on 08-31-2012 3:39 PM
I have created several OLAP Connections (via BICS) for a Crystal Report I am building. I don't have any issues creating the connection, rather a question regarding best practices when creating the connection, specifically the supplied userID and password. We are using SAP authentication and do not have SSO configured. When I first started creating my connections, I was supplying my own BW userID password and everything was fine. My concern is that if my ID becomes locked, or my password must be changed, there will be issues (most likely errors) due to the fact that my own BW credentials have been supplied in the connection information. I would have to go into each connection and change the credentials to the new PW. To get around this issue we created a system user ID in BW (system ID's pw's don't expire) and then I changed my connections to use this ID instead of mine. The issue here is I can't connect to the BW data with this user ID.
Has anyone run into this issue, and if so any ideas on how to remedy?
Thank you.
Josh Dunlap
Hi,
I believe it has to be a BW dialogue user.
The BI4 Administrators guide will also outline the roles required.
by the way, this can't be considered a best-practice, because data will be secured according to the credentials of this hardcoded login. it's OK for development, but wouldn't be adequate for Production data security.
Regards,
H
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Henry,
Thanks for the info. What is SAP's recommendation for securing these connections (and the underlying data) in a production environment? If we must supply a userID and password for each connection, what other options do we have besides what we are doing right now (creating a separate userID and password strictly for connection creation purposes)?
Thanks,
Josh
Hi Josh,
The best practise for when you are using BI40 on top of BW is to use SSO to BW (not SSO to BI40, that is not needed).
You use SAP BW as entitlement system (SAP authentication) and connect the other security with the BW roles. So all authorization is handled from within BW.
Then you set up the connections to use sso and log into BI40 with SAP authentication.
It will then be able log on to BW without further checks, using the BI40 userid, because the authentication was already done during the login to BI40.
Hope this helps,
Marianne
Note that the BW users have to have the rights to run the bex queries through the web to able to use the corresponding connection.
It would be nice if your security model made sure they only 'see' connections they can actually use
Hi,
Do you have the new user id assigned in BO?. and assign rights
Thanks,
Jothi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.