For information on using APOS solutions to help you bolster and manage
security, visit our more recent series of security posts.
By Rick Epstein
This post concludes the list of most common
security mistakes begun in these earlier posts:
By Rick Epstein
Mistake
#8: Allowing too many people to be able to see the SAP BusinessObjects License
Key(s)
Allowing all administrators to see license
keys is NOT a good practice. Only 1 or 2 people should have rights to see this
as well as your company’s purchasing dept.
Mistake #9: Applying security on an Active Directory group directly
Mistake #9: Applying security on an Active Directory group directly
The problem with applying security directly
on an Active Directory group is that it moves security outside of the BI
deployment, creating a very large potential for unintended consequences.
If there is an Active Directory server upgrade, or service pack, or other maintenance, Active Directory communication may be interrupted, and groups may be "reset". While such a reset doesn’t affect the Windows environments, it can have an adverse effect on SAP BusinessObjects Active Directory integration. For example, an Active Directory group mapped in SAP BusinessObjects may become "unreadable" by SAP BusinessObjects. When you re-import or re-map that Active Directory group, you would need to set up all permissions on that group all over again. A far easier and better solution is to make Active Directory groups part of SAP BusinessObjects Enterprise groups and have security assigned on those Enterprise groups only.
Are you aware of other common security mistakes, or do you have questions about what is written here? Use the Comments section for this post, or email me directly at repstein@resolvitinc.com.
In my next post, I'll look at "top-down methodology and best practices."
If there is an Active Directory server upgrade, or service pack, or other maintenance, Active Directory communication may be interrupted, and groups may be "reset". While such a reset doesn’t affect the Windows environments, it can have an adverse effect on SAP BusinessObjects Active Directory integration. For example, an Active Directory group mapped in SAP BusinessObjects may become "unreadable" by SAP BusinessObjects. When you re-import or re-map that Active Directory group, you would need to set up all permissions on that group all over again. A far easier and better solution is to make Active Directory groups part of SAP BusinessObjects Enterprise groups and have security assigned on those Enterprise groups only.
Are you aware of other common security mistakes, or do you have questions about what is written here? Use the Comments section for this post, or email me directly at repstein@resolvitinc.com.
In my next post, I'll look at "top-down methodology and best practices."
No comments:
Post a Comment