We are using Explorer for our business users and they are all interesting in this reporting tool

For the connection type in SBO

Explorer, we are using:

1. BWA

2. UNX (connected with relational DataBase)

3. Excel on launch pad

4. Excel on the fly (Ad-hoc loading in home-page)

So the security control will be the 1^st priority for us to implement the SBO Explorer, due to below two reasons:

1. Explorer belongs to self-reporting service. We cannot implement same security strategy as Dashboard,

Crystal Report, Webi, etc

2. There are several connection for Explorer and we hope that we could use same principle to control these
connections

At that time, the challenge is large to us because I cannot find any best practice for SBO Explorer security
control to reference

So I change my mind and back to look at what SAP provides to us. We have below tools to do some security
control

1. User group in RSDDTPS. This is BWA used only. We could assign different user to different group and for
different group to do some control whether we want user to see these data

2. Authorization Object. This is also for BWA used only. We could assign different authorization object for
different user/group to control the row data in BWA level

3. Personalization. This could be used for almost all case but will conflict with the no.4 method and you must
manually turn on this (In other words, if user has some IT knowledge, they could turn off as well)

4. Folder control. This is also could be used for all case and this is part of concept for BIP. For different
folder, using different group to control this. This method may conflict with Personalization because you need to ensure user has right access to the Infospace which control the personalization

5. Universe control. This could be used for universe connection. Honestly, I never use this. From my perspective,
this is not good for SBO Explorer. Basically for non-real time data, we will do the index for user in advance instead of using refresh button to get new data

Now, you could see it might be difficult to use the same methodology to do the security control.

From my perspective, my recommendation sequence will be

1. Folder Control

2. Personalization

3. User group

4. Authorization object

5. Universe control

Folder control could be fetched for all scenarios and user may has strong desire to show their InfoSpace / E-view under fixed group which means other user cannot SEE these objects (not equal to access)

Personalization will be currently the best method to control data under row level but two points need to be noted: The field must exist in the dataset and user has access to the control InfoSpace (I really hope SAP could allow us to hide the control field and set control on turn-on/off the Personalization)

User group/Authorization object, these are only for BWA usage. I think no much difference just depends on your system design

Universe control is not good for Explorer I think. You might let me know your comment on this

All above is my understanding on the SBO Explorer Security control and please feel free to let me know your comment
At last thanks for those who help and support me on Explorer

Alex yang