and forming a complete understanding of their BI system and what is currently being used. Their positive experience with APOS led them to contact APOS again.
Thinh Hong, Information Systems Manager with SSA, summed up her experiences with these APOS solutions:

APOS Storage Center provides us with an efficient, rules-based means of cleaning up our BI environment, and the ease with which it allows us to back up and selectively restore objects has been very useful. We can archive and retrieve historical instances in a neutral format, which is important, because we maintain a five-year window on instances for regulatory compliance.
APOS Insight's impact analysis capabilities allow us to see what effect changes to our data model will have downstream. It has allowed us to analyze SAP BusinessObjects metadata effectively. The information we've gathered through Insight has been very useful in helping us to manage and troubleshoot our BI environment. We will be using APOS Insight to compare environments pre- and post-migration to benchmark performance and to ensure security has translated to the new system properly, and to build a list of reports for conversion from Desktop Intelligence to Web Intelligence.

Tuesday, April 1, 2014

Dashboard Design and Full-Spectrum BI

In a recent APOS webinar, SAP's Ian Mayor described SAP BusinessObjects BI 4 as a "full-spectrum" approach to business intelligence. While reporting remains the standard for attaining and maintaining operational excellence, the full spectrum approach to BI complements such reporting with mobility (dashboards and apps) and self-serve BI (agile visualization).

Mobility is one of the key themes in SAP BusinessObjects BI 4. Mobility is often cited by customers as a motivation to migrate. The increased emphasis on mobility and agile visualization are portents of the interactive, proactive and collaborative future of BI. This emphasis recognizes that the vast majority of enterprise employees are now knowledge workers who contribute to the enterprise through their interaction with and analysis of enterprise information.

Nowhere is the bright future of mobile BI more clear than in the increased emphasis on dashboards and Web apps. Mobile BI is no longer just for executives. As the role of the dashboard designer becomes more critical to the evolution of BI within the enterprise, SAP's Design Studio offering unites dashboard and Web app design in a single environment.

Using Design Studio, dashboard designers are building engaging experiences for a wide variety of enterprise users. The trend in dashboards is away from static presentations toward customized and interactive presentations, which not only deliver timely information in an easily digested format, but also allow information consumers to explore the data and find what they need quickly.

The transition to Design Studio is not without challenges, and we recently explored those challenges in an SAP Community Network blog post. You can manage some of those challenges with third-party solutions such as the APOS Dashboard Migrator, which will allow you to leverage your Xcelsius investment within Design Studio.

And, as always, there is help available in the APOS Migration Webinar series, particularly in the upcoming April 24 webinar on Design Studio with SAP's Ian Mayor.