on 04-05-2010 7:39 PM
Greetings,
We are using BO 3.1 SP2 with databases on Oracle 10g.
We are working on upgrading to Oracle 11gR2 and enable end-to-end SSO to oracle using kerberos and active directory but that is a few month down the line. Right now we use Oracle credentials to log-in to the database.
We have for strict data security policies. We have huge amounts of confidential data that only specific users can view.
We require that users of universes are prompted for their database credentials during run-time when using web intelligence.
How can we do that?
Note: Generic database credentials or service accounts are not an option.
We are trying to promote WEBI to our wide user base and this is a major obstacle for us.
Thank you for your help.
Regards,
Hassan
When you create the connection in Designer to create the Universe, you can either use generic userid and password or has an option to pass the credentials of the user who logged on to Business Objects InvoView/DeskI/etc. If you use the second option query will be executed with the credentails of the user at the database. This way, if the security is defined at the database level, you will see the data what they are suppose to see.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Sreedhar for your prompt response.
When I create the connection I only have three options:
1. Specific User ID and password.
2. credential Mapping. (Not practical since we have many users).
3. SSO (not yet configured).
I can't see the option you specified. is there some setting that I can configure to enable this option?
2) Use Business Objects Credentials mapping.
If you select this, automatically username and password will be greyed out. User must have the same credentials as Business Objects.
It really doesn't matter how many users are there. All users must be defined at the backend with appropriate rights.
Thanks Again.
I tested it and it works.
Our problem with this approach is that we have many users.
Do we have to ask every user to logon to CMC and configure his own Database credential mapping?
or is there a better approach.
Also, when it comes to designing, using the credential mapping doesn't allow the developer access to the database from designer. The way around this, as I see it, is to design the universe using a generic ID then changing the connection to a credential mapping connection to the same database before exporting the universe to Enterprise. Is this a good approach? if not, please suggest a better approach.
Thanks again for your help.
Regards,
Hassan
Users don't have to configure anything in CMC or any other tool set. It is all internal thing.
It really doesn't matter for the designer to use generic credentails while designing the universe structure. As long as the tables are exposed to all users, it really doesn't matter. Remember universe is metadata (no data is stored in the universe). When the user creates a reports, it generates the SQL based on the joins in the universe structure and sends that SQL to database for execution. Based on the security defined at the database level, they get the data.
Also look into Table Mapping option in the designer. In Designer guide 3.1 it is on 591 page.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.