Hi All,

In this article, I will be providing all the perquisites and details that are required to enforce the following security in BI 4.1

• Any new Ad-Hoc report created in BI4.1,  should only use *.UNX universes.
• While Selecting Datasource for creating a new report based on Universe, only *.UNX should be listed.
• Existing reports Pointed to .UNV should refresh without error.

Overview:  As per the requirement, user’s should use only .UNX universes for creating new reports, however exiting reports on top of .UNV should refresh without any error.

In Order to enforce this, we need to enforce security at the universe level for the user/user groups in Bi4.1.

This is very common scenarios while migrating from 3.1 to 4.1 environment where we want to use UNX parallel to existing UNV sources. 

Scenarios:

1. We have a WebI report based on efashion.unv, named as “Unvbasedreport.wid”
2. We have Test User, “TestUsr” with Developer Access to refresh/edit  the “Unvbasedreport.wid” as well as create a new reports.
3. Test User can create new report on UNV as well as UNX based universes, whole list of unv and unx universes is available while creating reports.

What needs to achieve:

1. TestUsr should be able to refresh the unv based report(“Unvbasedreport.wid”)
2. While creating new report, TestUsr should only see the list of UNX universes (should not be able to create new reports on UNV’s)

Steps to implement:

1. Login to CMC with user id that has Admin access.
2. Go to the Universe and navigate to particular .unv universe in directory. In this case eFashion.unv
3. Right click on UNV and go to user security.
4. Click “Add Principals “, add TestUsr  from user list and click on assign Security.

   5. Click on Advanced tab, and Add/Remove Rights

    6. On the left Pane, Click System and Revoke mentioned right by selecting Deny radio Button:

                     I.        Create and Edit Queries Based on Universe

Note: Deny “Owner right” as well if , user is owner of the Object.

  7. Apply and OK.

Steps to confirm the change:

1: Login to BI Launchpad with TestUsr

2: Create new Webi report and select source as Universe

Result: User will only see eFashion.unx, Efashion.unv is not in the list.

Now , Refresh the existing report Unvbasedreport.wid  based on efashion.unv

Result: Refresh is ok

Note: User won’t be able edit the query of the existing report based on unv. “This Query cannot be edited” message will be displayed.  Only report structure can be modified.

Regards,

Manveer Nakoti

BO Consultant

Accenture