Universe To The Next Level Best Practices For Using Restrictions

[
Taking Your Universe to the Next Level:

Best Practices for Using Restrictions to Make the Universe
more Reusable
Tim Enke (People Services Center, Inc.)
[ Return on Investment
A reusable compartmented universe reduces development
and maintenance costs associated with having numerous
additional similar universes
Consistency in data and security
Real Experience. Real Advantage.
[ Learning Points
How do I identify opportunities to use restrictions in
Universes?
How can I take the Universe to the next higher level by using
restrictions?
What are the Universe restrictions in BI 4.0?
[ What Well Cover

Reasons to use Restrictions in your universe
Understanding the types of restrictions
Case Study of an upgrade project and reducing the number of
universes using restrictions
How users and groups are applied and combining restrictions
Applying the Restrictions in the BI 4.0 Information Design Tool
(IDT)
Wrap-up
[ What Well Cover

(IDT)
Wrap-up
[ A Few Things to Think About

Do I have multiple copies of the same universe in the
repository (that are used in active reports)?
Do I restrict some report users to only view reports not
because of their ability to create or modify their own but
because there are some objects they should not have access
to?
[ A Few Things to Think About (cont.)

Do I have multiple universes pointing at the same database
even though they are displaying different tables?
Do I have reports built in Crystal only because you can build a
different join structure by accessing the data directly or use a
business view?
[ Weigh the Pros and Cons

Will it be too complex to maintain?
Will others be able to maintain it?
Will there be time to apply modifications?

Will it be beneficial enough to justify the resources?
[ Access Control Security Considerations

Identification Is this a valid user?
Authorization What parts of the application and data can
the user access?
Custom security utilizing security tables and joins
Table mapping or virtual private views
Execution of underlying SQL
[ What Well Cover

(IDT)
Wrap-up
10
[ What are Restrictions?

Restrictions are a set of stipulations that can be applied to
individual users or groups on specific items or parameters in a
universe.
Restrictions may be applied in the Universe and / or CMC
11
[ How Do I Use Restrictions?

Multiple sets of restrictions can be applied to a user or group
as well
Most restrictions can be identified by the tabs in the Edit
Restriction dialog box
Connections
Controls
SQL
Objects
Rows
Table Mapping
12
[ Edit Restriction Dialog Box Connection
13
[ Edit Restriction Dialog Box Controls
14
[ Edit Restriction Dialog Box SQL
15
[ Edit Restriction Dialog Box Objects
16
[ Edit Restriction Dialog Box Objects (cont.)
17
[ Edit Restriction Dialog Box Objects (cont.)
Normal view
Restricted view
18
[ Edit Restriction Dialog Box Rows
19
[ Edit Restriction Dialog Box Rows (cont.)

To add a new row
restriction, a Table
and Where Clause
must be defined.
20
21
22
23
[ Edit Restriction Dialog Box Table Mapping
24
[ Object Level Security

Object Level Security is set from both the Designer and the CMC
In the Designer, object level security is set in the Object

Properties Advanced tab
There are 5 levels of security that may be used. The list is Lowest
to Highest security and objects are defaulted to Public.
Public
Controlled
Restricted
Confidential
Private
Stored procedure objects are unchangeable.
25
[ Object Level Security (cont.)
26
27
28
29
[ Ways to Implement Row Level Security

Restriction
Policy
User A
User A Folder
Group B
Group B Folder
Reporting
Objects
Reporting
Objects
Database
Universe Group B
Group C
Infoview
Group C Folder
Reporting
Objects
Universe Group C
Pros
Cons
Easy to set up
More universes to maintain
Easy to understand
More maintenance in the CMC
30
[ Ways to Implement Row Level Security (cont.)

User A
Restriction
Policy
Reporting
Objects
Group B
Public Folders
Group C
Infoview
Database
Universe
This would include SQL Where

clause row level security.
Pros
Cons
Fewer universes to maintain
Maintaining universe restrictions
Fewer reports
31
[ Ways to Implement Row Level Security (cont.)

User A
Restriction
Policy
Reporting
Objects
Group B
Public Folders
Group C
Database
Universe
Must set up the connection to

pass the BOE User Id
Infoview
Pros
Cons
DBA responsible for Row Level

Security
DBA responsible for Row Level

Security
32
[ What Well Cover

(IDT)
Wrap-up
33
[ Case Study:
Upgrade Project from Version 6.5 to XI 3.1
Company
National medical supplier
Universes
About 35 universes that could be consolidated to almost 20
Issue
Previous security was based on Category permissions and

multiple universes.
34
[ Case Study:
(cont.)
Process
Overview of connections, data source, and plan to use access
restrictions
Will the same connection work (this could be a restriction if
necessary)?
Is there a User Security table that can be accessed for row level
security?
Do the restrictions only involve a few objects, a few tables, or all
data in the universe?
35
[ Case Study:
(cont.)
Process (cont.)
Differences in the universes to be consolidated
Tables
Joins
Context
Classes
Objects
Access restrictions to be put into place
36
[ Case Study:
(cont.)
Results
We found that most of the universes to be consolidated were very
close
Most cases, one universe was a direct copy of the other with minor
modifications
Additional links were also available on the dashboards to drilldown further
into Web Intelligence (WebI) reports
Universes that needed row level security at the user level, required the
use of a Mandatory Filter for specific classes of objects to force the join
Other database tables allowed the direct use of row level restrictions to
a group
This would create a restriction for multiple tables but only to be applied to
a specific group
37
[ What Well Cover

(IDT)
Wrap-up
38
[ Users and Groups:
Who? What? Where?
WHERE
Objects
WHO
Group / User
WHAT
Access Level
39
[ Who:
Users and Groups
Restrictions may be applied to groups and users

With the exception of Active Directory, groups are maintained
in the CMC
Users may belong to more than one group
Only one user or group can be assigned one restriction

However, a user or group may be affected by more than one
restriction
40
[ What:
Restrictions
A restriction may be applied to more than one user or group
41
[ Where:
View and Priority
Selecting a user or group, the associated restrictions may be viewed
Group restrictions may be

prioritized
42
[ Where:
View and Priority (cont.)
Viewing restrictions for a user or group
43
[ Where:
View and Priority (cont.)
If more than one row level restriction applies to a user you can specify if
the Where Clause statements are combined using AND or OR
44
[ What Well Cover

(IDT)
Wrap-up
45
[ The Two Universes of BI 4.0

UNV
Universe design tool
Much the same as the old universe
46
[ The Two Universes of BI 4.0 (cont.)

UNX
Information Design Tool (IDT)
The Security Editor
47
[ The Two Universes of BI 4.0 (cont.)

Access restrictions now set in 2 profiles
Data security
Business layer
48
[ Data Security Profiles

Connections
49
[ Data Security Profiles (cont.)

Controls
50

SQL
51

Rows
52

Tables
(Note: A table from another database)
53
[ Business Security Profiles

Create query
Business views or objects available from the Query Panel
54
[ Business Security Profiles (cont.)

Objects and Business Layers may be granted or denied access
55
[ Display Data
Objects available to display
56
[ Filters
Create Filters mandatory to a user or group
57
[ Object Level Restrictions
58
[ What Well Cover

(IDT)
Wrap-up
59
[ Best Practices
Remember that each tool that uses a universe has its own
requirements and limitations
Web Intelligence
Crystal Reports
Live Office
Xcelsius
60
[ Key Learnings
In some cases it may not be worth the resources to
consolidate universes
The best case scenario is to build an existing universe to the

next level from the start
61
[ Questions?
How to contact me:

Tim Enke
Tim.Enke@peopleservices.biz
(402) 715-5800
62
Thank you for participating.

Please remember to complete and return your
evaluation form following this session.
For ongoing education on this area of focus, visit the
Year-Round Community page at www.asug.com/yrc
SESSION CODE:
0617
63

Universe To The Next Level Best Practices For Using Restrictions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Universe To The Next Level Best Practices For Using Restrictions

Uploaded by

Copyright:

Available Formats

[

Taking Your Universe to the Next Level:

Consistency in data and security

Real Experience. Real Advantage.

Real Experience. Real Advantage.

[ What Well Cover

Real Experience. Real Advantage.

[ What Well Cover

Real Experience. Real Advantage.

[ A Few Things to Think About

Real Experience. Real Advantage.

[ A Few Things to Think About (cont.)

Real Experience. Real Advantage.

[ Weigh the Pros and Cons

Will there be time to apply modifications?

Real Experience. Real Advantage.

[ Access Control Security Considerations

Real Experience. Real Advantage.

[ What Well Cover

Real Experience. Real Advantage.

[ What are Restrictions?

Restrictions may be applied in the Universe and / or CMC

Real Experience. Real Advantage.

[ How Do I Use Restrictions?

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Connection

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Controls

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box SQL

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Objects

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Objects (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Objects (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Rows

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Rows (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Rows (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Rows (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Rows (cont.)

Real Experience. Real Advantage.

[ Edit Restriction Dialog Box Table Mapping

Real Experience. Real Advantage.

[ Object Level Security

In the Designer, object level security is set in the Object

[ Object Level Security (cont.)

Real Experience. Real Advantage.

[ Object Level Security (cont.)

Real Experience. Real Advantage.

[ Object Level Security (cont.)

Real Experience. Real Advantage.

[ Object Level Security (cont.)

Real Experience. Real Advantage.

[ Ways to Implement Row Level Security

More universes to maintain

More maintenance in the CMC

Real Experience. Real Advantage.