Practically, a system administrator will have access by default to all CMC tabs from the CMC Home page in SAP BusinessObjects BI Platform 2025 (Full Control predefined access level is assigned to Administrators group by default). The following guidelines help you administer the CMC tabs that other principals can access.
- To simplify the management process, you want to manage CMC tab access on a group level.
- For CMC tabs that have top-level folders, you grant access to specific tabs (Folders, Access level, Users and groups) and grant specific objects of these tabs (Sales document folders, Sales access levels, Sales users and groups).
- CMC Tab Delegation Process:
To fully implement and test this CMC Tab delegation on SAP BusinessObjects BI Platform 2025, administrators will have to complete the following steps:
- Create a new CMC delegated group (for instance, a Sales Department Administrators group).
- Assign a new CMC delegated user to the new CMC delegated group (for instance, new members of the Sales Department Administrators group).
- Enable restricted access to CMC Tabs for the CMC BI application.
- Configure CMC Tabs for the CMC delegated group (for the Sales Department Administrators group).
- Setup object security (sales document folders, sales access levels, sales users and sales groups) for the CMC delegated group (for instance, to the Sales Department Administrators group).
- Test security for delegated users in CMC.
1. Create A New CMC Delegated Group
An administrator wants to restrict the usage of CMC to a specific department group (for instance, a Sales Department Administrators group) to administrate only their related objects (for instance, only Sales documents, Sales universes and connections and Sales users and groups...). To do that, the administrator will create a new group from the Users and Groups tab in the CMC.
2. Assign The New CMC Delegated Group To CMC Delegated Users
Once the specific department group is created (for instance, a Sales Department Administrators group), you have to create or add some users as new members of this group (for instance, create or add new member Sales_Admin in the Sales Department Administrators group). To do that, an administrator will create/add users in the group from the Users and Groups tab in the CMC.
3. Enable Restricted Access To CMC Tabs
Once the specific department group and admin users are created, you have to enable the restriction on CMC Tabs at the system level. By default, this restriction is not enabled, meaning that neither delegation is active nor CMC Tab restrictions are enabled in SAP BusinessObjects BI Platform 2025. To do that, an administrator will enable the restricted access to CMC Tabs from the Application tab in the CMC.
4. Configure CMC Tabs For The CMC Delegated Group
Once the restriction on CMC Tabs is enabled at the system level, system administrator has to configure which CMC tabs will be visible and hidden for a specific group (for instance, the Sales Department Administrators group). To do that, an administrator will select tabs and permissions to grant or deny access to a specific tab from the Users and Groups tab in the CMC.
Note
CMC tab access rights and the permission to configure CMC tab access for other principals are both applied and inherited like other security rights on SAP BusinessObjects BI Platform 2025.
If a principal is a member of two groups, tab access is calculated as usual. For example, a CMC tab is granted to you in one of the groups and denied in the other, you won't have access to the CMC tab.
Changing the CMC tab access right of a group changes the same tab access for all principals in the group, when their CMC tab access is set to Inherited.
Tab access set on the user level always supersedes tab access inherited from user groups.
Caution
5. Setup Object Security For The CMC Delegated Group
Once the CMC Tabs have been secured for a specific group (for instance, the Sales Department Administrators group), system administrator has to secure every single object for this specific group (for instances, sales document folders, sales access levels, sales users and sales groups). To do that, an administrator will add a new principal and he will assign an access level for every single object in the CMC as per other principals.
6. Test Delegated Security In CMC
Once all previous steps have been completed system administrator can test the CMC Tab delegation in BI Launch Pad. To do that, the delegated administrator will log in as a member of the delegated user group (for instance, the Sales Department Administrators group) to check which tabs and objects he will see in the CMC.
Watch this video to see how to create a delegated administrator for CMC.