Skip to Content
Author's profile photo Greg Wcislo

Governing Lumira Desktop using BI4 without HANA

Update:  This feature is now available with BI4.1 SP5 FP3 and does not require the Lumira Integration add-on.    


If you’ve attended the ASUG2014 BusinessObjects User Conference or have been attending some of the latest webinars, you will have heard about the ability to restrict the Lumira Desktop functionality using rights in the CMC.

Let’s dive into the details:

Prerequisites:

  • Lumira Desktop 1.19 or higher
  • BI4.1 SP5 or higher (or BI4 Integration for Lumira)

Overview of the rights:

From the Applications tab in the CMC, navigate down to SAP Lumira. 

The following is a set of rights you can set, which should be fairly self explanatory.

Enabling/Forcing Desktop Governance

This feature is managed through forcing a logon to your BI system at each startup of the Lumira Desktop.

You can, and it is recommended that you do set up kerberos SSO for lumira desktop to make this step seamless.

The logon is controlled through the placement of a .properties file, placed in the Lumira Desktop application directory.

The steps are also described in section 4.6 of the BI add-on for Lumira.

The format of the LumiraGovernance.properties file should look something like this:

enable=true

adapter.type=boe

authentication.type=secEnterprise

rest.url=http://myserver:6405/biprws

useSSO=false

Where enable/disable turns this feature on or off,

“adapter.type” will need to be boe, but you can see that this could in the future open up other types like Lumira Server

“authentcation.type” will be enterprise, AD, LDAP or SAP, in the following formats:

secEnterprise
secLDAP
secWinAD
secSAPR3

The rest.url will be the same that is used to publish to the BI platform and

“useSSO” will dictate if a prompt should appear or if single signon will be used.

SSO Bonus:  You do NOT need to perform additional configuration here to enable kerberos for this workflow, such as a krb5.ini file.  In other words, you do NOT need to perform the steps that you would need to access universe data described in this KB http://service.sap.com/sap/support/notes/1995864

Place the file in the user’s work directory.

C:\Users\<user>\.sapvi

Provisioning the LumiraGovernance.properties file

By now you will have noticed that this is just a plan text file.  How do you get this onto the user’s desktop?

To make the feature effective, you do need a centralized software distribution system, and one that will set this file to read only.

See the effect

The following shows a difference in UI between the full unrestricted mode and restricted mode for data acquisition.  We have limited the user to use only certified corporate data from a universe and their local system.


The below shows limiting the publishing destinations to BI only, and includes the prevention of exporting to a file.


Pushing settings to client

Using the settings of the SAP Lumira applicaiton object, you can also control whether your end users are allowed to update the desktop.

Or even force them to use a specific server for publishing, if you have set up the full Lumira BI integration (requires Lumira Server), or specific cloud destination.

Offline Support

The desktop tool will go into last known restricted mode if launched offline.

Assigned Tags

      22 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Greg,

      Thanks for posting this. Good stuff!

      Cheers,

      Leo

      Author's profile photo Donatas Budrys
      Donatas Budrys

      Hi, Greg,

      Thank you for your post and valuable information. I have several questions:

      1. When BI4.1 SP05 will be released? I still can't find it nor in the HELP portal, nor in the SAP Downloads area.
      2. Your post is named "Governing Lumira Desktop using BI4 without HANA". What specifically you had in mind stating "without HANA"?
      3. Does BI4.1 SP05 completely replaces "SAP BusinessObjects BI, add-on for SAP Lumira"?

      Thank you and have a nice day.

      Best regards,

      Donatas Budrys

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      The Lumira integration, and Lumira Server in general today require HANA.  This is detailed here:

      Lumira integration for BI4 functionality detailed.

      And why do I need a HANA:  Why Do I Need Lumira Server (on HANA) To View Storyboards in SAP BI 4?

      The Lumira integration includes the desktop governance piece.  However with SP5, we will bundle that governance feature directly so installing the whole add-on is not necessary.

      SP5 will NOT include integration of Lumira to allow you to view & explore documents in lumira directly in BI launchpad.   For that you still need the Lumira BI4 integration, as detailed in the first link above.

      SP5 should be available in the coming days.

      Author's profile photo Donatas Budrys
      Donatas Budrys

      Hi, Greg,

      Thank you for your feedback. It's nice to have part of SAP Lumira and BI4 integration bundled into BI4 Platform.

      Have a nice day.

      Best regards,

      Donatas Budrys

      Author's profile photo Henry Banks
      Henry Banks

      SP05 was release overnight, should be on the www.service.sap.com/swdc

      Yes, I checked, you can search for Support Package, containing phrase  "SBOP BI PLATFORM 4.1 SP05 SERVER"

      Regards,

      H

      Author's profile photo Donatas Budrys
      Donatas Budrys

      Hi, Henry,

      Yes, indeed SP05 is ready and accessible.

      Thank you.

      Best regards,

      Donatas Budrys

      Author's profile photo Lluis Aspachs
      Lluis Aspachs

      Thanks!

      Just tested and after introducing credentials we are getting an error with Lumira v20 and BI41SP5 and cannot continue, is that happening to anyone?

      Many thanks in advance.

      Error

      Could not acquire settings from Trusted Data Discovery source.

      Error retrieving the Trusted Data Discovery governing data. Unexpected response status from server.

      (HDB 14112)

      LumiraGovernance.properties

      enable=true

      adapter.type=boe

      authentication.type=secEnterprise

      rest.url=http://myserver:6405/biprws

      useSSO=false

      Author's profile photo Former Member
      Former Member

      Hi Lluis,

      Have you used the FQDN for the your server? Or try the IP address instead. You need to update the URL but that's a nobrainer right ;-).

      With kind regards,

      Martijn van Foeken | Intenzz

      Author's profile photo Sylvain Dutilh
      Sylvain Dutilh

      Hello,

      I am having the exact same problem. Of course I replaced the url with the rest webservices url for my platform, but the error pops up, even with a FQDN or the IP address, the cluster name... I tried pretty much everything.

      After logging in :

      Could not acquire settings from Trusted Data Discovery source.

      Error retrieving the Trusted Data Discovery governing data. Unexpected response status from server.

      (HDB 14112)

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      It might be a long shot, but try modifying your hosts file to resolve the machine name of the server to the actual IP address.    This normally shouldn't be needed but I've seen this issue with some VM ware setups where the networking isn't fully configured.

      Author's profile photo Dallas Marks
      Dallas Marks

      Greg,

      Thanks for this write-up. I was confused that what was built into SP5 was the Lumira integration kit. Any idea when the Lumira integration will come out of ramp-up?

      Regards,

      Dallas

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      With the upcoming release of Lumira desktop you should be able to save a lums file to the platform as long as you're on SP5.  Think of the deski compatibility pack, the platform in this case is being used to host content but you need desktop to download & view it. 

      I do hope/expect Lumira will get natively integrated into BI4.x core package at some point, but when is not yet decided.   Lumira is moving much faster than the BI4.x maintenance line, so expect that to continue to be an add-on, as that makes more sense in the short term.

      Unfortunately I don't have any dates of ramp-up exit.   A lot of work is being done currently which is touched on by Ashish's blog post here:

      SAP Lumira Server is Not a Ford Model “T”

      To quote:  "we are innovating to ensure that all of our customers can benefit from Lumira functionality today and have the option to scale up to SAP HANA"

      Author's profile photo Howard Stiles
      Howard Stiles

      Hi Greg,

      I'm using BI4.1 SP5 and SAP Lumira 1.20

      I am getting exactly the same error:

      Could not acquire settings from Trusted Data Discovery source.

      Error retrieving the Trusted Data Discovery governing data. Unexpected response status from server.

      (HDB 14112)

      I have tried FQDN, IPAddress and editing the hosts file but no luck.

      Anything else I should check, really keen to see this working.

      Howard Stiles

      Author's profile photo Sylvain Dutilh
      Sylvain Dutilh

      Hello Howard,

      I e-mailed Lumira and tried a few other things as well. See here :

      Lumira governance on BI Platform 4.1SP5

      So far the latest answer was "Nah, you still need the add-on", but this is still under investigation.

      Author's profile photo Henry Banks
      Henry Banks

      Yes, our product management are going to clarify here as soon as possible.

      Author's profile photo Lluis Aspachs
      Lluis Aspachs

      Hello,

      Recently we had to do a demo with BI41SP5 and Lumira v21 and these were our findings after reading SAP docs and testing the products:

      WITHOUT ADD-ON

      • The new "data governance" features mean we can now hide buttons or grey out some ticks in Lumira Desktop depending on the user profile, e.g. "export to explorer", "install updates" , etc -> This is cool
      • Publish to SAP BI does not work - cannot publish datasets or stories or .lums files
      • Lumira v21 cannot export .lums file to BOE, could not find the button for it  - Lumira v22 or later might do

      WITH ADD-ON

      • The new "data governance" features are also applicable
      • Publish to SAP BI works (for datasets or stories), can view stories from web browser or even SAP BI Mobile -> Great!
      • Lumira v21 cannot export .lums file to BOE neither - maybe in an upcoming version

      So summarizing, today:

      • BI4SP5 itself provides a new integration with Lumira which is still partial and only related to security, not to publishing or viewing
      • Lumira Add-on for BOE & HANA are still absolutely needed for publishing and viewing Lumira content in BOE
      • Lumira v21 cannot publish .lums file to BOE, could not find the button for it - an upcoming version might do

      Let us know if this helps or something is inaccurate.

      Best Regards,

      Author's profile photo Sharon Om
      Sharon Om

      Great feedback. I am confirming that saving lums file to BI platform still requires the add-on. We are anticipating in the next release of Lumira you can save lums file to platform without the add-on. But in order to open the lums file you will need the Desktop.

      If you want to publish the stories or datasets you do need the add-on in this and next release.

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      Thanks for confirming, what you describe is exactly what is expected.  Indeed the button to publish a lums file will be available in 1.22, expect this very soon. 

      It does not explain why some are seeing the error of not being able to acquire trusted settings.  As long as you have web services correctly deployed and accessible this should work for everyone with 4.1 SP5.  We continue our investigation. 

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      I can confirm that engineering has found the source of the issue and is working on releasing a fix.

      Will update here once the release vehicle is set.

      Author's profile photo Greg Wcislo
      Greg Wcislo
      Blog Post Author

      Patch 5.3 is now available with the fix.

      Author's profile photo Former Member
      Former Member

      Hi, Greg,

      I have one question.

      Do we need to install the property file into every user's local PC as well? Or by just saving it in the administrator's PC, the datasource/share restriction restriction would be applied to all the users who are assigned to the group with restriction settings.

      Thank you and best regards.

      Chen

      Author's profile photo Jörg Bassermann
      Jörg Bassermann

      Dear Greg,

      I yust tried to implement the Desktop Governance with the LumiraGovernance.properties file I used before with SAP Lumira 1.31 in SAP Lumira 2.1. I copied the LumiraGovernance.properties into the path C:\Users\<username>\.sapvi_2 directory in the same format worked before in SAP Lumira 1.31. If I start SAP Lumira 2.1 no logon screen is shown. Do you have any idea why it is not working as expected? SAP Lumira 2.1 add-on is installed on BOE server side.

       

      Than you,

       

      Eric