BUSINESS OBJECTS XI R3 & 4.

0
CENTRAL MANAGEMENT CONSOLE
CONTENTS

Managing Users & Groups

Authentication

Application Security

Applying Security

Managing Server Groups

Managing Objects

Managing Calendars

Scheduling Objects

Managing Events

What is CMC?
Allows users to remotely control the entire Business Objects Enterprise system.
Allows to perform User & Server Management Tasks, publish, organize & set security
Levels for all Objects.
Only users with administrative rights can perform management Tasks.

MANAGING USERS AND GROUPS

The following is covered in this section:
Default Accounts
Creating Users and Groups
Deleting an Account
Adding Users to Groups
Licenses
Default BOE Accounts
Users
Administrator
Guest
Groups
Administrators Members are able to perform all tasks in all of the BOE
applications.
Everyone Members are allowed to access all the reports found in Report
Samples folder.
Universe Designer users Members are allowed access to the Designer
application.
BOE NT Users Members are allowed to view folders & reports.
Creating Groups

New groups can be created in CMC

Group Properties
Group Name
Description
Users
Subgroups
Member of

 Rights
Creating User Account
New users can be created in CMC
User Account Properties
Account Name
Full Name
Description
Home Folder
Password Settings
Connection Type
Account Disabled
Assign Alias
Creating User Account in CMC
Adding Users to Groups
Click Users tab.
Click Add Users.
Select Users to add and click the > arrow.
In the Group management area, select Group.
Click ok.
Deleting User or Group Account
New users and groups can be deleted in CMC
When you delete a group,
users or sub-groups that are members of that group are not deleted.
When you delete a user account,
Favorites folder, personal categories and inbox for that user are deleted as well
any owned recurring instances become owned by Administrator

Tip : If you think user may need account in future, disable rather than delete.
Licenses
Types of Licenses:
Named
Processor
Navigation
We can create security for User and Group but the best practice is Create User and join the User
under a Group.
Step1: Log on to Central Management Consol and go to Users and Groups

Step2: Select User List option

Step3: Click on Create new user icon

Step4: Provide Account Name, Description Uncheck User must change password at next login
And click on Create& Close

Step5: Go to Group List

Step6: Click on Create new group icon

Step7: Create Group Name and click on OK button

Step8: Go to User List, select recently created user, right click and select join Group

Step9: Select recently created group and Click on OK button

Step10: Go to CMC Access Levels

Step11: Click on Create a new access level icon

Step12: Give the Title of the Access level and click on OK button

Step13: Select recently created acess levels and right click and select Include Rights option

Step14: To assign rights to our access levels, Click on Add/Remove Rights

Step15: Select required restrictions and click on OK button

Step1
6: Go to Users and groups, Right click on recently created Group or User and select
User security

Sstep17: Click on Add Principals

Note: By default we will get Administrators security that means user can have access to any
Thing but we want to restrict access so we need to use custom access level rather than
Administrator security.

Step18: Select our Group/User and click on ADD and Assign Security button

Step19: Select our Access Level and click on Apply and OK button

AUTHENTICATION
Types of Authentication:
Business Objects Enterprise (Standard Authentication)
Windows NT
Windows Active Directory Services (ADS)
Lightweight Directory Access Protocol (LDAP)
SAP
1) BOE Authentication

The system default, Business Objects Enterprise authentication is used in environments

that prefer to maintain a distinct set of accounts for use with Business Objects Enterprise.

It is ideal for environments that do not currently have a hierarchy of users and groups in a
Windows NT/2000 or LDAP directory.

2) Windows NT Authentication

By mapping NT accounts to Business Objects Enterprise, users are able to log into
Info View with their NT user name and password, eliminating the need to recreate
user and group accounts in BOE.
NT Authentication is enabled using the Manage Authentication section of CMC.
You can map NT accounts to BOE through Windows, by using the User Manager in
Windows NT or Computer Management in Win2000 or through the CMC.

New Alias Option

Allow user to specify how NT aliases are mapped to Enterprise accounts

Options are:
Assign each added NT alias to an account with the same name
Create a new account for every added NT alias

Update options

Allow user to specify if NT aliases are automatically created for all new users

Options are:
New aliases will be added and new users will be created
No new aliases will be added and new users will not be created

New user options

Allow user to specify properties of the new enterprise accounts that are created to
map to NT accounts.
Options are:
New users are created as named users
New users are created as concurrent users

Note: Similar Aliases options are available for WinAD and LDAP authentication.
3) Windows Active Directory Authentication

Win AD security plug-in enables administrator to map Windows 2000 Active

Directory (AD) user accounts and groups to Business Objects Enterprise (BOE)
Enables BOE to verify all login requests that specify WinAD Authentication
User can also create own applications that support AD Authentication
All of BOE client tools support AD authentication except the Import Wizard

4) LDAP Authentication

Light Weight Directory Access Protocol (LDAP) is a a set of protocols used to access
information stored in directories

LDAP groups are mapped to BOE

LDAP user name and password are used to log into Business Objects Enterprise

Directories that support LDAP include:

Sun iPlanet Directory Server
Lotus Domino Directory Server
IBM Secureway
Novell Directory Services (NDS)

LDAP Authentication Wizard

Single Sign-on

Enables user to access two or more applications or systems while providing their login
credentials only once

Single sign-on to BOE can be provided by different authentication tools such as WinNT,
WinAD or LDAP with SiteMinder.

Within the context of BOE, the different levels of single sign-on are:
Single sign-on to BOE
Single sign-on to database
End-to-end single sign-on

5) SAP
To do work on SAP systems.
APPLICATION SECURITY
Controls users/groups to access the following Business Objects Enterprise applications:
Central Management Console (CMC)
Crystal Reports Explorer
Designer
Desktop Intelligence
Discussions
Encyclopedia
Info view
Report Conversion Tool
Web Intelligence

Click on Create a new access level icon

Give the Title of the Access level and click on OK button

Select recently created acess levels and right click and select Include Rights option

To assign rights to our access levels, Click on Add/Remove Rights

Select required restrictions and click on OK button

SECURITY
Topics covered in this section:
Security Model
Recommendations
Global Level Rights
Folder Level Rights
Object Level Rights
Rights to Universes
Rights to Categories
Security Model
Object Level Access

Predefined Access Levels

Predefined collection of individual rights
Provide most common user access requirements

Advanced Rights
Most granular level of access that can be assigned
Customize actions that an USER can perform on an OBJECT

Predefined Access Levels

 No Access
View
Schedule
View On Demand
Full Control
Advanced Rights
Advanced Rights
Explicitly Granted
Explicitly Denied
Inherited
Not Specified
Note:
Denied Rights override Granted rights
To grant a right that has been specifically denied at a higher level, you
must deny inheritance in the advanced rights tab
Recommendations

Reduce complexity by
Assigning security at folder level to groups
Avoiding setting rights for specific users on specific report objects
Using predefined Access Levels rather than Advanced rights

Grant the Everyone group No access at the global level, then grant specific rights to the
appropriate groups

Check the users or groups rights to the related Universes or Business Views before
securing the reports and documents for the users or groups

Global Level Rights

Global security is the default security set for the entire system.
Folder Level Rights

 Folders are objects used to organize documents.

They act as logical groups to separate content.
Access rights can be set at the Folder-level.
Top Level Folders inherit security from global level.
Subfolders inherit security from their parent folder.
Rights set explicitly at the folder level override inherited rights.
Object Level Rights

Objects Inherit Security from their parent folder

Rights set explicitly at the object level override inherited rights

Universes
Two types of Access Rights

Universe Level Security: Which universes a user or group has rights to view or access

Object Level Security: Level of access that users have to specific objects or classes
within an universe

Applying Rights to Universes

Object Level Security to Universes

Access Levels

Public

Controlled

Restricted

Confidential

Private

Categories

An alternative organizational structure for users to sort and find documents.

Improve security and navigation

Types of categories:
Corporate Categories (created by administrator)

 Personal Categories (created by each user)

Creating a New Category

Deleting a Category

When you delete a Category, all the subcategories within it are removed entirely from the
system

Unlike folder deletion, the reports and other objects contained within the category are not
deleted

MANAGING SERVER GROUPS

Server Groups provide a way to organize servers to make them easier to manage.
Advantages:
Only a subset of servers is viewed at a time & hence easy to manage.
Customizes system for users in different locations, or for objects of different
types.
How to create a server group?

In Server Groups management area, click New Server Group.

Enter Group name & Description.

In the servers tab, click Add/Remove Servers & select the servers to be included in the
group.

Click ok.

To set access rights for the server group, go to Rights tab.

MANAGING OBJECTS
Types of Objects:
Report Objects: Created using a BO Designer Component (e.g. Crystal
Report, OLAP Intelligence).
Web Intelligence documents: Created using Report panel & HTML Query
panel in Info view.

 Program Objects: Objects in BO which represent an application. They can

be Executable Programs, Java Programs or Scripts.
Object Packages: Composed of any combination of report and program
objects published in BOE system.
User can:
Add a new object
Copy/Move/Create shortcut for an object
Send Object to another destination
Delete object
How to add a new Object?
Go to Objects section in CMC.
Select New Object.
Browse the Object and select the destination Folder and Category for it.
Click Submit when you are finished.
Copy/Move/Create Shortcut of an object
Copy creates a new copy in different location & inherits rights from new parent
folder.
Move changes location of object & retains original object rights.
Create shortcut creates an alternate, more convenient route for an object.
How to Copy/Move/Create Shortcut of an object?

Go to the Objects management area of the CMC.

Select the check boxes associated with the object you want to copy, move, or
create a shortcut for.

Click Copy/Move/Shortcut.

Select one of the following options:

Copy to
Move to
Create shortcut in

Select the appropriate destination folder; then click OK.

Send to feature is used to send an object to different destinations.

User can send either a copy or a shortcut of an object.
How to send an object to a destination?
Go to the Objects management area of the CMC.

Select the check boxes for the objects that you want to send.

Click Send to.

Select the destination option you want:

Click Send.

MANAGING CALENDARS
Calendars
Calendar is a customized list of run dates for scheduled jobs.
It simplifies scheduling of complex recurring jobs efficiently.
Any number of calendars can be defined in Business Objects Enterprise.
EXAMPLE:
To run a report object every business day except for countrys statutory holidays, create a
calendar with the holidays marked as non-run days, on which the report object cannot be run.
Creating Calendars
Go to the Calendars management area of the Central Management Console
Click New Calendar
On the Properties tab, type the name and description of the new calendar
Click Ok

SCHEDULING OBJECTS
Scheduling an object runs it automatically at specified times.
Types of Objects which can be scheduled:
Report Objects
Web Intelligence Documents
Desktop Intelligence Documents
Publications
Program Objects
Object Packages
Note: When an object is scheduled, a scheduled instance is
created which contains object and schedule information.
How to schedule an object?
In the Objects management area of the CMC, select an object by clicking its link.
Click the Schedule tab.
Select the recurrence pattern (i.e. once, daily, monthly, weekly, etc.).
Select the Run option and parameters (e.g. on the Nth day of month).

 Click Schedule.
To save the new settings as default settings, click Update.

Scheduling objects with a Business calendar

In the Objects management area of the CMC

Click the Schedule tab

Select the Calendar option

In the Run list, select either

o Calendar
o Calendar, with events

In the Calendar to run for list, choose the calendar that provides the scheduled dates you
want

Complete these fields

o Number of retries allowed
o Retry interval in seconds

Click Schedule to schedule the object

To update the default scheduling information, click Update

Navigation:

MANAGING EVENTS
Events provide additional control over scheduling objects.
Working with events consists of two steps:
Creating an Event.
Scheduling an object based on that event.
Types of Events:
File Events
Schedule Events
Custom Events
File Events:
Wait for a particular file to appear before event occurs.

 Monitored by Event Server.

If file exists prior to creation of event, then event is not triggered.
Schedule Events:
An objects existing recurrence schedule serves as trigger for the event.
Based on success or failure of the scheduled object, or simply completion of job.
Always associated with two objects: one serves as trigger for the event and one is
dependent on the event.
Helps in setting conditions between scheduled objects.
Custom Events:
Triggered manually by administrator or particular user.
Helps to set up shortcut which, when clicked, triggers any dependent schedule requests.
How to create a file-based event?
Go to the Events management area of the CMC.
Click New Event.
In the Type list, select File.
Type a name for the event in the Event Name field.
Complete the Description field.
In the Server list, select the Event Server that will monitor the specified file.
Type a filename in the Filename field.
Click OK.

How to create a Schedule based event?

Go to the Events management area of the CMC.
Click New Event.
In the Type list, select Schedule.
Type a name for the event in the Event Name field.

 Complete the Description field.

In the Event based on area, select from three options:
Success
Failure
Success or Failure.
Click OK.
How to create Custom events?
Go to the Events management area of the CMC.
Click New Event.
In the Type list, select Custom.
Type a name for the event in the Event Name field.
Complete the Description field.
Click OK.
How to trigger Custom events?
Go to the Events management area of the CMC.
In the Event Name column, select a custom event by clicking its link.
Click Trigger this event.
Note: Before you trigger a custom event, schedule an object that is dependent upon that
event.
Navigation:

`
Creating Folder:

Features of Business Objects 4.0:

Maximum all options for SAP BO XI R3 and SAP BO 4.0 are same

Here we have one extra feature called Data services

SAP has integrated DS(Data Services) and BO so we can do some operations like
creating repositories for for SAP DS in BO CMC