Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trace tool in BO CMC for determining security rights?

former_member318517
Participant

‎08-28-2012 7:31 PM

0 Kudos

Hello all,

Is there an ST01 like trace tool Business Objects CMC for determining what rights are required to perform an event, for example executing a Dashboard?  We are upgrading to BI40 and in BI3.1 a particular dashboard was executing fine with just View on Demand rights to the folder the Dashboard resides, folder the Universe resides and folder where QaaWS resides..and a few other little rights.  In BI4.0 when running the same Dashboard where the objects have been upgraded to 4.0, I get a "Your security profile does not include permission to edit this document. (Error: ERR_WIS_30252)" and I really don't want to try and figure out what individual rights are missing.  I'd like some trace tool to tell me exactly what rights are missing.

Thanks,

Tom

3 REPLIES 3

Former Member

‎08-31-2012 6:11 PM

0 Kudos

You need to assign the rights whatever the user needs through access levels and assign that access level to the user group whoever needs that right. Rights are sap default rights and we can not create any custom rights. Rights are classified into 4 categories General, Content, Application and System for different applications and you can assign the required right to the default access level or custom access level and assign that AL to the user group.

former_member318517
Participant
In response to Former Member

‎09-13-2012 8:58 PM

0 Kudos

Yes, I'm familiar with the different rights and categories.  My question is how does one determine what rights are required to run an application like Webi, Dashboards, Crystal reports..etc without there being some trace tool in the CMC?  I can't just blindly assign rights to someone. 

Thanks,

Tom

Former Member

‎09-13-2012 9:16 PM

0 Kudos

I have observed for the same reason that customers use front end visiblity of the dashboards / queries to determine such access (portal roles) to make it only "crispy on the outside" via visibility. Risks are always that users can break out of their functionality, overwrite URLs or their parameters, find APIs, etc. => The downside is that it is "soft on the inside".

I am not aware that the concept supports functionality such as tracing as we know it in ST01 sense for granularity.

The upside is that you do not have 4000+ authorization objects like you do in ECC systems...  😉

Sorry that I cannot help more than that.

Cheers,

Julius