Securing a Deployed Universe with Security Profiles

Objectives

After completing this lesson, you will be able to:

  • Discuss Universe Security Options

Universe Security Options

Universe security starts when the universe is published to a repository on the SAP Business Intelligence Platform. Published universes are stored in the Universes folder.

Two Levels of Security

First level of security

The SAP BusinessObjects administrator grants the right to access specific folders, resources, universes, and connections in the repository to specific users and groups.

Second level of security

Using the Information Design Tool Security Editor, you can restrict the data that is returned in a query using query limits and controls, filters, and row restrictions. You can also grant or deny access to objects and views in the business layer. To create this level of security, you define security profiles for the universe and assign these profiles to users and groups.

Universe Security Profiles

A security profile is a group of security settings that apply to a universe published in the repository. The settings control the data that is displayed and modify the parameters defined in the data foundation and/or business layer. Profile settings determine what objects, data, and connections the user sees when connecting to the universe.

Types of Security Profiles

  • Data Security Profiles have security settings defined on objects in the data foundation and on data connections.

  • Business Security Profiles have security settings defined on objects in the business layer.

Note

All Data Security Profile settings apply to relational universes only. Business Security Profiles can apply to both relational and OLAP universes.

Multiple profiles can be defined for each universe. When you assign a profile to the user, the system applies the security settings defined in the profile whenever the user runs a query on the universe.

You can assign more than one profile to a user or group. A user might be assigned a profile and also inherit profiles from groups. When more than one profile is assigned to a user, the profiles are aggregated to produce a single group of settings called the net profile. Aggregation follows priority and restriction levels that you can modify in the Security Editor. You can also see which profiles a user or group inherits, and preview net profiles for a user or group.

Profiles are stored independently from the universe itself. Changes in the data foundation or business layer of the universe do not affect the profiles when the universe is republished. Similarly, changes in a profile are independent of assignments, so you do not have to reassign a profile when it is modified. It remains assigned, including any changes.

Profiles created for a universe are deleted when the universe is deleted.

Log in to track your progress & complete quizzes