Column Level Security With Idt
Column-Level Security with Information Design Tool: Using Business
Security Profiles to Secure Objects and Customize the Reporting
Experience
One of the new universe security features in Information Design Tool (IDT) is the Business Security
Profile, which allows universe designers to assign column-level security on objects and apply profiles directly to users and groups. Business Security Profiles provide advanced and flexible object security, which is an overall improvement compared to the all-or-nothing approach with legacy Universe Design
Tool.
Pros and Cons
The added flexibility means fewer universes to develop and maintain since you can achieve more with a single universe. I am particularly pleased that SAP included a distinction between “Create Query” and
“Display Data” object security. This is a relatively simple security method with powerful possibilities.
There is no denying that all these new features (and the extra steps involved at every level) have greatly complicated the universe design process. The learning curve is steep, but I still find many of these features useful. Business Security Profiles are assigned directly to users and groups from the IDT Security
Editor. I personally find this quick and easy, but it could pose a challenge to organizations with distinct admin and designer roles. While SAP still has some bugs to work out, the feature generally works as intended. *Note - currently Business Security Profiles are only functional with Webi in the Java-based (Rich Internet
Application) viewing mode. With the security method I outline below, a profiled user who opens the Webi query browser in HTML mode will not see any objects (definitely not ideal… but at least still secure). This should be resolved in SP4 Patch 10 and SP6 (SAP Note: 1800742).
Use Case
I first discovered this feature while working with an OEM client developing a packaged BusinessObjects universe along with dashboards and canned reports. The dashboards/reports rely heavily on
Security Profiles to Secure Objects and Customize the Reporting
Experience
One of the new universe security features in Information Design Tool (IDT) is the Business Security
Profile, which allows universe designers to assign column-level security on objects and apply profiles directly to users and groups. Business Security Profiles provide advanced and flexible object security, which is an overall improvement compared to the all-or-nothing approach with legacy Universe Design
Tool.
Pros and Cons
The added flexibility means fewer universes to develop and maintain since you can achieve more with a single universe. I am particularly pleased that SAP included a distinction between “Create Query” and
“Display Data” object security. This is a relatively simple security method with powerful possibilities.
There is no denying that all these new features (and the extra steps involved at every level) have greatly complicated the universe design process. The learning curve is steep, but I still find many of these features useful. Business Security Profiles are assigned directly to users and groups from the IDT Security
Editor. I personally find this quick and easy, but it could pose a challenge to organizations with distinct admin and designer roles. While SAP still has some bugs to work out, the feature generally works as intended. *Note - currently Business Security Profiles are only functional with Webi in the Java-based (Rich Internet
Application) viewing mode. With the security method I outline below, a profiled user who opens the Webi query browser in HTML mode will not see any objects (definitely not ideal… but at least still secure). This should be resolved in SP4 Patch 10 and SP6 (SAP Note: 1800742).
Use Case
I first discovered this feature while working with an OEM client developing a packaged BusinessObjects universe along with dashboards and canned reports. The dashboards/reports rely heavily on