Column-Level Security with Information Design Tool: Applying Business Reliability Profiles to Secure Objects and Customize the Reporting Knowledge
One of the fresh universe reliability features in Information Design and style Tool (IDT) is the Business Security Account, which allows universe designers to assign column-level security on objects and apply single profiles directly to users and teams. Business Protection Profiles give advanced and versatile object reliability, which is an overall improvement compared to the all-or-nothing way with musical legacy Universe Design Tool.
Benefits and drawbacks
The added versatility means fewer universes to formulate and maintain since you can achieve even more with a one universe. I am especially pleased that SAP included a distinction between " Create QueryвЂќ and " Display DataвЂќ object security. This is a comparatively simple security method with powerful possibilities. There is no question that all these new features (and the extra actions involved each and every level) include greatly complicated the galaxy design method. The learning contour is sharp, but We still discover many of these features useful. Organization Security Profiles are given directly to users and groups from the IDT Security Manager. I personally get this easy and quick, but it may pose a challenge to companies with unique admin and designer jobs. While SYSTEMS APPLICATIONS AND PRODUCTS still has a lot of bugs to work out, the feature generally works as intended.
*Note - at present Business Protection Profiles are merely functional with Webi inside the Java-based (Rich Internet Application) viewing mode. With the security method My spouse and i outline listed below, a profiled user who opens the Webi issue browser in HTML function will not discover any objects (definitely not really idealвЂ¦ yet at least still secure). This should become resolved in SP4 Plot 10 and SP6 (SAP Note: 1800742). Use Circumstance
I initially discovered this feature although working with an OEM consumer developing a packaged BusinessObjects whole world along with dashboards and canned studies. The dashboards/reports rely seriously on web solutions that make use of derived tables and custom-made objects inside the universe. We all also planned to provide straightforward ad-hoc revealing capabilities through the same world. With the old Universe Artist, we would need to compromise simply by either going out of all things visible or perhaps creating a second universe specifically for adhoc revealing. The only object-level option in previous types was limiting access amounts (Public, Exclusive, etc). This really is unsuitable to get our requires because it might prevent clients from refreshing the dashes and refined reports.
Business Security Profiles offer even more flexibility since they allow a distinction among " Produce QueryвЂќ and " Display DataвЂќ target security. I was able to scholarhip Create Issue access to end-users for the particular adhoc things, and then give Display Data access upon all items in the universe. Users may refresh the dashboards and canned reviews but simply they start to see the ad-hoc items when creating their particular Webi inquiries.
First Step -- Business Part Views
The easiest way to create Organization Security Information is to use Business Level Views (another new feature). These are simply ways to group relevant classes and objects. To make a business layer view in IDT, wide open the blx and click on the Manage Opinions icon
Here I created a Business Coating View to get Ad-hoc Webi Users, leaving the AdminOnly class un-checked
Note that I also made an AdminOnly view to get explicitly refused for ad-hoc users. This kind of shouldn't be required, but it's the only work-around I found to deal with a irritate with Display Data accord.
AdminOnly Watch will be explicitly denied
Second Step -- Creating a Organization Security Account
Business Protection Profiles are manufactured in the IDT Security Manager Select the desired universe through adding a Business Reliability Profile to configure column-level security (rowlevel security remains available through Data Reliability Profiles). Though it's possible to straight grant and deny use of individual...