Skip to Content

These days end users from Business Houses prefer to login to the one and only enterprise portal in their SAP landscape to view and analyse BO BI reports rather than doing a separate login to the BO BI launchpad. This blog post discusses about the configuration and issues related to such usage.

Pre-requisites

1. SSO must be configured across your BW ABAP system, AS Java Enterprise Portal and BO BI system. Certificates are exchanged between your portal and BW systems and you configure the SSO via creation of system objects in enterprise portal and do a subsequent test of the same using the test and configuration tools in enterprise portal. Similarly you need to import the certificate generated in the OS level of BO system and import the same into your BW ABAP system and activate the relevant parameters in the properties of files of the BOBJ system and at the same time importing the keystore into your BO CMC, Remember that other than setting up of parameters (like the change of the global.properties file and the OpenDocument.properties file), NO exchange of certificates are performed between you portal and BO systems.

2. Setup entitlement systems in the SAP authentication inside your BO CMC by putting in the relevant information of your BW ABAP system. Import the BW roles (the roles for which you want the BI reports should have access) from BW ABAP system into your BO system. Give those roles adequate security in the BO folder level (view, view on Demand or advanced rights according to the client’s requirement). Ensure that the same SAP users have proper enterprise portal roles assigned to them so that they can view the BI tab created for them inside portal which is housing all the BI report links (url iviews), and finally the same users should have enough authorization in the backend BW system so that they can fetch the data from the OLAP cubes, info-providers as and what is applicable (having right amount of securities in all these three levels particularly at the BO and BW end resolves lots of report related issues).

3. Ensure that the Business Objects template is available in portal when you intend to create a system object for the BO purpose inside the System Administration -> System Landscape. If it is not available try to incorporate it via epa file transport.

You can create one separate folder to club system objects of your organisation inside the portal content tree. We are just going ahead with the creation of the BO system object inside the portal content tree within System Administration -> System Landscape.

Untitled.jpg

Select the appropriate Business Objects template from the list,

Untitled.jpg

And then proceed with keying in the following properties,

1st being connector :-

Group – The logon group which has been created in SMLG of BW ABAP system which you intend to use for logon whenever a particular BI report is viewed via portal

Logical System Name – Is the one for your BW ABAP system SIDCLNT640 (say).

Message Server – One that hosts the message server of your BW system; ideally the ASCS instance fully qualified domain name.

SAP Client – The client number where all the BW cubes and infoproviders exist

SAP system ID – SID of BW system

Server Port – Port Number for your message server defined in SMMS of BW system. you can also find the same from your ASCS instance profile. Typically, 36<port_number> where port number corresponds to the instance number of ASCS

Untitled.jpg

In the below step you need to key in the OpenDocument URL for your BOBJ system which is http://<servername>:<port>/OpenDocument/opendoc/openDocument.jsp

The port number will be the Tomcat port for your BOBJ installation typically 8080 (rare occasions it can be of WACS also, which is 6405) and server name will be the application server where your BOBJ enetrprise and web application services have been installed. for production system normally this host name and port number is replaced by some alias name.

Untitled (2).jpg

Add the alias. In our case we have kept the system object name and alias name to be identical which is SAP_BO_TOMCAT. It can differ.

Untitled.jpg

To troubleshoot issues regarding the errors related to usage of url iviews you need to read, as always the case, the log files which you can view by logging on to your portal netweaver administrator and navigating as below

Untitled.jpg

Selecting log viewer you get to see the below page and then if you click on the small arrow head of the view button you can list out the errors and their reasons. A mode set with DEBUG will enable you the entire course of action for a particular user starting the login into portal until he encounters the issue while viewing the report. These log files are nothing but the default trace of your AS Java system which you can also view by logging into the OS level of your portal application server and navigating to the appropriate server<n> directory.

Untitled.jpg

Untitled.jpg

You can always view ID and CUID of your particular BI report by logging on to BO CMC and then navigating though folders (and your appropriate LOB folder structure where you have deployed the report). Just in case you need to verify that this is the report that you are using in the url iview.

In the enterprise portal you can view the iview in Content Administration -> Portal Content Management and inside the portal content tree

Untitled.jpg

Right click any iview and open the properties section. Select the category Navigation and then there will be one option called Quick Link and therein you can give the name which will be your actual iview URL.

Untitled.jpg

On selecting the category SAP Business Objects you get to see the document id and opendocument url which I’ve mentioned above. Alsp there is System. Remember that this is the alias name and NOT the system object name defined at the time of creation of the system object.

Untitled.jpg

SAP has a wonderful logging mechanism and you need to know the way to look into them to find out the reasons. Trust SAP. It won’t hurt you back!

Stay intrigued,

Raj

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. ABHISHEK SINGH

    Hi Rajarshi ,

    I am observing a strange issue in SAP BO CMC

    whatever user are created they all have Administrator Authorization .

    My Assumption is there is SSO between BW and BOBJ .So Whatever Users are created theyin SAP Bw they all have administrator authorization .

    So My Questions is how tp do the analysis and Strategy for this .

    Regards,

    Abhi

    (0) 
    1. Rajarshi Chatterjee Post author

      Hi Abhi,

      SSO has been set up between BOBJ and BW ABAP, this does not imply that all users from BW will be created under the administrators group in BOBJ. Once the users are updated from BW into BOBJ you can place them in custom created groups of BOBJ by right clicking the user and then adding it into the selected group. In your case if all the BW users are having admistrator’s access in BOBJ, it means that you need to check the top level security of the affected group in BOBJ and check whether that has administrative privileges assigned to it. If that is the case then all the child groups will inherit that privilege. You would need to explicitly deny them in the children principals. Else, you can go for creation of custom access levels without having adminstrative privileges and then assign those to the child groups, but then even after that it’s better to explicitly deny the administrative privilege.

      Thanks,

      Rajarshi

      (0) 

Leave a Reply