Trusted Data Discovery using SAP Lumira – Security Webcast
This was an SAP webcast today. Below are my notes. The usual SAP Legal Disclaimer applies; things in the future are subject to change.
Figure 1: Source: SAP
You should think of security on data sets, when stories are published to Cloud, BI Platform, Server
What security do you have on this?
What can be done when designing on desktop before sharing?
Figure 2: Source: SAP
Figure 2 shows you need to think about security
There are two different kind of dataset groups – one is download approach including the universe and HANA
When using the Connect online approach Lumira respects user rights
Figure 2 shows you can enforce a refresh for the universe
Lumira Desktop Governance
Companies have concerns about sharing to the cloud
Figure 3: Source: SAP
IT can enforce desktop governance
It can handle the data source type
Preferences have configurable URLs – the admin can restrict
The speaker said you need the BI Platform with Lumira add-on installed (not Server; server is needed for sharing)
Figure 4: Source: SAP
Need to create text file
Looks at CMC and fetches properties for user
Using BOE for this and authentication type depends on what is set for CMC
Figure 5: Source: SAP
Figure 5 shows the properties file; you create a file by naming, and maintain the parameters
Figure 6: Source: SAP
Figure 6 shows where the preferences defined. You can allow the URL to be edited or not
Figure 7: Source: SAP
Figure 7 shows before and after screen shots. The lower right shows “Editing URL has been disabled”
Figure 8: Source: SAP
Figure shows using the BI platform to define access to features
You can define security for a specific users or user groups
Figure 9: Source: SAP
Figure 9 shows before and after with the data source rights. There is no access to the HANA or BW.
Figure 10: Source: SAP
Before and after sharing rights is shown in Figure 10
Figure 11: Source: SAP
Figure 11 shows priority of access rights.
Figure 12: Source: SAP
Infographics – what is use case?
Normally they are static
If have fresh on open set it will refresh
Figure 13: Source: SAP
Figure 13 shows you can share a story with team or others
If share story you share access to dataset as well
You can also stop sharing of dataset
SAP plans to work on security in Cloud – for the admin to give Cloud security access right – restricting sharing private, not public
Figure 14: Source: SAP
Figure 14 shows Lumira Server access. The HANA admin needs to assign roles to user – data consumer or analyst.
Figure 15: Source: SAP
Figure 15 shows you share only with those who have access
You decide which roles to share in edit or view mode
Figure 16: Source: SAP
You can use BI platform security on the folders in CMC
Figure 17: Source: SAP
Figure 17 shows access to the universe, fetched from BI Platform
There are different options.
Universes have the option to do a data refresh to ensure have latest data
It can be an on demand refresh or scheduled refresh
For BW offline use case – might be able to have server side refresh for data like universes and user sees only data they have access to (future)
The session included a demonstration; when the recording is available I encourage you to watch it.