The Result Data Newsletter   
Volume 705 - May 2007   
© Copyright 2007 Result Data Consulting, Ltd.  614-505-0770  www.resultdata.com   

    Result Data Home Page  |  Newsletter Archive  |  Upcoming Events  |  Classes & Workshops  |  Request Information
Upcoming Events:  Microsoft BI Seminar: 6/7, Business Objects Seminar: 7/11, MOBOUG: 8/1

Return to Newsletter Contents...

 

Designing Enterprise Security

by: Troy Gottfried, Sr. Consultant, BECP, CRCP

There are two types of security in BusinessObjects Enterprise:  (1) Content security and (2) application security.  Securing content includes setting permissions at the global level, folder level, and sometimes even the object level (i.e., report level or document level).  Application security encompasses all of the application components that make up the Enterprise platform:  Infoview, Central Management Console, Designer, Web Intelligence, etc….  While application security is a very important topic, it is difficult to make suggestions at a conceptual level without full knowledge of the user environment.  Therefore, the remainder of this article will focus on content security.

Securing content is usually directed by two goals:  (1) Enforcing that users only see the content they should have access to, and (2) easy navigation to the content users need.  The following questions should help direct your decision-making process when it comes to planning your security:

  1. Does this solution facilitate easy navigation for the users?  Is the folder or category structure intuitive, and do the naming conventions make sense for the users of the system?
  2. Are users and groups able to access only the content they are supposed to access?
  3. Is it possible for users to copy or move content, and how might this impact them when newer versions of the content are provided?
  4. Do I have several versions of the same content in Enterprise, and if so, might the complexity be reduced if I could provide a single report or document that meets the same requirements?

There are several options available to Enterprise architects and administrators that help to ensure that the security paradigm that is designed meets the criteria inherent in the above questions.

1.  Plan, Plan, Plan…

Designing a successful security paradigm requires a significant time-investment for planning.  The planning process is the most important aspect of administering an Enterprise platform, and given due attention, it will reduce future administrative and maintenance overhead.  A well-designed security plan usually takes longer to devise than to implement, which is exactly the goal of planning.

2.  Use Semantic Layers (Questions 1, 2 and 4 above)

Universes and Business Views allow for both row- and column-level security at the information layer.  By utilizing the security provided in the semantic layers, administrators and report designers may be able to greatly reduce the number of reports needed in the system.  Additionally, secure semantic layers provide a centralized place to update security and can also reduce the number of folders needed in Enterprise.

3.  Keep It Simple (Questions 1 and 2 above)

By making effective use of groups, folders, and access levels, administrators can greatly reduce maintenance of the system.  In other words, try to stay away from applying security to users at the object level.

4.  Utilize Categories where Appropriate

Categories were used in the Business Objects classic security paradigm; they were synonymous with folders in the Crystal Enterprise classic paradigm.  Since version XI, categories have become a new methodology that essentially allows Enterprise Administrators to group shortcuts to reports and documents outside of folder security.  While folder security trumps category security, categories can be useful tools in helping administrators demystify the folder structure.

5.  Maintain Documentation

Proper documentation of the Enterprise platform is essential for all of the components that make up the system:  Hardware, installation and configuration settings, and storage, to name just a few.  The same holds true with security.  By maintaining documentation that details the security settings at the various levels, any administrator with proper access can add new users or modify existing settings without creating unforeseen problems in Enterprise.

While the above checklist is by no means exhaustive, if used as a guideline for implementing security, it can greatly reduce the complexity of the Enterprise architecture.  Of course, a complete understanding of the security paradigm from Business Objects is the foundation upon which all of the above suggestions rest.  Make sure that your knowledge of access levels, groups, folders, and inheritance is solid before implementing your plan.  If the plan has been implemented successfully, then the final step in the process should be understood without further explanation:

6.  Test, Test, Test…

Go to Top  |  Return to Newsletter Contents

The Result Data Newsletter is published approximately once a month to share the latest information on business intelligence, data management and CRM. There should be a link below to allow you to change or remove yourself from our list. We take your requests very seriously. If you have any difficulty please contact us at 614-505-0770 and we will make sure that your request is handled properly. This is not intended to be an unsolicited message and you can reach us in person if needed.

© Copyright 2007 Result Data Consulting, Ltd. - All Rights Reserved
All trademarks and copyrights are the property of their respective owners. This information is provided without warranty.
Announcements
Next Microsoft BI Seminar
 The next free Microsoft BI seminar on is June 7th, 2007.  Call 614-505-0770 or click here to reserve your seat.
Next Business Objects BI Seminar
 The next seminar focused on Business Objects is July 11th, 2007.  Call 614-505-0770 or click here to reserve your seat.
Private Training Classes & Mentoring
 Ask us about our private classes and mentoring services and how they can help your team get up the curve fast. 
Next MOBOUG Meeting
 The next Mid-Ohio Business Objects User Group (MOBOUG) meeting is August 1st, 2007.  Call 614-505-0770 or click here to reserve your seat.
Looking for a Few Good Men and Women
 Join our award winning team of Business Intelligence consultants and .Net Software developers.

Send your resume and salary requirements to: jobs@resultdata.com