Creating BO Security Matrix using SBOPRepositoryExplorer
This post contains how we can create an useful security matrix in SAP BO BI using the SBOPRepositoryExplorer connector.
Shortly I want to show you next content for this example of security matrix:
- Access Levels (ACLs) definition;
- Groups and Users Relation;
- Application Rights;
- Folder Rights;
- Universe Rights;
- Connection Rights.
1. How to extract ACLs
Using the universe provided in SBOPRepositoryExplorer and WebIntelligence:
We could use next dimensions to extract the ACLs from our CMS repository:
Next step is create some required variables for our example:
=If ([Specific Right]=0 And [Right Group Name]<>"General")
Then "Overwrite General"
Else
If ([Specific Right]=1 And [Right Group Name]<>"General")
Then "Specific Right"
=If (Count([CRole Right ID]) Where([CRole Right Granted]=1))>0
Then 1
Else
If (Count([CRole Right ID]) Where([CRole Right Granted]=0))>0
Then 0
Else Count([CRole Right ID])
Now we can create a cross-table like:
And for the values ( ) we can use conditional formatting rules:
2. Groups and Users Relation
For this kind of content we can use different perspectives/views in function of our requirements, but anyway, we can use next basic dimensions:
Here we have an example with:
“Group Name”
“User Name”
and for the value we can define next formula:
=If Count([Group Name])>=1
Then "X"
Else ""
Other example using full path:
3. Application Rights
For applications we can use next dimensions:
A possible example:
4. Folder Rights
For folder rights we can use the same logic than application rights:
5. Universe Rights
In next example we are showing rights for universe folders:
6. Connection Rights
Like the previous one we can use next dimensions:
This is a simple way to create online our security matrix for SAP BO BI.
Thanks and enjoy!
Jorge Sousa
This is great.
This is a tool we were waiting for ...
Hans
Many many thanks Hans!
I'm working in a new release (at the end of this week) with more features: possibility to attach an XML file with your own SAP BO BI - CMS queries and an Excel with personal data to do on memory, for example some comparisons.
Best regards,
Jorge Sousa
There is a new release with more features: create own CMS queries from an external XML file and import from an Excel file own data to compare online data with offline data:
http://www.snapspace.pt/download/SBOPRepositoryExplorerFree201.zip
Jorge Sousa
Hi Jorge,
I would like to see all the folders and sub folders and the groups mapped on these folders. Can you please guide me on how I can pull the data.
Dear Shahee,
Sorry for the delay, but yes, you can use next objects in the universe:
- From folders:
+ Folder Relative Path
+ Folder Name
- From Rights ACLS --> Folders Rights
+ FolderRight Group Name
+ FolderRight Role Name
+ FolderRight Is Inherited
I hope help you.
BR,
Jorge Sousa
Hi,
Really this a tool where admins are waiting for...
At the same can you help me out to find list of reports and instance count which are stored in users personal folder ?
Moreover really thanks for your support to resolve RDBMS error ..
Thanks
Hi,
Ya, I think the same.
You can select next objects in the universe:
- Personal Folders --> PFolder Path
- Personal Folders --> PFolder Name
- Personal Documents --> PDocument Name
- Personal Documents --> PDocument is Instance
With "PDocument is Instance" you can filter with 0=No instance and 1=Is an instance.
Thanks and regards,
Jorge Sousa
Version 2.0.4 was released:http://www.snapspace.pt/download/SBOPRepositoryExplorerFree204.zip
Hi,
If i try to edit the connection, i got the following error:
Fehler:
Specified RDBMS is invalid : SBOP Repository Explorer
Fehlerursache
Interface requested not found : csOCA
Fehlerursache
Session ID was not specified
any ideas?
thx for reply!
Michael
Hi Michael,
It seems that the connector was not found by the IDT. Please review the open.sbo or also do a backup of this and replace by the provided in the zip.
Please, review the installation steps provided in the pdf with the connector.
If you still have the error, send me a print screen with the folder where you deploy the connector and also the open.sbo file to the email jorge.lourenco@snapspace.pt
Best regards,
Jorge Sousa
Hi Jorge
thanks for your Support, now it's working!
Kind regards,
Michael