Skip to Content
Author's profile photo Manikandan Elumalai

BusinessObjects Administration – Setting up security model – An easy way to configure and manage

Designing security model is one among the important phase in BusinessObjects implementation/migration projects. Well-organized security model not only provides easier Administration but also ensures security is seamlessly implemented across different functional/application user groups with less maintenance effort.

From this blog on wards, we are going to see how to design and implement the security model. Before starting the design, we should consider the below things

Various rights categories (as on BI 4.0 SP3)

There are 4 different rights categories as we already aware and they listed below

  • General
  • Application
  • Content
  • System

I have consolidated all of them and the same is depicted below


Various user categories

Always categorize users based on Application as well as functionality (what they can do). I have categorized users based on their BusinessObjects Application/content and their functionality on BI content

Application wise user category

User category


Crystal users

Crystal report users

WebI users

Web Intelligence report users

Dashboard users

Xcelcius dashboard users

Design Studio Users

Design Studio dashboard users

Universe/Information designers

Universe Designers

Analysis users

Analysis Application users

Explorer users

Explorer application users

Mobile users

Mobile report users

Functional user category

User category


BOE Users

All users of the BusinessObjects system


Users who can only view/refresh the reports

Interactive Analysts

Analysts can refresh/create/modify the reports that they create and they cannot create/modify the corporate reports

Interactive Authors

Analysts can refresh/create/modify the corporate reports

Super Users/Managers

Users who can manage and maintain document as well as users for a particular application/department

Content Schedulers

Users who can schedule reports for their own and on behalf of others

Content Promoters

Users who can migrate/promote BI content across different environments

Delegated administrators

Users who can administrate the Businessobjects deployment as a whole or part of it

Based on the rights and user categorizations we are going to see more about the security model design in my upcoming blogs! Thanks for reading!

Related blogs

BusinessObjects Administration – Setting up security model – Part II

BusinessObjects Administration – Setting up security model – Part III

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Vijay Karthick
      Vijay Karthick


      Author's profile photo Former Member
      Former Member

      This is a great post and good beginning for implementing security model in Business Objects, I appreciate your time in contributing your valuable time by posting in the BI Platform blog. Looking forward for your new posts on security model, which is a rreal challenge for clients migrating from BOXIR2 versions to BOXIR3.1 and BI4.X versions.Hoping to see your new blogs that would include exact rights for the above mentioned Application & Functional rights that will help lot of administrators plan their security model with reference to your security model listed here. Thank you once again.

      Author's profile photo Former Member
      Former Member

      Thanks for the information

      Author's profile photo Rishabh S
      Rishabh S


      thanks for sharing.



      Author's profile photo Robert Hoversten
      Robert Hoversten

      Helpful, Thanks!

      Author's profile photo S man
      S man

      Really thanks for sharing such a knowledgeable document.

      I have a question..

      Person who designed security in my organization left the company. Now I would like to export current security into excel or PDF format (other than query relation process) to understand security design.

      Could you let me know the process

      Thanks in advance!!! 

      Author's profile photo Former Member
      Former Member

      Dear Mani,

      Your blogs are always helpful be it Query Builder or this one, Thank you very much for sharing knowledge.

      I was trying to set up few rights and was wondering if we have customer access rights to restrict WEBi users/consumers from ADD QUERY button. Basically, I wanted to put limitations for users where they should not be able to see/implement ADD QUERY. What has already provided in WEBi - should be final for them just that they should only be able to add few more objects from available Data Layer i.e. Universe (IDT).

      I hope you got my query.

      Any insights on this will help us implement security structure better.

      Thank you in advance.