BPC Security DOcumentation

Similar Messages

• BPC security can be used in SQL Reporting Services?

  Hello,
  We are trying to implement SQL Reporting Services(RS) as web reports of BPC.
  Is it possible to use BPC security user access control in SQL RS?
  We know that SQL RS user access can be managed by windows domain, but we like to use BPC security as SQL RS user control.
  Thank you in advance.
  Sam

  Hello,
  We are trying to implement SQL Reporting Services(RS) as web reports of BPC.
  Is it possible to use BPC security user access control in SQL RS?
  We know that SQL RS user access can be managed by windows domain, but we like to use BPC security as SQL RS user control.
  Thank you in advance.
  Sam
  ==================================================================
  Hi Sam,
  Could you be more specific on what you are going to do with RS?
  BPC, as you know, uses Windows AD. If you intend to use RS in BPC, you have already introduced Windows AD and BPC access security for RS.  But only given RS report is eligible in this case.
  If you want to make a report that refers to business data of BPC, and need to pass argument as query parameter such as what category, what entity, not possible actaully, no way to make it happen with standard feature of BPC. But you can think of possibility of customizing and need to find out how to pass the argument for a user(read ACS table containing security info).
  Reg. the reporting tool, if you are using 7.5, BO products is aligned well. Xcelsius and Voyager will be a tool for your requirement.
  Regards,
  YH Seo

• How to add "Team leader" field in standard BPC security report

  BPC Expert,
  We are using BPC MS 5.0 version.
  There is a checkbox in the security setup to make someone a "Team Leader" when you add him/her to a team and this checkbox determines who can post data and who cannot.  When we run the user report we see which team the user is in but we do not have visibility to whether or not they are a "Team Leader" which is what business owner needs to see to approve user access.
  I figured out "dbo.userteamassign" is the table which hold team leader value. Can anyone please tell me all the steps of adding team leader field in the standard BPC 5.0 security report.
  Thanks,
  Ketan

  Roberto,
  Thanks for the response. I know associated steps to declare business user as a team leader but my original question is "how to add a column in standard BPC security report that says who is team leader or who is not".
  Do you know the Dtx package that is responsible to supply the data to Standard BPC security report? We can enhance standard data package to pull/display extra "Team leader" column in standard security report.
  Appreciate your inputs.
  Thanks,
  Ketan

• BPC Security Migration

  I'm wondering how people migrate security between environments i.e. production to development.
  Security is typically quite different in development vs. production.  Some users will have more access in development and some users will not be active in development.  Also in some cases, users may have different id's because they are on different domains.  This means that there are many changes that need to be made before the development environment can be used.
  In version 4 of OutlookSoft, security was all contained within an Excel workbook which made it very easy to apply these types of changes very quickly.  For example, there was a column that indicated whether or not a user was active.  You could very quickly go through this column and change users from Yes to No.  Also, security could be processed all at one time.
  In BPC, there are many dialog boxes to go through which is time consuming.  There does not seem to be a way to flag a user as inactive.  I notice that the field still exists in the database table but it is not in the UI.  Also, it seems that each of the Task Profiles, Member Access Profiles, and Teams needs to be saved whenever an appset is restored or else you will get errors.  There does not seem to be a way to process the security so you do not have to visit each of these dialog boxes.
  Is anyone automating this type of migration by modifying the database tables directly instead of going through the UI?

  Furthermore, in the corporate environment we are in today (i.e. SOX, Enron, etc.), current customers would be very WEARY to implement a "workaround" (not endorsed by the vendor) to migrate security settings into a live production environment.
  I suggest you send an enhancement request via the SAP Support portal and ask that something like this be implemented in the next release of BPC.
  As a starter here are some security functions that I think should be automated via a menu option in the Security UI of BPC:
  Importing Security Information
  -Import ALL Security info.
  -ImportUsers
  -ImportUserGroupNames
  -ImportUserGroupMembers
  -ImportPrivileges
  Exporting Security Information
  -Export ALL Security info.
  -ExportUsers
  -ExportUserGroupNames
  -ExportUserGroupMembers
  -ExportPrivileges
  Deleting Security Information
  -DeleteUsers
  -DeleteUserGroups
  -DeleteUserGroupMembers
  -DeletePrivileges
  Regards,
  John

• BPC Security: User should only see status of packages started by himself

  Dear Experts,
  we have the users run packages to perform their planning process and we also trained them to check their package status so they know when to go on within the process. Until now we have not had a very intelligent security management since it's only a pilot system with a few pilot countries. Everybody had full_tsk profile. But now it should get a llittle more restrictive. Very important in the first place is, that the user only sees his own package. If he can see other user's packages this would meen he can see copied values too within the protocol but thats very sensitive data.
  I cannot find a security setting that helps me here. Do you have any hints for me?
  Thanx in advance,
  regards,
  Cora

  Sorry to confirm that security does not limit the visibility to the individual DM logs.  There is a filter capability however that could be taught to your users.
  Please include your request on the BPC page at SAP Idea place.  See the top of this forum for more information.
  Best regards,
  [Jeffrey Holdeman|http://wiki.sdn.sap.com/wiki/display/profile/Jeffrey+Holdeman]
  SAP Labs, LLC
  BusinessObjects Division
  Americas Applications Regional Implementation Group (RIG)

• Any way to exclude BPC security settings and profiles from backup/restore?

  We are on BPC 10 MS and restoring the PROD version to a DEV environment, but do not want to restore the security profiles.   Need to figure this out before new BPC development is sent back to PROD with same b/u restore process.  DEV security is different than PROD and we do not want the security profiles/settings in DEV to overlay PROD...

  Hi Mike,
  No automate process to maintain different set of users in both environments while restoring . Manually manage after refreshed based on required user profiles.
  Thanks,
  Vivek.

• BPC Security - Edit Logic Script

  Trying to find the security task that give edit access to Logic Script(BPC 10 NW SP9). Is this combined with the "Edit Packages" Data Manger task?
  Thank you.
  Regards,
  Vinod Swarnapuri

  Vinod,
  I think the one you are looking for is Manage Business Rules.
  Akos

• BPC security - task profile definition

  Hi all,
  I am trying to create a task profile which contain only the 'AppSet' task under 'Administration' interface. Here are the situations I faced: (I am using the default user when setting up BPC Server which has all authorizations)
  1. If I checked 'System Admin' in Step 1, I can not remove the other task 'Define Security' in Step 2.
  2. If I did not check any existing admin role, I can not even see the 'Administration' interface in Step 2.
  May I ask your opinion on how could I resolve this?
  Thank you all in advance.
  Eric Lin

  Eric,
  You want to create a brand new profile with every task available in BPC.
  I had the same problem and found SAP table in BI. I think if you modify this table, you can manage the security as you want but I didn't try this method.
  In sap BW, transaction se16, all the security table begin by UJE_ :
    UJE_TASK_SEC u2013 Task table (Application, Dimension,u2026),
    UJE_TASK u2013 Task Interface (Administration, Audit, u2026),
  KR,
  Samir

• Demystify ODI Security -- Documentation is very weak on this topic.

  I see 3,000 hits to one thread on ODI Security but I haven't gotten that "Ah-ha!" moment where I now understand ODI security. The SNPS_USERS.PDF (ODI User's Guide) is very light on the security section.
  I'm trying to do something I hope is very simple: Create a new user that can execute the scenarios I choose and only for certain contexts. I've been able to create a new user. I've also been able to apply a profile to the new user. But when I try to grant specific SCENARIOS I get this error:
  *"This user already have generic privilege on this object type. You do not need to set instance privileges."*
  Does anyone have any good examples on how to setup ODI security?
  -Chris Rothermel
  Edited by: Chris Rothermel on Apr 12, 2010 2:40 PM

  Chris,
  I agree that ODI security is poorly documented and seems more like witchcraft.
  Having said that, see this Re: Security
  This may give you insight into how Generic and Non Generic privileges work
  Create a brand new user.
  For your case, do the following:
  1. Create a duplicate of CONNECT profile and name it CONNECT_WITHOUT_CONTEXT.
  2. Expand it and goto Context-> Dbl-click View.
  3. Uncheck the "Generic Privilege" checkbox.
  4. Grant CONNECT_WITHOUT_CONTEXT to the user.
  5. Drag-drop the Contexts that you want the user to access from Topology Manager onto the user.
  Now user will only be able to see the contexts that you explicitly grant him.
  6. Also, for your case use NG Designer instead of regular Designer profile.
  7. The Execute Method in the Scenario object underneath this profile has been unchecked for "Generic Privilege"
  8. Login to Operator and drag-drop the scenarios on the user.
  HTH

• BPC Security - bulk upgrade

  Hello Experts,
  I need to implement a new security model for our BPC application and was curious if anyone have done mass rollouts from a backend. i.e. using BPC stored procedures instead of front end.
  Specifically, i am looking for the following tasks:
  - Delete a member access profile
  - Add a member access profile
  - Delete user
  - Add user
  Thanks in advance,
  Akim

  Traced deletion of profiles/user T-SQL. Adding profiles/users manually - not worse scripting.

• CE UME Security Documentation

  Does anybody have any documentation or links to documentation that explains all of the CE UME Roles and Groups that SAP-Delivered. We would like a complete explaination of the security linkage to access, so we do not have to test every single combiantion.
  Thanks in advance!
  Edited by: John Stephens on May 10, 2011 2:14 AM

  Hi John...
  Here you can find all security guides related to SAP Netweaver CE..  https://cw.sdn.sap.com/cw/docs/DOC-105295
  SAP NetWeaver CE Core Components
  SAP NetWeaver Application Server Java Security Guide
  Security Guide for Connectivity with the AS Java
  Security Aspects for Development Technologies
  Security Aspects for Web Services
  SAP NetWeaver CE Additional Components
  Portal Security Guide
  Visual Composer Security Guide
  Composite Application Framework Core Security Guide
  Business Process Management Security Guide
  Security Guide for Guided Procedures
  SAP Interactive Forms by Adobe Security Guide
  Security Guide for SAP NetWeaver Voice
  Security for BI
  Hope it helps....
  -PradeeP

• BPC Security

  To All BPC Experts,
  I am using SAP BPC MS V7
  Q1 - In the security How do I add AD User Groups in Custom Filter to the  (BPC has this opion but I can not add the filter as all 3 options are grayed out or dose not accept my input)
  Q2 - Is there an easy way to search for users in the search function that BPC provides?
  Thanks for all of your help.

  Q1 - Below is what i found in BPC help. Thanks for your direction.
  Rather than allowing all users within Active Directory (AD) to access Business Planning and Consolidation (BPC), you can limit the pool of users by adding them to a particular domain and then giving access to only those users. This is important because if you try to add a user from the entire AD, BPC may time out while searching.
  Features
  Defining User Groups
  You use the following features for defining a user group.
  Choosing user group names
  The group name is displayed in the Add Users assistant in the Admin Console. The default group name is u201CDomain usersu201D if a domain user installs the BPC server. The default group name is u201CLocal usersu201D if a local user installs the BPC server. You can modify the settings for an existing group by selecting the name of the group from the list.
  Defining Filters
  You use filters to define user groups. The following table includes examples of filters you can define:
  Scenario
  Example
  Description
  Single organizational unit (OU)
  OU=Marketing
  Finds users of the Marketing OU.
  Multiple OUs
  OU=Sales;OU=Marketing
  Finds users of the Sales and Marketing organizational units.
  Multiple OUs from a single container
  OU=Sales;OU=Marketing;CN=Users
  Finds users of the Sales and Marketing organizational units and the Users container.
  A group (or user) in an OU
  CN=DM,OU=Sales
  Finds users of the DM group in the Sales organizational unit.
  Multiple groups (or users) in an OU (when multiple groups are in a single or different groups)
  CN=DM,OU=Sales;CN=DM,OU=Sales2
  Finds the users of the DM group in the Sales2 organizational unit and the users in the DM group in the Sales organizational unit.
  Mixed condition
  CN=DM,OU=Sales;CN=FR,OU=Sales2; CN=HR,CN=Users
  Finds users of the DM group in the Sales organizational unit, users of FR group in Sales2 organizational unit, and users of HR group in the Users container.

• BPC Design Documentation

  Hi all
  Are there any Design Documentation about implementing BPC available
  Thanks

  Hi,
  You can try at this site
  http://www.sap.com/usa/solutions/sapbusinessobjects/large/enterprise-performance-management/planningandconsolidation/brochures/index.epx
  and
  https://www.sdn.sap.com/irj/scn/wiki?path=/x/zb4
  Hope it helps.

• French label security documentation

  Hi,
  I need to get the 9iR2 Label Security administrator guide or some French 9iR2 whitepaper on label security.
  Can someone here please refer me to such document? I do not speak French, so I had an hard time looking for it at the OTN.
  Many thanks,
  Ofir

  It is on a separate CD.
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Ken Chan ([email protected]):
  Oracle Label Security is available in Oracle 8.1.7. Is the Label Security packaged with the standard edition or does it only come packaged with the enterprise edition?<HR></BLOCKQUOTE>
  null

• BW BPC 10 input form security

  Hi,
  i would like to ask you a question about BW BPC 10 input form security.
  I want to apply sequrity to input form for each BPC users.
  forexample i have 4 input form in BPC system, form A, form B, form C, form D.
  i want to give a access security to user1 only form A and form C  or  can i apply security to input form folder.
  is there any way  to do this issue.
  Thank you.

  Hi,
  Once you create teams in BPC security, assign some members to that team.
  Now, in your EPM addin, by default, the templates are usually stored in the COMPANY folder. While saving the templates, you will see the teams, on the left side, that you have created in BPC admin.
  Save the templates in one of these teams.
  Please note that you need to be part of the team in order to save the template.
  Hope this helps.