Best Practices for Creating OLAP Connection (BICS) in IDT
I have created several OLAP Connections (via BICS) for a Crystal Report I am building. I don't have any issues creating the connection, rather a question regarding best practices when creating the connection, specifically the supplied userID and password. We are using SAP authentication and do not have SSO configured. When I first started creating my connections, I was supplying my own BW userID password and everything was fine. My concern is that if my ID becomes locked, or my password must be changed, there will be issues (most likely errors) due to the fact that my own BW credentials have been supplied in the connection information. I would have to go into each connection and change the credentials to the new PW. To get around this issue we created a system user ID in BW (system ID's pw's don't expire) and then I changed my connections to use this ID instead of mine. The issue here is I can't connect to the BW data with this user ID.
Has anyone run into this issue, and if so any ideas on how to remedy?
The best practise for when you are using BI40 on top of BW is to use SSO to BW (not SSO to BI40, that is not needed).
You use SAP BW as entitlement system (SAP authentication) and connect the other security with the BW roles. So all authorization is handled from within BW.
Then you set up the connections to use sso and log into BI40 with SAP authentication.
It will then be able log on to BW without further checks, using the BI40 userid, because the authentication was already done during the login to BI40.
Hope this helps,
Note that the BW users have to have the rights to run the bex queries through the web to able to use the corresponding connection.
It would be nice if your security model made sure they only 'see' connections they can actually use