Аннотация
"Don't talk to strangers"—if only data security policies were this easy. Learn to keep your SAP BusinessObjects Business Intelligence data truly safe from unauthorized actions with this comprehensive guide. Begin with security basics and work your way to advanced concepts; along the way, you’ll explore functional and data security, define a rights model, and secure data sources and universes. Step-by-step instructions ensure that you can implement important security techniques in your administration and design work.
Обложка
Hardcover
Объём
559 страниц
Оглавление
- ... Acknowledgments ... 21
- 1 ... Introduction to Security in SAP BusinessObjects Business Intelligence 4.0 ... 23
- 1.1 ... Business Intelligence Overview ... 23
- 1.2 ... System Security Considerations ... 24
- 1.3 ... A Brief History of Business Objects ... 26
- 1.4 ... SAP BusinessObjects Business Intelligence 4.0 Review ... 27
- 1.5 ... Book Roadmap ... 29
- 2 ... Administration and Security ... 33
- 2.1 ... BI 4.0 Deployment ... 34
- 2.2 ... BI 4.0 Installation ... 36
- 2.2.1 ... Components Installed with BI 4.0 Server Installer ... 36
- 2.2.2 ... BI 4.0 Server Installation Workflow ... 39
- 2.2.3 ... BI Platform Client Tools ... 43
- 2.2.4 ... Other BI 4.0 Suite Installers ... 44
- 2.3 ... Administration Tools ... 44
- 2.3.1 ... Central Configuration Manager (CCM) ... 45
- 2.3.2 ... Central Management Console (CMC) ... 46
- 2.4 ... CMS Repository and File Repository Server ... 47
- 2.4.1 ... InfoObjects and Physical Files ... 47
- 2.4.2 ... InfoObject Structure ... 48
- 2.4.3 ... CMS Database Structure ... 51
- 2.4.4 ... FRS File System ... 52
- 2.5 ... Cryptography ... 53
- 2.5.1 ... Cluster Key ... 53
- 2.5.2 ... Cryptographic Key ... 55
- 2.6 ... BI 4.0 Servers ... 58
- 2.6.1 ... Adaptive Job Server ... 60
- 2.6.2 ... Adaptive Processing Server ... 61
- 2.7 ... Auditing ... 62
- 2.7.1 ... Auditing Database ... 63
- 2.7.2 ... CMC Auditing Tab ... 65
- 2.8 ... Summary ... 65
- 3 ... Users and Authentication ... 67
- 3.1 ... User Authentication ... 68
- 3.1.1 ... Enterprise ... 69
- 3.1.2 ... Standalone ... 70
- 3.1.3 ... LDAP ... 70
- 3.1.4 ... Active Directory ... 72
- 3.1.5 ... Enabling Authentication Selection for BI Launch Pad ... 72
- 3.2 ... Enterprise Users and Groups ... 73
- 3.2.1 ... User Parameters ... 73
- 3.2.2 ... User Personal Folders ... 75
- 3.2.3 ... Groups Structure ... 76
- 3.2.4 ... Predefined Users ... 77
- 3.2.5 ... Predefined Groups ... 78
- 3.2.6 ... Deleting Users and Groups ... 79
- 3.3 ... Managing Users and Groups in the CMC ... 80
- 3.3.1 ... Viewing Users and Groups ... 80
- 3.3.2 ... Creating Enterprise Users ... 81
- 3.3.3 ... Creating Enterprise Groups ... 82
- 3.3.4 ... Creating Users and Groups from CSV File ... 82
- 3.3.5 ... Editing User Parameters ... 85
- 3.3.6 ... Enabling/Disabling Users ... 85
- 3.3.7 ... Adding Users and Groups to Groups ... 86
- 3.3.8 ... Removing Users or Groups From Groups ... 87
- 3.3.9 ... Deleting Users ... 88
- 3.3.10 ... Deleting Groups ... 88
- 3.3.11 ... Account Manager ... 89
- 3.3.12 ... Defining BI Launch Pad Preferences ... 91
- 3.3.13 ... Setting Enterprise Parameters ... 93
- 3.4 ... Trusted Authentication ... 94
- 3.4.1 ... Sharing Shared Secret Key ... 95
- 3.4.2 ... Passing Shared Secret ... 95
- 3.4.3 ... Passing User Name ... 96
- 3.5 ... Aliases and External Authentications ... 99
- 3.5.1 ... Aliases ... 100
- 3.5.2 ... Mapping Users from External Sources ... 101
- 3.5.3 ... Mapped Groups ... 104
- 3.5.4 ... Updating Groups and Users ... 104
- 3.5.5 ... Scheduling Groups and Users Update ... 106
- 3.6 ... Managing Aliases in the CMC ... 106
- 3.6.1 ... Creating an Alias ... 107
- 3.6.2 ... Assigning an Alias ... 108
- 3.6.3 ... Reassigning an Alias ... 109
- 3.6.4 ... Enabling/Disabling an Alias ... 110
- 3.6.5 ... Deleting an Alias ... 111
- 3.7 ... Managing LDAP Authentication in the CMC ... 111
- 3.7.1 ... Configuring LDAP Parameters ... 111
- 3.7.2 ... Editing LDAP Authentication Parameters ... 119
- 3.8 ... Managing Active Directory Authentication ... 121
- 3.8.1 ... Creating Dedicated Active Directory Accounts ... 122
- 3.8.2 ... Starting BI 4.0 with Dedicated Account ... 125
- 3.8.3 ... Configuring AD Authentication into a BI 4.0 System ... 128
- 3.8.4 ... Configuring BI 4.0 with Kerberos ... 131
- 3.8.5 ... Creating krb5.ini ... 132
- 3.8.6 ... Creating bscLogin.conf ... 133
- 3.8.7 ... Modifying the Java Options for Kerberos ... 133
- 3.8.8 ... Creating a Keytab File ... 135
- 3.8.9 ... Increasing Header Size ... 137
- 3.8.10 ... Configuring Web Applications ... 138
- 3.8.11 ... Configuring Browsers ... 139
- 3.8.12 ... Editing Active Directory Configuration ... 141
- 3.9 ... Summary ... 142
- 4 ... Rights Framework ... 145
- 4.1 ... Assigned Rights ... 145
- 4.2 ... General and Specific Rights ... 146
- 4.3 ... Inheritance ... 148
- 4.3.1 ... Group Inheritance ... 149
- 4.3.2 ... Folder Inheritance ... 150
- 4.3.3 ... General and Type-Specific Rights ... 152
- 4.3.4 ... Scope of Rights ... 153
- 4.3.5 ... Breaking Inheritance and Overriding Rights ... 154
- 4.4 ... Non-Owner and Owner Versions of Rights ... 155
- 4.5 ... Objects General Rights ... 157
- 4.5.1 ... General Rights in Detail ... 159
- 4.5.2 ... General Rights Related to Scheduling ... 162
- 4.6 ... Application General Rights ... 163
- 4.7 ... Managing Rights in the CMC ... 165
- 4.7.1 ... Viewing Rights ... 165
- 4.7.2 ... Assigning Advanced Rights ... 168
- 4.7.3 ... Assigning Advanced Rights to a Top-Root Folder ... 171
- 4.7.4 ... Unassigning Advanced Rights ... 171
- 4.8 ... Access Levels ... 171
- 4.8.1 ... Predefined Access Levels ... 172
- 4.8.2 ... Custom Access Levels ... 173
- 4.8.3 ... Aggregation ... 174
- 4.9 ... Managing Access Level in the CMC ... 175
- 4.9.1 ... Creating an Access Level ... 175
- 4.9.2 ... Setting Access Level Rights ... 176
- 4.9.3 ... Copying an Access Level ... 178
- 4.9.4 ... Renaming an Access Level ... 178
- 4.9.5 ... Assigning an Access Level to an Object ... 179
- 4.9.6 ... Deleting an Access Level ... 180
- 4.10 ... Running Administration Queries in the CMC ... 181
- 4.10.1 ... Running a Security Query ... 181
- 4.10.2 ... Running a Relationship Query ... 184
- 4.11 ... Summary ... 185
- 5 ... Applications and Rights Reference ... 187
- 5.1 ... Applications List ... 188
- 5.2 ... System Objects List ... 194
- 5.3 ... Content Object List ... 196
- 5.4 ... Analysis, Edition for OLAP ... 199
- 5.4.1 ... Analysis, Edition for OLAP Rights ... 199
- 5.4.2 ... Analysis View and Analysis Workspace Rights ... 200
- 5.5 ... BEx Web Applications ... 200
- 5.6 ... BI Launch Pad ... 200
- 5.7 ... Widgets ... 202
- 5.8 ... BI Workspaces ... 203
- 5.8.1 ... BI Workspaces Rights ... 203
- 5.8.2 ... BI Workspace Rights ... 205
- 5.8.3 ... Module Rights ... 206
- 5.9 ... Central Management Console ... 206
- 5.10 ... SAP Crystal Reports ... 207
- 5.10.1 ... Crystal Reports Configuration Rights ... 208
- 5.10.2 ... Crystal Reports Document Rights ... 208
- 5.11 ... Explorer ... 209
- 5.11.1 ... Explorer Overview ... 210
- 5.11.2 ... Information Space Security ... 211
- 5.11.3 ... Explorer Rights ... 214
- 5.11.4 ... Information Space Rights ... 221
- 5.11.5 ... Exploration View Set Rights ... 221
- 5.12 ... Information Design Tool ... 221
- 5.12.1 ... Information Design Tool Rights ... 222
- 5.12.2 ... Universe Rights ... 225
- 5.13 ... Promotion Management ... 228
- 5.13.1 ... Promoting Security ... 229
- 5.13.2 ... Promotion Management Rights ... 230
- 5.14 ... SAP BusinessObjects Mobile ... 236
- 5.15 ... SAP StreamWork ... 237
- 5.16 ... Universe Design Tool ... 238
- 5.16.1 ... Universe Design Tool Rights ... 238
- 5.16.2 ... Universe Rights ... 241
- 5.17 ... Version Management ... 244
- 5.18 ... Visual Difference ... 249
- 5.19 ... Web Intelligence ... 250
- 5.19.1 ... Deployment Options ... 251
- 5.19.2 ... Offline Mode ... 253
- 5.19.3 ... Purge and Refresh on Open ... 254
- 5.19.4 ... Web Intelligence Rights ... 256
- 5.19.5 ... Web Intelligence Documents Rights ... 271
- 5.20 ... Users and Groups ... 277
- 5.21 ... Connections ... 279
- 5.21.1 ... Relational Connection Rights ... 280
- 5.21.2 ... OLAP Connection Rights ... 282
- 5.21.3 ... Data Federator Data Source Rights ... 282
- 5.21.4 ... Connection Rights ... 282
- 5.22 ... Note Rights ... 283
- 5.23 ... Schedule Output Format ... 284
- 5.24 ... Summary ... 285
- 6 ... Connections and Database Authentications ... 287
- 6.1 ... Secured Connections ... 288
- 6.1.1 ... Relational Connections ... 288
- 6.1.2 ... Data Federator Data Sources ... 289
- 6.1.3 ... OLAP Connections (Universe Design Tool) ... 290
- 6.1.4 ... OLAP Connections (Information Design Tool/CMC) ... 290
- 6.1.5 ... Relational Connections (Business View Manager) ... 291
- 6.1.6 ... Product Consumptions ... 292
- 6.2 ... Local Connections ... 293
- 6.2.1 ... Information Design Tool ... 293
- 6.2.2 ... Universe Design Tool ... 294
- 6.3 ... Connection Authentication Mode ... 295
- 6.3.1 ... Fixed Credentials ... 296
- 6.3.2 ... Credentials Mapping ... 297
- 6.3.3 ... Prompted Authentication ... 299
- 6.3.4 ... Single Sign-On ... 300
- 6.4 ... Using Credentials Mapping for Single Sign-On ... 301
- 6.5 ... Managing Connections ... 303
- 6.5.1 ... Managing Connections in Information Design Tool ... 303
- 6.5.2 ... Managing Connections in Universe Design Tool ... 309
- 6.5.3 ... Managing Connections in the CMC ... 312
- 6.6 ... Summary ... 314
- 7 ... Universe Security in Universe Design Tool ... 317
- 7.1 ... Universe ... 318
- 7.1.1 ... Relational Universe ... 320
- 7.1.2 ... OLAP Universe ... 320
- 7.1.3 ... Universe Security ... 322
- 7.1.4 ... @VARIABLE ... 323
- 7.2 ... Using Filters on Table, Object, Class, or Universe ... 323
- 7.2.1 ... Table Auto-join ... 324
- 7.2.2 ... Object Filters ... 325
- 7.2.3 ... Mandatory Filters ... 325
- 7.3 ... Using Filters in Universe Design Tool ... 325
- 7.3.1 ... Defining an Auto-join ... 326
- 7.3.2 ... Defining a WHERE Clause on an Object ... 327
- 7.3.3 ... Defining a Mandatory Filter ... 328
- 7.3.4 ... Exporting a Universe in a CMS Repository ... 329
- 7.4 ... Access Restriction Definition ... 330
- 7.4.1 ... Connection ... 331
- 7.4.2 ... Controls ... 332
- 7.4.3 ... SQL ... 333
- 7.4.4 ... Objects ... 334
- 7.4.5 ... Rows ... 335
- 7.4.6 ... Table Mapping ... 336
- 7.5 ... Access Restriction Aggregation ... 337
- 7.5.1 ... Connection, SQL, Controls, and Table Mapping ... 337
- 7.5.2 ... Objects ... 337
- 7.5.3 ... Row Restriction ... 338
- 7.6 ... Managing Access Restrictions in Universe Design Tool ... 339
- 7.6.1 ... Opening the Manage Access Restrictions Dialog Box ... 339
- 7.6.2 ... Creating and Editing Access Restrictions ... 340
- 7.6.3 ... Assigning Access Restrictions ... 347
- 7.6.4 ... Un-Assigning Access Restrictions ... 348
- 7.6.5 ... Defining Group Priority for Access Restrictions ... 348
- 7.6.6 ... Setting Row Restriction Aggregation ... 349
- 7.6.7 ... Preview Net Results ... 350
- 7.6.8 ... Deleting Access Restrictions ... 352
- 7.6.9 ... Setting AUTO_UPDATE_QUERY Parameter ... 353
- 7.7 ... Object Access Level ... 354
- 7.8 ... Managing Object Access Levels ... 355
- 7.8.1 ... Defining Object Access Levels in Universe Design Tool ... 356
- 7.8.2 ... Defining User Access Levels in CMC ... 357
- 7.8.3 ... Editing User Access Levels in CMC ... 358
- 7.8.4 ... Removing User Access Levels in CMC ... 358
- 7.9 ... Summary ... 359
- 8 ... Universe Security in Information Design Tool ... 361
- 8.1 ... Introduction to New Universe ... 362
- 8.1.1 ... Data Foundation ... 362
- 8.1.2 ... Business Layer ... 363
- 8.1.3 ... Security Model ... 365
- 8.2 ... Defining WHERE Clauses and Filters in Information Design Tool ... 366
- 8.2.1 ... Defining an Auto-join in Information Design Tool ... 367
- 8.2.2 ... Defining a WHERE Clause on an Object ... 367
- 8.2.3 ... Defining a Mandatory Filter ... 368
- 8.2.4 ... Publishing a Universe in CMS Repository ... 369
- 8.3 ... Security Profiles ... 370
- 8.3.1 ... Assigned Users and Groups ... 371
- 8.3.2 ... Aggregations ... 372
- 8.3.3 ... AND, ANDOR, and OR Aggregation ... 373
- 8.3.4 ... Consumption ... 375
- 8.4 ... Data Security Profiles ... 375
- 8.4.1 ... Connections ... 376
- 8.4.2 ... Controls ... 377
- 8.4.3 ... SQL ... 378
- 8.4.4 ... Rows ... 380
- 8.4.5 ... Tables ... 381
- 8.5 ... Business Security Profiles ... 382
- 8.5.1 ... Create Query ... 383
- 8.5.2 ... Display Data ... 387
- 8.5.3 ... Filters (Relational Universe) ... 390
- 8.5.4 ... Filters (Multidimensional Universe) ... 392
- 8.6 ... Managing Security Profiles in Information Design Tool ... 395
- 8.6.1 ... Opening the Security Editor ... 396
- 8.6.2 ... Switching Universe-Centric View and User-Centric View ... 398
- 8.6.3 ... Creating a Data Security Profile ... 400
- 8.6.4 ... Editing a Data Security Profile ... 408
- 8.6.5 ... Creating a Business Security Profile ... 408
- 8.6.6 ... Editing a Business Security Profile ... 421
- 8.6.7 ... Assigning and Unassigning a Security Profile ... 422
- 8.6.8 ... Show Universes with Assigned Security Profiles ... 424
- 8.6.9 ... Setting Aggregation Options ... 424
- 8.6.10 ... Setting Data Security Profile Priorities ... 425
- 8.6.11 ... Deleting Security Profiles ... 427
- 8.6.12 ... Show Inherited Security Profiles ... 428
- 8.6.13 ... Preview Net Result ... 429
- 8.6.14 ... Check Integrity ... 430
- 8.7 ... Object Access Level ... 431
- 8.7.1 ... Object Access Level Overview ... 431
- 8.7.2 ... User Access Level ... 432
- 8.7.3 ... Defining Object Access Level in Information Design Tool ... 433
- 8.8 ... User Attributes ... 434
- 8.8.1 ... Defining User Attributes ... 434
- 8.8.2 ... Using User Attributes ... 434
- 8.8.3 ... User Attributes Substitution ... 435
- 8.9 ... Managing User Attributes in the CMC ... 436
- 8.9.1 ... Defining User Attributes in the CMC ... 436
- 8.9.2 ... Setting User Attributes Value in the CMC ... 438
- 8.9.3 ... Deleting User Attributes in the CMC ... 439
- 8.10 ... Running a Secured Query ... 439
- 8.11 ... Summary ... 441
- 9 ... Scheduling and Publishing ... 443
- 9.1 ... Scheduling and Publishing Framework ... 444
- 9.1.1 ... Support for Schedule and Publication ... 444
- 9.1.2 ... Refresh During Schedule or Publication ... 444
- 9.2 ... Scheduling ... 445
- 9.2.1 ... Scheduling Parameters ... 445
- 9.2.2 ... Schedule For Option ... 447
- 9.3 ... Publishing ... 449
- 9.3.1 ... Publishing vs. Scheduling ... 449
- 9.3.2 ... Publication Parameters ... 450
- 9.4 ... Publication Recipients ... 452
- 9.4.1 ... Dynamic Recipient Document ... 452
- 9.4.2 ... Add Dynamic Recipients to a Publication ... 453
- 9.4.3 ... Subscription and Unsubscription to a Publication ... 455
- 9.5 ... Publication Personalization and Profile ... 456
- 9.5.1 ... Global Profile ... 456
- 9.5.2 ... Local Profile ... 457
- 9.5.3 ... Creating a Global Profile ... 458
- 9.5.4 ... Setting Profiles to a Publication ... 461
- 9.6 ... Report Bursting Options ... 463
- 9.6.1 ... One Database Fetch for All Recipients ... 463
- 9.6.2 ... One Database Fetch per Recipient ... 464
- 9.6.3 ... One Database Fetch for Each Batch of Recipients ... 465
- 9.7 ... Summary ... 466
- 10 ... Security for SAP NetWeaver BW Data Sources ... 467
- 10.1 ... SAP Authentication ... 468
- 10.1.1 ... SAP NetWeaver BW System Parameters ... 468
- 10.1.2 ... SAP Authentication Principles ... 469
- 10.1.3 ... Role and User Mapping ... 470
- 10.1.4 ... Users and Groups Updates ... 471
- 10.1.5 ... SAP Authentication Options ... 472
- 10.2 ... Configuring SAP Authentication ... 475
- 10.2.1 ... Creating a Dedicated SAP NetWeaver BW Account ... 476
- 10.2.2 ... Registering the SAP System ... 476
- 10.2.3 ... Defining Authentication Options ... 478
- 10.2.4 ... Importing Roles ... 479
- 10.2.5 ... Updating Users and Roles ... 480
- 10.2.6 ... Validating the SAP Authentication Configuration ... 481
- 10.3 ... SAP Connections ... 482
- 10.3.1 ... OLAP Connection Created in Information Design Tool or CMC ... 483
- 10.3.2 ... Relational Data Federator Data Source Created in Information Design Tool ... 484
- 10.3.3 ... Relational Connection Created in Universe Design Tool ... 484
- 10.3.4 ... Authentication Modes ... 485
- 10.4 ... Creating SAP NetWeaver BW Connections ... 486
- 10.4.1 ... Creating an OLAP Connection in Information Design Tool ... 486
- 10.4.2 ... Creating an OLAP Connection in CMC ... 488
- 10.4.3 ... Creating a Relational Data Federator Data Source in Information Design Tool ... 490
- 10.4.4 ... Creating a Relational Connection in Universe Design Tool ... 492
- 10.5 ... SAP Authentication and Single Sign-On ... 494
- 10.6 ... SNC and STS ... 495
- 10.6.1 ... Principles ... 495
- 10.6.2 ... Workflows ... 496
- 10.6.3 ... STS and SNC Coexistence ... 497
- 10.7 ... Configuring STS ... 498
- 10.7.1 ... Creating a Keystore File ... 499
- 10.7.2 ... Creating a Certificate ... 500
- 10.7.3 ... Importing the Certificate into the SAP NetWeaver BW Server ... 501
- 10.7.4 ... Importing the Keystore into the CMS Repository ... 503
- 10.8 ... User Attributes ... 505
- 10.9 ... Summary ... 505
- 11 ... Defining and Implementing a Security Model ... 507
- 11.1 ... General Recommendations ... 507
- 11.2 ... Defining Users and Groups ... 509
- 11.3 ... Defining Folders and Objects ... 511
- 11.4 ... Defining Rights ... 512
- 11.5 ... Defining Access Levels ... 514
- 11.6 ... Mandatory Rights for Common Workflows ... 517
- 11.6.1 ... Viewing a Web Intelligence Document ... 517
- 11.6.2 ... Creating a Web Intelligence Document ... 517
- 11.6.3 ... Saving a Web Intelligence Document ... 518
- 11.6.4 ... Refreshing a Web Intelligence Document ... 518
- 11.6.5 ... Editing a Web Intelligence Document ... 519
- 11.6.6 ... Moving a Category to Another Category ... 519
- 11.6.7 ... Adding a Document to a Category ... 520
- 11.6.8 ... Scheduling a Document ... 520
- 11.6.9 ... Sending a Document to Inbox ... 521
- 11.6.10 ... Adding a User or a Group to Another Group ... 521
- 11.7 ... Setting Security for External Groups ... 521
- 11.8 ... Delegated Administration ... 522
- 11.8.1 ... Using Rights to Delegate Administration ... 523
- 11.8.2 ... Restricting CMC Usage ... 524
- 11.9 ... Defining Database Filtering ... 525
- 11.9.1 ... Authentication Mode ... 525
- 11.9.2 ... Connection Overloads ... 526
- 11.10 ... Universe Security ... 527
- 11.10.1 ... Universe Scope ... 527
- 11.10.2 ... Row Filtering ... 527
- 11.10.3 ... Consistency Between Products ... 529
- 11.10.4 ... User Attributes ... 530
- 11.10.5 ... Business Layer Views ... 530
- 11.11 ... Combined Authentication ... 531
- 11.11.1 ... Importing SAP NetWeaver BW Users ... 531
- 11.11.2 ... Single Sign-On with SAP NetWeaver BW and Active Directory ... 532
- 11.12 ... Testing a Security Model ... 533
- 11.13 ... Summary ... 534
- ... Appendices ... 535
- A ... Universe Comparison and Conversion ... 535
- A.1 ... Connections ... 535
- A.2 ... Rights Comparison ... 537
- A.3 ... Universe Security Comparison ... 539
- A.4 ... Universe Conversion ... 546
- A.5 ... Running Conversion in Information Design Tool ... 549
- B ... The Authors ... 551
- ... Index ... 553
| |
Теги
Ключевые слова:
SAP BusinessObjects; Безопасность / Security ; SAP BusinessObjects; Безопасность / Security
Функциональная область:
Управление рисками / GRC; Бизнес аналитика / BI; Управление рисками / GRC; Бизнес аналитика / BI
Ролевое назначение:
Руководитель / Manager; Ключевой пользователь / Expert; SAP Консультант / Consultant; Руководитель / Manager; Ключевой пользователь / Expert; SAP Консультант / Consultant
4593
0