BusinessObjects Enterprise™ XI Administrator’s Guide

BusinessObjects Enterprise XI

Patents

Business Objects owns the following U.S. patents, which may cover products that are offered and sold by Business Objects: 5,555,403, 6,247,008 B1, 6,578,027 B2, 6,490,593 and 6,289,352. Business Objects, the Business Objects logo, Crystal Reports, and Crystal Enterprise are trademarks or registered trademarks of Business Objects SA or its affiliated companies in the United States and other countries. All other names mentioned herein may be trademarks of their respective owners. Copyright © 2004 Business Objects. All rights reserved.

Trademarks

Copyright

Contents
Chapter 1 Introduction to BusinessObjects Enterprise XI Administrator’s Guide 21 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Who should use this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Business Objects information resources . . . . . . . . . . . . . . . . . . . . . . . 22 Chapter 2 What’s New in BusinessObjects Enterprise 25

Welcome to BusinessObjects Enterprise XI . . . . . . . . . . . . . . . . . . . . . . . . 26 About this version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Supported products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 End-user experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Report design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Developer flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 System administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 3 Administering BusinessObjects Enterprise 35

Administration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Central Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Logging on to the Central Management Console . . . . . . . . . . . . . . . . 37 Navigating within the Central Management Console . . . . . . . . . . . . . . 38 Setting console preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Setting the Query size threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Logging off of the Central Management Console . . . . . . . . . . . . . . . . 41 Using the Central Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Making initial security settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Setting the Administrator password . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

BusinessObjects Enterprise Administrator’s Guide

3

Contents

Modifying the default security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universe connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Managing InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Managing Web Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Managing Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Accessing the Discussions page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Searching for discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Sorting search results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Deleting discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Setting user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Chapter 4 BusinessObjects Enterprise Architecture 53

Architecture overview and diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Client tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Management Console (CMC) . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Configuration Manager (CCM) . . . . . . . . . . . . . . . . . . . . . . . . . 57 Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Application tier components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Web development platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Web application environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Central Management Server (CMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Cache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Report Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Program Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Web Intelligence Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

4

BusinessObjects Enterprise Administrator’s Guide

Contents

Web Intelligence Report Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Report Application Server (RAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Destination Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 List of Values Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Page Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Data tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Report viewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Information flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 What happens when you schedule an object? . . . . . . . . . . . . . . . . . . 70 What happens when you view a report? . . . . . . . . . . . . . . . . . . . . . . . 71 Choosing between live and saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Live data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter 5 Managing and Configuring Servers 77

Server management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Viewing current metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing current server metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing system metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Viewing and changing the status of servers . . . . . . . . . . . . . . . . . . . . . . . . 82 Starting, stopping, and restarting servers . . . . . . . . . . . . . . . . . . . . . . 82 Stopping a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . 84 Enabling and disabling servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Printing, copying, and refreshing server status . . . . . . . . . . . . . . . . . . 86 Configuring the application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Configuring the Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . 89 Configuring the intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Clustering Central Management Servers . . . . . . . . . . . . . . . . . . . . . . . 92 Copying data from one CMS database to another . . . . . . . . . . . . . . . . 98 Deleting and recreating the CMS database . . . . . . . . . . . . . . . . . . . . 108 Selecting a new or existing CMS database . . . . . . . . . . . . . . . . . . . . 109 Setting root directories and idle times of the File Repository Servers 110 Modifying Cache Server performance settings . . . . . . . . . . . . . . . . . 112

BusinessObjects Enterprise Administrator’s Guide

5

Contents

Modifying the polling time of the Event Server . . . . . . . . . . . . . . . . . . 114 Configuring the processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Modifying Page Server performance settings . . . . . . . . . . . . . . . . . . . 115 Modifying database settings for the RAS . . . . . . . . . . . . . . . . . . . . . . 118 Modifying performance settings for the RAS . . . . . . . . . . . . . . . . . . . . 120 Modifying performance settings for job servers . . . . . . . . . . . . . . . . . 121 Configuring the Web Intelligence Report Server . . . . . . . . . . . . . . . . . 122 Configuring the destinations for job servers . . . . . . . . . . . . . . . . . . . . 125 Configuring Windows processing servers for your data source . . . . . 132 Configuring UNIX processing servers for your data source . . . . . . . . 133 Logging server activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Advanced server configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Changing the default server port numbers . . . . . . . . . . . . . . . . . . . . . 140 Configuring a multihomed machine . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Adding and removing Windows server dependencies . . . . . . . . . . . . 144 Changing the server startup type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Changing the server user account . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Configuring servers for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Chapter 6 Managing Server Groups 151

Server group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Creating a server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Working with server subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Modifying the group membership of a server . . . . . . . . . . . . . . . . . . . . . . 155 Chapter 7 Scaling Your System 157

Scalability overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Common configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 One-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Three-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Six-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 General scalability considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Increasing overall system capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

6

BusinessObjects Enterprise Administrator’s Guide

Contents

Increasing scheduled reporting capacity . . . . . . . . . . . . . . . . . . . . . . 163 Increasing on-demand viewing capacity for Crystal reports . . . . . . . 164 Increasing prompting capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Delegating XSL transformation to Internet Explorer . . . . . . . . . . . . . 165 Enhancing custom web applications . . . . . . . . . . . . . . . . . . . . . . . . . 166 Improving web response speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Getting the most from existing resources . . . . . . . . . . . . . . . . . . . . . 167 Adding and deleting servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Adding a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Deleting a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Chapter 8 Managing BusinessObjects Enterprise Repository 173

BusinessObjects Enterprise Repository overview . . . . . . . . . . . . . . . . . . 174 Copying data from one repository database to another . . . . . . . . . . . . . . 174 Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Copying data from a Crystal Enterprise 9 repository database . . . . . 176 Copying data from a Crystal Reports 9 repository database . . . . . . . 177 Refreshing repository objects in published reports . . . . . . . . . . . . . . . . . 179 Chapter 9 Working with Firewalls 181

Firewalls overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 What is a firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Firewall types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Understanding firewall integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Communication between servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Firewall configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Typical firewall scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Configuring the system for firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Configuring for Network Address Translation . . . . . . . . . . . . . . . . . . 190 Configuring for packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring for SOCKS servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

BusinessObjects Enterprise Administrator’s Guide

7

Contents

Chapter 10

Managing Auditing

203

Auditing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 How does auditing work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Which actions can I audit? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Configuring the auditing database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Enabling auditing of user and system actions . . . . . . . . . . . . . . . . . . . . . . 210 Controlling synchronization of audit actions . . . . . . . . . . . . . . . . . . . . . . . 212 Optimizing system performance while auditing . . . . . . . . . . . . . . . . . . . . . 213 Using sample audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Creating custom audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Auditing database schema reference . . . . . . . . . . . . . . . . . . . . . . . . . 218 Chapter 11 BusinessObjects Enterprise Security Concepts 227

Security overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Authentication and authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Primary authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Secondary authentication and authorization . . . . . . . . . . . . . . . . . . . . 230 About single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Security management components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Security plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Processing extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Active trust relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Logon tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Ticket mechanism for distributed security . . . . . . . . . . . . . . . . . . . . . . 243 Sessions and session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 WCA session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 CMS session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Environment protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web browser to web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web server to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 246 Auditing web activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

8

BusinessObjects Enterprise Administrator’s Guide

Contents

Protection against malicious logon attempts . . . . . . . . . . . . . . . . . . . . . . 247 Password restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Logon restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 User restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Guest account restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Chapter 12 Managing User Accounts and Groups 249

What is account management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Available authentication types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Managing Enterprise and general accounts . . . . . . . . . . . . . . . . . . . . . . . 253 Creating an Enterprise user account . . . . . . . . . . . . . . . . . . . . . . . . . 254 Adding a user to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Modifying a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Deleting a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Changing password settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Creating a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Adding users to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Modifying a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Viewing group members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Deleting a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Granting access to users and groups . . . . . . . . . . . . . . . . . . . . . . . . 262 Managing LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Configuring LDAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Mapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Unmapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Viewing mapped LDAP users and groups . . . . . . . . . . . . . . . . . . . . . 272 Changing LDAP connection parameters and member groups . . . . . 272 Managing multiple LDAP hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Troubleshooting LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

BusinessObjects Enterprise Administrator’s Guide

9

Contents

Managing AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Mapping AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Unmapping AD groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Viewing mapped AD users and groups . . . . . . . . . . . . . . . . . . . . . . . . 280 Troubleshooting AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Setting up AD single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Managing NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Mapping NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Unmapping NT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Viewing mapped NT users and groups . . . . . . . . . . . . . . . . . . . . . . . . 289 Troubleshooting NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting up NT single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Managing aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating a user and a third-party alias . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating an alias for an existing user . . . . . . . . . . . . . . . . . . . . . . . . . 296 Assigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Reassigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Disabling an aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Configuring Kerberos single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Setting up a service account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Configuring the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Configuring the Windows AD plug-in for Kerberos authentication . . . 301 Configuring the cache expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring the IIS and browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring IIS for end-to-end single sign-on . . . . . . . . . . . . . . . . . . . 305 Configuring IIS for single sign-on to databases only . . . . . . . . . . . . . . 309 Configuring BusinessObjects Enterprise web applications . . . . . . . . . 312 Mapping AD accounts for Kerberos single sign-on . . . . . . . . . . . . . . . 313 Configuring the databases for single sign-on . . . . . . . . . . . . . . . . . . . 313

10 BusinessObjects Enterprise Administrator’s Guide

Contents

Chapter 13

Controlling User Access

315

Controlling user access overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Controlling users’ access to objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Setting object rights for users and groups . . . . . . . . . . . . . . . . . . . . . 317 Viewing object rights settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Setting common access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Setting advanced object rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 Using inheritance to your advantage . . . . . . . . . . . . . . . . . . . . . . . . . 325 Inheritance with advanced rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Customizing a ‘top-down’ inheritance model . . . . . . . . . . . . . . . . . . . 331 Controlling access to applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Controlling administrative access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Controlling access to users and groups . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to user inboxes . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to servers and server groups . . . . . . . . . . . . . . . . 353 Controlling access to universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Controlling access to universe connections . . . . . . . . . . . . . . . . . . . . 355 Chapter 14 Organizing Objects 357

Organizing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 About folders and categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Working with folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Creating and deleting folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Copying and moving folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Adding a report to a new folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Specifying folder rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Setting limits for folders, users, and groups . . . . . . . . . . . . . . . . . . . . 365 Managing User Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Working with categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Creating and deleting categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Moving categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Adding an object to a new category . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Removing or deleting objects from a category . . . . . . . . . . . . . . . . . . 370

BusinessObjects Enterprise Administrator’s Guide 11

Contents

Specifying category rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Managing personal categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Chapter 15 Publishing Objects to BusinessObjects Enterprise 373

Publishing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Publishing options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Publishing with the Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Logging on to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 376 Adding objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Creating and selecting a folder on the CMS . . . . . . . . . . . . . . . . . . . . 377 Moving objects between folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Duplicating the folder structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Adding objects to a category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Changing scheduling options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Refreshing repository fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Selecting a program type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Specifying program credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing default values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing object properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Entering database logon information . . . . . . . . . . . . . . . . . . . . . . . . . 382 Setting parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Setting the schedule output format . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Adding extra files for programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Specifying command line arguments . . . . . . . . . . . . . . . . . . . . . . . . . 384 Finalizing the objects to be added . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Publishing with the Central Management Console . . . . . . . . . . . . . . . . . . 385 Saving objects directly to the CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Chapter 16 Importing Objects to BusinessObjects Enterprise 389

Importing information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 Importing information from BusinessObjects Enterprise 6.x . . . . . . . . . . . 390 Before importing from BusinessObjects Enterprise 6.x . . . . . . . . . . . . 391 Importing objects from BusinessObjects Enterprise 6.x . . . . . . . . . . . 392

12 BusinessObjects Enterprise Administrator’s Guide

Contents

Importing information from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 396 Importing objects from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 397 Importing information from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing objects from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing with the Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Specifying the source and destination environments . . . . . . . . . . . . . 402 Selecting information to import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Importing objects with rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Choosing an import scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Importing specific objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Finalizing the import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Chapter 17 Managing Objects 415

Managing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 General object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Copying, moving, or creating a shortcut for an object . . . . . . . . . . . . 417 Deleting an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Searching for an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Sending an object or instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Changing properties of an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Assigning an object to categories . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Report object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 What are report objects and instances? . . . . . . . . . . . . . . . . . . . . . . 425 Setting report refresh options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Viewing the universes for a Web Intelligence document . . . . . . . . . . 427 Setting report processing options . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Applying processing extensions to reports . . . . . . . . . . . . . . . . . . . . 443 Working with hyperlinked reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 Program object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 What are program objects and instances? . . . . . . . . . . . . . . . . . . . . 451 Setting program processing options . . . . . . . . . . . . . . . . . . . . . . . . . 453 Object package management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 What are object packages, components, and instances? . . . . . . . . . 460

BusinessObjects Enterprise Administrator’s Guide 13

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 Adding dates to a calendar . . . . . . . . . . . . . . . . 461 Configuring object packages and their objects . . . . . . . . . . . . . . . . . . . . . . 510 File-based events . . . . . . 466 About the scheduling options and parameters . . . . . . . . . . . . . . . . . . . . . . . . . 481 Choosing a format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Creating an object package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Specifying calendar rights . . . . . . . . . . . . . . . . . . 495 Managing and viewing the history of instances . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Chapter 18 Scheduling Objects 465 Scheduling objects overview . . . . . . . 493 Scheduling an object for a user or group . . . . . . . 466 Scheduling objects . . . . . . . . . . . . 473 Setting the scheduling options . . . . . . . . . . . . . . 512 Custom events . . 471 Scheduling an object with events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Setting instance limits for an object . . . . . . . . 460 Adding objects to an object package . . . . . . . . . 479 Selecting a destination . . . . . . . . . . . . 462 Authentication and object packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Deleting calendars . . . . . . . . . 476 Setting notification for an object’s success or failure . . . . . . . . . . . . . 491 Selecting cache options for Web Intelligence documents . 468 Scheduling objects using object packages . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Schedule-based events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 Chapter 20 Managing Events 509 Managing events overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Chapter 19 Managing Calendars 501 Overview . . . 493 Managing instances . . . . . . . . . . . . . . . . . . . 476 Specifying alert notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 Creating calendars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 14 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . 532 Viewing current account activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Troubleshooting reports and looping database logon prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 InfoView considerations . .x to BusinessObjects XI 535 Product offering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Page Server error when viewing a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 BusinessObjects Enterprise Administrator’s Guide 15 . . . . . . . . . . . . .x . . . . . . . 539 Migration . . . . 536 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 Chapter 21 General Troubleshooting 517 Troubleshooting overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Migration of user rights . . . 520 Windows NT authentication cannot log you on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 Appendix A From BusinessObjects 6. . . . . . . . . 519 Web accessibility issues . . . . . . . . . . . . . . . . . . . . . 520 Report viewing and processing issues . . . . . . . . . . . . . . . 518 Documentation resources . . . . . . . . . . . . . . . . . . . . . 530 Accessing license information . . . . . . . . . . . 523 Ensuring that server resources are available on local drives . . 527 Setting default report destinations .Contents Specifying event rights . . . . . . . . . . . . . . . 519 Unable to connect to CMS when logging on to the CMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 BusinessObjects XI . . . . . 519 Using an IIS web site other than the default . . . . . . . . . . . . . . . . . . . . . 537 BusinessObjects 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Migration and mapping of specific objects . . . . 538 Basic terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Supporting users in multiple time zones . . . . . 531 Adding a license key . . . . . . . . . . . . . . . . . . . . . 527 Chapter 22 Licensing Information 529 Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Troubleshooting reports with Crystal Reports . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . 564 Access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 Standard options for all servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 Page Server and Cache Server . . . . . . . . . . . . . . . information sharing . . . . . . . . . . 565 View On Demand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 No Access . . . . . . . . . . . . . . . . . 588 Job servers . . . . . . . . . 558 SDK . . . . . . . . . . . . . . . 570 Appendix D Customizing the appearance of Web Intelligence documents 575 Customizing the appearance of Web Intelligence documents . . . . . . . . 554 Reporting. . . . . . . . . . . . . . . . . . . . . . 551 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581 Appendix E Server Command Lines 583 Command lines overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 Default rights on the top-level folder . . . . . . . . . . . . . . . . . . . . . . . 566 Full Control . . . . . . . . . 578 List of key values . . . . . . . . . . . . . . . . . . . . . . . . . . 585 Central Management Server . . . . . . . . . . . . . . . . . . . configuration. . . . . . . 570 Configuring NTFS permissions for BusinessObjects Enterprise components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 Object rights for the Report Application Server . . . . . . . . . . . . . . . . 565 View . . . . . 590 16 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . analysis. . . . . . . . . . . . . .xml file . 547 Security . . . . . . . . . . . 577 Locating and modifying defaultconfig. . . . . . . . . . . . . . . . .Contents Installation. . . . . . . . . . . . . . . . . . 576 What you can do with the defaultconfig. . . . . . . . . . . . 568 Appendix C Configuring NTFS Permissions 569 Configuring NTFS permissions . . . . . .xml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 Appendix B Rights and Access Levels 563 Rights . . . . . . . . . . . . . . 580 Example: Modifying the default font in table cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 serverconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 patchlevel. . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . 598 cmsdbsetup. . . .sh . . . . . . . . . . . . . . . . . . .sh . . . . . . 606 bobjerestart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 stopservers . . . . . . . . . . . . . 610 Deploying BusinessObjects Enterprise internationally . . . . . . . . . . . . . . . . . . . . . 591 Web Intelligence Report Server . . 606 initlaunch. . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 BusinessObjects Enterprise Administrator’s Guide 17 . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Script utilities . . . . 611 Providing a client tier for multiple languages . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 Planning an international BusinessObjects Enterprise deployment . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . 593 Input and Output File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 startservers . . . . . . . . 594 Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Appendix G International Deployments 609 International deployments overview . . . . . . . . . . . . . . . . . . . . 595 Appendix F UNIX Tools 597 UNIX tools overview . . . . . . 598 ccm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 silentinstall. . . . . . . . . . . . . 602 sockssetup. . . . . .sh .sh . . . . . . . . . . . . . . . . . . . .sh . . . 607 setupinit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 env. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 Script templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 configpatch. . . . . . 603 uninstallBOBJE. . . . . . . . . . . . . . . . . . 605 Scripts used by BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 postinstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 env-locale. . . . . . . . . . . . . . . . . . . . . . . .Contents Report Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . 628 Accessibility and conditional formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . 629 Accessibility and suppressing sections . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Looking for training options? . . . . . . . . . . . . . . . . . . . . . . . . 626 Parameter fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Improving report accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 Navigation . 643 Looking for the best deployment solution for your company? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Accessibility and BusinessObjects Enterprise . . . . . . . . . . . . . . . . 640 Appendix I Business Objects Information Resources 641 Documentation and information services . . . . . . . . . . . . . . . 619 Placing objects in reports . . . . . . . . . . . . . . . . 627 Designing for flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . 621 Color . . . . . . . . . . . . . . . . . . . . 619 Text . 642 Send us your feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . consulting and training . . . . . . . . 643 Customer support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632 Other data table design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 Setting accessible preferences for BusinessObjects Enterprise . . . . . . . . . . . . . . . . 642 Where is the documentation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642 What’s in the documentation set? . . 644 18 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638 Resources . . . . . . . . . . . . . . . . . . . . . . . .Contents Appendix H Creating Accessible Reports 615 About accessibility . . . . . . . . . . . . 617 Accessibility and Business Objects products . . . . . . . . . 643 How can we support you? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 Accessibility and customization . . . . . . . . . . . . . . . . . . . . . . . . . . . 642 Documentation . . . . . . . 631 Improving data table accessibility . . . . . . . . . 616 About the accessibility guidelines . . . . . . . . . . . . . . . . . . 631 Text objects and data table values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630 Accessibility and subreports . . . . . . . . . . . . . . . . . 616 Benefits of accessible reports . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . 644 Index 647 BusinessObjects Enterprise Administrator’s Guide 19 . . . . . . .Contents Useful addresses at a glance . . . . . . . .

Contents 20 BusinessObjects Enterprise Administrator’s Guide .

Introduction to BusinessObjects Enterprise XI Administrator’s Guide chapter .

Internet or corporate portal. and information delivery. For more information about the product. Conceptual information and technical details are provided for all advanced topics. analysis. they are also accessible from the BusinessObjects Enterprise Launchpad.Contents About this guide This guide provides you with information and procedures covering a wide range of administrative tasks. as is a general understanding of web server management and scripting technologies. 22 BusinessObjects Enterprise Administrator’s Guide . in catering to all levels of administrative experience. providing customers with personalized service offerings. Business Objects information resources For more information and assistance. consult the BusinessObjects Enterprise Getting Started Guide. BusinessObjects Enterprise provides a solution for increasing enduser productivity and reducing administrative efforts. Familiarity with your operating system and your network environment is certainly beneficial. Procedures are provided for common tasks. BusinessObjects Enterprise is a flexible. Once you install BusinessObjects Enterprise. managing. However. with links to online resources. Whether it is used for distributing weekly sales reports. the BusinessObjects Enterprise Installation Guide. interactive reports to end users via any web application— intranet. see Appendix I: Business Objects Information Resources. customer support. training. and maintaining a BusinessObjects Enterprise installation. and reliable solution for delivering powerful. Who should use this guide? This guide is intended for system administrators who are responsible for configuring. This appendix describes the Business Objects documentation. extranet. BusinessObjects Enterprise delivers tangible benefits that extend across and beyond the organization. and the BusinessObjects Enterprise User’s Guide. this guide aims to provide sufficient background and conceptual information to clarify all administrative tasks and features. As an integrated suite for reporting. scalable. or integrating critical information into corporate portals. Online versions of these guides are included in the doc directory of your product distribution. and consulting services.

Contents BusinessObjects Enterprise Administrator’s Guide 23 .

Contents 24 BusinessObjects Enterprise Administrator’s Guide .

What’s New in BusinessObjects Enterprise chapter .

existing customers can leverage their current investments in Business Objects and Crystal technology. BusinessObjects Enterprise provides full web-based administration and configuration of the entire system. administration capabilities. and interaction for the following products and versions: • • • • Crystal Reports XI BusinessObjects Web Intelligence XI BusinessObjects OLAP Intelligence XI BusinessObjects Data Integrator XI 26 BusinessObjects Enterprise Administrator’s Guide . delivery. security. This release extends the robust information infrastructure provided by earlier versions of BusinessObjects Enterprise and Crystal Enterprise. It also provides platform-level support for semantic layers. and security. This version includes a variety of major enhancements spread across our data access methods. BusinessObjects Enterprise is designed to integrate seamlessly with existing data. BusinessObjects Enterprise XI brings together features from across the Business Objects product line to meet the diverse needs of users. This chapter provides an overview of the new features and enhancements available in this version of BusinessObjects Enterprise. and data integration capabilities from the Business Objects product line. Supported products All Business Objects products are now available under the same platform. proven architecture based largely on an enhanced version of the Crystal Enterprise architecture. and analysis. and application investments without imposing a new set of standards and processes. BusinessObjects Enterprise XI provides full support for the management. querying. About this version BusinessObjects Enterprise provides an industry-standard. supplemented by powerful query and analysis.2 What’s New in BusinessObjects Enterprise Welcome to BusinessObjects Enterprise XI Welcome to BusinessObjects Enterprise XI BusinessObjects Enterprise XI is the business intelligence platform that supports the entire range of reporting. data integration. and report design options. web. from presentation-quality reporting to in-depth data analysis. Thanks to the extensive upgrade and content migration support provided in BusinessObjects Enterprise XI.

categories are used for classifying documents in BusinessObjects Enterprise. By creating a combination of folders and categories. you can organize documents according to multiple criteria and improve both security and navigation. Categories provide an effective way of classifying documents that makes it easier for users to organize documents. New features BusinessObjects Enterprise XI represents the full integration of traditional Business Objects and Crystal products. you will notice the addition of categories to BusinessObjects Enterprise XI. By taking advantage of the security and management features of BusinessObjects Enterprise. The categorization of documents enables users to locate information more easily regardless of where it is stored within the system. consult the documentation provided with each component. you can import your existing categories with the Import Wizard. BusinessObjects Enterprise XI also supports the following add-in components: • BusinessObjects Enterprise Live Office XI Use Live Office to embed your business intelligence data into Word documents. BusinessObjects Enterprise Administrator’s Guide 27 .What’s New in BusinessObjects Enterprise New features 2 For information about these products. Then you can share the resulting Office documents securely using BusinessObjects Enterprise. Complimentary to folders.5. Users can classify documents by using categories created by themselves and by others. Whether you have an existing BusinessObjects Enterprise system or a Crystal Enterprise system. If you’re migrating from BusinessObjects Enterprise 6. combining the best features of each product line. Categories If you are upgrading or migrating from an existing Crystal Enterprise deployment. End-user experience BusinessObjects Enterprise XI provides a significantly enhanced user experience for all customers. Excel spreadsheets. Folders and categories work together to provide strong navigation capabilities. you will notice a wide range of new features in BusinessObjects Enterprise XI. Folders are used as a location to store documents. and setting appropriate rights for them. and PowerPoint presentations. you can manage your Office documents the same way you manage your business intelligence documents.

you can share knowledge about the information in the documents. see the BusinessObjects Enterprise Installation Guide. The delivery of both . Discussions Discussions provide threaded notes on all documents within BusinessObjects XI. In BusinessObjects Enterprise XI. such as managers or VPs. From a single web environment.2 What’s New in BusinessObjects Enterprise New features For example. 28 BusinessObjects Enterprise Administrator’s Guide . the term publishing is related to sending a document to multiple users containing different information depending on the user rights. InfoView has been designed to allow users to do most tasks within the BI environment without the need of IT intervention. you could use categories to create an alternate filing system that divides content according to different roles in your organization. and scheduling directly to email or printers. and you can create subcategories within categories. and interact with information. allowing users to add comments to documents in BusinessObjects Enterprise. New features allow users to be even more productive. including scheduling to different formats. Through extensive testing and design. traditionally provided by the Broadcast Agent Publisher and is now part of BusinessObjects Enterprise XI itself. You can associate documents with multiple categories. The important features provided by the Broadcast Agent Publisher are provided in BusinessObjects Enterprise XI. By adding discussions to documents. the new look and feel is designed for intuitive user interaction. users can view. For more information on migrating documents. InfoView is available as a . combined with comprehensive support for the entire product line. Publishing In BusinessObjects Enterprise 6 systems. InfoView BusinessObjects Enterprise XI introduces a new InfoView. you can add discussions to any document in the system either by selecting it from the document list or while the user is viewing the document. if you currently organize your files into departmental folders. This functionality. create. You can grant other users access to the threaded discussions to allow new users to keep track of historical comments added to the documents.NET and J2EE versions gives the customer the flexibility of deploying InfoView in their established environment.NET (ASPX) version or a J2EE version (JSP). a completely updated business intelligence portal. Users familiar with previous versions of InfoView or ePortfolio will see that old features have been fully updated and improved.

usability. Universes Universes are patented Business Objects technology. Report design BusinessObjects XI includes Crystal Reports. this solution is more manageable and can be applied to all documents designed from secured Universes or Business Views. Unlike other techniques that require special programming efforts.What’s New in BusinessObjects Enterprise New features 2 Scheduling BusinessObjects Enterprise XI provides scheduling capabilities for both Crystal reports and Web Intelligence documents. Business Views Business Views is a flexible and reliable multi-tier system that enables companies to build detailed and specific Business Views objects that help report designers and end users access the information they require. Note: Business Views can be used only by Crystal Reports. If you’re migrating from an existing BusinessObjects Enterprise deployment. They act as a semantic layer between the user and a database. Crystal ReportsXI provides improved report design. while Universes are accessible by both Crystal Reports as well as Web Intelligence. you can use Import Wizard to import your existing universes and their connection objects. Semantic Layer BusinessObjects Enterprise XI includes both Universes and Business Views. including significant enhancements to parameters to allow for the dynamic generation of lists of values. All universe objects and their associated connections are stored and secured in the repository of BusinessObjects Enterprise XI itself. If you are migrating from an existing BusinessObjects Enterprise 6. the leading report design tool in the market. to help make the report design process even simpler. You will also notice that scheduling is more integrated in Business Objects XI and includes new features such as business calendars. note that the Broadcast Agent Scheduler is no longer required. BusinessObjects Enterprise XI also provides the ability to schedule documents on behalf of others.x deployment. BusinessObjects Enterprise Administrator’s Guide 29 . This secure mechanism allows a single report to serve the needs of multiple users by delivering only the specific subsets of information to each user according to their security profile. and processing.

NET or Java. BusinessObjects Enterprise XI provides extensive . The LDAP authentication is natively supported. A single prompt definition can be stored in the repository and shared among multiple reports. 30 BusinessObjects Enterprise Administrator’s Guide . a BICatalog service (InfoObject list. category management. Developer flexibility BusinessObjects Enterprise development tools BusinessObjects Enterprise provides SDKs for enterprise application developers to build application and portal integration on top of the platform.2 What’s New in BusinessObjects Enterprise New features Dynamic prompts and cascading lists of values Dynamic prompts and cascading lists are now available in Crystal Reports.NET and Java SDKs. authentication. and so on). allowing prompt values to be populated from values in a database. where one value in a prompt constrains values in subsequent picklists. and so on). Report designers no longer need to maintain static prompt lists in individual reports. Web Services The integration pack Web Services have been updated to support the new BusinessObjects XI platform features: • • • The Web Intelligence documents are served by the BusinessObjects XI Web Intelligence report engine. Web Farm is support. improving both runtime scalability and design time productivity. Unified Web Services includes server components (the providers) and both . Prompts can be arranged in a cascade. Note: BusinessObjects Enterprise also continues to support existing development in COM. and a ReportEngine service (Crystal Reports and Web Intelligence document viewing including prompt and drill management). The consumers simplify application development. Recognizing the need for comprehensive support for different development environments. BusinessObjects Enterprise XI includes an enhanced version of the Unified Web Services provided with the BusinessObjects Crystal Integration Pack. the BusinessObjects XI Web Services deliver a Session service (Session management.NET and Java APIs that are used to write applications that consume the provided web services. As in the integration pack. although we recommend migrating to .

Improved query language. BusinessObjects Enterprise XI is built on a component. BusinessObjects Enterprise Administrator’s Guide 31 . Universes. The Page Server has the ability to grow and create sub processes as required. fault tolerance. reliable. The service-oriented platform allows current Business Objects products such as Web Intelligence to plug directly into the framework without requiring extensive configuration. improved reliability. you will notice key differences in the architecture of BusinessObjects Enterprise XI. Architecture If you are upgrading from an existing BusinessObjects Enterprise 6. Java and Web Farms support. This leads to an increase in efficiency and performance.What’s New in BusinessObjects Enterprise New features 2 BusinessObjects Enterprise SDK BusinessObjects Enterprise SDK has been enhanced to include: • • • • JavaServer Faces for BusinessObjects Enterprise XI.or services-based architecture. it provides better flexibility. Auditing Instead of using a separate auditing component. Inbox. System administration BusinessObjects Enterprise provides an efficient and scalable architecture for processing. Categories. managing. and the smart use of resources. BusinessObjects Enterprise XI inherits most of the new platform services from the proven Crystal Enterprise architecture. BusinessObjects Enterprise XI features built-in auditing features. widely recognized as a highly scalable. scalability. offering dynamic growth.5 system. and extensibility. and auditing. Management The Central Management Console provides users with a centralized point for administering a variety of details including scheduling. Enhanced Page Server One of the many improvements in BusinessObjects Enterprise XI is the enhanced Page Server. Support for Web Intelligence. As a services-oriented architecture. and delivering information to your users. and powerful platform by customers and industry experts alike. security.

The enhanced fault tolerance ensures seamless reporting and query analysis for your users.2 What’s New in BusinessObjects Enterprise New features The auditing functionality of BusinessObjects Enterprise XI focuses on enabling administrators to gain a better understanding of the users accessing the system and the documents they are interacting with. You can then create reports based on this auditing data. For more information on auditing. This means that the overall system. The auditor role is fulfilled by the Central Management Server (CMS). The auditing functionality within BusinessObjects Enterprise has been implemented with the concept of a central auditor and individual server auditees. and object level security is controlled using Access Control Lists (ACL). Redundant components automatically take over the load if the system encounters a hardware failure or excessive wait times. The system also provides full support for replication of all server components. The CMS collects and collates the auditing data from the system interactions and writes the information into the auditing database. BusinessObjects Enterprise XI includes built-in load balancing across all system management and report processing functions. and authentication. as well as the individual services. can be audited depending on the level of detail required. In a multi-server environment. group. Fault tolerance BusinessObjects Enterprise provides fail-over at the system management level (for scheduling. see the auditing chapter of the BusinessObjects Enterprise Administrator’s Guide. while individual services with auditing functionality are considered the auditees. It applies a mixture of active and passive approaches to maximize server availability and minimize response time for your users. for example). There is no migration or integration of the BusinessObjects Auditor product. another service identifies the failure and continues the processing. Security BusinessObjects Enterprise XI provides all of the existing security features currently supported in Crystal Enterprise. User. If a processing service fails. Load balancing Intelligent load balancing algorithms eliminate bottlenecks and maximize hardware efficiency. BusinessObjects Enterprise XI includes enhanced support for session-level failover. an industry standard 32 BusinessObjects Enterprise Administrator’s Guide . security. in order to enhance scalability and maintain efficient server performance. you need to balance the load across multiple machines.

and universe restriction sets. Business Objects XI now provides single sign-on with Active Directory authentication using the Kerberos protocol. which allows a user’s security context to be retrieved from the host operating system and be used to access BusinessObjects Enterprise and the underlying databases for the reports and documents in the system. categories. please see the BusinessObjects Enterprise XI Installation Guide.txt for more information on supported platforms. you can now configure your deployment to use the Secure Sockets Layer (SSL) protocol for all network communication between your BusinessObjects Enterprise XI servers. you can provide end-to-end single sign-on. Please see platforms. Security can be applied at the object level to all documents. For details on how rights are mapped or for more information on the Import Wizard. Also. When LDAP authentication is enabled. By combining single sign-on and report viewing. These capabilities require the system to run all components on the Windows operating system and for the users to use Internet Explorer with Active Directory authentication. Migration An administrator will be able to create users and groups. BusinessObjects Enterprise Administrator’s Guide 33 . Business Objects XI has introduced single sign-on for LDAP authentication.What’s New in BusinessObjects Enterprise New features 2 method for controlling cascading security access. and import users and groups from existing BusinessObjects Enterprise and Crystal Enterprise deployments into BusinessObjects Enterprise XI using the Import Wizard. connections. The Central Management Console is a centralized management tool that can be used to administer security. universes. please see the BusinessObjects Enterprise XI Installation Guide. the administrator has the option to use Siteminder as an external system for authentication providing single sign-on capabilities to BusinessObjects Enterprise. The Import Wizard maps most security rights from current systems directly to new users and groups in BusinessObjects Enterprise XI. For details on how rights are mapped.

2 What’s New in BusinessObjects Enterprise New features 34 BusinessObjects Enterprise Administrator’s Guide .

Administering BusinessObjects Enterprise chapter .

see “Publishing overview” on page 374. Although this application runs only on Windows. It also shows you how to make initial security settings. You will typically use the following applications to manage BusinessObjects Enterprise: • Central Management Console (CMC) This web application is the most powerful administrative tool provided for managing a BusinessObjects Enterprise system. and server management. content management. and server management. such as setting the password for the system’s default Administrator account. This chapter briefly introduces new BusinessObjects Enterprise administrators to some of the available management tools. 36 BusinessObjects Enterprise Administrator’s Guide . It also allows you to specify a number of options on each report that you publish. • Central Configuration Manager (CCM) This server administration tool is provided in two forms. In a UNIX environment.sh) allows you to manage servers from a command line. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. For an introduction to the CMC.3 Administering BusinessObjects Enterprise Administration overview Administration overview The regular administrative tasks associated with BusinessObjects Enterprise can be roughly divided into three major categories: user management. The remainder of this guide provides technical and procedural information corresponding to each of these management categories. see “Using the Central Configuration Manager” on page 42. It offers you a single interface through which you can perform almost every task related to user management. content management. • Publishing Wizard This application allows you to publish your reporting content to BusinessObjects Enterprise quickly. For more information on publishing content to BusinessObjects Enterprise. In a Windows environment. see “Central Management Console” on page 37. For an introduction to the CCM. you can use it to publish reports to BusinessObjects Enterprise servers that are running on Windows or on UNIX. the CCM shell script (ccm.

3. users who are not members of the Administrators group cannot perform any of the available management tasks unless they have been granted rights to do so. Click Central Management Console. 1. Any user with valid credentials to BusinessObjects Enterprise can log on to the CMC and set his or her preferences. And it allows you to publish.aspx Replace webserver with the name of the web server machine. Logging on to the Central Management Console There are two ways to access the CMC: type the name of the machine you are accessing directly into your browser. However. Type your User Name and Password. This tool allows you to perform user management tasks such as setting up authentication and adding users and groups. type Administrator as the User Name. 4. you may log on using an account that has been mapped to the BusinessObjects Enterprise Administrators group. see “Setting the Administrator password” on page 44. see “Controlling User Access” on page 315. For details. 2. This default Enterprise account does not have a password until you create one. Additionally. you can click Start > Programs > BusinessObjects XI> BusinessObjects Enterprise > BusinessObjects Enterprise . or select BusinessObjects Enterprise Administration Launchpad from the program group on the Windows Start menu. Select Enterprise in the Authentication Type list. and set security levels for all of your BusinessObjects Enterprise content.Administering BusinessObjects Enterprise Central Management Console 3 Central Management Console You will use the Central Management Console (CMC) extensively to manage your BusinessObjects Enterprise system. organize.NET Administration Launchpad (or Java Administration Launchpad). For complete details about object rights. For this example. BusinessObjects Enterprise Administrator’s Guide 37 . the CMC enables you to manage servers and create server groups. To log on to the CMC Go to the following page: http://webserver/businessobjects/Enterprise11/WebTools/ adminlaunch/default. you can perform all of these administrative tasks remotely. Because the CMC is a webbased application. Tip: On Windows. If you’re using LDAP or Windows NT authentication. If you changed this default virtual directory on the web server. you will need to type your URL accordingly.

See “CMC preferences” on page 39.” Select the same “management areas” from the drop-down list in the title area of the window. Setting console preferences The Preferences area of the CMC allows you to customize your administrative view of BusinessObjects Enterprise. You can click the hyperlinked portions of the path to jump quickly to different parts of the application. 38 BusinessObjects Enterprise Administrator’s Guide . To set the console preference Log on to the CMC and click the Preferences button in the upper-right corner of the CMC. For example. Home > Users > New User indicates that you’re on the New User page. however. Click OK. 2. Click Log On. Click Go if your browser doesn’t take you directly to the new page. Navigating within the Central Management Console Because the CMC is a web-based application. you can navigate through its areas and pages in a number of ways: • • Click the links or icons on the Home page to go to specific “management areas. In this example. Set the preference as required. Windows NT and LDAP authentication also appear in the list. 1. The CMC Home page appears. Once you leave the Home page. you could click Home or Users to go to the corresponding page.3 Administering BusinessObjects Enterprise Central Management Console Windows AD. 5. you must map your third-party user accounts and groups to BusinessObjects Enterprise before you can use these types of authentication. 3. your location within the CMC is indicated by a path that appears above the title of each page.

see “Setting the Query size threshold” on page 40. Maximum number of objects per page This option limits the number of objects listed on any page or tab in the CMC. At the top of every page. In this example. select the Unlimited check box. Note: To specify an unlimited maximum number of characters. the full list is sorted alphanumerically and indexed before being subdivided. Measuring units for report page layout Specify inches or millimeters as the measuring units used by default when you customize a report’s page layout on the report object’s Print Setup tab. Maximum number of characters for each page index When a list of objects spans multiple pages. the maximum number of characters is set to 3. so threecharacter hyperlinks are used to index the report objects on each page. Note: This setting does not limit the number of objects displayed. This setting determines the number of characters that are included in each hyperlink. hyperlinks are displayed as an index to each of the remaining pages.Administering BusinessObjects Enterprise Central Management Console 3 CMC preferences Viewer This list sets the default report viewer that is loaded when you view a report in the CMC. Time zone If you are managing BusinessObjects Enterprise remotely. if you select Eastern Time BusinessObjects Enterprise Administrator’s Guide 39 . For instance. simply the number displayed per page. BusinessObjects Enterprise synchronizes scheduling patterns and events appropriately. use this list to specify your time zone. see “Configuring the processing tier” on page 115. For details about limiting the number of objects displayed on a page or in a search. To set the available and default viewers for all users.

a list of objects in that management area is displayed. and you schedule a report to run at 5:00 a. every day on a server that is located in San Francisco. if you have numerous objects this can heavily tax your system resources. Modify this value to specify the maximum number of objects that displayed on the initial pages of the Objects. or Users management areas of the CMC. For more information about time zones. 40 BusinessObjects Enterprise Administrator’s Guide . Folders.3 Administering BusinessObjects Enterprise Central Management Console (US & Canada). This means that BusinessObjects Enterprise prompts users to use the search function of the CMC if the return size exceeds 500 objects. Groups. By default the Query size threshold value is 500. then the server will run the report at 2:00 a. You can modify the number of objects displayed by setting the Query size threshold in the Business Objects Applications management area of the CMC. Click the BusinessObjects Enterprise Central Management Console link. Folders.m. when you go to the Objects. My Password Click the Change Password link to change the password for the account under which you are currently logged on. and Users management areas of the CMC and when displaying search results in these management areas. Pacific Time. 1.m. Because BusinessObjects Enterprise loads each of the objects in the list. see “Supporting users in multiple time zones” on page 527. Groups. Setting the Query size threshold By default. 2. To set the Query size threshold Go to the BusinessObjects Enterprise Applications management area of the CMC.

The Logoff button is located in the upper-right corner of the console. In the CMC Access URL field. Note: To modify the number of objects displayed on a page (rather than the total number of objects displayed). see “Setting console preferences” on page 38. Groups.Administering BusinessObjects Enterprise Central Management Console 3 The Query size threshold page appears. Folders. Specifying the URL here allows Crystal Reports to get this URL from the CMS in order to call pages in the CMC. 4. 5. BusinessObjects Enterprise Administrator’s Guide 41 . type the URL for the CMC. In the Prompt for search if the return size exceeds field. type the maximum number of objects you want to be returned in searches and on the initial pages of the Objects. 3. Logging off of the Central Management Console When you have finished using the CMC. It needs to call these pages in order to support the previewing of reports and to enable administration tasks to be performed from Crystal Reports. end the session by logging off. and Users management areas. Click Update.

1. To access the CCM. and disable servers. stop. and more. Depending on the configuration of your network. A status icon is displayed for each server: • • • A green arrow indicates the server is running. A red arrow indicates the server is not running. To connect to servers on a remote machine Once you have started the CCM. SOCKS server connections. you might be prompted to enter a user name and password. CMS database and clustering details. enable. you must also have NT administrator rights on the machine you are connecting to. This tool allows you to start. To run the CCM. It also allows you to view and to configure advanced server settings such as default port numbers. Note: The status icons do not indicate whether servers are enabled or disabled. type the name of the machine you want to connect to. Servers must be enabled before they will respond to BusinessObjects Enterprise requests. A yellow arrow indicates the server is starting. you must have NT administrator rights on the local machine. If you are managing servers on a remote machine. The servers that are available on the local machine appear in the list. click Central Configuration Manager. 42 BusinessObjects Enterprise Administrator’s Guide . you can connect to a remote machine in several ways: • In the Computer Name field. Click Enable/Disable on the toolbar to log on and enable or disable servers. then press Enter. To start the CCM From the BusinessObjects Enterprise program group. see “Enabling and disabling servers” on page 85.3 Administering BusinessObjects Enterprise Using the Central Configuration Manager Using the Central Configuration Manager The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. For details. see: • “Accessing the CCM for Windows” on page 42 Accessing the CCM for Windows From a Windows machine. use the CCM to manage BusinessObjects Enterprise server components that are running locally or on a remote Windows machine.

1.sh -start all .sh with command-line options to manage one or more servers./ccm. To view additional help on ccm. For instance./ccm. issue the following command: .sh -enable all Note: The main options for the CCM are covered in more detail in “UNIX Tools” on page 597.Administering BusinessObjects Enterprise Making initial security settings 3 • • 2. you must have execute permissions on the ccm./ccm. You can run the CCM remotely through a telnet session or locally through a terminal window. In the Computer Name field.sh script also provides a detailed description of its command-line options. log on to the remote machine with an account holding administrative rights. To run the CCM. To run the CCM Go to the Business Objects directory that was created by the BusinessObjects Enterprise installation: cd INSTALL_ROOT/bobje 2. Note: You may need to type your user name as domain\username. The CCM lists the servers associated with this machine. On the toolbar. the following set of commands starts the BusinessObjects Enterprise servers and enables each server on its default port: . To see the command-line help. select a remote machine from the list.sh -help | more Making initial security settings To ensure system security. click Browse.sh script and on its parent Business Objects directory. Select the appropriate computer.sh The ccm. then click OK. Run ccm. If prompted. Accessing the CCM for UNIX Run the CCM on your UNIX server to manage BusinessObjects Enterprise server components that are running on that machine. you may want to configure the following security settings before you publish content or provide users with access to BusinessObjects Enterprise: • • “Setting the Administrator password” on page 44 “Disabling the Guest account” on page 44 BusinessObjects Enterprise Administrator’s Guide 43 .

Disabling the Guest account By disabling the Guest account. you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise. 1. 44 BusinessObjects Enterprise Administrator’s Guide . you ensure that no one can log on to BusinessObjects Enterprise with this account. In the Enterprise Password Settings area. On the Properties tab. click Guest. Click the link for the Administrator account. 3. To disable these features. select the Account is disabled check box. 4. clear the “User must change password at next logon” check box. If it is selected. In doing so. so users will be unable to access InfoView without providing a valid user name and password. Log on to the Central Management Console (CMC) with the Administrator account and use the following procedure to create a secure password for the Administrator account. you may also want to refer to: Setting the Administrator password As part of the installation. 2. Note: Do not create a password for the Guest account if you plan to use the anonymous single sign-on or the Sign Up features available in BusinessObjects Enterprise. enter and confirm the new password. 3. 5. To disable the Guest account Go to the Users management area of the CMC. BusinessObjects Enterprise creates an Administrator account and a Guest account that do not have passwords. Click Update. In the Account Name column.3 Administering BusinessObjects Enterprise Making initial security settings • • • • “Modifying the default security levels” on page 45 Chapter 11: BusinessObjects Enterprise Security Concepts “Available authentication types” on page 252 “Controlling User Access” on page 315 For additional security information. 2. 1. see “Disabling the Guest account” on page 44. To change the Administrator password Go to the Users management area of the CMC.

and the Administrators group is granted Full Control. As required. see “Managing Enterprise and general accounts” on page 253. 4. see “Controlling users’ access to objects” on page 317. For complete information. or having to know anything about. without seeing. Using CMC. see the Designer’s Guide. you can view and delete universes. 1. Click Update. See “Controlling access to universes” on page 354. For a full description of object rights and inheritance patterns. 1. If you are prompted for confirmation. To view a universe Go to the Universes management area of the CMC. Click the Rights tab. They can do data analysis and create reports using the objects in a universe. 5. see “Controlling users’ access to objects” on page 317. Modifying the default security levels This procedure shows where you can modify the default object rights that users are granted to the top-level BusinessObjects Enterprise folder. click OK. the underlying data structures in the database. BusinessObjects Enterprise Administrator’s Guide 45 . You can also control who has access rights to a universe. Click Update. the Everyone group is granted Schedule access to the top-level folder. To modify top-level security settings Go to the Settings management area of the CMC. 5. and run queries against a database.Administering BusinessObjects Enterprise Managing universes 3 4. Initially. Click Add/Remove to grant different levels of security to additional users or groups. 2. You create a universe by using the Designer. 3. For detailed information. Managing universes Web Intelligence users connect to a universe. change the entry in the Access Level list for each user or group that is displayed. You can change these default security levels to suit your needs. For more information about user accounts.

3 Administering BusinessObjects Enterprise Managing universe connections The Universes page appears. Using CMC. The Connections page appears. see the Designer’s Guide. To delete a universe Go to the Universes management area of the CMC. 1. Managing universe connections A connection is a named set of parameters that defines how a BusinessObjects application accesses data in a database file. A connection links Web Intelligence to your middleware. Select the universe you want to delete. you can view and delete connections. Select the connection you want to delete. The properties page for the connection appears. The properties page for the universe appears. 46 BusinessObjects Enterprise Administrator’s Guide . 2. 1. You must select or create a connection when you create a universe. The Universe Connections page appears. 2. Click Delete. 1. You can also control who has access rights to a connection. 2. Click the link for the connection you want to view. For complete information. See “Controlling access to universe connections” on page 355. 3. To view connections Go to the Universe Connections management area of the CMC. 3. 2. The Universes page appears. Click Delete. To delete a universe connection Go to the Universe Connections management area of the CMC. You must have a connection to access data. Click the link for the universe you want to view.

Administering BusinessObjects Enterprise Managing InfoView 3 Managing InfoView You can use the Business Objects Applications area of the Central Management Console to make minor changes to the appearance and functionality of InfoView. Consult the BusinessObjects Enterprise Installation Guide for more information. When users view a report using the Advanced DHTML viewer. the report is processed by the Report Application Server. you must enter the context path of the Web Component Adapter. If you are using the Java version of InfoView and want users to be able to use the Active X or Java viewers. You can also configure settings that control which viewers are available to users. without doing any programming. BusinessObjects Enterprise Administrator’s Guide 47 .

3. 1. 2.3 Administering BusinessObjects Enterprise Managing Web Intelligence 1. 4. To manage settings for Web Intelligence Go to the BusinessObjects Enterprise Applications management area of the CMC. 2. Click Update. select the options that you want. Managing Discussions BusinessObjects Enterprise administrators are responsible for maintaining the discussion threads and for granting the appropriate access rights to BusinessObjects Enterprise users. Click InfoView. On the Properties tab. 3. select the options that you want. Managing Discussions includes the following tasks: • • • • • “Accessing the Discussions page” on page 49 “Searching for discussion threads” on page 49 “Sorting search results” on page 51 “Deleting discussion threads” on page 51 “Setting user rights” on page 51 48 BusinessObjects Enterprise Administrator’s Guide . Managing Web Intelligence For the Web Intelligence application. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. On the Properties tab. 4. make sure you grant access to the “Allows interactive HTML viewing (as per license)” option in order for users to be able use the Interactive view format and use the Query HTML panel. To manage settings for InfoView Go to the BusinessObjects Enterprise Applications management area of the CMC. Click Web Intelligence. Click Update.

click Cancel. 2.Administering BusinessObjects Enterprise Managing Discussions 3 Accessing the Discussions page 1. You can search for a specific thread or group of threads. The Discussions page appears. Searching for discussion threads By default. Click Discussions. 1. the Discussions page displays the titles of all discussion threads. Note: To cancel a search and reset the search values back to the default settings. Click Discussions. To search for a discussion thread Go to the BusinessObjects Enterprise Applications management area of the CMC. Branches from the root level thread are not displayed. Only the root level threads are displayed. The Discussions page appears. To access the Discussions page Go to the BusinessObjects Enterprise Applications management area of the CMC. Use the Previous and Next buttons to page through the list of discussion threads. BusinessObjects Enterprise Administrator’s Guide 49 . 2.

Use the third field to further refine your search. Author. after: The DMC searches for any discussion threads that were created or modified after the search date. the second field provides you with the following options. between: The DMC searches for any discussion threads that were created or modified between the two search dates. contains: The DMC searches for any discussion threads that contain the search text string within any part of the thread title or the author’s name. is not: The DMC searches for any discussion threads where the thread title. If you selected a date-based search. does not contain: The DMC searches for any discussion threads that do not contain the text string within any part of the thread title. 50 BusinessObjects Enterprise Administrator’s Guide . Thread title. type in the text string. do not exactly match the text that you type into the third field. Search based on the date a thread was last modified. Creation date. refine your search.3 Administering BusinessObjects Enterprise Managing Discussions 3. select which of the following criteria you want to search by: • • • • 4. enter the date or dates in the appropriate fields. Last modified date. From the second list. 6. • • • • is: The DMC searches for any discussion threads where the thread title. before: The DMC searches for any discussion threads that were created or modified before the search date. If you search by Creation date or Last modified date. or the author name. Search by the title of a thread. If you search by Thread title or Author. there are the following options. If you selected a text-based search in the first two fields. exactly match the text that you type into the third field. Search by the author of a specific thread. In the Field name list. • • • 5. Click Search to display all the records that match your search criteria. or the author name. Searches are not case sensitive. Search by the date the thread was created.

4. 2. and choose how many results to display per page. Click Delete. The selected threads are deleted. Sort by the author of a specific thread. 1. Author. see Chapter 13: Controlling User Access. Click Search. For more information on setting user rights to reports and report objects. Thread title. In the third category. Sort based on the date a thread was last modified. or add a note to a report. Last modified date. select which threads you want to delete in the results list. To delete a discussion thread On the Discussions page.Administering BusinessObjects Enterprise Managing Discussions 3 Sorting search results You can select how you want your search results to display. In the second list. Sort by the date the thread was created. Deleting discussion threads You can delete any discussion thread. enter how many results you want to be displayed on each page. Tip: You can use the Select All and Clear All buttons to select or clear all the threads displayed on the page. see “Accessing the Discussions page” on page 49. select whether you want the records to be displayed in ascending or descending order. To sort your results In the Sort by list. BusinessObjects Enterprise Administrator’s Guide 51 . select which of the following criteria you want to display: • • • • 2. For example you can display them in ascending alphabetical order. 3. 1. Creation date. For details. Sort by the title of a thread. Setting user rights Users of the Discussions feature must have the right to view a report in order to create a discussion thread.

3 Administering BusinessObjects Enterprise Managing Discussions 52 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Architecture chapter .

The same service can also run in multiple instances on a single machine. 54 BusinessObjects Enterprise Administrator’s Guide .4 BusinessObjects Enterprise Architecture Architecture overview and diagram Architecture overview and diagram BusinessObjects Enterprise is a multi-tier system. For example. and they can be “horizontally scaled” to take advantage of multiple computers over a network environment. This chapter describes the framework itself. Note: BusinessObjects Enterprise Standard requires all of the components to be installed on one machine. the application tier. they are actually services and daemons that do not need to run on separate computers. or spread across many. and the general tasks that each component performs.” If the Report Application Server is running on a multi-processor computer. while you run the Report Application Server on a separate machine. or they can run on separate machines. Consult each product’s installation or administration guides for details about how it integrates with the BusinessObjects Enterprise framework. such as OLAP Intelligence and Report Application Server. Other Business Objects products. even though these are called servers. its components. The “servers” run as services on Windows machines.” The important thing to understand is that. plug in to the BusinessObjects Enterprise framework in various ways. and the data tier. This configuration is called “horizontal scaling. they can be logically grouped based on the type of work they perform. the intelligence tier. you can run the Central Management Server and the Event Server on one machine. then you may choose to run multiple Report Application Servers on it. This configuration is called “vertical scaling. This means that the services can all run on the same machine. To provide flexibility. These services can be “vertically scaled” to take full advantage of the hardware that they are running on. the servers run as daemons. the processing tier. If you are new to BusinessObjects Enterprise. and scalability the components that make up each of these tiers can be installed on one machine. The following diagram illustrates how each of the components fits within the multi-tier system. On UNIX. In BusinessObjects Enterprise. reliability. there are five tiers: the client tier. Although the components are responsible for different tasks. use this chapter to gain familiarity with the BusinessObjects Enterprise framework.

and their primary responsibilities: • • • • “Client tier” on page 56 “Application tier” on page 58 “Processing tier” on page 64 “Data tier” on page 68 Tip: When you are familiar with the architecture and want to customize your system configuration. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. Once published to BusinessObjects Enterprise.BusinessObjects Enterprise Architecture Architecture overview and diagram 4 The remainder of this chapter describes each tier. processed. BusinessObjects Enterprise Administrator’s Guide 55 . reports are saved. see Chapter 5: Managing and Configuring Servers and Chapter 7: Scaling Your System. the key BusinessObjects Enterprise components. and displayed in version XI format.

Additionally. and keep track of published reports. see the developer documentation available on your product CD. and view reports and other objects.4 BusinessObjects Enterprise Architecture Client tier Client tier The client tier is the only part of the BusinessObjects Enterprise system that administrators and end users interact with directly. organize. Each BusinessObjects Enterprise request that a user makes is directed to the BusinessObjects Enterprise application tier. The client tier includes: • • • • • “InfoView” on page 56 “Central Management Console (CMC)” on page 56 “Central Configuration Manager (CCM)” on page 57 “Publishing Wizard” on page 57 “Import Wizard” on page 57 InfoView BusinessObjects Enterprise comes with InfoView. InfoView also demonstrates how you can use the BusinessObjects Enterprise .NET Server Components.NET. This tier is made up of the applications that enable people to administer. InfoView also serves as a demonstration of the ways in which you can use the BusinessObjects Enterprise Software Development Kit (SDK) to create a custom web application for end users. publish. and set security levels for all of your BusinessObjects Enterprise content. a web-based interface that end users access to view. In the case of . It also allows you to publish. The web server forwards the user request directly to an application server where the request is processed by the WCA. the CMC enables you to 56 BusinessObjects Enterprise Administrator’s Guide . For more information. Central Management Console (CMC) The Central Management Console (CMC) allows you to perform user management tasks such as setting up authentication and adding users and groups. schedule.

and disable servers. you can perform all of these administrative tasks remotely. CMS database and clustering details. reports. For more information. see the developer documentation available on your product CD. and more. For more information. The Publishing Wizard publishes reports from a Windows machine to BusinessObjects Enterprise servers running on Windows or on UNIX. these settings include default port numbers. On UNIX. On Windows. For more information. see “Using the Central Configuration Manager” on page 42 and Chapter 5: Managing and Configuring Servers. on Windows the CCM allows you to add or remove servers from your BusinessObjects Enterprise system. The CMC also serves as a demonstration of the ways in which you can use the administrative objects and libraries in the BusinessObjects Enterprise SDK to create custom web applications for administering BusinessObjects Enterprise. This tool allows you to start. some of these functions are performed using other tools. see “Central Management Console (CMC)” on page 56. or Crystal Info implementation to BusinessObjects Enterprise. see “Importing with the Import Wizard” on page 402. and folders from an existing BusinessObjects Enterprise. For more information. see “Publishing overview” on page 374 and “Controlling users’ access to objects” on page 317. Crystal Enterprise. and it allows you to view and to configure advanced server settings.BusinessObjects Enterprise Architecture Client tier 4 manage servers and create server groups. In addition. groups. Central Configuration Manager (CCM) The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. SOCKS server connections. Because the CMC is a web-based application. stop. For more information. BusinessObjects Enterprise Administrator’s Guide 57 . Import Wizard The Import Wizard is a locally installed Windows application that guides administrators through the process of importing users. Publishing Wizard The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add reports to BusinessObjects Enterprise. By assigning object rights to BusinessObjects Enterprise folders. enable. you control who can publish reports and where they can publish them to.

both on Windows and Unix platforms. The application tier includes: • • • “Application tier components” on page 58 “Web development platforms” on page 59 “Web application environments” on page 60 Application tier components For both the Java and . Application tier The application tier hosts the server-side components that process requests from the client tier as well as the components that communicate these requests to the appropriate server in the intelligence tier. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS). but you can use it to import information into a new BusinessObjects Enterprise system running on Windows or on UNIX. the communication between the web server and the application server was handled through the Web Connector.NET platforms.4 BusinessObjects Enterprise Architecture Application tier The Import Wizard runs on Windows. In BusinessObjects Enterprise XI. 58 BusinessObjects Enterprise Administrator’s Guide . The application tier includes support for report viewing and logic to understand and direct web requests to the appropriate BusinessObjects Enterprise server in the intelligence tier. the application tier includes the following components: • • “Application server and BusinessObjects Enterprise SDK” on page 59 “Web Component Adapter (WCA)” on page 59 Note: In Crystal Enterprise 10 on Windows. the web server communicates directly with the application server and the WCA handles the WCS functionality.

txt file included with your product distribution for a complete list of tested application servers and version requirements. See the Platforms.epf files) to HTML format when users view pages with a DHTML viewer.NET SDK run on a third party application server. The Web Component Adapter (WCA) runs within the application server and provides all services that are not directly supported by the BusinessObjects Enterprise SDK. which then forwards the requests on to the WCA. It also supports InfoView and other Business Objects applications. Web development platforms BusinessObjects Enterprise supports the following web development platforms: • • “Java platform” on page 60 “Windows . The application server acts as the gateway between the web server and the rest of the components in BusinessObjects Enterprise. In BusinessObjects Enterprise XI. both on Windows and Unix platforms. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS). and uses the SDK to convert report pages (.aspx requests).jsp) files It also supports Business Objects applications such as the Central Management Console (CMC) and Crystal report viewers (that are implemented through viewrpt. Note: In Crystal Enterprise 10 on Windows. The application server is responsible for processing requests from your browser. The WCA has two primary roles: • • It processes ASP.NET platform” on page 60 BusinessObjects Enterprise Administrator’s Guide 59 . the communication between the web server and the application server was handled through the Web Connector.BusinessObjects Enterprise Architecture Application tier 4 Application server and BusinessObjects Enterprise SDK BusinessObjects Enterprise systems that use the BusinessObjects Enterprise Java SDK or the BusinessObjects Enterprise .NET (. Web Component Adapter (WCA) The web server communicates directly with the application server that hosts the BusinessObjects Enterprise SDK. The web server passes requests directly to the application server.aspx) and Java Server Pages (. the web server communicates directly with the application server and the WCA handles the WCS functionality.

Note: In Crystal Enterprise 10 on Windows. Windows .NET SDK with ASP. Note: For backward compatibility.4 BusinessObjects Enterprise Architecture Application tier Java platform All UNIX installations of BusinessObjects Enterprise include a Web Component Adapter (WCA).aspx) pages. and a set of .csp) and Active Server Pages (.NET applications that use the BusinessObjects Enterprise SDKs in conjunction with third party APIs. This configuration requires the use of a Microsoft Internet Information Services (IIS) web server.aspx) pages allow you to develop cross-platform J2EE and ASP. see the developer documentation available on your product CD. 60 BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise also includes Primary Interop Assemblies (PIAs) that enable you to use the BusinessObjects Enterprise SDK and Report Application Server SDK with ASP.jsp) and ASP.NET platform BusinessObjects Enterprise installations that use the .NET.NET.NET applications. BusinessObjects Enterprise includes web applications developed in . Web application environments BusinessObjects Enterprise supports Java Server Pages (.NET Server Components that you can optionally use to simplify the development of custom applications.NET Server Components which simplify development of custom BusinessObjects Enterprise applications in ASP. a Java application server is required to host the WCA and the BusinessObjects Enterprise Java SDK.NET (. both on Windows and Unix platforms. The use of a web server is optional as you may choose to have static content hosted by the application server.asp). You do not need a Web Component Adapter for custom ASP. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS).NET. such as InfoView and the sample applications available via the BusinessObjects Enterprise Launchpad. In this configuration. the web server communicates directly with the application server and the WCA handles the WCS functionality.NET Framework include Primary Interop Assemblies (PIAs) that allow you to use the BusinessObjects Enterprise . the communication between the web server and the application server was handled through the Web Connector.NET (. In BusinessObjects Enterprise XI.jsp) and ASP.aspx. It also includes a set of . Java Server Pages (. BusinessObjects Enterprise continues to l support Crystal Server Pages (. For more information.

which includes folders. This data allows the CMS to perform its four main tasks: • Maintaining security By maintaining a database of users and their associated object rights. and inboxes. categories. manages audit information. The CMS also maintains the BusinessObjects Enterprise Repository. The data stored by the CMS includes information about users and groups. and stores report instances. BusinessObjects Enterprise content.BusinessObjects Enterprise Architecture Intelligence tier 4 Intelligence tier The intelligence tier manages the BusinessObjects Enterprise system. It maintains all of the security information. sends requests to the appropriate servers. and a separate audit database of information about user actions. By communicating with the Job Servers and Program Job Servers. the CMS enforces who has access to BusinessObjects Enterprise and the types of tasks they are able to perform. refer to the following sections: • • • • “Central Management Server (CMS)” on page 61 “Cache Server” on page 63 “File Repository Servers” on page 63 “Event Server” on page 64 Central Management Server (CMS) The CMS is responsible for maintaining a database of information about your BusinessObjects Enterprise system. security levels. These tasks include enforcing and maintaining the licensing policy of your BusinessObjects Enterprise system. • Managing objects The CMS keeps track of the location of objects and maintains the containment hierarchy. and servers. which other components can access as required. For more information. the CMS is able to ensure that scheduled jobs run at the appropriate times. BusinessObjects Enterprise Administrator’s Guide 61 .

and the audit database frequently. the installation program uses it to create the CMS system database. • • On Windows. Note: In previous versions of Crystal Enterprise. you provide the CMS with database connectivity and credentials when you install BusinessObjects Enterprise. and “Configuring the auditing database” on page 209. and also as the Automated Process Scheduler (APS). Note: • It is strongly recommended that you back up the CMS system database. System information should only be retrieved using the calls that are provided in the BusinessObjects Enterprise Software Development Kit (SDK).txt file included with your product distribution for a complete list of tested database software and version requirements. Typically. 62 BusinessObjects Enterprise Administrator’s Guide .4 BusinessObjects Enterprise Architecture Intelligence tier • Managing servers By staying in frequent contact with each of the servers in the system. so the CMS can create its own system database and BusinessObjects Enterprise Repository database using your organization’s preferred database server. The CMS database should not be accessed directly. You can migrate your default CMS system database to a supported database server later. See “Creating custom audit reports” on page 217 for more information. and then writing these records to a central audit database. MSDE is a client/server data engine that provides local data storage and is compatible with Microsoft SQL Server. If you are unsure of the procedure. You can access the audit database directly to create custom audit reports. If you already have the MSDE or SQL Server installed. for instance. to identify which Cache Server is free to use for a report viewing request. See the Platforms. the CMS is able to maintain a list of server status. consult with your database administrator. see the developer documentation available on your product CD. This audit information allows system administrators to better manage their BusinessObjects Enterprise deployment. see the BusinessObjects Enterprise Installation Guide. the Central Management Server (CMS) was known as the Crystal Management Server. the CMS acts as the system auditor. For details about setting up CMS databases. For more information. • Managing auditing By collecting information about user actions from each BusinessObjects Enterprise server. the Setup program can install and configure its own Microsoft Data Engine (MSDE) database if necessary. Report viewers access this list. The backup procedure depends upon your database software.

The Page Server runs the report and returns the results to the Cache Server. querying for the size of the entire file repository. The Cache Server checks whether or not it can fulfill the request with a cached report page. the Cache Server automatically balances the processing load across Page Servers. For more information about Auditing. you can also publish reports from within your own code. its system database. Cache Server The Cache Server is responsible for handling all report viewing requests. The Input File Repository Server manages all of the report objects and program objects that have been published to the system by administrators or end users (using the Publishing Wizard. or a Business Objects designer component such as Crystal Reports or the Web Intelligence Java or HTML Report Panels). The Cache Server then caches the report page for future use. the Cache Server returns that cached report page. and the program instances generated by the Program Job Server. Tip: If you use the BusinessObjects Enterprise SDK. and removing files from the repository. BusinessObjects Enterprise avoids accessing the database each and every time a report is requested. adding files to the repository. and returns the data to the viewer. If you are running multiple Page Servers for a single Cache Server. The File Repository Servers are responsible for listing files on the server. The Output File Repository Server manages all of the report instances generated by the Report Job Server or the Web Intelligence Report Server. see “Configuring the intelligence tier” on page 92. querying for the size of a file. with data that has been refreshed from the database within the interval that you have specified as the default. By storing report pages in a cache. see “Modifying Cache Server performance settings” on page 112. If the Cache Server cannot fulfil the request with a cached report page. and CMS clusters. the Import Wizard. the Central Management Console. File Repository Servers There is an Input and an Output File Repository Server in every BusinessObjects Enterprise implementation. it passes the request along to the Page Server. If the Cache Server finds a cached page that displays exactly the required data. BusinessObjects Enterprise Administrator’s Guide 63 . see “Managing Auditing” on page 203. For more information.BusinessObjects Enterprise Architecture Intelligence tier 4 For details about configuring the CMS.

After notifying the CMS of the event. all Output File Repository Servers must share a directory. the Event Server triggers your file-based event: that is. The CMS then starts any jobs that are dependent upon your file-based event. such as text files. for redundancy. It is the only tier that interacts directly with the databases that contain the report data. When the file is newly created in the monitored directory. This is because one of the File Repository Servers could then delete files and directories belonging to the other. Microsoft Word files. When the appropriate file appears in the monitored directory. and custom events are managed by the Central Management Server. the Event Server again triggers your file-based event. In this case. are stored on the Input File Repository Server. Note: Schedule-based events. or PDFs. Objects with files associated with them. the Event Server notifies the CMS that the file-based event has occurred. there may be multiple Input and Output File Repository Servers. The processing tier includes: 64 BusinessObjects Enterprise Administrator’s Guide . Processing tier The processing tier accesses the data and generates the reports.4 BusinessObjects Enterprise Architecture Processing tier Note: • • The Input and Output File Repository Servers cannot share the same directories. • Event Server The Event Server manages file-based events. the Event Server resets itself and again monitors the directory for the appropriate file. the Event Server monitors the directory that you specified. When you set up a file-based event within BusinessObjects Enterprise. In larger deployments. Likewise. all Input File Repository Servers must share the same directory.

and perform maintenance work on. it stores the instance on the Output FRS. and generates report instances (instances are versions of a report object that contain saved data). and schedule custom applications. If you configure a Job Server to process report objects.NET programs that run against. Once it has generated the report instance. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system. it becomes a Program Job Server. By definition. publish. Java programs or . Program objects allow you to write. program objects are custom applications. To generate a report instance. The Report Job Server processes scheduled reports. including scripts. as requested by the CMS. BusinessObjects Enterprise Administrator’s Guide 65 . The Program Job Server processes scheduled program objects. To run a program. BusinessObjects Enterprise. and then runs the program. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system. it becomes a Report Job Server.BusinessObjects Enterprise Architecture Processing tier 4 • • • • • • • • “Report Job Server” on page 65 “Program Job Server” on page 65 “Web Intelligence Job Server” on page 66 “Web Intelligence Report Server” on page 66 “Report Application Server (RAS)” on page 66 “Destination Job Server” on page 67 “List of Values Job Server” on page 67 “Page Server” on page 67 Report Job Server A Job Server processes scheduled actions on objects at the request of the CMS. as requested by the CMS. Therefore the outcome of running a program will be dependent upon the particular program object that is run. the Program Job Server first retrieves the files from storage on the Input File Repository Server. If you configure a Job Server to process program objects. the Report Job Server obtains the report object from the Input FRS and communicates with the database to retrieve the current data. Program Job Server A Job Server processes scheduled actions on objects at the request of the CMS.

This file appears when you click a program instance in the object History. and analyze Web Intelligence documents. Web Intelligence Job Server The Web Intelligence Job Server processes scheduling requests it receives from the CMS for Web Intelligence documents. edit. It also processes scheduled Web Intelligence documents and generates new instances of the document. or it will refresh the data in the document and then cache the new information. providing you with tools for building custom report interaction interfaces. Web Intelligence Report Server The Web Intelligence Report Server is used to create. which can be viewed in their completed format. Depending on the user’s access rights and the refresh options of the document. ASP. It forwards these requests to the Web Intelligence Report Server. The RAS also provides the ad hoc reporting capabilities that allow users to create and modify reports over the Web.4 BusinessObjects Enterprise Architecture Processing tier Unlike report instances. view. which will generate the instance of the Web Intelligence document.NET. Report Application Server (RAS) The Report Application Server (RAS) processes reports that users view with the Advanced DHTML viewer. the RAS supports COM. As with the Page Server. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. which it stores on the Output File Repository Server (FRS). The RAS is very similar to the Page Server: it too is primarily responsible for responding to page requests by processing reports and generating EPF pages. the RAS uses an internal caching mechanism that involves no interaction with the Cache Server. The Report Application Server also includes an SDK for reportcreation and modification. However. The Web Intelligence Job Server does not actually generate object instances. 66 BusinessObjects Enterprise Administrator’s Guide . the Web Intelligence Report Server will use cached information. program instances exist as records in the object history. and Java viewer SDKs.

see the Business Views Administrator’s Guide. When retrieving data from the database. it retrieves the instance from the Output File Repository Server. by sending a file to an email address. see “Sending an object or instance” on page 420. List-of-value objects do not appear in CMC or InfoView. a user’s inbox. The EPF pages contain formatting information that defines the layout of the report. The Destination Job Server can send objects and instances to destinations inside the BusinessObjects Enterprise system.BusinessObjects Enterprise Architecture Processing tier 4 Destination Job Server When you add a job server to your BusinessObjects Enterprise system. or outside the system. Page Server The Page Server is primarily responsible for responding to page requests by processing reports and generating Encapsulated Page Format (EPF) pages. On demand list of value objects are processed by the Report Application Server. If the request is for a report or program instance. you can configure it to process report objects or program objects. or to send objects or instances to specified destinations. The List of Values Job Server behaves similarly to the Report Job Server in that it retrieves the scheduled objects from the Input File Repository Server (FRS) and saves the instance it generates to the Output FRS. For more information. If you configure it to send objects or instances. List of Values Job Server The List of Values Job Server processes scheduled list-of-value objects. the BusinessObjects Enterprise Administrator’s Guide 67 . for example. The Destination Job Server does not run the actual report or program objects. it retrieves the object from the Input File Repository Server. For more information. There is never more than one instance of a list-of-values object. Lists of values are use to implement dynamic prompts and cascading lists of values within Crystal Reports. These are objects that contain the values of specific fields in a Business View. for example. The Page Server retrieves data for the report from an instance or directly from the database (depending on the user’s request and the rights he or she has to the report object). it become a Destination Job Server. It only handles objects and instances that already exist in the Input or Output File Repository Servers. A Destination Job Server processes requests that it receives from the CMS and sends the requested objects or instances to the specified destination: • • If the request is for an object.

(However. BusinessObjects Enterprise takes advantage of this behavior by ensuring that the majority of report-viewing requests are made to the Cache Server and Page Server. Specifically. if a user’s default viewer is the Advanced DHTML viewer. Data tier The data tier is made up of the databases that contain the data used in the reports. ASP. and new pages are generated as soon as they are required. and which have different report viewing functionality. see the BusinessObjects Enterprise User’s Guide or the Crystal Reports Developer’s Guide. the Page Server responds to page requests made by the Cache Server. (This behavior conserves database licenses. Report viewers BusinessObjects Enterprise includes report viewers that support different platforms and different browsers in the client tier. 68 BusinessObjects Enterprise Administrator’s Guide . The Page Server and Cache Server also interact to ensure cached EPF pages are reused as frequently as possible. and Java viewer Software Development Kits (SDKs).4 BusinessObjects Enterprise Architecture Data tier Page Server automatically disconnects from the database after it fulfills its initial request and reconnects if necessary to retrieve additional data.txt file included with your product distribution for a complete list of tested database software and version requirements. BusinessObjects Enterprise supports a wide range of corporate databases. See the Platforms. the report is processed by the Report Application Server. (For more information on the specific functionality or platform support provided by each report viewer.) The Cache Server and Page Server work closely together.) The Page Server also supports COM.) All of the viewers fall into two categories: • client-side viewers Client-side viewers are downloaded and installed in the users’ web browser.NET.

When a user requests a report. and present report pages that appear in the user’s browser. The application server then passes the .epf format from the BusinessObjects Enterprise framework.epf files and displays them directly in the browser. users are prompted to download and install the appropriate viewer software before the report is displayed in the browser. The viewer object then sends these pages through the web server to the user’s web browser. and retrieves the report pages in . which processes the . the application server processes the request. the application server processes the request. and then remains installed on the user’s machine. Client-side viewers Client-side viewers are downloaded and installed in the user’s browser. Installing viewers If they haven’t already done so. and then retrieves the report pages in . Zero client viewers Zero client viewers reside on the application server.BusinessObjects Enterprise Architecture Information flow 4 • zero client viewers The code to support zero client viewers resides in the application tier. When a user requests a report. client-side viewers Active X viewer Java viewer zero client viewers DHTML viewer Advanced DHTML viewer All report viewers help process requests for reports. The user will be prompted to reinstall the ActiveX viewer only when a new version becomes available on the server. The Active X viewer is downloaded the first time a user requests a report. Information flow This section describes the interaction of the server components in order to demonstrate how report-processing is performed.epf and creates DHTML pages that represent both the viewer controls and the report itself. This section covers two different scenarios: • • “What happens when you schedule an object?” on page 70 “What happens when you view a report?” on page 71 BusinessObjects Enterprise Administrator’s Guide 69 .epf format from the BusinessObjects Enterprise framework. The SDK creates a viewer object on the application server which processes the .epf file to the client-side viewer.

The Web Intelligence Job Server then notifies the CMS that the job was completed successfully. When the time occurs. 5. it sends the job to the Web Intelligence Job Server. the CMS will send the job to one of the following job servers: • • • 7. 3.4 BusinessObjects Enterprise Architecture Information flow What happens when you schedule an object? When you schedule an object. Tip: BusinessObjects Enterprise also allows you to schedule jobs that are dependent upon other events. the following happens: 1. The CMS checks to see if the user has sufficient rights to schedule the object. If the user has sufficient rights. you can schedule the report to run every night on a recurring basis. InfoView sends the request to the web server. 6. If the object is program. where it is evaluated by the BusinessObjects Enterprise SDK. The job server retrieves the object from the Input File Repository Server and runs the object against the database. the CMS passes the job to the appropriate job server. it sends the job to the Program Job Server. When a user schedules an object using InfoView. 8. The job server then saves the instance to the Output File Repository Server. 2. If the object is Web Intelligence document. 4. if you have a report that is based on your web server logs. see “Supporting users in multiple time zones” on page 527. If the job was for a Web Intelligence document. see “Managing events overview” on page 510. For details. the CMS schedules the object to be run at the specified time(s). Tip: For details about multiple time zones. The web server passes the web request directly to the application server. Depending on the type of object. Note: 70 BusinessObjects Enterprise Administrator’s Guide . the Web Intelligence Report Server notifies the Web Intelligence Job Server. it sends the job to the Report Job Server. For example. If the object is a report. and tells the CMS that it has completed the job successfully. thereby creating an instance of the object. you instruct BusinessObjects Enterprise to process an object at a particular point in time. which sends the request to the Web Intelligence Report Server. or on a recurring schedule. The SDK passes the request to the Central Management Server.

BusinessObjects Enterprise Architecture Information flow 4 • The Cache Server and the Page Server do not participate in scheduling reports or in creating instances of scheduled reports. What happens when you view a report? This section describes the viewing mechanisms that are implemented in InfoView. verifies the user’s session and retrieves the logon token from the browser. The actual request is constructed as a URL that includes the report’s unique ID. the processing flow varies depending upon your default report viewer. The processing flow for custom applications may differ. the interaction between servers follows the same pattern as it does for reports. When you schedule program objects or object packages. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Cache Server and Page Server. the request that begins at the web server must be forwarded to the application server. Different report viewers require different viewing mechanisms: • The zero-client DHTML viewer is implemented through report_view_dhtml. however. especially in large installations. This ID is passed as a parameter to a server-side script that. When evaluated by the application server. • The client-side report viewers (the ActiveX and Java viewers) are implemented through viewrpt. hosted by the WCA. and the rights you have to the report.aspx. • The zero-client Advanced DHTML viewer is implemented through report_view_advanced. In all cases. • Users without schedule rights on an object will not see the schedule option in BusinessObjects Enterprise. See “Scaling Your System” on page 157. When you view a report through BusinessObjects Enterprise. When evaluated by the application server. The script then checks the user’s InfoView preferences and redirects the request to the viewing mechanism that corresponds to the user’s default viewer. This can be an important consideration when deciding how to configure BusinessObjects Enterprise. when evaluated by the application server. BusinessObjects Enterprise Administrator’s Guide 71 .aspx.aspx. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Report Application Server. the type of report.

the Cache Server sends the . the Page Server will not retrieve the latest data from the database. If the user has sufficient rights. Upon receiving a report-viewing request. If they haven’t already done so. The Cache Server sends the . ActiveX. The Cache Server checks with the CMS to see if the user has rights to view the report.epf files. The Cache Server requests new . The Cache Server then caches the . depending on how the initial request was made: 72 BusinessObjects Enterprise Administrator’s Guide . The application server sends the report to the user’s Web browser in one of two ways.epf pages and forwards them to the Cache Server. This process uses the Cache Server and the Page Server.4 BusinessObjects Enterprise Architecture Information flow The Crystal Web Request is executed internally through viewer code on the application server. If the user is granted the right to view the report.epf files to the application server. 1.epf file to the application server. If the report is an object. b. The Page Server checks with the CMS to see if the user has rights to view the report. the Page Server will generate pages of the report instance using the data stored in the report instance.epf) files. Report viewing with the Cache Server and Page Server This section describes the process for viewing a Crystal report when using the zero-client DHTML. or Java viewer. the Page Server retrieves the report from the Input File Repository Server.epf files from the Page Server.epf format from the Cache Server and Page Server. Cached pages are stored as Encapsulated Page Format (.epf file is unavailable: a. If the user is granted the right to view the report. If a cached version of the . the Cache Server checks to see if it has the requested pages cached. 4.epf file is available: a. users are prompted to download and install the appropriate viewer software. the user must have View On Demand rights to view the report successfully (because the Page Server needs to retrieve data from the database). If a cached version of the . e. 2. If the report is an instance. and the user only has View rights. 3. g. f. b. c. The viewer code communicates with the framework in order to retrieve a report page in . That is. d. the Page Server generates the .

b. 2.epf pages through the web server to the report viewer software in the user’s web browser. If the initial request was made through an Active X or Java viewer (viewrpt. generates the . then the RAS will refresh the report against the database.epf pages to the application server. which is separate from the Cache Server. If a cached version of the .epf pages to the application server. the viewer SDK (residing on the application server) is used to generate HTML that represents both the DHTML viewer and the report itself. d. Upon receiving a report-viewing request.epf file is available: a.aspx).epf pages and sends the . b. caches the . the application server forwards the . the RAS checks to see if it has the requested report data in cache. • Report viewing with the Report Application Server (RAS) This section describes the process for viewing a Crystal report when using the Advanced DHTML viewer. The RAS checks with the CMS to see if the user has rights to view the report. Note: The interactive search and filter features provided by the Advanced DHTML viewer are available only if the user has View On Demand rights (or greater) to the report object. The HTML pages are then returned through the web server to the user’s web browser. If the user is granted the right to view the report.BusinessObjects Enterprise Architecture Information flow 4 • If the initial request was made through a DHTML viewer (report_view_dhtml. obtains the data from the database. The RAS checks with the CMS to see if the user has rights to view the report. That is.epf file is unavailable: a.epf pages.aspx). The RAS then processes the report object. BusinessObjects Enterprise Administrator’s Guide 73 . 3. (The RAS has its own caching mechanism.) If a cached version of the . the RAS retrieves the report object from the Input File Repository Server. 1. then the RAS will only ever generate pages of the latest report instance. c. If the user is granted View On Demand rights to the report object. the RAS returns . If the user is granted the right to view the report. If the user is granted View rights to the report object. the RAS will not retrieve the latest data from the database. This process flow uses the Report Application Server (RAS).

The web application server then sends the request to the Web Intelligence Report Server.epf pages from the RAS. 1. and to check when the document was last updated. 7. and they are stored on the Output FRS. The web application server sends the request to the application server. Viewing Web Intelligence documents This section describes the process for viewing a Web Intelligence document. If the document is set to “refresh on open” and the user has the View On Demand rights. The Web Intelligence Report Server contacts the CMS to check whether the user has the right to view the document. the Web Intelligence Report Server sends the cached document information to the SDK. The application server sends the HTML pages through the web server to the user’s web browser. Note: Which FRS is used depends on whether the request was for a Web Intelligence document that was saved to BusinessObjects Enterprise or for an instance of the document. Instances are generated when an object is run according to a schedule. the Web Intelligence Report Server refreshes the data in the document with data from the database. When the application server receives the . b. If cached content is available. 3. If the user has the right to view the document. 5. Documents are stored on the Input FRS. the following happens: a. which creates a new session with the Web Intelligence Report Server. 2. The Web Intelligence Report Server checks if the user has rights to use the Web Intelligence application. 5. The Web Intelligence Report Server obtains the Web Intelligence document from either the Input or Output File Repository Server and loads the document file. the viewer SDK generates HTML that represents both the Advanced DHTML viewer and the report itself. 74 BusinessObjects Enterprise Administrator’s Guide . the Web Intelligence Report Server checks whether it has up-to-date cached content for the document. InfoView sends the request to the web application server. 6.4 BusinessObjects Enterprise Architecture Information flow 4. The Web Intelligence Report Server obtains the document information from the CMS and checks what rights the user has on the document. 4. If cached content is not available. c.

if the managers of a large distribution center need to keep track of inventory shipped on a continual basis. straight from the database server. If the Web Intelligence Report Server has cached content for the page. 8. 9.BusinessObjects Enterprise Architecture Choosing between live and saved data 4 Note: If the document is set to “refresh on open” but the user does not have View On Demand rights. Before providing live data for all your reports. If the Web Intelligence Report Server does not have the cached content for the page. BusinessObjects Enterprise Administrator’s Guide 75 . e. it renders the page to XML using the current data for the document. Use live data to keep users up-to-date on constantly changing data. however. If the data isn’t rapidly or constantly changing. d. it returns the cached XML to the SDK. The Web Intelligence Report Server stores the document file and the new document information in cache. Live data On-demand reporting gives users real-time access to live data. BusinessObjects Enterprise displays the first page as quickly as possible. The Web Intelligence Report Server sends the document information to the SDK. an error message is displayed. Choosing between live and saved data When reporting over the Web. then all those requests to the database do little more than increase network traffic and consume server resources. Whichever choice you make. 10. so you can see your report while the rest of the data is being processed. In such cases. 11. so they can access information that’s accurate to the second. the choice to use live or saved data is one of the most important decisions you’ll make. then live reporting is the way to give them the information they need. however. For instance. consider whether or not you want all of your users hitting the database server on a continual basis. The request is passed to the Web Intelligence Report Server. you may prefer to schedule reports on a recurrent basis so that users can always view recent data (report instances) without hitting the database server. The viewer script calls the SDK to get the requested page of the document. The viewer script returns the HTML to the browser. The SDK applies an XSLT style sheet to the XML to transform it to HTML. It then returns the XML to the SDK.

Sales representatives then always have access to current sales data. When the report has been run. you can run the report on a similar schedule. Tip: Users require only View access to display report instances. Report instances are useful for dealing with data that isn’t continually updated. you can schedule reports to be run at specified times. Consequently. they don’t access the database server directly. When users navigate through report instances. Tip: Users require View On Demand access to refresh reports against the database. if your sales database is updated once a day. users can view that report instance as needed. instead. Saved data To reduce the amount of network traffic and the number of hits on your database servers. without triggering additional hits on the database. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8.5 and later). they access the saved data. and drill down for details on columns or charts. but also lighten the database server’s workload. reports with saved data not only minimize data transfer over the network. For example. but they are not hitting the database every time they open a report. 76 BusinessObjects Enterprise Administrator’s Guide .4 BusinessObjects Enterprise Architecture Choosing between live and saved data For more information about optimizing the performance of reports that are viewed on demand.

Managing and Configuring Servers chapter .

The default values for these settings have been chosen to maximize the reliability. To take advantage of this feature while ensuring that every user receives data that meets your criteria for timeliness. you use the CCM to stop servers. For example. the CCM allows you to configure BusinessObjects Enterprise remotely over your corporate network You can accomplish some configuration tasks with both tools. With BusinessObjects Enterprise. change server settings. enabling data sharing between reports markedly increases system performance when user loads are heavy. 78 BusinessObjects Enterprise Administrator’s Guide . and scalability of BusinessObjects Enterprise. you can also specify how long data will be shared between users. you use the CMC to change the status of a server. • Central Configuration Manager (CCM) The CCM is a program that allows you to view and to modify server settings while Business Objects servers are offline. you can configure your BusinessObjects Enterprise servers remotely over the Internet or through your corporate intranet. It also includes information on the server settings that you can alter to accommodate the needs of your organization. For example. predictability. Because the CMC is a web-based interface. The default settings guarantee the highest degree of data accuracy and timeliness. When running reports on demand. For instance. and to change the default server port numbers. disabling data sharing means that every user can always assume that they will receive the latest data. while other tasks must be performed with a specific tool. you can tune server settings to set your own balance between system reliability and performance. BusinessObjects Enterprise administrative tools BusinessObjects Enterprise includes two key administrative tools that allow you to view and to modify a variety of server settings: • Central Management Console (CMC) The CMC is the web-based administration tool that allows you to view and to modify server settings while BusinessObjects Enterprise is running. access server metrics. For instance. data sharing between reports is disabled. by default. and consistency of operation of a typical BusinessObjects Enterprise installation.5 Managing and Configuring Servers Server management overview Server management overview This chapter provides information on a range of server tasks that allow you to customize the behavior of BusinessObjects Enterprise. economy. If you prefer to place more emphasis on the efficiency. or create server groups. to modify performance settings.

Viewing current metrics The CMC allows you to view server metrics over the Web. free hard disk space.Managing and Configuring Servers Viewing current metrics 5 Related topics: • • • For an overview of the multi-tier architecture and the BusinessObjects Enterprise server components. number of CPUs. your CMS. These metrics include general information about each machine. Viewing current server metrics The Servers management area of the CMC displays server metrics that provide statistics and information about each BusinessObjects Enterprise server. total RAM. The general information displayed for each server includes information about the machine that the server is running on—its name. For information about creating groups of servers. and local time. 2. For more information. total hard disk space. see “BusinessObjects Enterprise Architecture” on page 53. Click the Metrics tab. With the BusinessObjects Enterprise Software Development Kit (SDK). 3. operating system. you can now access and modify server metrics and settings from your own web applications. and your current system activity. The general information also includes the time the server started and the version number of the server. see “Managing Server Groups” on page 151. To view server metrics Go to the Servers management area of the CMC. see the “View Server Summary” sample on the BusinessObjects Enterprise Admin Launchpad. Tip: For an example of how to use server metrics in your own web applications. 1. Click the link to the server whose metrics you want to view. BusinessObjects Enterprise Administrator’s Guide 79 . The CMC also allows you to view system metrics. see the developer documentation available on your product CD. which include information about your product version. along with details that are specific to the type of server.

the maximum cache size. the total threads running. Event Server The Metrics tab of the Event Server contains statistics on the files that the server is monitoring. along with the number of connections made to each Page Server.net. server-specific information: Input and Output File Repository Servers The Metrics tab of each File Repository Server lists the root directory of the files that the server maintains. whether or not the database is accessed whenever a viewer’s file (object) is refreshed. The Metrics tab also provides a table that lists the Page Servers that the Cache server has connections to. the cache hit rate. the minutes before an idle job is closed. as well as the number of bytes sent and received.crystald. 80 BusinessObjects Enterprise Administrator’s Guide . the number of bytes transferred. and the number of writers for each active file. the number of readers. This tab includes a table showing the file name and the last time the event occurred. indicates the maximum idle time. and displays the number of active files and active client connections.5 Managing and Configuring Servers Viewing current metrics This example shows the metrics for an Event Server that is running on a machine called Crystal-E501888. It also lists the total available hard disk space. and the number of requests that are queued. which lists the filename. the location of the cache files. Cache Server The Metrics tab of the Cache Server displays the maximum number of processing threads. The Metrics tabs for the following servers include additional. the number of requests served. the minutes between refreshes from the database. Each File Repository Server also has an Active Files tab. the number of current connections.

the current number of processing threads running.Managing and Configuring Servers Viewing current metrics 5 Page Server The Metrics tab of the Page Server contains information on how the server is running. database name. It lists the maximum number of simultaneous report jobs. 2. and the total bytes transferred. Click any user’s link to view the associated account details. Report Application Server The Metrics tab of the Report Application Server (RAS) shows the number of reports that are open. and the setting for the Report Job Database Connection. BusinessObjects Enterprise Administrator’s Guide 81 . the number of minutes before an idle connection is closed. View the contents of the Properties. It also lists the data source. and Cluster tabs. Metrics. Viewing system metrics The Settings management area of the CMC displays system metrics that provide general information about your BusinessObjects Enterprise installation. and the names of other cluster members. To view system metrics Go to the Settings management area of the CMC. The Properties tab includes information about the product version and build. and the number of reports that have been opened. the total number of failed job creations. the oldest processed data given to a client. The Properties tab. the total number of requests received. the minutes before a report job is closed. The Cluster tab lists the name of the CMS you are connected to. It also shows the number of current connections. the name of the CMS cluster. and database user name of the CMS database. the maximum number of database records shown when previewing or refreshing a report. and the location of its temporary files. the total number of requests served. the number of requests queued. the processing mode. however. It also shows the number of open connections. The Metrics tab lists current account activity. the location of temporary files. Job servers and Web Intelligence servers The Metrics tabs of theses servers lists the current number of jobs that are being processed. whether a viewer refresh always hits the database. along with the number of open connections that have been created. 1. along with statistics about current and processed jobs. Central Management Server The Metrics tab of the CMS lists only the general information about the machine it is running on. shows a list of users who have active sessions on the system.

stopping. Viewing and changing the status of servers The status of a server is its current state of operation: a server can be started. copying. and restarting servers Starting. 82 BusinessObjects Enterprise Administrator’s Guide . If you have stopped a server to configure it. you need Starting a server to start it to effect your changes and to have the server resume processing requests. or disabled. A server that is stopped is no longer running as a process. and restarting servers” on page 82 “Enabling and disabling servers” on page 85 “Printing. Action Stopping a server Description You must stop BusinessObjects Enterprise servers before you can modify certain properties and settings. stopping. it is not accepting requests from the rest of BusinessObjects Enterprise. It includes: • • • “Starting. For information about CMS clusters. the concepts and differences are explained first. Restarting a server Restarting a server is a shortcut to stopping a server completely and then starting it again. This section shows how to modify the status of servers with the CMC and the CCM. however. stopped. The remainder of this chapter tells you when a certain configuration change requires that you first stop or restart the server. see Clustering Central Management Servers. a server must be started and enabled. and refreshing server status” on page 86 Starting. see Licensing overview. enabled. However.5 Managing and Configuring Servers Viewing and changing the status of servers Related topics: • • For more information about licenses and account activity. however. To respond to BusinessObjects Enterprise requests. stopping. You can change certain settings without stopping the server. and the general procedures are provided for reference. and restarting servers are common actions that you perform when you configure servers or take them offline for other reasons. the changes typically do not take effect until your restart the server. because these tasks appear frequently. A server that is disabled is still running as a process.

see “Enabling and disabling servers” on page 85. See “Stopping a Central Management Server” on page 84 for more information. or restart servers with CMC Note: You cannot use CMC to stop the CMS. You must use the CCM instead. Go to the Servers management area of the CMC. thereby stopping the server completely. 2. click Start. you can also enable and disable servers. Stopped is indicated by a server with a red arrow. To start. If you want to prevent a server from receiving requests without actually stopping the server process. Once you have made your changes. stop. For details. A list of servers appears. the Page Server Server is stopped. or Restart. In this example. if you want to change the name of a CMS. then you must first stop the server. Select the check box for the server whose status you want to change. 1. 3. 4. The icon associated with each server identifies its status: • • • Running is indicated by a server with a green arrow. Disabled is indicated by a server with a red circle. Stop. You may be prompted for network credentials that allow you to start and stop services running on the remote machine. you terminate the server’s process. We recommend that you disable Job Servers and Program Job Servers before stopping them so that they can finish processing any jobs they have in progress before stopping. and the remaining servers are running and enabled.Managing and Configuring Servers Viewing and changing the status of servers 5 For example. Click Refresh to update the page. you start the server again to effect your changes. Tip: When you stop (or restart) a server. the Event Server is disabled. BusinessObjects Enterprise Administrator’s Guide 83 . Depending upon the action you need to perform.

5

Managing and Configuring Servers Viewing and changing the status of servers

1. 2. 3.

To start, stop, or restart a Windows server with the CCM Start the CCM. Select the server that you want to start, stop, or restart. On the toolbar, click the appropriate button.

Toolbar Action Icon Start the selected server. Stop the selected server. Restart the selected server. You may be prompted for network credentials that allow you to start and stop services. Note: When you provide your network credentials, they are first checked against the machine hosting the CMS. If the server that you want to start, stop, or restart is located on another machine, the same credentials are used to access the other machine. If you supply credentials that are valid on the remote machine but not on the machine running the CMS, then you receive an error message. The CCM performs the action and refreshes the list of servers. To start, stop, or restart a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Stopping a Central Management Server
If your BusinessObjects Enterprise installation has a single Central Management Server (CMS), shutting it down will make BusinessObjects Enterprise unavailable to your users and will interrupt the processing of reports and programs. Before stopping your CMS, you may wish to disable your processing servers so that they can finish any jobs in progress before BusinessObjects Enterprise shuts down. See “Enabling and disabling servers” on page 85 for more information. If you have a CMS cluster consisting of more than one active CMS, you can shut down a single CMS without losing data or affecting system functionality. The other CMS in the cluster will assume the workload of the stopped server.

84

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

Using a CMS cluster enables you to perform maintenance on each of your Central Management Servers in turn without taking BusinessObjects Enterprise out of service. For more information on CMS clusters, see “Clustering Central Management Servers” on page 92.

Enabling and disabling servers
When you disable a BusinessObjects Enterprise server, you prevent it from receiving and responding to new BusinessObjects Enterprise requests, but you do not actually stop the server process. This is especially useful when you want to allow a server to finish processing all of its current requests before you stop it completely. For example, you may want to stop a Job Server before rebooting the machine it is running on. However, you want to allow the server to fulfill any outstanding report requests that are in its queue. First, you disable the Job Server so it cannot accept any additional requests. Next, go to the Central Management Console to monitor when the server completes the jobs it has in progress. (From the Servers management area, choose the server name and then the metrics tab). Then, once it has finished processing current requests, you can safely stop the server. Note: The CMS must be running in order for you to enable and/or disable other servers. 1. To enable and disable servers with CMC Go to the Servers management area of the CMC. The icon associated with each server identifies its status. In this example, the Event Server is disabled (but not stopped), and the remaining servers are running and enabled.

BusinessObjects Enterprise Administrator’s Guide

85

5

Managing and Configuring Servers Viewing and changing the status of servers

2. 3. 1. 2. 3. 4.

Select the check box for the server whose status you want to change. Depending upon the action you need to perform, click Enable or Disable. To enable or disable a Windows server with the CCM Start the CCM. On the toolbar, click Enable/Disable. When prompted, log on to your CMS with the credentials that provide you with administrative privileges to BusinessObjects Enterprise. Click Connect. The Enable/Disable Servers dialog box appears.

This dialog box lists all of the BusinessObjects Enterprise servers that are registered with your CMS, including servers running on remote machines. By default, servers running on remote machines are displayed as MACHINE.servertype. In this example, all of the listed servers are currently enabled. 5. 6. To disable a server, clear the check box in the Server Name column. Click OK to effect your changes and return to the CCM.

To enable or disable a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Printing, copying, and refreshing server status
When using the CCM on Windows, you can print and copy the properties of a server, and refresh the list of servers.

86

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

1. 2.

To print the status of a server Start the CCM. Select the server(s).

BusinessObjects Enterprise Administrator’s Guide

87

5

Managing and Configuring Servers Configuring the application tier

3. 4.

Click Print. The Print dialog box appears. Click OK. A brief listing of the server’s properties is printed, including the Display Name, Version, Command Line, Status, and so on.

To copy the status of a server To save the status of a server, you can copy the details from the CCM to a document or to an email message (if you want to send the status information to someone else). 1. 2. 3. 4. Start the CCM. Select the server(s). Click Copy. Paste the information into a document for future reference. To refresh the list of servers To ensure you are looking at the latest information, click Refresh.

Note: Disabled servers may not appear in this list. Click Enable/Disable to view a list of servers and ensure that each is enabled.

Configuring the application tier
This section includes technical information and procedures that show how you can modify settings for the application tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements.

88

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Note: This section does not show how to configure your Web application server to deploy BusinessObjects Enterprise applications. This task is typically performed when you install BusinessObjects Enterprise. For details, see the BusinessObjects Enterprise Installation Guide. For further troubleshooting, see “Working with Firewalls” on page 181.

Configuring the Web Component Adapter
The WCA provides support for the Central Management Console and CSP applications. The Web Component Adapter is a web application. It does not appear as a server in the Central Management Console or in the Central Configuration Manager. To configure the WCA, edit either of the following files, depending on whether you are running the system on a Java or .NET platform:

• •

On a Java platform edit the web.xml file associated with the WCA. See “Configuring the Java Web Component Adapter” on page 89. On a .NET platform edit the web.config file associated with the WCA. See “Configuring the .NET Web Component Adapter” on page 91.

Configuring the Java Web Component Adapter
To configure the Java WCA you edit the web.xml file associated with the WCA:

• •

Windows: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\java\applications directory UNIX: WEB-INF subdirectory of the webcompadapter.war archive file stored in the bobje_root/enterprise11/java/applications directory

For example, the context parameter that controls whether a group tree will be generated looks like this:
<context-param> <param-name>viewrpt.groupTreeGenerate</param-name> <param-value>true</param-value> <desctiption>”true” or “false” value determining whether a group tree will be generated.</description> </context-param>

To change the value of a context parameter, edit the value between the <param-value> </param-value> tags. To configure web.xml Note: Your Java Web Application Server may provide tools to allow you to edit web.xml directly from an administrative console.Otherwise use the following procedure to configure web.xml.

BusinessObjects Enterprise Administrator’s Guide

89

5

Managing and Configuring Servers Configuring the application tier

1. 2. 3. 4.

Stop your application server. Extract the web.xml file from the webcompadapter.war archive. Edit the file by using a text editor such as Notepad or vi. Reinsert the file into the WEB-INF directory in webcompadapter.war. Tip: To reinsert web.xml into WEB-INF using WinZip, right-click on the WEB-INF directory that contains your edited web.xml file and select “Add to Zip File...”. Adding the file in this way ensures that it is placed in the correct directory inside the archive.

5.

Restart your application server.

When you install more than one WCA, each webcomponentadapter.war file contains its own web.xml file containing configuration parameters for that WCA. However, you can only set the parameters listed in the following table individually for each WCA. The remaining parameters must be the same for all WCA in your system. Context Parameter display-name cspApplication.defaultPage Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the real path to the directory containing the CSP/WAS application(s) that you would like to host. This is a required field. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true. If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB.

cspApplication.dir

connection.cms

connection.listeningPort log.file

log.ext log.isRolling log.size

90

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Context Parameter log.level log.entryPattern

Description The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

Configuring the .NET Web Component Adapter
To configure the .NET WCA you edit the web.config file associated with the the WCA. This file is located in the following directory:
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\application

For example, the context parameter that controls whether a group tree will be generated looks like this: To configure web.config Note: Your .NET Web Application Server may provide tools to allow you to edit web.config directly from an administrative console. 1. 2. 3. Stop your application server. Edit the web.config file by using a text editor such as Notepad. Restart your application server. Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true.

Parameter display-name cspApplication.defaultPage

connection.cms

connection.listeningPort log.file

log.ext log.isRolling

BusinessObjects Enterprise Administrator’s Guide

91

5

Managing and Configuring Servers Configuring the intelligence tier

Parameter log.size

Description If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB. The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

log.level log.entryPattern

Configuring the intelligence tier
This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the intelligence tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements. Configuring the intelligence tier includes the following tasks:

• • • • • • •

“Clustering Central Management Servers” on page 92 “Copying data from one CMS database to another” on page 98 “Deleting and recreating the CMS database” on page 108 “Selecting a new or existing CMS database” on page 109 “Setting root directories and idle times of the File Repository Servers” on page 110 “Modifying Cache Server performance settings” on page 112 “Modifying the polling time of the Event Server” on page 114

Clustering Central Management Servers
If you have a large or mission-critical implementation of BusinessObjects Enterprise, you will probably want to run several CMS machines together in a CMS cluster. A CMS cluster consists of two or more CMS servers working together to maintain the system database. If a machine that is running one CMS fails, a machine with another CMS will continue to service

92

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

BusinessObjects Enterprise requests. This “failover” support helps to ensure that BusinessObjects Enterprise users can still access information when there is equipment failure. This section shows how to add a new CMS cluster member to a production system that is already up and running. When you add a new CMS to an existing cluster, you instruct the new CMS to connect to the existing CMS database and to share the processing workload with any existing CMS machines. For information about your current CMS and CMS cluster, go to the Settings management area of the CMC and click the Cluster tab. Before clustering CMS machines, you must make sure that each CMS is installed on a system that meets the detailed requirements (including version levels and patch levels) for operating system, database server, database access method, database driver, and database client outlined in the platforms.txt file included in your product distribution. In addition, you must meet the following clustering requirements:

For best performance, the database server that you choose to host the system database must be able to process small queries very quickly. The CMS communicates frequently with the system database and sends it many small queries. If the database server is unable to process these requests in a timely manner, BusinessObjects Enterprise performance will be greatly affected. For best performance, run each CMS cluster member on a machine that has the same amount of memory and the same type of CPU. Configure each machine similarly:

• •

• • • • • • •

Install the same operating system, including the same version of operating system service packs and patches. Install the same version of BusinessObjects Enterprise (including patches, if applicable). Ensure that each CMS connects to the CMS database in the same manner: whether you use native or ODBC drivers, ensure that the drivers are the same on each machine, and are a supported version. Ensure that each CMS uses the same database client to connect to its system database, and that it is a supported version. Check that each CMS uses the same database user account and password to connect to the CMS database. This account must have create, delete, and update rights on the system database. Run each CMS service/daemon under the same account. (On Windows, the default is the “LocalSystem” account.) Verify that the current date and time are set correctly on each CMS machine (including settings for daylight savings time).

BusinessObjects Enterprise Administrator’s Guide

93

5

Managing and Configuring Servers Configuring the intelligence tier

• •

Ensure that each and every CMS in a cluster is on the same Local Area Network. If you wish to enable auditing, each CMS must be configured to use the same auditing database and to connect to it in the same manner. The requirements for the auditing database are the same as those for the system database in terms of database servers, clients, access methods, drivers, and user IDs. See also Chapter 10: Managing Auditing.

Tip: By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. To modify the default name, see “Changing the name of a CMS cluster” on page 96. There are two ways to add a new CMS cluster member. Follow the appropriate procedure, depending upon whether or not you have already installed a second CMS:

• •

“Installing a new CMS and adding it to a cluster” on page 94 See this section if you have not already installed the new CMS on its own machine. “Adding an installed CMS to a cluster” on page 95 Follow this procedure if you have already installed a second, independent CMS on its own machine. While testing various server configurations, for instance, you might have set up an independent BusinessObjects Enterprise system with its own CMS. Follow this procedure when you want to incorporate this independent CMS into your production system.

Note: Back up your current CMS database before making any changes. If necessary, contact your database administrator.

Installing a new CMS and adding it to a cluster
When you install a new CMS, you can quickly cluster it with your existing CMS. Run the BusinessObjects Enterprise installation and setup program on the machine where you want to install the new CMS cluster member. The setup program allows you to perform an Expand installation. During the Expand installation, you specify the existing CMS whose system you want to expand, and you select the components that want to install on the local machine. In this case, specify the name of the CMS that is running your existing system, and choose to install a new CMS on the local machine. Then provide the Setup program with the information it needs to connect to your existing CMS database. When the Setup program installs the new CMS on the local machine, it automatically adds the server to your existing CMS cluster.

94

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

For complete requirements for CMS added to a cluster, see “Clustering Central Management Servers” on page 92. For complete information on running the Setup program and performing the Expand installation, see the BusinessObjects Enterprise Installation Guide.

Adding an installed CMS to a cluster
In these steps, the independent CMS refers to the one that you want to add to a cluster. You will add the independent CMS to your production CMS cluster. By adding an independent CMS to a cluster, you disconnect the independent CMS from its own database and instruct it to share the system database that belongs to your production CMS. Before starting this procedure, ensure that you have a database user account with Create, Delete, and Update rights to the database storing the BusinessObjects Enterprise tables. Ensure also that you can connect to the database from the machine that is running the independent CMS (through your database client software or through ODBC, according to your configuration). Also ensure that the CMS you are adding to the cluster meets the requirements outlined in “Clustering Central Management Servers” on page 92. Note: Back up your current CMS database before beginning this procedure. If necessary, contact your database administrator. 1. 2. To add an installed CMS to a cluster on Windows Use the CCM to stop the independent Central Management Server. With the CMS selected, click Specify CMS Data Source on the toolbar. The CMS Database Setup dialog box appears.

3.

Click Select a Data Source; then click OK.

BusinessObjects Enterprise Administrator’s Guide

95

5

Managing and Configuring Servers Configuring the intelligence tier

4.

In the Select Database Driver dialog box, specify whether you want to connect to the production CMS database through ODBC, or through one of the native drivers. Click OK. The remaining steps depend upon the connection type you selected:

5. 6.

If you selected ODBC, the Windows “Select Data Source” dialog box appears. Select the ODBC data source that corresponds to your production CMS database; then click OK. If prompted, provide your database credentials and click OK. The CCM connects to the database server and adds the new CMS to the cluster. If you selected a native driver, you are prompted for your database Server Name, your Login ID, and your Password. Once you provide this information, the CCM connects to the database server and adds the new CMS to the cluster.

The SvcMgr dialog box notifies you when the CMS database setup is complete. 7. 8. Click OK. Start the Central Management Server.

To add an installed CMS to a cluster on UNIX Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 601.

Changing the name of a CMS cluster
By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. This procedure allows you to change the name of a cluster that is already installed and running. To change the cluster name, you need only stop one of the CMS cluster members. The remaining CMS cluster members are dynamically notified of the change. For optimal performance, after changing the name of the CMS cluster reconfigure each Business Objects server so that it registers with the CMS cluster, rather than with an individual CMS. 1. 2. To change the cluster name on Windows Use the CCM to stop any Central Management Server that is a member of the cluster. With the CMS selected, click Properties on the toolbar.

96

BusinessObjects Enterprise Administrator’s Guide

Do not include a port number with the cluster name. Select the server from the list. and change the name of the CMS to the name of the CMS cluster. 4. 5. 6. For example. 4. Type the new name for the cluster. BusinessObjects Enterprise Administrator’s Guide 97 . 1. Click OK. Select the Change Cluster Name to check box.Managing and Configuring Servers Configuring the intelligence tier 5 3. type @ENTERPRISE. To registers servers with the CMS cluster on UNIX Use ccm. type the name of the cluster. The name of the cluster begins with the @ symbol. Click the Configuration tab. All other CMS cluster members are dynamically notified of the new cluster name (although it may take several minutes for your changes to propagate across cluster members). The CMS cluster name is now changed. In the CMS Name box. 1. 7. 2. see “cmsdbsetup. Find the -ns command in the launch string for each server. Go to the Servers management area of the CMC and check that all of your servers remain enabled. The name of the cluster begins with the @ symbol. 2. 3. 5. For example.sh” on page 601. and then use ccm. To change the cluster name on UNIX Use the cmsdbsetup. To register servers with the CMS cluster on Windows Use the CCM to stop a Business Objects server. type @ENTERPRISE in the box.sh script.sh to restart the servers. Repeat for each Business Objects server in your installation. enable any servers that have been disabled by your changes. and then start the server. If necessary. if the cluster name was changed to ENTERPRISE. if the cluster name was changed to ENTERPRISE. Click the Configuration tab. 3. 4. Click OK and then start the Central Management Server. Save the file. Use a text editor such as vi to open the ccm. and then click Properties. For reference.sh to stop each server.config file found in the root directory of your BusinessObjects Enterprise installation.

this data is copied into the destination database. Note: Prior to BusinessObjects Enterprise XI. folders. you can migrate the data from your current CMS database into a different data source.5 Managing and Configuring Servers Configuring the intelligence tier Copying data from one CMS database to another BusinessObjects Enterprise enables you to copy the contents of one CMS database into another database. groups. Delete. without deleting the contents of the current CMS database. see “Importing with the Import Wizard” on page 402. Once the data has been copied. You can migrate CMS data from a different CMS database (versions 8. Ensure also that you can connect to both databases—through your database client software or through ODBC. and reports from one system to another. Back up both CMS databases. The destination database is initialized before the new data is copied in. migrating a CMS database will include several of the following tasks: • • • • “Preparing to migrate a CMS database” on page 98 “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 “Completing a CMS database migration” on page 104 Preparing to migrate a CMS database Before migrating a CMS database. and also as the Automated Process Scheduler (APS). Or. according to your configuration—from the CMS machine whose database you are replacing.5 through 10 of Crystal Enterprise and version XI of BusinessObjects Enterprise) into your current CMS database. Tip: If you want to import users. the destination database is established as the current database for the CMS. Throughout this section. contact your database or network administrator. and back up the root directories used by all Input and Output File Repository Servers. the CMS was known as Crystal Management Server. If necessary. Ensure that you have a database user account that has permission to read all data in the source database. This procedure is also referred to as migrating a CMS database. take the source and the destination environments offline by disabling and subsequently stopping all servers. and a database user account that has Create. and Update rights to the destination database. Depending on the platform of your system and the version of your CMS database. 98 BusinessObjects Enterprise Administrator’s Guide . the source CMS database refers to the database that holds the data you are copying. so any existing contents of the destination database are permanently deleted (all BusinessObjects Enterprise tables are destroyed permanently and then recreated).

or Sybase. the destination database is initialized before the new data is copied in. This is the procedure to follow if you want to move the default CMS database on Windows from the local Microsoft Data Engine (MSDE) to a dedicated database server. 8. After you migrate the database. if your destination database does not contain the four BusinessObjects Note: BusinessObjects Enterprise Administrator’s Guide 99 . such as Microsoft SQL Server. you will connect your new Input and Output File Repository Servers to the old root directories. which is then established as the active database for the current CMS. Log on with an administrative account to the CMS machine whose database you want to replace. Complete the following procedure: • • • • “Copying data from a CMS on Windows” on page 100 “Copying data from a CMS installed on UNIX” on page 103 When you migrate a CMS database from an earlier version of Crystal Enterprise. DB2. make note of the current root directories used by the Input and Output File Repository Servers in the source environment. When you copy data from one database to another.Managing and Configuring Servers Configuring the intelligence tier 5 Make a note of the license keys you purchased for the current version of BusinessObjects Enterprise. your current CMS database is the destination database whose tables are deleted before they are replaced with the copied data. During migration. Complete the procedure that corresponds to the version of the source environment: • • “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 If you are copying a CMS database from its current location to a different database server. Log on with an administrative account to the machine that is running the CMS whose database you want to move. License keys in the destination database are replaced with license keys from the source database when the source license keys are valid for the current version of BusinessObjects Enterprise. thus making the report files available for the new system to process. License keys from earlier versions of Crystal Enterprise are not copied.5. the database and database schema are upgraded to the format required by the current version of BusinessObjects Enterprise. The database migration does not actually move report files from one directory location to another. Informix.0. or 10 of Crystal Enterprise or version XI of BusinessObjects Enterprise) into your current CMS database. license keys that are present in the destination database are retained only if the source database contains no license keys that are valid for the current version of BusinessObjects Enterprise. 9. If you are copying CMS data from a different CMS database (version 8. In this scenario. Oracle. your current CMS database is the source environment. That is. Its contents are copied to the destination database.

To copy data from a CMS on Windows Use the CCM to stop the Central Management Server. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. Click Copy data from another Data Source. The next steps depend upon the connection type you selected: 7. In the “Source contains data from version” list. then click OK. these tables are created. You must now specify the source CMS database whose contents you want to copy.5 Managing and Configuring Servers Configuring the intelligence tier Enterprise XI system tables. Click Specify. including previous versions of Crystal Enterprise system tables. 6. Other tables in the database. click Specify CMS Data Source on the toolbar. With the CMS selected. 2. click Autodetect (or explicitly select the version of the source CMS database). and data from the source database will be copied into the new tables. specify whether you want to connect to the source CMS database through ODBC. If the destination database does contain BusinessObjects Enterprise XI system tables. 4. 3. 5. or through one of the native drivers. 1. please see “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101. Copying data from a CMS on Windows Use this procedure if your CMS is installed on Windows and you are copying data from versions 8. are unaffected. If you are copying data from version 8 of Crystal Enterprise. 100 BusinessObjects Enterprise Administrator’s Guide . the tables will be permanently deleted.5. Informix. Click OK. 9. The Specify Data Source dialog box appears. new system tables will be created. 8. In the Select Database Driver dialog box.

In the Select Database Driver dialog box. and also as the Automated Process Scheduler (APS). Proceed to “Completing a CMS database migration” on page 104. If you selected a native driver. Select the data source that corresponds to the source CMS database. then click OK. • You are returned to the Specify Data Source dialog box. Click OK. 15. then click OK. Copying data from a Crystal Enterprise 8 APS on Windows Note: Prior to BusinessObjects Enterprise XI. or through one of the native drivers. Click OK and. your Login ID. proceed to step 13. If prompted. when prompted to confirm. BusinessObjects Enterprise Administrator’s Guide 101 . provide your database credentials and click OK. If you selected a native driver. the Windows “Select Data Source” dialog box appears. 12. the CMS was known as Crystal Management Server. 9. 10. provide your database credentials and click OK. and you are copying data from a Crystal Enterprise 8 APS system database. 13. and your Password. • You are returned to the Specify Data Source dialog box. provide your database Server Name.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected ODBC or Informix. click Yes. Tip: If the correct destination database already appears in the “Copy to the following data source” field. Click OK. Click Browse. If prompted. and your Password. The next steps depend upon the connection type you selected: • If you selected ODBC. The SvcMgr dialog box notifies you when the CMS database setup is complete. provide your database Server Name. specify whether you want to connect to the destination CMS database through ODBC. the Windows “Select Data Source” dialog box appears. You are now ready to copy the CMS data. Select the ODBC data source that corresponds to the destination CMS database. You must now specify the destination CMS database whose contents you want to replace with the copied data. Use this procedure if your CMS is installed on Windows. then click OK. 11. then click OK. your Login ID. 14.

Click OK and use the Browse for Computer dialog box to specify the CMS machine. In the “Browse data” dialog box. the Windows “Select Data Source” dialog box appears. Click OK. Click Specify. 6. In the “Source contains data from version” list. 9. Your administrative rights allow the CCM to read the data source information from the Windows Registry on the CMS machine. The Specify Data Source dialog box appears. then click OK. 102 BusinessObjects Enterprise Administrator’s Guide . Click Browse. click Crystal Enterprise 8. 4. If prompted. click Specify CMS Data Source on the toolbar. With the CMS selected. 10. then click OK. 5. provide your database credentials and click OK. The next steps depend upon the connection type you selected: • If you selected ODBC.5 Managing and Configuring Servers Configuring the intelligence tier 1. In the Select Database Driver dialog box. 8. click one of the following: • CMS machine name Click this option if you have administrative rights to the Crystal Enterprise 8 CMS machine. If prompted. proceed to step 11. You must now specify the destination CMS database whose contents you want to replace with the copied data. Tip: If the correct destination database already appears in the “Copy to the following data source” field. Use the Windows “Select Data Source” dialog box to select (or create) an ODBC data source that provides the local machine with access to the Crystal Enterprise 8 CMS database. specify whether you want to connect to the destination CMS database through ODBC. 2. or through one of the native drivers. • CMS ODBC data source Click this option if you do not have administrative rights to the Crystal Enterprise 8 CMS machine. Click Copy data from another Data Source. You must now specify the source CMS database whose contents you want to copy. 3. You are returned to the Specify Data Source dialog box. 7. To copy data from a Crystal Enterprise 8 APS on Windows Use the CCM to stop the Central Management Server.0. Select the ODBC data source that corresponds to the destination CMS database. provide your database credentials and click OK.

and also as the Automated Process Scheduler (APS). and then press enter to proceed.) If your CMS is installed on UNIX. your Login ID. Type yes. 9.sh.5. (See “Copying data from a CMS on Windows” on page 100. see “ccm. BusinessObjects Enterprise Administrator’s Guide 103 . Type copy to begin the database migration. 4. Proceed to “Completing a CMS database migration” on page 104. then click OK. You are returned to the Specify Data Source dialog box. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. To copy data from a CMS installed on UNIX Use ccm. enter the name of your CMS or press enter to select the default name. Use this procedure if your CMS is installed on UNIX and you are copying data from versions 8. and your Password. Run cmsdbsetup. click Yes.sh” on page 598. Click OK and. The SvcMgr dialog box notifies you when the CMS database setup is complete. provide your database Server Name. Tip: For information on finding the name of your CMS. you must first migrate that system to a supported native driver. If your source CMS database uses ODBC. 11. 12. See “ccm. Then proceed to “Completing a CMS database migration” on page 104. The script prompts you to confirm that all data in the destination database will deleted. You are now ready to copy the CMS data. Copying data from a CMS installed on UNIX Note: Prior to BusinessObjects Enterprise XI. 2. When prompted. when prompted to confirm. Note: Migration of a large source database could take several hours. the CMS was known as Crystal Management Server.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected a native driver. Note: • On UNIX you can not migrate directly from a source environment that uses an ODBC connection to the CMS database. • 1. Click OK.sh” on page 598. 13. 3.sh to stop the Central Management Server. you cannot migrate directly from a Crystal Enterprise version 8 APS.

5 Managing and Configuring Servers Configuring the intelligence tier 5. Reports that depend on a particular server group for scheduled processing will not execute until a job server is added to that group. the script will begin the migration process. After entering the source information. and are then prompted for information on the source database. but they will be empty. Next the script asks you for the version of your source Crystal Enterprise installation. Press Enter. Reports that depend on a particular server group for processing are not available until servers are added to that group. Now the script asks you if you want to use the current CMS database as your destination. you are first asked for information about the new destination database. If errors occurred during the migration. 1. servers that existed in the source installation do not appear in the migrated install. 8. Proceed to “Completing a CMS database migration” on page 104. This occurs because there cannot be a mix of old and new servers in a BusinessObjects Enterprise installation. To complete a CMS database migration on Windows If errors occurred during migration. Completing a CMS database migration When you finish copying data from the source database to the destination database. When migrating from an older version of Crystal Enterprise. 9. Server groups from the old installation appear in the new system. 7. complete these steps before allowing users to access the system. the script gives you the location of a log file explaining the migration results. a db_migration log file was created in the logging directory on the machine where you ran the CCM to carry out the migration. 6. The CCM will notify you if you need to check the log file. Note: Migration of a large source database could take several hours. You can also select autodetect to have the version of the source detected automatically. You must enable these servers before they can be used. you are prompted for information about the source CMS database. If you type yes. If you type no. The script notifies you when migration is complete. The default logging directory is: 104 BusinessObjects Enterprise Administrator’s Guide . You may add the new servers to the imported groups as appropriate. New servers are automatically detected and added to the servers list (outside of any group) in a disabled state.

6. using Enterprise authentication. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are both started and enabled. Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly. If the old Input and Output File Repository Servers are running on a dedicated machine. In the CCM. Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. check that the Root Directory points to the correct location. • • For more information. Then you need not move the input and output directories. 8. Make sure your web application server is running. 10.Managing and Configuring Servers Configuring the intelligence tier 5 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging\ 2. you need to make your old input and output directories available to the new Input and Output File Repository Servers. Tip: If you just replaced your CMS database with data from an older system. see “Setting root directories and idle times of the File Repository Servers” on page 110. 3. BusinessObjects Enterprise Administrator’s Guide 105 . 7. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use. 9. Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. modify the -ns option in both servers’ command lines to have them register with your new CMS. Use the Central Configuration Manager (CCM) to start the CMS on the local machine. you can run the BusinessObjects Enterprise setup program to upgrade the servers directly. keep in mind that you now need to provide the Administrator password that was valid in the older system. start and enable the Input File Repository Server and the Output File Repository Server. Instead. Log on to the Central Management Console with the default Administrator account. on the Properties tab. Return to the Central Configuration Manager. See Appendix E: Server Command Lines for more information. Click the link to each File Repository Server and. 4. 5. If you migrated CMS data from a different CMS database into your current CMS database.

15. Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. log on to your CMS with credentials that provide you with administrative privileges to BusinessObjects Enterprise.sh to carry out the migration. The Update Objects dialog box tells you how many objects require updating. a db_migration log file was created in the logging directory on the machine where you ran cmsdbsetup. the Update Objects button on the toolbar contains a flashing red exclamation mark. you need to update the objects now. The default logging directory is: BusinessObjects_root/logging where BusinessObjects_root is the absolute path to the root Business Objects directory of your BusinessObjects Enterprise installation. and check that you can view and schedule reports successfully. When prompted. If there are objects that require updating. click Update. • 106 BusinessObjects Enterprise Administrator’s Guide . Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. If objects in your source database require updating. 1. 12. The script will notify you if you need to check the log file. Because your Central Management Server was stopped when the migration occurred.5 Managing and Configuring Servers Configuring the intelligence tier 11. If you migrated CMS data from a different CMS database into your current CMS database. 2. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise. you need to make your old input and output directories available to the new Input and Output File Repository Servers. or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. 14. otherwise click Cancel. Start and enable the remaining BusinessObjects Enterprise servers. 13. Verify that BusinessObjects Enterprise requests are handled correctly. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use. To complete a CMS database migration on UNIX If errors occurred during migration. Click Update Objects.

you can run the BusinessObjects Enterprise setup program to upgrade the servers directly. see “Setting root directories and idle times of the File Repository Servers” on page 110. or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. For more information. If you migrated a source database from an earlier version of BusinessObjects Enterprise. Ensure that the Java web application server that hosts your Web Component Adapter is running.Managing and Configuring Servers Configuring the intelligence tier 5 • If the old Input and Output File Repository Servers are running on a dedicated machine. Tip: If you just replaced your CMS database with data from an older system. 11. Use the ccm. Use the ccm. 10.sh -updateobjects authentication info See Appendix F: UNIX Tools for information on the authentication information required by ccm. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise. enter the following command: . 5. Log on to the Central Management Console with the default Administrator account. on the Properties tab. Instead.sh script to start and enable the Input File Repository Server and the Output File Repository Server. Use ccm.sh to start and enable the remaining BusinessObjects Enterprise servers.sh.sh script again. Click the link to each File Repository Server and./ccm. 6. BusinessObjects Enterprise Administrator’s Guide 107 . See “ccm. 8. Run the ccm. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are started and enabled. 4. modify the -ns option in both servers’ command lines to have them register with your new CMS.sh script to start the CMS on the local machine.sh” on page 598 for more information. using Enterprise authentication. 7. 9. 3. Then you need not move the input and output directories. See Appendix E: Server Command Lines for more information. check that the Root Directory points to the correct location. keep in mind that you now need to provide the Administrator password that was valid in the older system. Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly.

In the CMS Database Setup dialog box. Start the Central Management Server. when prompted to confirm. 1. log on to the CMC with the default Administrator account (which will have been reset to have no password). This procedure is useful. 2. With the CMS selected.5 Managing and Configuring Servers Configuring the intelligence tier 12. and check that you can view and schedule reports successfully. If necessary. The SvcMgr dialog box notifies you when the CMS database setup is complete. the CMS writes required system data to the newly emptied data source. However.sh script. When you recreate the CMS database with the CCM. click Yes. see “cmsdbsetup. For reference. 4. Go to the Authorization management area and enter your information on the License Keys tab. you destroy all data that is already present in the database. click Recreate the current Data Source. 5. You can re-initialize the CMS database in your development environment every time you need to clear the system of absolutely all its data. for instance. Click OK and. Click OK. While it is starting. if you have installed BusinessObjects Enterprise in a development environment for designing and testing your own.sh” on page 601. contact your database administrator. You are returned to the CCM. if you need to enter license keys again. 6. Verify that BusinessObjects Enterprise requests are handled correctly. custom web applications. Deleting and recreating the CMS database This procedure shows how to recreate (re-initialize) the current CMS database. You may need to click the Refresh button in the CCM to see that the CMS has successfully started. click Specify CMS Data Source on the toolbar. 108 BusinessObjects Enterprise Administrator’s Guide . Note: Remember that all data in your current CMS database will be destroyed if you follow this procedure. 3. By performing this task. Consider backing up your current CMS database before beginning. To recreate the CMS database on Windows Use the CCM to stop the Central Management Server. your existing license keys should be retained in the database. To recreate the CMS database on UNIX Use the cmsdbsetup.

(Click New to configure a new DSN. the CCM initializes it by writing system data that is required by BusinessObjects Enterprise. The remaining steps depend upon the connection type you selected: • If you selected ODBC. you will need to reconnect the CMS to the restored database. provide your database credentials and click OK. there are no other CMS machines already maintaining the database. the current database.Managing and Configuring Servers Configuring the intelligence tier 5 Selecting a new or existing CMS database Follow this procedure if you want to disconnect a CMS from its current database and connect it to an alternate database. If you want to select and initialize an empty database for BusinessObjects Enterprise. When you complete these steps. Click Select a Data Source. Click OK. the Windows “Select Data Source” dialog box appears. If you have restored a CMS database from backup (using your standard database administration tools and procedures) in a way that renders the original database connection invalid. and then reconnect to. If the alternate database is empty. The CMS Database Setup dialog box appears. 1. Select the ODBC data source that you want to use as the CMS database. 4. in this case. 3. BusinessObjects Enterprise Administrator’s Guide 109 . When prompted. If the alternate database already contains BusinessObjects Enterprise system data. or through one of the native drivers. none of the data in the current database is copied into the alternate database.) Note: These steps are essentially the same as adding a CMS to an existing cluster. To select a new or existing database for a CMS on Windows Use the CCM to stop the Central Management Server. 5. then click OK.) When prompted. 6. there are only a few times when you need to complete these steps: • • • If you have changed the password for the current CMS database. then click OK. the CMS uses that data when it starts. however. Generally. see “Clustering Central Management Servers” on page 92. In the Select Database Driver dialog box. you can provide the CMS with the new password. (This might occur. if you restored the original CMS database to a newly installed database server. For complete details about CMS clusters. for instance. these steps allow you to disconnect from. these steps allow you to select that new data source. 2. click Specify CMS Data Source on the toolbar. With the CMS selected. specify whether you want to connect to the new database through ODBC.

Start the Central Management Server. Provide this information and then click OK. You may change these settings if you want to use different directories after installing BusinessObjects Enterprise. To select a new or existing database for a CMS on UNIX Use the cmsdbsetup. see “cmsdbsetup.sh script. These root directories contain all of the report objects and instances on the system. and your Password. 110 BusinessObjects Enterprise Administrator’s Guide . The SvcMgr dialog box notifies you when the CMS database setup is complete. 8. if the Input and Output File Repository Servers share the same root directory. your Login ID. because modifications to the files and subdirectories belonging to one server could have adverse effects on the other server. then one server might damage files belonging to the other. you are prompted for your database Server Name.sh” on page 601 Setting root directories and idle times of the File Repository Servers The Properties tabs of the Input and Output File Repository Servers enable you to change the locations of the default root directories. Click OK. For reference. Note: • The Input and Output File Repository Servers must not share the same root directory. or if you upgrade to a different drive (thus rendering the old directory paths invalid).5 Managing and Configuring Servers Configuring the intelligence tier • If you selected a native driver. 7. In other words.

” as appropriate. Make your changes on the Properties tab. The server will remain idle for a maximum of 15 minutes. Before you change this setting. all Input File Repository Servers must share the same root directory. By default. respectively. the File Repository Servers are named Input and Output. To modify settings for a File Repository Server Go to the Servers management area of the CMC. It is recommended that you replicate the root directories using a RAID array or an alternative hardware solution. • • You can also set the maximum idle time of each File Repository Server. and all Output File Repository Servers must share the same root directory (otherwise there is a risk of having inconsistent instances). 1. Click the link to the File Repository Server you want to change.” and “Output. Setting a value that is too high can result the uneasier consumption of system resources such as processing time and disk space. Click Update to save the changes. You must restart the server for the changes to take effect. This setting limits the length of time that the server waits before it closes inactive connections. In this example. The root directory should be on a drive that is local to the server. their names should be prefixed with “Input. If you run multiple instances of each server. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. the Input File Repository Server is set to use D:\InputFRS\ as its root directory. 3.Managing and Configuring Servers Configuring the intelligence tier 5 • If you run multiple File Repository Servers. it is important to understand that setting a value too low can cause a user's request to be closed prematurely. 4. BusinessObjects Enterprise Administrator’s Guide 111 . 2.

112 BusinessObjects Enterprise Administrator’s Guide . Make your changes on the Properties tab. 3. but the “Maximum Simultaneous Processing Threads” is increased to 50. 1. the number of minutes before an idle job is closed. In this example. and the number of minutes between refreshes from the database. the Cache Server retains most of the default settings.5 Managing and Configuring Servers Configuring the intelligence tier Modifying Cache Server performance settings The Properties tab of the Cache Server allows you to set the location of the cache files. the maximum cache size. 2. Click the link to the Cache Server whose settings you want to change. To modify Cache Server performance settings Go to the Servers management area of the CMC. the maximum number of simultaneous processing threads.

increasing the number of threads may improve performance. and resource utilization on the machine is high (that is. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. Before you change this setting. it is important to understand that setting a BusinessObjects Enterprise Administrator’s Guide 113 . and is acceptable for most. If the Cache Server is slow under high load but CPU utilization is low. Maximum Cache Size Allowed The “Maximum Cache Size Allowed” setting limits the amount of hard disk space (in KBytes) that is used to cache reports. The default value is set to “Automatic”. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Cache Server waits for further requests from an idle connection. When the Cache Server has to handle large numbers of reports. If your Cache Server responds slowly under high load. Note: The cache directory must be on a drive that is local to the server. if not all. the ideal setting for your reporting environment is highly dependent upon your hardware configuration. With this setting. You must restart the server for the changes to take effect. your database software. The default value is 5000 Kbytes. Click Update to save the changes. you may wish to decrease the number of threads to improve performance. it is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. which is large enough to optimize performance for most installations. or reports that are especially complex. Thus. particularly in the kernel). a larger cache size is needed. and your reporting requirements.epf files) are stored.Managing and Configuring Servers Configuring the intelligence tier 5 4. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. the Cache Server sets the maximum number of threads using the number of processors in your system as a guide. Maximum Simultaneous Processing Threads The “Maximum Simultaneous Processing Threads” setting limits the number of concurrent reporting requests that the Cache Server processes. Location of the Cache Files The “Location of the Cache Files” setting specifies the absolute path to the directory on the Cache Server machine where the cached report pages (. either memory usage is high or CPU utilization is high. However. reporting scenarios.

the “Viewer Refresh Always Yields Current Data” setting ensures that. Oldest On-Demand Data Given To a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes)” setting determines how long cached report pages are used before new data is requested from the database. Tip: On Windows. this setting prevents users from retrieving new data more frequently than is permitted by the time specified in the “Minutes Between Refreshes from Database” setting. Click Update. It is important to note that. the lower the value. 3. Viewer Refresh Always Yields Current Data When enabled. and for report objects that do not have on-demand subreports or parameters and that do not prompt for database logon information. Generally. 2. Click the link to the Event Server whose settings you want to change. you can also change this setting in the CCM. Then click the Configuration tab. 5. Make your changes on the Properties tab. This “File Polling Interval in Seconds” setting determines the number of seconds that the server waits between polls. Modifying the polling time of the Event Server The Properties tab of the Event Server allows you to change the frequency with which the Event Server checks for file events. the optimal value is largely dependent upon your reporting requirements. Stop the Event Server and view its Properties. The value that you type must be 1 or greater. and new data is retrieved directly from the database. and setting a value that is too high can cause requests to be queued while the server waits for idle jobs to be closed. To modify the polling time Go to the Servers management area of the CMC. 4. This setting is respected for report instances with saved data. 114 BusinessObjects Enterprise Administrator’s Guide .5 Managing and Configuring Servers Configuring the intelligence tier value too low can cause a user’s request to be closed prematurely. When disabled. all cached pages are ignored. 1. The minimum value is 1 (one). Return to the Servers management area of the CMC. the default value of 15 minutes is acceptable: as with other performance settings. the more resources the server requires. when users explicitly refresh a report.

the number of database records to read when previewing or refreshing a report. and Web Intelligence Job Servers and Web Intelligence Report Servers. and network configurations. and when to disconnect from the report job database. the settings that you choose will depend largely upon your own requirements. The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware.Managing and Configuring Servers Configuring the processing tier 5 Configuring the processing tier This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the processing tier. BusinessObjects Enterprise Administrator’s Guide 115 . the maximum number of simultaneous report jobs. software. Report Application Servers. the oldest processed data to give a client. the minutes before a processing job is closed. Consequently. The processing tier includes different job servers. the minutes before an idle connection is closed. Configuring the processing tier includes: • • • • • • • • “Modifying Page Server performance settings” on page 115 “Modifying database settings for the RAS” on page 118 “Modifying performance settings for the RAS” on page 120 “Modifying performance settings for job servers” on page 121 “Configuring the Web Intelligence Report Server” on page 122 “Configuring the destinations for job servers” on page 125 “Configuring Windows processing servers for your data source” on page 132 “Configuring UNIX processing servers for your data source” on page 133 Modifying Page Server performance settings The Properties tab of the Page Server in the Central Management Console lets you set the location of temporary files. Page Servers.

Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that any single Page Server processes. Make your changes on the Properties tab. job processing may be slower than usual. Click Update to save the changes. The default value of 75 is acceptable for most. To modify Page Server performance settings Go to the Servers management area of the CMC. 4. is highly dependent upon your hardware configuration. your database software.This directory must have plenty of free hard disk space. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. If not enough disk space is available. 3. You must restart the server for the changes to take effect. reporting scenarios. however. 2. The ideal setting for your reporting environment.5 Managing and Configuring Servers Configuring the processing tier 1. or job processing may fail. Click the link to the Page Server whose settings you want to change. if not all. and your 116 BusinessObjects Enterprise Administrator’s Guide . Location of Temp Files The “Location of Temp Files” setting specifies the absolute path to a directory on the Page Server machine.

BusinessObjects Enterprise Administrator’s Guide 117 . If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide.) Database Records to Read When Previewing Or Refreshing a Report The “Database Records to Read When Previewing Or Refreshing a Report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. If the Page Server receives a request that can be met using data that was generated to meet a previous request. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. Thus. You may prefer to schedule such reports. Before you change this setting. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. Oldest On-Demand Data Given to a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes):” setting controls how long the Page Server uses previously processed data to meet requests. Minutes before an Idle Report Job is Closed The “Minutes before an Idle Report Job is Closed” setting alters the length of time that the Page Server keeps a report job active. (Note that this setting works in conjunction with the “Report Job Database Connection” setting.Managing and Configuring Servers Configuring the processing tier 5 reporting requirements. then the Page Server will reuse this data to meet the subsequent request. Before you change this setting. Setting a value that is too high can cause system resources to be consumed for longer than necessary. When setting the value of the “oldest processed data given to a client” consider how important it is that your users receive up-to-date data. it is difficult to discuss the recommended or optimum settings in a general way. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. This setting is useful when you want to prevent users from running on-demand reports containing queries that return excessively large record sets. and the time elapsed since that data was generated is less than the value set here. Setting a value that is too high can cause system resources to be consumed for longer than necessary. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Page Server waits for further requests from an idle connection. Reusing data in this way significantly improves system performance when multiple users need the same information. both to make the reports available more quickly to users and to reduce the load on your database from these large queries.

and new data is retrieved directly from the database. 3. Make your changes on the Database tab. If you select “Disconnect when all records have been retrieved or the job is closed”. You must restart the server for the changes to take effect. 1. Note that you can set the “Minutes before a Report Job is Closed” above. the Page Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. 2. Click Update to save the changes. all previously processed data is ignored. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. when users explicitly refresh a report.) Modifying database settings for the RAS The Database tab of the Report Application Server (RAS) in the Central Management Console lets you modify the way the server runs reports against your databases. Click the link to the RAS whose settings you want to change. 118 BusinessObjects Enterprise Administrator’s Guide . 4. (The latter option ensures that Page Server stays connected to the database server until the report job is closed. the “Viewer Refresh Always Yields Current Data” setting ensures that. However. the setting ensures that the Page Server will treat requests generated by a viewer refresh in exactly the same way as it treats as new requests. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. To modify database interaction settings for the RAS Go to the Servers management area of the CMC.5 Managing and Configuring Servers Configuring the processing tier Viewer Refresh Always Yields Current Data When enabled. and therefore limits the number of database licenses consumed by the Page Server. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. When disabled. Selecting this option limits the amount of time that Page Server stays connected to your database server. if the Page Server needs to reconnect to the database to generate an on-demand sub-report or to process a group-by-on-server command for that report.

BusinessObjects Enterprise Administrator’s Guide 119 . If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. This setting is particularly useful if you provide users with ad hoc query and reporting tools. select Database. then the RAS will reuse this data to meet the subsequent request. The batch size cannot be equal to or less than zero. Reusing data in this way significantly improves system performance when multiple users need the same information. and the time elapsed since that data was generated is less than the value set here. to support the data needs of users performing ad hoc reporting. This is the default on the RAS. and you want to prevent them from running queries that return excessively large record sets. If the RAS receives a request that can be met using data that was generated to meet a previous request. Stop the RAS and view its Properties. it is retrieved from the database. the query results are returned in batches. From the Option Type list. When setting the value of the “oldest on-demand data given to a client” consider how important it is that your users receive up-to-date data. you can also change these settings in the CCM. Number of records to browse The “Number of records to browse” setting allows you to specify the number of distinct records that will be returned from the database when browsing through a particular field’s values.Managing and Configuring Servers Configuring the processing tier 5 Tip: On Windows. Oldest on-demand data given to a client (in minutes) The “Oldest on-demand data given to a client (in minutes)” setting controls how long the RAS uses previously processed data to meet requests. The “Number of records per batch” setting allows you to determine the number of records that are contained in each batch. Number of database records to read when previewing or refreshing a report The “Number of database records to read when previewing or refreshing a report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. If the data is not in either cache. The data will be retrieved first from the client’s cache—if it is available—and then from the server’s cache. When the RAS retrieves records from the database. Click the Parameters tab.

the Report Application Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. and setting a value 120 BusinessObjects Enterprise Administrator’s Guide . 2. Before you change this setting. Tip: On Windows. and the maximum number of simultaneous processing threads. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the RAS waits for further requests from an idle connection. 3. (The latter option ensures that RAS stays connected to the database server until the report job is closed. Selecting this option limits the amount of time that RAS stays connected to your database server. see “Processing tier” on page 64. you can also change these settings in the CCM. 1.5 Managing and Configuring Servers Configuring the processing tier If you select “Disconnect when all records have been retrieved or the job is closed”. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. and therefore limits the number of database licenses consumed by the RAS. However. Click Update to save the changes. For more information. Note: The RAS server must have been installed and configured in order to use the List of Values Job Server. Stop the RAS and view its Properties. Click the Parameters tab. select Server. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. Click the link to the RAS whose settings you want to change. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. You must restart the server for the changes to take effect.) Modifying performance settings for the RAS The Server tab of the Report Application Server (RAS) in the Central Management Console allows you to modify the number of minutes before an idle connection is closed. if the RAS needs to reconnect to the database to generate an ondemand sub-report or to process a group-by-on-server command for that report. Make your changes on the Server tab. To modify performance settings for the RAS Go to the Servers management area of the CMC. From the Option Type list. 4.

To modify performance settings for job servers Go to the Servers management area of the CMC. Make your changes on the Properties tab. This method allows for more efficient processing of large. Click Update. 2. Modifying performance settings for job servers By default. 3. reporting scenarios. your database software. and the Web Intelligence Job Server. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings.Managing and Configuring Servers Configuring the processing tier 5 that is too high can affect the server’s scalability (for instance. the job servers run jobs as independent processes rather than as threads. and your reporting requirements. Click the link to the job server whose settings you want to change. 4. however. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. the server will be waiting unnecessarily for an idle job to close). Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that a RAS processes. 5. is highly dependent upon your hardware configuration. if not all. List of Values Job Server. that is the Report Job Server. Return to the Servers management area of the CMC. Use the following procedure to modify the performance settings for any of the job servers. it is difficult to discuss the recommended or optimum settings in a general way. Destination Job Server. The ideal setting for your reporting environment. Thus. BusinessObjects Enterprise Administrator’s Guide 121 . 1. it limits the number of scheduled objects that the server will process at any one time. if the ReportClientDocument object is not closed explicitly. Program Job Server. complex reports. Maximum Jobs Allowed The “Maximum Jobs Allowed” setting limits the number of concurrent independent processes (child processes) that the server allows—that is. You can tailor the maximum number of jobs to suit your reporting environment. The default value is acceptable for most.

5 Managing and Configuring Servers Configuring the processing tier The default “Maximum Jobs Allowed” setting is acceptable for most. Click either Apply or Update: • • 5. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Click Update to save the changes. 1. 3. The ideal setting for your reporting environment. reporting scenarios. it is difficult to discuss the recommended or optimum settings in a general way. if not all. 122 BusinessObjects Enterprise Administrator’s Guide . To modify performance settings for the Web Intelligence report server Go to the Servers management area of the CMC. Configuring the Web Intelligence Report Server Use the following procedure to configure the performance settings for the Web Intelligence Report Server. You must restart the server for the changes to take effect. Thus. and your reporting requirements. 2. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. your database software. however. Temp Directory You can also change the default directory where the server stores its temporary files. Click the link to the Web Intelligence Report Server whose settings you want to change. 4. Return to the Servers management area of the CMC and restart the Job Server. Click Apply to submit changes and restart the server so that the changes take effect immediately. is highly dependent upon your hardware configuration. Make your changes on the Properties tab.

Universe Cache Size The number of universes to be cached on the Web Intelligence Report Server. Connection Time Out The number of minutes before an idle connection to the Web Intelligence Report Server will be closed. The minimum value that you can enter is 10. if the number of values in a list of values exceeds this size. the user will receive an error message. Business Objects recommends that you limit it to 30000. unless another server is available to handle the request. For example. then the list of values will be returned to the user in several batches of this size or less. from sources such the Web Intelligence SDK or the Web Intelligence Job Server. List of Values Batch Size The maximum number of values that can be returned per list of values batch. The default is for the feature to be on. BusinessObjects Enterprise Administrator’s Guide 123 . List of Values Caching Enables or disables caching per user session of list of values in Web Intelligence Report Server. If this limit is reached.Managing and Configuring Servers Configuring the processing tier 5 Maximum Simultaneous Connections The maximum number of simultaneous connections that the server allows at one time. Although there is no limit on the maximum value.

Note: To improve system performance. Nor does it cache the documents when they are run as a scheduled job. When the parameter is off. but enter a value for Maximum Number Of Downloaded Documents To Cache when this option deselected. provided the pre-cache was enabled in the document. Maximum Number of Downloaded Documents To Cache The number of Web Intelligence documents that can be stored in cache.5 Managing and Configuring Servers Configuring the processing tier Enable Viewing Caching When this parameter is on. Document Cache Size The size (in kilobytes) of the document cache. the Web Intelligence Report Server caches Web Intelligence documents when the documents are viewed. Real-time caching is done only if both this parameter and the Enable Real Time Caching parameters are on. real-time caching is possible for Web Intelligence documents when they are viewed. the Web Intelligence Report Server does not cache the Web Intelligence documents when the documents are viewed. set the Maximum Number Of Downloaded Documents To Cache to zero when this option is selected. 124 BusinessObjects Enterprise Administrator’s Guide . Enable Real Time Caching When this parameter is on. Document Cache Duration The amount of time (in minutes) that content is stored in cache. Document Cache Scan Interval The number of minutes that the system waits before checking the document cache for cleanup. When this parameter is off both real-time caching of Web Intelligence documents and viewing of cached Web Intelligence documents is impossible. This parameter is taken into account only when the Enable Viewing Caching is set to on. or when they are generated as a result of having been run as a scheduled job. The server also caches the documents when they are run as a scheduled job. the system will delete documents with the oldest “last accessed time. the Web Intelligence Report Server will clean up the cache until the amount of cache percentage is reached.” Then if the cache size is still exceeds the maximum storage size. Amount of Cache To Keep When Document Cache is Full If the storage size is bigger than the allocated storage size.

you can specify a different destination. which sends an existing object to a specified destination. you have to enable and configure the Unmanaged Disk destination on the Job Server. To send a report instance by email. However. to be able to schedule a report object for output to an unmanaged disk. and Web Intelligence Job Server. See also “Configuring the destination properties for job servers” on page 126. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. the system will store one output instance on the Output FRS. Configuring destinations for job servers includes: • • • • “Enabling or disabling destinations for job servers” on page 125 “Configuring the destination properties for job servers” on page 126 “Selecting a destination” on page 481 “Sending an object or instance” on page 420 For information about selecting destinations for objects see: Enabling or disabling destinations for job servers This procedure applies to the Job Server.Managing and Configuring Servers Configuring the processing tier 5 Note: To improve system performance. the Inbox destination is enabled by default. You also specify a destination when you use the Send to feature. For a job server to store output instances in a destination other than the default. you have to enable and configure the other destinations on the job servers. Note: On the Destination Job Server. List of Values Job Server. If you want. set this value to zero when Enable Real Time Caching is selected. In order for the system to work with destinations other than the default. If you do. and one at the specified destination. For example. but enter a value when Enable Real Time Caching is deselected. Configuring the destinations for job servers By default. you can enable and configure additional destinations on the Destination Job Server. BusinessObjects Enterprise Administrator’s Guide 125 . you have to configure the Email (SMTP) destination on the Destination Job Server. the destination must have been enabled and configured on the respective job server. Program Job Server. Destination Job Server. it stores the output instance it creates on the Output File Repository Server (FRS). when the system runs a scheduled report or a program object.

Click the link for the job server whose setting you want to change. Program Job Server. Click the Destinations tab. you must also configure the destination. Configuring the destination properties for job servers This procedure applies to the Job Server. Click the link for the job server for which you want to enable or disable a destination. List of Values Job Server. See also “Enabling or disabling destinations for job servers” on page 125. see: • • • • 6. 3. See “Enabling or disabling destinations for job servers” on page 125. To enable or disable destinations for a job server Go to the Servers management area of the CMC. 126 BusinessObjects Enterprise Administrator’s Guide . for example. 5. Make sure the destination has been enabled. you have to enable and configure the other destinations on the job servers. 2. and Web Intelligence Job Server. To set the destination properties for a job server Go to the Servers management area of the CMC. Select the check box for each destination you want to support. See “Configuring the destination properties for job servers” on page 126. 1. FTP. For a job server to store output instances in a destination other than the default. 4. 5. 3. Destination Job Server. Click Enable. 4. click Disable. “Inbox destination properties” on page 127 “Unmanaged Disk destination properties” on page 131 “FTP destination properties” on page 130 “Email (SMTP) destination properties” on page 128 Click Update. 7. When a destination is disabled a red circle is shown beside the name. Set the properties for the destination. To disable destinations.5 Managing and Configuring Servers Configuring the processing tier 1. For information about the properties for each destination. Click the link for the destination whose setting you want to set. 2. If you enabled the destination.

Send document as Select the option you want: • • Shortcut—The systems sends a shortcut to the specified destination. you can enable and configure additional destinations on the Destination Job Server. for example. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. Send List Specify which users or user groups you want to receive instances that have been generated or processed by the job server.Managing and Configuring Servers Configuring the processing tier 5 Inbox destination properties The Inbox destination stores an object or instance in the user inboxes on the BusinessObjects Enterprise system. BusinessObjects Enterprise Administrator’s Guide 127 . see “Configuring the destination properties for job servers” on page 126 and “Controlling access to user inboxes” on page 352. the . For more information. the Inbox destination is enabled by default. A user inbox is automatically created when you add a user. Note: On the Destination Job Server. to the destination.rpt file. If you want. Copy—The system sends a copy of the instance.

SMTP Password Provide the Job Server with the password for the SMTP server. SMTP User Name Provide the Job Server with a user name that has permission to send email and attachments through the SMTP server. See also “Configuring the destination properties for job servers” on page 126.com domain. Domain Name Enter the fully qualified domain of the SMTP server. and an account called BusinessObjectsJobAccount has been created on the SMTP server for use by the Job Server. Server Name Enter the name of the SMTP server. the SMTP server resides in the businessobjects. Its name is EMAIL_SERV and it is listening on the standard SMTP port. Plain text authentication is being used.5 Managing and Configuring Servers Configuring the processing tier Email (SMTP) destination properties In this example. 128 BusinessObjects Enterprise Administrator’s Guide . Port Enter the port that the SMTP server is listening on. (This standard SMTP port is 25.) Authentication Select Plain or Login if the job server must be authenticated using one of these methods in order to send email.

and Message Set the default values for users who schedule reports to this SMTP destination. Windows will know which program to use to open the file when users want to view the file. Add file extension Adds the . If you send a hyperlink.) Users can override this default when they schedule an object. choose a placeholder for a variable property from the list and click Add. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. This is similar to selecting File Extension from the list and clicking Add. To add a variable. Users can override this default when they schedule an object. To. the email recipient must log on to BusinessObjects Enterprise to see the report. Specified File Name Select this option if you want to enter a file name.Managing and Configuring Servers Configuring the processing tier 5 From Provide the return email address. Users can override these defaults when they schedule an object. Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the report. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC.%EXT% extension to the specified filename. BusinessObjects Enterprise Administrator’s Guide 129 . Subject. By adding an extension to the file name. You can also add a variable to the file name. Users can override these defaults when they schedule an object. Attach report instance to email message Clear this check box if you do not want to attach a copy of the report or program instance attached to the email. Cc.

5 Managing and Configuring Servers Configuring the processing tier FTP destination properties In this example. if required. but it is rarely implemented. FTP Password Enter the user’s password. Host Enter your FTP host information. Port Enter the FTP port number (the standard FTP port is 21). 130 BusinessObjects Enterprise Administrator’s Guide . See also “Configuring the destination properties for job servers” on page 126.businessobjects. reports scheduled to this destination are randomly named and uploaded to the ftp.com site. Account Enter the FTP account information. Account is part of the standard FTP protocol. FTP User Name Specify a user who has the necessary rights to upload a report to the FTP server. Provide the appropriate account only if your FTP server requires it.

Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. Unmanaged Disk destination properties An unmanaged disk is disk on a system outside the BusinessObjects Enterprise system. or on any other machine that you can specify with a UNC path.Managing and Configuring Servers Configuring the processing tier 5 Destination Directory Enter the FTP directory that you want the object to be saved to. The directory can be on a local drive of the Job Server machine. choose a placeholder for a variable property from the list and click Add. See also “Configuring the destination properties for job servers” on page 126. BusinessObjects Enterprise Administrator’s Guide 131 . Destination Directory Type the absolute path to the directory. Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. To add a variable. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. A relative path is interpreted relative to the root directory on the FTP server.

Configuring Windows processing servers for your data source When started on Windows. For example. if you prefer. refer to the platform. or because the database client software is configured for a particular Windows user account.” the file name of each object includes the object owner’s name. this account is irrelevant in relation to the server’s task of processing reports against your data source. In this example. User Name Specify a user who has permission to write files to the destination directory. To add a variable. there are certain cases when you must change the logon account used by the processing servers. choose a placeholder for a variable property from the list and click Add.) Thus. you can change it to a Windows user account with the appropriate permissions. you can usually leave each server’s default logon account unchanged or. For details on changing the user accounts. This account determines the permissions that each service is granted on the local machine. In the majority of cases. 132 BusinessObjects Enterprise Administrator’s Guide . the variable is replaced with the appropriate information.txt file included with your installation. Tip: Running a service under an Administrator account does not inadvertently grant administrative privileges to another user. the report processing servers by default log on to the local system as services with the Windows “LocalSystem” account. because users cannot impersonate services. Each file name will be randomly generated. Password Type the password for the user. the destination directory is on a network drive that is accessible to the Job Server machine through a UNC path.5 Managing and Configuring Servers Configuring the processing tier Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. see “Changing the server user account” on page 146. (The database logon credentials are stored with the report object. when you add the variable “Owner. This table lists the various database/ driver combinations and shows when you must complete additional configuration. These cases arise either because the server needs additional network permissions to access the database. and a user name and password have been specified to grant the Job Server permission to write files to the remote directory. This account does not grant the service any network permissions. When each instance runs. For a complete list of supported databases and drivers. However.

txt file included with your product distribution for a complete list of tested database software and version requirements. additional environment variables may be required for the Job Server and Page Server to use the client software. so this variable must be defined for the login environment of each Job Server and Page Server. BusinessObjects Enterprise Administrator’s Guide 133 . Depending on your database. These include: • • Oracle The ORACLE_HOME environment variable must define the top-level directory of the Oracle client installation. This section discusses the environment variables. • DB2 The DB2INSTANCE environment variable must define the DB2 instance that is used for database access. The server locates the client software by searching the library path environment variable that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. you must install the appropriate database client software on each Job Server and/or Page Server machine that will process the reports. software. The SYBPLATFORM environment variable must define the platform architecture. See the Platforms. Click the appropriate link to jump to that section: • • Native drivers “Native drivers” on page 133 “ODBC drivers” on page 134 If you design reports using native drivers.Managing and Configuring Servers Configuring the processing tier 5 Configuring UNIX processing servers for your data source The Job Servers and Page Server support native and ODBC connections to a number of reporting databases. and configuration files that must be available to the servers in order for them to process reports successfully. ensure that the reporting environment configured on the server accurately reflects the reporting environment configured on the Windows machine that you use when designing reports with Crystal Reports. Whether your reports use native or ODBC drivers. The server loads the client software at runtime in order to access the database that is specified in the report. LIBPATH on IBM AIX. Sybase The SYBASE environment variable must define the top-level directory of the Sybase client installation. and so on). Use the DB2 instance initialization script to ensure that the DB2 environment is correct.

suppose that you are running reports against both Sybase and Oracle. The Sybase database client is installed in /opt/sybase. This section discusses the installed environment. and the Oracle client is installed in /opt/oracle/app/oracle/product/8. If you report off DB2 using ODBC.export ORACLE_HOME SYBASE=/opt/sybase. you must set up the corresponding data sources on the Job Server and Page Server machines.7. The bind packages are installed below the crystal/enterprise/platform/odbc/lib directory. and sets up the required ODBC environment variables. along with the information that you need to edit. modify the syntax accordingly: LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8.1.7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH. see the documentation included with your database client software.5 Managing and Configuring Servers Configuring the processing tier Note: For complete details regarding these and other required environment variables. • 134 BusinessObjects Enterprise Administrator’s Guide . If the crystal user’s default shell is a C shell. In addition. your database administrator must first bind the UNIX version of the driver to every database that you report against (and not just each database server). As an example.export SYBPLATFORM ODBC drivers If you design reports off ODBC data sources (on Windows). you must ensure that each server is set up properly for ODBC. During the installation.1.pdf). add these commands to the crystal user’s login script: setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8.7. creates configuration files and templates related to ODBC reporting.bnd. You installed BusinessObjects Enterprise under the crystal user account (as recommended in the BusinessObjects Enterprise Installation Guide). their filenames are iscsso.export SYBASE SYBPLATFORM=sun_svr4.7 setenv SYBASE /opt/sybase setenv SYBPLATFORM sun_svr4 If the crystal user’s default shell is a Bourne shell. BusinessObjects Enterprise installs ODBC drivers for UNIX. iscswhso. Note: • Detailed documentation covering the various ODBC drivers is included in the Merant Connect ODBC Reference (odbcref.bnd.1. it is also located in the doc directory of your product distribution. This is installed below the crystal/enterprise/platform/odbc directory.7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.export LD_LIBRARY_PATH ORACLE_HOME=/opt/oracle/app/oracle/product/8.1.1.

ini file that was created by the BusinessObjects Enterprise installation. and ODBCINI.bnd. Modify the environment variables in the env. The ODBC_HOME environment variable is set to the INSTALL_ROOT/ bobje/enterprise11/platform/odbc directory of your installation.bnd.Managing and Configuring Servers Configuring the processing tier 5 isrrso.bnd. Because Crystal Reports runs on Windows. isurso. • On UNIX.csh that is sourced automatically every time you start the BusinessObjects Enterprise servers with the CCM. bobje/defaultodbc. however. Thus. ODBC_HOME. include the clientless ODBC driver for Informix connectivity. and isurwhso.ini) is created in the HOME directory of the user account under which you installed BusinessObjects Enterprise (typically the crystal user account). The UNIX version does.bnd. you define each of the ODBC data sources (DSNs) that the Job Server and Page Server need in order to process your reports. and so on). LIBPATH on IBM AIX. ensure also that the Windows version of the driver has been bound to each database. BusinessObjects Enterprise does not include the Informix client-dependent ODBC driver (CRinf16) that is installed on Windows.odbc. ODBC environment variables The environment variables related to ODBC reporting are: the library path that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. isrrwhso. The BusinessObjects Enterprise installation completes most of the required information—such as the location of the ODBC directory and the name and location of each installed ODBC driver—and shows where you need to provide additional information.odbc. In this file.ini Tip: A template of the system information file is installed to INSTALL_ROOT/ BusinessObjects Enterprise Administrator’s Guide 135 .csh script only if you have customized your configuration of ODBC. The main ODBC configuration file that you need to modify is the system information file. The ODBCINI environment variable is defined as the path to the . The BusinessObjects Enterprise installation includes a file called env. the environment for the Job Server and Page Server is set up automatically: • • • The INSTALL_ROOT/bobje/enterprise11/platform/odbc/lib directory of your installation is added to the library path environment variable. Working with the ODBC system information file The system information file (.

some Windows drivers store a UID value in the registry. This DSN allows the Job Server and Page Server to process reports based on a System DSN (on Windows) called CRDB2: [ODBC Data Sources] CRDB2=MERANT 3.out TraceDll=/opt/bobje/enterprise11/platform/odbc/lib/ odbctrac.5 Managing and Configuring Servers Configuring the processing tier The following example shows the contents of a system information file that defines a single ODBC DSN for servers running on UNIX. lists all the DSNs that are defined later in the file. and on UNIX you may need to specify this value with the LogonID option. The PDF is installed below the crystal/enterprise/platform/odbc directory. and there must be one entry for every DSN that is defined in the file. The options that you must define depend upon the ODBC driver that you are using.so Description=MERANT 3. see the Merant Connect ODBC Reference (odbcref. The second section sequentially defines each DSN that is listed in the first section. denoted by [ODBC Data Sources].ini\dsn However.70 DB2 ODBC Driver Database=myDB2server LogonID=username [ODBC] Trace=0 TraceFile=odbctrace. These pairs essentially correspond to the Name=Data pairs that Windows stores for each System DSN in the registry: \\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc.pdf). In the example above. Each DSN is defined through a number of option=value pairs. Each entry in this section is provided as dsn=driver. The beginning of each definition is denoted by [dsn].so InstallDir=/opt/bobje/enterprise11/platform/odbc As shown in the example above. it is also located in the doc directory of your product distribution.70 DB2 ODBC Driver [CRDB2] Driver=/opt/bobje/enterprise11/platform/odbc/lib/crdb216. The value of dsn must correspond exactly to the name of the System DSN (on Windows) that the report was based off. the system information file is structured in three major sections: • The first section. • 136 BusinessObjects Enterprise Administrator’s Guide . Note: For detailed documentation on each ODBC driver. [CRDB2] marks the beginning of the single DSN that is defined in the file. the options for a particular ODBC driver on UNIX may not correspond by name to the options available for a Windows version of the same driver. For example.

The standard options that are commonly required for each driver are included in the file (Database=. When the installation creates the system information file.so Description=MERANT 3.70 Oracle8 ODBC Driver CRSS=MERANT 3. This example shows the entire contents of a system information file created when BusinessObjects Enterprise was installed to the /usr/local directory.70 Informix Dynamic Server ODBC Driver ServerName= HostName= PortNumber= Database= LogonID= [CROR8] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816.70 Sybase ASE ODBC Driver CRTXT=MERANT 3. [ODBC Data Sources] CRDB2=MERANT 3. it completes some fields and sets up a number of default DSNs—one for each of the installed ODBC drivers.so Description=MERANT 3. LogonID=.70 Oracle8 ODBC Driver ServerName= ProcedureRetResults=1 LogonID= [CRSS] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crmsss16. and so on).so Description=MERANT 3. Edit the file and provide the corresponding values that are specific to your reporting environment.70 Text ODBC Driver [CRDB2] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crdb216.70 SQL Server ODBC Driver CRSYB=MERANT 3.so Description=MERANT 3. denoted by [ODBC]. includes ODBC tracing information.70 DB2 ODBC Driver CRINF_CL=MERANT 3.70 DB2 ODBC Driver Database= LogonID= [CRINF_CL] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crifcl16.70 Informix Dynamic Server ODBC Driver CROR8=MERANT 3.70 SQL Server ODBC Driver Address= Database= QuotedId=Yes LogonID= BusinessObjects Enterprise Administrator’s Guide 137 . You need not modify this section.Managing and Configuring Servers Configuring the processing tier 5 • The final section of the file.

The report is based off a System DSN (on Windows) called SalesDB. 138 BusinessObjects Enterprise Administrator’s Guide .so InstallDir=/usr/local/bobje/enterprise11/platform/odbc Adding a DSN to the default ODBC system information file When you need to add a new DSN to the installed system information file (.ini) file.so Description=MERANT 3. the new DSN is available to the Job Server and Page Server.70 Text ODBC Driver Database= [ODBC] Trace=0 TraceFile=odbctrace. so they can process reports that are based off the SalesDB System DSN (on Windows).so Description=MERANT 3. To create the corresponding DSN. first append this line to the [ODBC Data Sources] section of the system information file: SalesDB=MERANT 3. first add the new DSN to the bottom of the [ODBC Data Sources] list. Then add the corresponding [dsn] definition just before the [ODBC] section.70 Sybase ASE ODBC Driver NetworkAddress= Database= LogonID= [CRTXT] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crtxt16.odbc. For example.70 Oracle8 ODBC Driver ServerName=MyServer ProcedureRetResults=1 LogonID=MyUserName Once you have added this information.so Description=MERANT 3.5 Managing and Configuring Servers Configuring the processing tier [CRSYB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crase16.out TraceDll=/usr/local/bobje/enterprise11/platform/odbc/lib/ odbctrac.70 Oracle8 ODBC Driver Then define the new DSN by adding the following lines just before the system information file’s [ODBC] section: [SalesDB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816. suppose that you have a Crystal report that uses ODBC drivers to report off your Oracle8 database.

BusinessObjects Enterprise logs to the syslog daemon as a User application. The programmatic information logged to these files is typically useful only to Business Objects support staff for advanced debugging purposes. BusinessObjects Enterprise logs to the Event Log service. Each server prepends its name and PID to any messages that it logs. On UNIX. the default logging directory INSTALL_ROOT/bobje/logging directory of your installation. so there will never be more than approximately 1 MB of logged data per server. For details on locating and customizing the web activity logs. The location of these log files depends upon your operating system: • • On Windows. You can view the results with the Event Viewer (in the Application Log). the default logging directory is C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging On UNIX. The important point to note is that these log files are cleaned up automatically. This example shows two messages logged to the syslog daemon on UNIX: • Each server also logs assert messages to the logging directory of your product installation. • In addition.Managing and Configuring Servers Logging server activity 5 Logging server activity BusinessObjects Enterprise allows you to log specific information about BusinessObjects Enterprise web activity. BusinessObjects Enterprise Administrator’s Guide 139 . see “Configuring the Web Component Adapter” on page 89. each of the BusinessObjects Enterprise servers is designed to log messages to your operating system’s standard system log.On Windows NT/2000.

(Although unlikely.listeningPort context parameter in web. On Windows. depending upon your reporting environment.config file. However. you view and modify server command lines (also referred to as launch strings) in the ccm. See “Configuring the Web Component Adapter” on page 89. If necessary. When started and enabled. you can configure its listening port by changing the connection. you can change the default CMS port. you view and modify server command lines with the CCM. The default CMS port number is 6400. Thus. each of the other BusinessObjects Enterprise servers dynamically binds to an available port (higher than 1024).) The Web Component Adapter is not a server. registers with this port on the CMS. it is possible that your custom applications use these ports. which is installed in the crystal directory. and then listens for BusinessObjects Enterprise requests. you can instruct each server component to listen on a specific port (rather than dynamically selecting any available port). It includes: • • • • • • “Changing the default server port numbers” on page 140 “Configuring a multihomed machine” on page 143 “Adding and removing Windows server dependencies” on page 144 “Changing the server startup type” on page 145 “Changing the server user account” on page 146 “Configuring servers for SSL” on page 146 Changing the default server port numbers During installation. BusinessObjects Enterprise communication on these ports should not conflict with third-party applications that you have in place. The Command field appears on each server’s Properties tab. If so. On UNIX. 140 BusinessObjects Enterprise Administrator’s Guide .5 Managing and Configuring Servers Advanced server configuration options Advanced server configuration options This section includes additional configuration tasks that you may want to perform. This ports fall within the range of ports reserved by Business Objects (6400 to 6410). the CMS is set up to use default port numbers.xml.

Other Servers Used only in multihomed environments or for certain NAT firewall environments. Selected dynamically if unspecified. -requestPort Specifies the secondary port Specifies the port on which that the CMS uses for identifying other servers and for registering with itself and/ or a cluster. you must change the -ns option in every other server’s command line. specify -port interface only.cms context parameter in web. Option -port CMS Specifies the primary BusinessObjects Enterprise port on which the CMS listens for requests from all other servers. consider the following: • CMS port number. see “Configuring a multihomed machine” on page 143 or “Configuring for Network Address Translation” on page 190. On Windows. See “Configuring the Web Component Adapter” on page 89. If you are working with multihomed machines or in certain NAT firewall configurations. and thus available to accept BusinessObjects Enterprise requests. For servers other than the CMS. The default is 6400. this default port is not actually in use (each server registers its -requestPort number with the CMS instead). (-port number has no meaning for these servers). Specifies the CMS that the server will register with. to ensure that each server connects to the appropriate port of the CMS. n/a -ns Before modifying any port numbers. (The -ns option stands for “nameserver. because it maintains a list that includes the host name and port number of each server that is started.” The CMS functions as the nameserver in BusinessObjects Enterprise. This displayed port corresponds to the -port option. the server listens for BusinessObjects Enterprise requests. In both cases.xml. the CCM displays default port numbers on each server’s Configuration tab. see Appendix E: Server Command Lines. enabled. For more information. The server registers this port with the CMS. • • BusinessObjects Enterprise Administrator’s Guide 141 . you may wish to specify -port interface:number for the CMS and -port interface for the other servers. Selected dynamically if unspecified.Managing and Configuring Servers Advanced server configuration options 5 This table summarizes the command-line options as they relate to port usage for specific server types.) You must also set the name and port number of the CMS with the connection. For details.

sh (on UNIX) to stop all the BusinessObjects Enterprise servers. 2. To change the default CMS port for BusinessObjects Enterprise servers Use the CCM (on Windows) or ccm. Replace number with the port that the CMS is listening on. Start and enable the server. See “Configuring the Web Component Adapter” on page 89. Set the name and port number of the CMS with the connection. The CMS begins listening on the port specified by number. The host name must resolve to a valid IP address within your network. 2.sh (on UNIX) to stop the server. (The default port is 6400.5 Managing and Configuring Servers Advanced server configuration options 1. 3. The server binds to the new port specified by number. This typically provides the most reliable behavior. Having the servers register by name can be useful if a NAT firewall resides between the server and the CMS. use the -requestPort option in conjunction with -port interface (where interface is the server’s fully qualified domain name). If you need each server to register with the CMS by fully qualified domain name instead. It then registers with the CMS and begins listening for BusinessObjects Enterprise requests on the new port.) 3. each server registers itself with the CMS by IP address. Add (or modify) the following option in the server’s command line: -requestPort number 1. By default. 142 BusinessObjects Enterprise Administrator’s Guide . see “Configuring for Network Address Translation” on page 190. 4. 5.cms context parameter in web. Add (or modify) the following option in the CMS command line: -port number Replace number with the port that you want the CMS to listen on. Start and enable all the BusinessObjects Enterprise servers.xml. To change the port a server registers with the CMS Use the CCM (on Windows) or ccm. and the non-CMS servers broadcast to that port when attempting to register with the CMS. Replace number with the port that you want the server to listen on. rather than by name. Add (or modify) the following option in the command line of all of the remaining non-CMS BusinessObjects Enterprise servers: -ns hostname:number Replace hostname with the host name of the machine that is running the CMS. For more information.

In this example. If you have multiple interface cards. use interface:port when setting the connection.listeningPort context parameter in web. each with one or more IP addresses. interface must be the IP address that you want the server to bind to. Configuring a multihomed machine A multihomed machine is one that has multiple network addresses. If the machine has a single network interface. the DNS must route communications from the other BusinessObjects Enterprise servers to the private address of the File Repository Servers.Managing and Configuring Servers Advanced server configuration options 5 You may also need to specify -port interface when BusinessObjects Enterprise is running on a multihomed machine. You may accomplish this with multiple network interfaces. To configure the WCA. see “Changing the default server port numbers” on page 140. but it is possible to bind individual servers to different addresses. Add the following option to both of their command lines: -port interface:port If the machine has multiple network interfaces. you might want to bind the File Repository Servers to a private address that is not routable from users’ machines. If you change the default port numbers. Advanced configurations such as this require your DNS configuration to route communications effectively between all the BusinessObjects Enterprise server components. Configuring the CMS to bind to a network address When you use the -port command-line option to configure the CMS to bind to a specific IP address. Note: • To retain the default port numbers. each with a single IP address. you will need to make additional configuration changes. use the -port command-line option to specify a IP address for the BusinessObjects Enterprise server. For instance. Tip: This section shows how to restrict all servers to the same network address. If your interface card has multiple IP addresses. replace port with 6400 for the CMS. interface can be the fully qualified domain name or the IP address of the interface that you want the server to bind to. you must also include the port number these servers use (even if the server is using the default port). or with a single network interface that has been assigned multiple IP addresses.) • BusinessObjects Enterprise Administrator’s Guide 143 . (See “Configuring the Web Component Adapter” on page 89.xml. For details. change the binding order so that the card at the top of the binding order is the one you want the BusinessObjects Enterprise servers to bind to.

1. 4. and Remote Procedure Call (RPC) services. and Remote Procedure Call (RPC). With the server selected. Ensure that each server’s -ns parameter points to the CMS. To add a dependency to the list. click Properties on the toolbar. 144 BusinessObjects Enterprise Administrator’s Guide . Click the Dependency tab. As shown here. To add and remove server dependencies Use the CCM to stop the server whose dependencies you want to modify. NT LM Security Support Provider. and that the DNS resolves the value to the appropriate network address. NT LM Security Support Provider. so you need only add the following option to their command lines: -port interface Replace interface with the same value that you specified for the CMS. at least three services should be listed: Event Log. Adding and removing Windows server dependencies When installed on Windows. If you are having problems with a server. 2.5 Managing and Configuring Servers Advanced server configuration options Configuring the remaining servers to bind to a network address The remaining BusinessObjects Enterprise servers select their ports dynamically by default. 3. each server in BusinessObjects Enterprise is dependent on at least three services: the Event Log. click Add. check to ensure that all three services appear on the server’s Dependency tab.

6. To remove a dependency from the list. BusinessObjects Enterprise Administrator’s Guide 145 . Disabled requires you to change the startup type to automatic or manual before it can run. each server is configured to start automatically. As with other Windows services. Restart the server. 5. and then click Add. Select the dependency or dependencies. select it and click Remove. Click OK. there are three startup types: • • • Automatic starts the server each time the machine is started. Changing the server startup type When installed on Windows. Manual requires you to start the server before it will run.Managing and Configuring Servers Advanced server configuration options 5 The Add Dependency dialog box provides you with a list of all available dependencies. as required. 7.

this requires root privileges. 3. 2. When started. With the server selected. Click OK. To change the server startup type on UNIX On UNIX. Changing the server user account If the incorrect user account is running on a server on Windows. To change a server’s user account Use the CCM to stop the server. 1. Configuring servers for SSL You can use the Secure Sockets Layer (SSL) protocol for all network communication between clients and servers in your BusinessObjects Enterprise deployment. or a user account that has the right “Act as part of the operating system”. 6. click Properties on the toolbar. Click Properties. Clear the System Account check box. and then click OK. 2. Enter the Windows user name and password information. Disabled. Restart the server. Tip: The Program Job Server must be configured to use the Local System account. 6. 4. change it in the Central Configuration Manager (CCM). 5. or Manual. To set up SSL for all server communication you need to perform the following steps: 146 BusinessObjects Enterprise Administrator’s Guide . In addition.sh” on page 607. Start the server. To change the server startup type on Windows Start the CCM. the server process will log on to the local machine with this user account. 3. See “setupinit. Click Apply.5 Managing and Configuring Servers Advanced server configuration options 1. Stop the server whose startup type you want to modify. Click the Startup Type list and select Automatic. 5. 4. all reports processed by this server will be formatted using the printer settings associated with the user account that you enter.

pem private_key = $dir/private/cakey. 4. By default. Open the sslc. type the following command: sslc rsa -in privkey. To sign the CA certificate.pem -req -signkey cakey. a Certificate Authority (CA) certificate request (cacert. Type the following command: sslc req -config sslc. 3. type the following command: sslc x509 -in cacert. Perform the following steps based on settings in the sslc. stored in the same folder as the SSLC command line tool.req This command creates two files. To create key and certificate files for a machine Run the SSLC.cnf file. 5.pem -days 365 This command creates a self-signed certificate.pem. Note: For more information about using the SSLC command line tool. consult the SSLC documentation. Choose the number of days that suits your security needs.exe command line tool. Configure the location of these files in the Central Configuration Manager (CCM) and your web application server.cnf file's certificate and private_key options.pem files in the directories specified by sslc.pem). cacert. that expires after 365 days.Managing and Configuring Servers Advanced server configuration options 5 • • • Deploy BusinessObjects Enterprise with SSL enabled. Create key and certificate files for each machine in your deployment.cnf -new -out cacert. • Place the cakey. The SSLC tool is installed with your BusinessObjects Enterprise software. cakey.cnf file.pem -out cakey.req) and a private key (privkey. use the SSLC command line tool to create a key file and a certificate file for each machine in your deployment.pem This command creates the decrypted key.) 2. Creating key and certificate files To set up SSL protocol for your se.pem. (On Windows. the settings in the sslc.pem and cacert.req -out cacert. To decrypt the private key.cnf file are: certificate = $dir/cacert.rver communication. it is installed by default in C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86.pem BusinessObjects Enterprise Administrator’s Guide 147 . 1. for example.

cnf file's serial setting.der -outform DER sslc x509 -in servercert. 8. such as 11111111111111111111111111111111. Create a file with the name specified by the sslc. choose a large number.req 7. Note: To ensure that you can create and sign more certificates. Ensure that this file provides an octet-string serial number (in hexadecimal format).cnf -new -out servercert.5 Managing and Configuring Servers Advanced server configuration options • • Create a file with the name specified by the sslc.der) the generated server certificate file (servercert. Create a text file for storing the plain text passphrase used for decrypting the generated private key.cnf file's database setting. 9.der -outform DER 10.pem in servercert. Use the following commands to convert the certificates to DER encoded certificates: sslc x509 -in cacert.) • 6. Make a copy of the private key copy privkey.key) the passphrase file 148 BusinessObjects Enterprise Administrator’s Guide . The file can be empty.pem server.txt. which contains the signed certificate.pem file. Store the following key and certificate files in a secure location (under the same directory) that can be accessed by the machines in your BusinessObjects Enterprise deployment: • • • • the trusted certificate file (cacert. Create the directory specified by the sslc.cnf -days 365 -out servercert. type the following command: sslc req -config sslc. 11.cnf file's new_certs_dir setting.req This command creates the servercert. Note: By default. type the following command: sslc ca -config sslc.der) the server key file (server.pem -out servercert.pem -out cacert.key To sign the certificate with the CA certificate. this file is $dir/index. To create a certificate request and a private key.

To configure the SSL protocol for the web application server If you have a J2EE web application server.oci.der -DsslCert=clientcert.Managing and Configuring Servers Advanced server configuration options 5 This location will be used to configure SSL for the CCM and your web application server. To configure the SSL protocol in the CCM In the CCM. 4.protocol=ssl -DcertDir=d:\ssl -DtrustedCert=cacert.key -Dpassphrase=passphrase. run the Java SDK with the following system properties set: -Dbusinessobjects.orb. BusinessObjects Enterprise Administrator’s Guide 149 . 1. and store them in a secure location. you need to provide the Central Configuration Manager (CCM) and your web application server with the secure location. 3.der -DsslKey=client. Provide the file path for the directory where you stored the key and certificate files. right-click a server and choose Properties. Note: Make sure you provide the directory for the machine that the server is running on. In the Properties dialog box. 1. click the Protocol tab. If you have an IIS web application server.txt 2. run the sslconfig tool from the command line and follow the configuration steps. Configuring the SSL protocol After you create keys and certificates for each machine in your deployment. Repeat steps 1 to 3 for all servers. 2.

5 Managing and Configuring Servers Advanced server configuration options 150 BusinessObjects Enterprise Administrator’s Guide .

Managing Server Groups chapter .

see “Specifying servers for scheduling” on page 430 or “Specifying servers for viewing and modification” on page 432. And you can associate scheduled objects with a particular server group to ensure that scheduled objects are sent to the correct printers. More importantly. and then add servers to the group. recurrent schedules. when you manage a group of servers. Therefore. processing servers need to communicate frequently with the database containing data for published reports. you need only view a subset of all the servers on your system. or for viewing and modifying reports. you need to specify the name and description of the group. if you had a number of reports that ran against a DB2 database. The only difference is that you see only the servers that you added to the server group. you might want to create a group of Page Servers that process reports only against the DB2 database server. server groups prove especially useful when maintaining systems that span multiple locations and multiple time zones. file servers. or for objects of different types. You can change the status. For example. After creating server groups. server groups are a powerful way of customizing BusinessObjects Enterprise to optimize your system for users in different locations. That is. you can easily set up default processing settings. For details. You can associate an object with a single server group. If you then configured the appropriate reports to always use this Page Server group for viewing. Thus. obtain metrics. Creating a server group To create a server group. If you group your servers by type. and so on.6 Managing Server Groups Server group overview Server group overview Server groups provide a way of organizing your BusinessObjects Enterprise servers to make them easier to manage. If you group your servers by region. you can configure objects to be processed by servers that have been optimized for those objects. you would optimize system performance for viewing these reports. so the object is always processed by the same servers. and schedule destinations that are appropriate to users who work in a particular regional office. Placing processing servers close to the database server that they need to access improves system performance and minimizes network traffic. configure objects to use specific server groups for scheduling. and configure your servers in the organize Server Groups area—just as you would in the organize Servers area. 152 BusinessObjects Enterprise Administrator’s Guide .

6. 8. BusinessObjects Enterprise Administrator’s Guide 153 . 4. 3. In the Server Group Name field. Click OK. The New Server Group Properties tab appears. type a name for the new group of servers. 5. 2. On the Servers tab. Use the Description field to include additional information about the group. click Add/Remove Servers. Tip: Use CTRL+click to select multiple servers. Click OK. To create a server group Go to the Server Groups management area of the CMC.Managing Server Groups Creating a server group 6 1. Select the servers that you want to add to this group. then click the > arrow. 7. Click New Server Group.

or you can make one server group a member of another. so use whichever method proves most convenient. To make one server group a member of another Go to the Server Groups management area of the CMC. The results are the same. You are returned to the Subgroups tab. 1. view server metrics. 1. Working with server subgroups Subgroups of servers provide you with a way of further organizing your servers. and change the properties of the servers in the group. which now lists all the servers that you added to the group. This group is the parent group. 3. and add each regional group to the corresponding country group. 2. 4. In the Available server groups list. To add subgroups to a server group Go to the Server Groups management area of the CMC. click the Member of button. Click the group that you want to add subgroups to. You are returned to the Servers tab. 2. which now lists all the server groups that you added to the parent group. For more information. see “Server management overview” on page 78. Click OK. A subgroup is just a server group that is a member of another server group. create a group for each country. On the Subgroups tab. Then. 3. 4.6 Managing Server Groups Working with server subgroups This example adds the servers to a server group called Northern Office Servers. 5. select the server groups that should include your group as a member. There are two ways to set up subgroups: you can modify the subgroups of a server group. You can now change the status. 154 BusinessObjects Enterprise Administrator’s Guide . if you group servers by region and by country. To organize servers in this way. click Add/Remove Groups. then click the > arrow. Click the group that you want to add to another group. and add the appropriate servers to each regional group. For example. On the Member of tab. In the Available server groups list. select the server groups that you want to add as subgroups. then click the > arrow. then each regional group becomes a subgroup of a country group. first create a group for each region.

Managing Server Groups Modifying the group membership of a server 6 This example makes the Job Servers group a member subgroup of the Northern Office Servers group. The “Modify Member Of” page appears. Click OK. The “Member of” page lists any server groups that the server currently belongs to. 5. For example. You are returned to the “Member of” tab. 2. 6. Instead of having to add the CMS individually to each regional server group. 1. 3. suppose that you created server groups for a number of regions. Move server groups from one list to another to specify which groups the server is a member of. You might want to use a single Central Management Server (CMS) for multiple regions. Modifying the group membership of a server You can modify a server’s group membership to quickly add the server to (or remove it from) any group or subgroup that you have already created on the system. 5. BusinessObjects Enterprise Administrator’s Guide 155 . click the server’s Member of link. In the Server Group column. which now lists all the server groups that the initial group is now a member of. you can click the server’s “Member of” link to add it to all three regions at once. 4. Click the Member of button. To modify a server’s group membership Go to the Servers management area of the CMC. Locate the server whose membership information you want to change. Click OK.

6 Managing Server Groups Modifying the group membership of a server 156 BusinessObjects Enterprise Administrator’s Guide .

Scaling Your System chapter .

During the Expand installation. however. For details. This chapter details common scalability scenarios for administrators who want to expand beyond a stand-alone installation of BusinessObjects Enterprise. to large-scale deployments supporting global organizations. 158 BusinessObjects Enterprise Administrator’s Guide . These three scenarios have received the most testing. ranging from stand-alone. The setup program allows you to perform an Expand installation. A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. Note: If you customize or expand your system beyond these common configurations without first contacting Business Objects Services. and you select the components that want to install on the local machine. Follow these steps when you need to add server components to a machine that is already running BusinessObjects Enterprise. see “Common configurations” on page 159. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide.7 Scaling Your System Scalability overview Scalability overview The BusinessObjects Enterprise architecture is scalable in that it allows for a multitude of server configurations. without limiting the possibilities for future growth and expansion. and your reporting requirements. The flexibility offered by the product’s architecture allows you to set up a system that suits your current reporting requirements. run the BusinessObjects Enterprise installation and setup program. single-machine environments. This chapter also provides the related procedures for adding and deleting servers from your BusinessObjects Enterprise installation. your deployment may not be officially supported. Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on additional machines. and are recommended for the majority of deployments. your database software. It must be emphasized. For details. you specify the existing CMS whose system you want to expand. see the BusinessObjects Enterprise Installation Guide. that the optimal configuration for your deployment will vary depending upon your hardware configuration.

The scenarios described are those that have been most thoroughly tested by Business Objects. dedicated machine. and installs all BusinessObjects Enterprise servers on a single machine. which they do not have to share with database and web server processes. This grants the BusinessObjects Enterprise servers their own set of processing resources. For details. install your BusinessObjects Enterprise servers on the same machine as your Java web application server and the Web Component Adapter. Tip: If you are deploying multi-processor machines. This section describes the following common configurations: • • • “One-machine setup” on page 159 “Three-machine setup” on page 160 “Six-machine setup” on page 160 One-machine setup This basic configuration separates the BusinessObjects Enterprise servers from the rest of your reporting environment and from your web server. As a baseline. this section assumes that you have not yet distributed the BusinessObjects Enterprise servers across multiple machines. however. BusinessObjects Enterprise Administrator’s Guide 159 . For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install all of the BusinessObjects Enterprise servers on a single. installation. or expand. and server configuration. see the BusinessObjects Enterprise Installation Guide. If you are still using the MSDE CMS database on Windows.txt file included with your product distribution for a list of supported database servers. this section does assume familiarity with the BusinessObjects Enterprise architecture. you may also want to run one or more BusinessObjects Enterprise servers in multiple instances on that machine. your BusinessObjects Enterprise system. see “Adding a server” on page 169. Run the CMS database on your database server. For preliminary installation information.Scaling Your System Common configurations 7 Common configurations This section details the common ways in which you should begin to scale. migrate the CMS database to a supported database server. See the Platforms.

based on the types of work performed by each server. List of Values Job Server. Six-machine setup This third configuration mirrors the three-machine setup. this scenario prepares your system for further expansion to provide redundancy. Web Intelligence Job Server. Tip: Here. You maintain the logical breakdown of processing based on the types of work performed by each server. In this way. the Event Server should be installed on the machine where your monitored. In addition. • • Install the application server. which they do not have to share with database and web server processes. the Event Server is installed on the same machine as the CMS. For instance. but you increase the number of available machines and servers for redundancy and fault-tolerance. you prevent the server components from having to compete with each other for the same hardware and processing resources. 160 BusinessObjects Enterprise Administrator’s Guide . the Web Intelligence Report Server. the Report Job Server. the Web Component Adapter and the Cache Server on the second machine. file-based events occur.7 Scaling Your System Common configurations Three-machine setup This second configuration divides the BusinessObjects Enterprise processing load in a logical manner. Program Job Server. For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). install the Java web application server and the Web Component Adapter on the same machine as your Cache Server. with at least 2 GB RAM installed on each machine. Install the Page Server. the Report Application Server (RAS). Destination Job Server. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • Install the CMS and the Event Server on one machine. however. if a server stops responding. you need not interrupt BusinessObjects Enterprise requests in order to service the system. Note: As with the one-machine setup. and the Input and Output File Repository Servers on the third machine. install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers. Note: It is recommended that you use three multi-processor machines (dualCPU or better). This grants the BusinessObjects Enterprise servers their own set of processing resources. In general. or if you need to take one or two machines offline completely.

In general. • Install a second application server and Web Component Adapter on the fifth machine. Install and configure any required database client software similarly on each machine. so they share the task of maintaining the CMS database. and RAS on the remaining machine. the same database user name and password. Tip: Here. If you have further requirements or more advanced configuration needs. Program Job Server. along with any ODBC DSNs that are required for your reports. Ensure that all Page Servers and job servers. can access your reporting database in exactly the same manner. Destination Job Server. see “Three-machine setup” on page 160. contact your Business Objects sales representative for additional assistance. Install a second Page Server.xml file is configured correctly for each WCA. the Event Server should be installed on the machine where your monitored. • Note: As with the one-machine setup. including the Web Intelligence Report Server. Verify that BusinessObjects Enterprise is functioning correctly. file-based events occur. Cluster the two CMS services. along with a second Cache Server. install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers. BusinessObjects Enterprise Administrator’s Guide 161 . Web Intelligence Job Server. Ensure that the web. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install the three-machine setup first. Install a second CMS/Event Server pair on the fourth machine. Report Job Server. This machine must have a fast network connection (minimum 10 Mbps) to the CMS that you have already installed. the Event Server is installed on the same machine as the CMS. For details.Scaling Your System Common configurations 7 This tested configuration is designed to meet the reporting requirements of 85% of all deployment scenarios. List of Values Job Server. Ensure that each CMS accesses the CMS database in exactly the same manner (the same database client software. however. which they do not have to share with database and web server processes. Note: It is recommended that you use six multi-processor machines (dualCPU or better). Consult your web application server documentation for information on load-balancing and clustering your application servers. and so on). along with a pair of Input and Output File Repository Servers. with at least 2 GB RAM installed on each machine. Web Intelligence Report Server. This grants the BusinessObjects Enterprise servers their own set of processing resources.

For more information. you can increase the overall system capacity by clustering two (or more) Central Management Servers (CMS). it is strongly recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Before modifying these aspects of your system.7 Scaling Your System General scalability considerations General scalability considerations This section provides information about system scalability and the BusinessObjects Enterprise servers that are responsible for particular aspects of your system. at some point. CMS clusters can improve overall system performance because every BusinessObjects Enterprise request results. A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. 162 BusinessObjects Enterprise Administrator’s Guide . and provides a number of ways in which you might modify your configuration accordingly. When you cluster two CMS machines. in a server component querying the CMS for information that is stored in the CMS database. discusses the relevant components. You can install multiple CMS services/daemons on the same machine. you should ideally install each cluster member on its own machine. General scalability considerations include the following: • • • • • • • “Increasing overall system capacity” on page 162 “Increasing scheduled reporting capacity” on page 163 “Increasing on-demand viewing capacity for Crystal reports” on page 164 “Increasing prompting capacity” on page 165 “Enhancing custom web applications” on page 166 “Improving web response speeds” on page 166 “Getting the most from existing resources” on page 167 Increasing overall system capacity As the number of report objects and users on your system increases. However. you instruct the new CMS to share in the task of maintaining and querying the CMS database. Each subsection focuses on one aspect of your system’s capacity. to provide server redundancy and faulttolerance. see “Clustering Central Management Servers” on page 92.

and so on. Increase the hardware resources that are available to a Job Server. If the majority of your reports are scheduled to run on a regular basis. or by running multiple Report Job Servers on a single multi-processor machine. these strategies may improve the processing speed of the Job Server. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. Ensure also that the File Repository Servers are readily accessible to all Job Server (so they can read report objects from the Input FRS and write report instances to the Output FRS quickly). For instance. using the database server’s resources to group data. you might create two server groups. This is a useful way of minimizing the processing load that your database server is subject to at any given point in time. consider distributing the processing load through the use of server groups. incorporating parameter fields. Use event-based scheduling to create dependencies between large or complex reports.Scaling Your System General scalability considerations 7 Increasing scheduled reporting capacity Increasing Crystal reports processing capacity All Crystal reports that are scheduled are eventually processed by a Job Server. If the Job Server is currently running on a machine along with other BusinessObjects Enterprise components. You can expand BusinessObjects Enterprise by running individual Report Job Servers on multiple machines. you can use Schedule events to ensure that the reports are processed sequentially. if you run several very complex reports on a regular. If some reports are much larger or more complex than others. Depending upon your network configuration. you can specify that it be processed by a particular server group to ensure that especially large reports are distributed evenly across resources. there are a number of ways in which you can improve the performance of the report itself. When designing reports in Crystal Reports. each containing one or more Job Servers. Verify the efficiency of your reports. nightly basis. consider moving the Job • • • • BusinessObjects Enterprise Administrator’s Guide 163 . when you schedule recurrent reports.5 and later). by modifying record selection formulas. For more information. because there is less distance for data to travel over your corporate network. Then. there are several strategies you can adopt to maximize your system’s processing capacity: • Install the Job Server in close proximity to (but not on the same machine as) the database server against which the reports run. For instance.

using the database server’s resources to group data. the Page Server retrieves the data and performs the report processing. Note: When deciding whether to increase the number Web Intelligence Report Servers. a Web Intelligence Job Server must exist in the same group as the Web Intelligence Report Servers.5 and later). whereas requests for Crystal reports are processed by three separate servers. For more information. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. If your reporting requirements demand that users have continual access to the latest data. there are a number of ways in which you can improve the performance of the report itself. Increasing on-demand viewing capacity for Crystal reports When you provide many users with View On Demand access to reports. you don’t need to duplicate the Web Intelligence Job Server. Increasing Web Intelligence document processing capacity All Web Intelligence documents that are scheduled are eventually processed by a Web Intelligence Job Server and Web Intelligence Report Server. However. However. Verify the efficiency of your reports. incorporating parameter fields. If the new machine has multiple CPUs. see “Modifying Cache Server performance settings” on page 112. or by running multiple Web Intelligence Report Servers on a single multi-processor machine. and the Cache Server stores recently viewed report pages for possible reuse. and so on. you allow each user to view live report data by refreshing reports against your database server. For most requests. When designing reports in Crystal Reports. keep in mind that Web Intelligence Report Server processes both scheduling and viewing requests. you can increase capacity in the following ways: • • Increase the maximum allowed size of the cache. One Web Intelligence Job Server can be used to drive multiple Web Intelligence Report Servers. you can install multiple Job Servers on the same machine (typically no more than one service/daemon per CPU). the Cache Server and Page Server. the Report Application Server (RAS) processes the request. When running multiple Web Intelligence Report Servers. if you are working with server groups. You can expand BusinessObjects Enterprise by running individual Web Intelligence Report Servers on multiple machines. if users use the Advanced DHTML viewer. 164 BusinessObjects Enterprise Administrator’s Guide . the Report Job Server. For details. by modifying record selection formulas.7 Scaling Your System General scalability considerations Server to a dedicated machine.

1. you might create two server groups. set the CLIENT_XSLT variable in webiviewer. It does this regardless of whether the list-of-value object was scheduled or whether data needs to be retrieved from the data base. To delegate XSL transformation to the browser for document display: On the application server. In CMC you can then create a RAS server group and assign the dedicated RAS to the RAS server group.Scaling Your System General scalability considerations 7 • Increase the number of Page Servers that service requests on behalf of Cache Servers. and Report Application Servers on the system. each containing one or more Cache Server/Page Server pairs along with one or more Report Application Servers. In Business View Manager. and then distribute the processing load through the use of server groups. you can instruct the Web Intelligence Report Server to delegate the transformation of XML to XSL to the browser. Increase the number of Page Servers. located in the WEB-INF\classes subfolder of the application server as follows: CLIENT_XSLT=Y 2. primarily during document display. the XSL transformation delegation is not activated.0 browser. For instance. but also during display of the portal itself. It is therefore no longer recommended that you install multiple Page Servers on one machine.properties. However. The Page Server has been re-designed to optimize the processing capability of a machine. To avoid contention with other applications that use the RAS. You can do this by installing additional Page Servers on multiple machines. Cache Servers. you can add a RAS server that will be dedicated to processing list-of-value objects. BusinessObjects Enterprise Administrator’s Guide 165 . Delegating XSL transformation to Internet Explorer If your users access InfoView via the Internet Explorer 6. • Increasing prompting capacity When reports use a list of values. the RAS processes the list-of-values objects for the report when the report is being viewed. Restart the application server. You can then specify individual reports that should always be processed by a particular server group. This substantially decreases the load on the server. you then assign the list-ofvalues objects to be processed by the RAS server group. By default. do not install more than one Page Server per machine.

you may need to investigate a number of areas to determine exactly where you can improve web response speeds. Use the administrative tools provided with your web server software (or with your operating system) to determine how well your web server performs. For details. content. be sure to check the developer documentation available on your BusinessObjects Enterprise product CD for performance tips and other scalability considerations. for instance. Improving web response speeds Because all user interaction with BusinessObjects Enterprise occurs over the Web. or regional office. In addition. • • 166 BusinessObjects Enterprise Administrator’s Guide . If web response speeds are slowed only by report viewing activities. users. see “Increasing overall system capacity” on page 162. To improve the scalability of your system. The query optimization section in particular provides some preliminary steps to ensuring that custom applications make efficient use of the query language. You can now. department. If you are running a large deployment. ensure that you have set up a CMS cluster. be sure to review the libraries and APIs.7 Scaling Your System General scalability considerations Enhancing custom web applications If you are developing your own custom desktops or administrative tools with the BusinessObjects Enterprise Software Development Kit (SDK). incorporate complete security and scheduling options into your own web applications. You can also modify server settings from within your own code in order to further integrate BusinessObjects Enterprise with your existing intranet tools and overall reporting environment. Take into account the number of users who regularly access your system. You can grant select users the ability to manage particular BusinessObjects Enterprise folders. consider increasing the web server’s hardware. If the web server is indeed limiting web response speeds. and groups on behalf of their team. These are some common aspects of your deployment that you should consider before deciding how to expand BusinessObjects Enterprise: • Assess your web server’s ability to serve the number of users who connect regularly to BusinessObjects Enterprise. see “Increasing scheduled reporting capacity” on page 163 and “Increasing on-demand viewing capacity for Crystal reports” on page 164. consider distributing administrative efforts by developing web applications for delegated content administration.

This also provides you with the benefits of being able to take one WCS machine offline for service. clustering. consider the following options: • Increase the hardware resources that are available to the application server. without bringing down the entire system. If you are using the default Windows installation of BusinessObjects Enterprise. If the new machine has multiple CPUs. Consider setting up two (or more) application servers. If the application server is currently running on the web server. or on a single machine with other BusinessObjects Enterprise components. consider moving the application server to a dedicated machine. Consult your network administrator for more information. you can install multiple application servers on the same machine (typically no more than one per CPU). Consult the documentation for your web application server for information on loadbalancing. set up two (or more) WCS machines to take advantage of the dynamic load balancing that is built into the Web Connector components. BusinessObjects Enterprise Administrator’s Guide 167 . The Web Connector distributes the processing load evenly across WCS hosts: each new BusinessObjects Enterprise session is sent to the least used WCS. BusinessObjects Enterprise uses your network for communication between servers and for communication between BusinessObjects Enterprise and client machines on your network. and scalability. don’t forget that BusinessObjects Enterprise depends upon your existing IT infrastructure. Make sure that your network has the bandwidth and speed necessary to provide BusinessObjects Enterprise users with acceptable levels of performance. Optimizing network speed and database efficiency When thinking about the overall performance and scalability of BusinessObjects Enterprise.Scaling Your System General scalability considerations 7 If you find that a single application server inadequately services the number of scripting requests made by users who access your system on a regular basis. Note: BusinessObjects Enterprise does not support the sessionreplication functionality provided by some Java web application servers. • • Getting the most from existing resources One of the most effective ways to improve the performance and scalability of your system is to ensure that you get the most from the resources that you allocate to BusinessObjects Enterprise.

or the Java viewer. then the performance of BusinessObjects Enterprise may suffer. On the Properties tab. you can disable the Advanced DHTML viewer for all users of BusinessObjects Enterprise. Select Web Desktop. the report is processed by the Report Application Server rather than the Page Server and Cache Server. If the ability to modify reports is not needed at your site. Optimizing BusinessObjects Enterprise for report viewing BusinessObjects Enterprise allows you to enable data sharing. The Report Application Server is optimized for report modification. These report viewers process reports against the Page Server. or refresh a report instance that they are viewing. 1. see “Setting report viewing options” on page 428.7 Scaling Your System General scalability considerations BusinessObjects Enterprise processes reports against your database servers. 4. thereby reducing the time needed to provide report pages to subsequent users of the same report while greatly improving overall system performance under load. you must permit data to be reused for some period of time. Clear the option labeled Allow users to use the Advanced DHTML Viewer. 2. For details on data sharing options for reports. the Active X viewer. If your databases are not optimized for the reports you need to run. which permits different users accessing the same report object to use the same data when viewing a report on demand or when refreshing a report. However. Disabling the Advanced DHTML Viewer In the Central Management Console. see the planning chapter in the BusinessObjects Enterprise Installation Guide. For simple report viewing you can achieve better system performance if users select the DHTML viewer. Click Update. go to the Viewers area. Enabling data sharing reduces the number of database calls. Consult your database administrator for more information. This means that some users may see “old” data when they view a report on demand. For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system. to get full value from data sharing. 168 BusinessObjects Enterprise Administrator’s Guide . 3. select Business Objects Applications. Using the appropriate processing server When users view a report using the Advanced DHTML viewer.

1. It includes the following sections: • • “Adding a server” on page 169 “Deleting a server” on page 171 Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on new. During the Expand installation. 2. Adding a server These steps add a new instance of a server to the local machine. and you select the components that you want to install on the local machine. Start the CCM on the BusinessObjects Enterprise machine upon which you want to install a new server. You can run multiple instances of the same BusinessObjects Enterprise server on the same machine. you specify the existing CMS whose system you want to expand. On the toolbar. 3. For details. The Add Business Objects Server Wizard displays its Welcome dialog box. BusinessObjects Enterprise Administrator’s Guide 169 . click Add Server. To add a Windows server Note: To complete this procedure. The setup program allows you to perform an Expand installation. Click Next. see the BusinessObjects Enterprise Installation Guide. you must log on as an Administrator of the local machine. additional machines. run the BusinessObjects Enterprise installation and setup program from your product distribution.Scaling Your System Adding and deleting servers 7 Adding and deleting servers This section shows how to add and delete servers from a machine that is already running BusinessObjects Enterprise components.

So. 5. If you subsequently modify the server’s name through its command line. When you add Input or Output File Repository Servers. the wizard always precedes the server name you type with an “Input.” prefix is required by the system. 7.” prefix. Each server on the system must have a unique name.7 Scaling Your System Adding and deleting servers The “Server Type and Display Name Configuration” dialog box appears.SERVER02. The default naming convention is HOSTNAME. 170 BusinessObjects Enterprise Administrator’s Guide . Change the default Server Name field if required. The contents of this dialog vary slightly. The “Set Configuration for this server” dialog box appears. Change the default Display Name field if you want a different name to appear in the list of servers in the CCM. the CCM actually names the server Input.” or “Output. Click the Server Type list and select the kind of server you want to add. Note: The display name for each server on the local machine must be unique. This Server Name is displayed when you manage servers over the Web in the Central Management Console (CMC). depending upon the type of server that you are installing. if you add an Input FRS with the name SERVER02. 4. Click Next. This “Input. 6. do not remove the prefix.servertype (a number is appended if there is more than one server of the same type on the same host machine).

see “Viewing and changing the status of servers” on page 82. The new server appears in the list. If you do not. Stop the server that you want to delete from the system.sh script. then click Finish. as in CMSname:port# 9. but it is neither started nor enabled automatically. With the server selected. Deleting a server 1. see “serverconfig. see “Changing the default server port numbers” on page 140. or modify them to suit your environment. For details. 4. Click Next to accept any other default values.Scaling Your System Adding and deleting servers 7 8. When prompted for confirmation. Type the name of the CMS that you want the server to communicate with. If you add a new server to your BusinessObjects Enterprise installation you must enable auditing of actions on each new server. For reference. see “serverconfig. BusinessObjects Enterprise Administrator’s Guide 171 . do not modify them. To delete a UNIX server Use the serverconfig. 2. If your CMS is not listening on the default port (6400). include the appropriate port number.sh” on page 602. 10. click Delete Server on the toolbar. Confirm the summary information is correct. 11. For reference. For details. Note: If port number options are displayed in this dialog box. Use the CCM (or the CMC) to start and then to enable the new server when you want it to begin responding to BusinessObjects Enterprise requests. See “Enabling auditing of user and system actions” on page 210 for more information. the actions performed on the new server will not be audited. change ports through each server’s command line. To add a UNIX server Use the serverconfig. click Yes. Tip: Auditing in BusinessObjects Enterprise is enabled on a per server basis.sh script.sh” on page 602. 3. To delete a Windows server Start the CCM on the BusinessObjects Enterprise machine that you want to delete a server from. Instead.

7 Scaling Your System Adding and deleting servers 172 BusinessObjects Enterprise Administrator’s Guide .

Managing BusinessObjects Enterprise Repository chapter .

bitmaps. it is also saved to the BusinessObjects Enterprise Repository. You can migrate repository data from a different repository database (from version 10 of Crystal Reports. When you save any Business View. you can refresh a report’s repository objects on demand over the Web. move your existing Crystal Repository to the Central Management Server database. Alternatively. Or. the source CMS database refers to the database that holds the data you are copying. You can refresh a report’s repository objects with the latest version from your BusinessObjects Enterprise Repository when you publish reports to BusinessObjects Enterprise. this data is copied into the destination database. Before publishing reports that reference repository objects. Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS You may want to import repository objects from a Crystal Enterprise 10 installation. This procedure is also referred to as migrating a BusinessObjects Enterprise Repository database. or version 10 of Crystal Enterprise) into your current CMS database. 174 BusinessObjects Enterprise Administrator’s Guide . See the rest of this chapter for details. you may have repository data on a test system that you want to move onto a production server. The BusinessObjects Enterprise Repository is now hosted by the Central Management Server (CMS) system database. custom functions.8 Managing BusinessObjects Enterprise Repository BusinessObjects Enterprise Repository overview BusinessObjects Enterprise Repository overview The BusinessObjects Enterprise Repository is a database in which you manage shared report elements such as text objects. and custom SQL commands. Copying data from one repository database to another BusinessObjects Enterprise enables you to copy the contents of one repository database into another database. or you may want to import repository objects from one BusinessObjects Enterprise XI installation to another. For example. you can migrate the repository data from your current CMS database into a different data source. Throughout this section.

However. BusinessObjects Enterprise Administrator’s Guide 175 . copies of all non-Business View objects from the source repository that have titles that match titles of objects in the destination. All of the objects in the destination repository are preserved. replicating the folder hierarchy of the source system on the destination. the object is imported to the destination repository if: • • The object is not a Business View. If an object from the source has the same title as an object in the destination. you add all repository objects from the source CMS into the destination CMS without overwriting objects in the destination. Updating the destination repository When you update the contents of the destination repository using the source repository as a reference. and the objects in such folders to be copied to these renamed folders. Selecting “Automatically rename top-level folders that match top-level folders on the destination system” allows these folders to be renamed on the destination repository. you add all objects in the source CMS to the destination CMS.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 Use the Import Wizard to copy repository data from the source CMS. or you can update the destination with the contents of the source CMS. You can choose to merge the contents of the source repository into the destination repository. You have selected “Automatically rename top-level folders that match top-level folders on the destination system. regardless of the options set. the folder or folders that contain the object are also copied. the names of top-level folders must be unique. Renaming these folders would change the unique identifier associated with the Business View. This is the safest import option. all repository objects from the source system with a unique title are copied to the destination repository. If an object in the source repository has the same unique identifier as an object in the destination. the object in the destination is overwritten. Merging repositories When you merge the contents of the source repository with the destination repository. causing the Business View functionality to fail. Note: Top-level folders containing Business Views are not renamed. at a minimum. Also.” The end result is a destination repository that contains all objects from the source repository that have unique titles. and all objects originally in the destination repository. When an object is copied from the source CMS to the destination CMS.

By default.” Note: System Objects (users. 1. When you copy repository objects into BusinessObjects Enterprise XI. To copy repository data from Crystal Enterprise 9 From the BusinessObjects Enterprise program group. 2. servers. are not renamed when you import them from one CMS to another. If you want these objects to be copied. if copying an object from the source CMS to the destination CMS would result in more than one object in a folder with the same title.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another All object titles in a folder must be unique. You must run the wizard on the machine containing your source repository. click Repository Migration Wizard. only the most recent version of each object is copied. select the check box “Automatically rename objects if an object with that title already exists in the destination folder. In a BusinessObjects Enterprise environment. and event management for these objects to fail. and calendars). Objects from the source repository will be added to the destination repository database. Copying data from a Crystal Enterprise 9 repository database In Crystal Enterprise 9. When you use the Repository Migration Wizard. objects with the same unique identifier) in the source and destination repositories. click the name of the repository that you want to import. events. the copy fails. server management. From the Source list in the Select Source Repository dialog. regardless of the options set. Note: Reports configured to use the source repository will now refer to the destination data source. the Crystal Repository database was hosted on a separate database server that you could connect to through ODBC. 176 BusinessObjects Enterprise Administrator’s Guide . See “Importing with the Import Wizard” on page 402 for full instructions on using the Import Wizard to copy objects from one BusinessObjects Enterprise XI repository to another. Changing the names of these objects would cause user management. If the Wizard finds identical objects (that is. user groups. Then replace the repository by importing its contents into the CMS database using the Repository Migration Wizard. server groups. neither the source nor the destination database is overwritten. begin by making a backup copy of the source repository database. the source objects will not be copied.

Click Next.0\bin\ BusinessObjects Enterprise Administrator’s Guide 177 .mdb). Type the User Name and Password of an Enterprise account that provides you with administrative rights to the CMS. Click Next. and then Finish to complete the transfer and close the Repository Migration Wizard. Type the UserID and Password of a user with administrative rights to the repository database. reporting success or failure for each object. From the “Source Repository Objects” list.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 3. Click Next. it was located in the following directory of your Crystal Reports installation: C:\Program Files\Common Files\Crystal Decisions\2. In the CMS field. 4. 7. then click Next. By default. type the name of the destination data source’s Central Management Server. 6. BusinessObjects Enterprise exports the selected repository objects from your BusinessObjects Enterprise Repository. 5. Copying data from a Crystal Reports 9 repository database The Crystal Repository shipped with Crystal Reports 9 was an Access database (Repository. The Select Destination Data Source dialog appears. select the items that you want to copy to your BusinessObjects Enterprise repository database.

only the most recent version of each object is copied. click Repository Migration Wizard. You must run the wizard on the machine containing your source repository. type a User id and Password valid for the repository database. Click Next. the source objects will not be copied. neither the source nor the destination database is overwritten. When you copy repository objects into BusinessObjects Enterprise XI. Log on to the CMS using a user name with administrative rights to BusinessObjects Enterprise. Objects from the source repository will be added to the destination repository database. From the Source list in the Select Source Repository dialog. If you created security for your repository database. Then replace the default repository by importing its contents into the CMS database using the Repository Migration Wizard. 5. 1. 2. Note: Reports configured to use the source repository will now refer to the destination data source. To copy repository data from Crystal Reports 9 From the BusinessObjects Enterprise program group. From the “Source Repository Objects” list. When you use the Repository Migration Wizard. select the items that you want to copy to your BusinessObjects Enterprise repository database. 178 BusinessObjects Enterprise Administrator’s Guide . 4. Click Next. If the Wizard finds identical objects in the source and destination repositories.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another Begin by making a backup copy of this default database. click the name of the repository that you want to import. 3.

Refreshing repository objects in published reports As you update objects stored in your BusinessObjects Enterprise Repository. 8. Click Next. When you refresh a report in this way. Select the folder in your destination repository where objects from your source directory will be placed. and then click “Delete the item/folder”. To delete an existing folder from your repository. Click Next. • 7. the old repository objects stored in the report are replaced with the latest versions from the BusinessObjects Enterprise Repository. select it. • To add objects to a new folder. and then Finish to complete the transfer and close the Repository Migration Wizard. and then type the name of the folder. BusinessObjects Enterprise exports the selected repository objects from your Crystal Reports repository. select “Insert a new folder”. BusinessObjects Enterprise Administrator’s Guide 179 .Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports 8 6. you will want to update the published Crystal reports that reference those repository objects. reporting success or failure for each object.

Verify that the Use Object Repository when refreshing report check box is selected. see “Publishing Objects to BusinessObjects Enterprise” on page 373. For details. click the Refresh Options link. 4.8 Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports Note: Although refreshing with the repository is faster. Tip: If you use Crystal Reports to open reports directly from your BusinessObjects Enterprise folders. Note: If the check box is cleared. 180 BusinessObjects Enterprise Administrator’s Guide . The Report Repository Helper is available from Administrative Tools area in the BusinessObjects Enterprise Admin Launchpad. you can refresh multiple reports simultaneously using the Report Repository Helper. you can also refresh reports by setting options that compare reports to their original source . On the Properties tab. Click Refresh Report.rpt files. You can also refresh repository objects when you publish reports. 3. Click the link to the report you want to refresh. For more information. 1. 5. To refresh a published report’s repository objects Go to the Objects management area of the CMC. you can update repository objects at that time. 2. select it now and click Update. see “Setting report refresh options” on page 426. Tip: Once you have enabled repository refresh for each report.

Working with Firewalls chapter .

A firewall restricts people to entering and leaving your network at a carefully controlled point. and be a focus for security decisions. A firewall also can’t set itself up correctly or protect against completely new threats. Typically. telnet. A firewall can enforce a security policy. The units of data transmitted through a TCP/IP network are called packets. It also prevents attackers from getting close to your other defenses. so multiple packets are required. FTP. the packets are constructed such that a layer for each protocol is wrapped around each packet. A firewall can’t protect against malicious insiders or connections that don’t go through it. proceed directly to “Understanding firewall integration” on page 186. What is a firewall? A firewall is a security system that protects one or more computers from unauthorized network access.9 Working with Firewalls Firewalls overview Firewalls overview BusinessObjects Enterprise works with firewall systems to provide reporting across intranets and the Internet without compromising network security. When data is sent by TCP/IP. This chapter provides general information about what a firewall is and types of firewalls: • • “What is a firewall?” on page 182 “Firewall types” on page 183 If you are already familiar with firewalls and the configuration used in your network. TCP/IP and packets TCP/IP (Transmission Control Protocol/Internet Protocol) is the communications protocol used on the Internet. and HTTP). each containing a portion of the overall data. To help explain how firewalls work. some basic networking terms are described here: • • “TCP/IP and packets” on page 182 “Ports” on page 183 If you are already familiar with these topics see “Understanding firewall integration” on page 186. 182 BusinessObjects Enterprise Administrator’s Guide . a firewall protects a company’s intranet from being improperly accessed through the Internet. TCP/IP packets have the following layers: • Application layer (for example. Typically. Packets are typically too small to contain all the data that is sent at any one time. log Internet activity.

Internet layer (IP). Other application processes are given port numbers dynamically for each connection. Network Access layer (for example. you communicate with the web server on port 80. High-level applications that use TCP/IP have ports with pre-assigned numbers. These headers are used to determine the packet’s destination and to ensure that it arrives intact.Working with Firewalls Firewalls overview 9 • • • Transport layer (TCP or UDP). it binds to its designated port number. At the application layer. Firewall types Firewalls primarily function using at least one of the following methods: • • • “Packet filtering” on page 184 “Network Address Translation” on page 184 “SOCKS proxy servers” on page 185 BusinessObjects Enterprise works with these firewall types. Note: Business Objects will be moving away from supporting SOCKS proxy servers. When a service or daemon initially is started. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 183 . For instance. preserving the data from the previous level. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. the process is reversed: the layers are sequentially removed until the transferred data is available to the destination application. ports allow a client program to specify a particular server program on a computer in a network. which is the pre-assigned port for HTTP communication. If you are using SOCKS proxy servers now. the packet consists simply of the data to be transferred. but ports 0 to 1024 are reserved for use by certain privileged services. ethernet and ATM). When any client program wants to use that server. Valid port numbers range from 0 to 65536. we recommend you switch to a different firewall method. When the packet reaches its destination. it must also request to bind to the designated port number. each layer adds a header to the packet. Ports Ports are logical connection points that a computer uses to send and receive packets. As the packet moves through the layers. when you visit a typical HTTP site over the Web. With TCP/IP.

As outgoing packets are routed through the firewall. thus. The session and application ports being used to transfer the data. the firewall uses this translation table to determine which internal host should receive the response. The filter then uses that information to discriminate valid return packets from invalid connection attempts. NAT can also be described as a simple proxy. instead. public IP addresses for use external to that network. Packet filtering can reject packets based on the following: • • • • • The address the data is coming from. The address the data is going to. The data contained within the packet. Typically there are two types of packet filtering: • Network Address Translation Network Address Translation (NAT) converts private IP addresses in a private network to globally unique. Stateful packet filters remember the state of connections at the network and session layers by recording the established session information that passes through the filter gateway. Firewalls that employ packet filtering will work with BusinessObjects Enterprise.9 Working with Firewalls Firewalls overview Packet filtering Packet filtering rejects TCP/IP packets from unauthorized hosts and rejects connection attempts to unauthorized services. Stateless packet filters do not retain information about connections in use. The firewall maintains a translation table to keep track of the address conversions that it has performed. Because this type of firewall essentially sends and receives data on behalf of internal hosts. the firewall sends the data payload on to its original destination. NAT makes it appear that all traffic from your site comes from one (or more) external IP addresses. they make determinations packet-by-packet based only on the information contained within the packet. The main purpose of NAT is to hide internal hosts. NAT is also called IP masquerading. When an incoming response arrives at the firewall. NAT hides internal hosts by converting their IP addresses to an external address. Once the translation is complete. 184 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide 185 . Because a translation entry does not exist until an internal client establishes a connection out through the firewall. When an external request is made. SOCKS is a networking protocol that enables computers on one side of a SOCKS server to access computers on the other side of a SOCKS server without requiring a direct IP connection. A SOCKS server typically authenticates and authorizes requests. if you run an email server inside a firewall. we recommend you switch to a different firewall method. it returns that response to the original client as if it were the originating external server. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. and relays data between the internal and external networks. These protocols will not work through a dynamically translated connection. or IP masquerade) shares a small group of external IP addresses amongst a large group of internal clients for the purpose of expanding the internal network address space. When the SOCKS server receives a response from the internal server. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. the SOCKS server sends the requests to the internal network as if the SOCKS server itself was the originating client.Working with Firewalls Firewalls overview 9 There are two basic types of NAT: • Static translation (port forwarding) grants a specific internal host a fixed translation that never changes. • BusinessObjects Enterprise and static translation NAT can be configured so that they work together. establishes a proxy connection. hide mode. If you are using SOCKS proxy servers now. you can establish a static route through the firewall for that service. external computers have no way to address an internal host that is protected using a dynamically translated IP address. BusinessObjects Enterprise supports and works with SOCKS servers. This effectively hides the identity and the number of clients on the internal network from examination by anyone on the external network. SOCKS proxy servers Note: Business Objects will be moving away from supporting SOCKS proxy servers. For example. A SOCKS server redirects connection requests from computers on one side of it to computers on the other side of it. Note: Some protocols do not function correctly when the port is changed. SOCKS servers work by listening for service requests from internal clients. Dynamic translation (automatic.

see “Configuring the system for firewalls” on page 190. Communication between servers It is helpful to understand the basics of internal communications between BusinessObjects Enterprise servers before configuring your BusinessObjects Enterprise system to work with firewalls. Communication between servers and the CMS directory listing service The Central Management Server (CMS) manages a directory listing service for the application server and the servers in the Intelligence tier and the Processing tier. these examples are indicated in the descriptions.9 Working with Firewalls Understanding firewall integration Understanding firewall integration This section gives a conceptual overview of internal communications between BusinessObjects Enterprise servers and the implications for firewall configuration. it registers its IP address and port number with the CMS. 186 BusinessObjects Enterprise Administrator’s Guide . Where applicable. such as the Report Application Server SDK or the Viewer SDK). it contacts the directory listing service on the CMS to obtain the connection information. BusinessObjects Enterprise connections include: • • “Communication between servers and the CMS directory listing service” on page 186 “Communication between the application tier and CMS” on page 187 Some examples also apply to communications between a BusinessObjects Enterprise server and the BusinessObjects Enterprise SDK (or other BusinessObjects Enterprise SDKs. By default this port number is dynamically chosen. It also reviews the most common firewall scenarios. When a BusinessObjects Enterprise server first connects to the BusinessObjects Enterprise framework. The first server then uses this information to communicate directly with the second server. When one BusinessObjects Enterprise server needs to communicate with another. It includes: • • “Communication between servers” on page 186 “Typical firewall scenarios” on page 188 For detailed step-by-step instructions on how to configure your system to work in a firewalled environment. See “Architecture overview and diagram” on page 54 for a listing of these servers.

3. The Job Server contacts the CMS and requests connection information for the Input FRS. 2. To do so: 1. BusinessObjects Enterprise Administrator’s Guide 187 . you can also customize the CMS to listen on a specific port for initial communications. Subsequent communications continue using this address and second port number. This communication model is also used when a BusinessObjects Enterprise SDK or the WCA communicates directly with a server in the Intelligence tier or the Processing tier. rather than using one that is dynamically selected. All subsequent communications between the two servers continues using the same address and port. Note: • Before changing the default port numbers. the Job Server must communicate with the Input File Repository Server (FRS) to obtain the report object. before running a scheduled report. which by default is selected dynamically. You can use the -requestport command to configure the CMS to reply with a fixed port number for subsequent communications. The Job Server uses this information to connect directly to the Input FRS. Using the -requestport command. The WSA contacts the CMS using a pre-defined address and port number. The CMS replies with its address and a second port number. see “Changing the default server port numbers” on page 140 for additional configuration information. Using the -port option. you can configure any BusinessObjects Enterprise server to register a fixed port number with the CMS. Note: • • • Communication between the application tier and CMS Not all BusinessObjects Enterprise components use the directory listing service on the CMS to make their initial connections with other elements of BusinessObjects Enterprise. rather than one that is dynamically selected. The CMS replies to the Job Server with the IP address and port number of the Input FRS. Communications between the CMS and the BusinessObjects Enterprise SDK and WCA follow another model. rather than using the pre-defined default value (port 6400 for the CMS).Working with Firewalls Understanding firewall integration 9 For example. See “Communication between the application tier and CMS” on page 187.

you must: 1. You must change this default when you place a stateful firewall that uses packet filtering or Network Address Translation (NAT) between BusinessObjects Enterprise components because these firewalls provide protection by permitting communications from outside the firewall with only specified addresses and ports inside the firewall.9 Working with Firewalls Understanding firewall integration • You may also change the default port that the CMS uses to listen for initial communications from the Configuration tab of the Properties dialog in the Central Configuration Manager. Firewall configuration overview By default BusinessObjects Enterprise uses dynamically chosen port numbers for communications between components. Configure its components to use fixed addresses and ports. 2. Configure your firewall to allow communications to the services behind the firewall using these addresses and ports. But BusinessObjects Enterprise provides direct support for SOCKS proxy filters. The process is similar when you configure your BusinessObjects Enterprise system to communicate across SOCKS proxy filters. Typical firewall scenarios If all users of your BusinessObjects Enterprise system are on your internal network. and how to configure both BusinessObjects Enterprise and your firewalls in order to provide this access. their communication is uninterrupted by firewalls. To enable BusinessObjects Enterprise to communicate across such a firewall. This section outlines the following common firewall scenarios: • • 188 “Application tier separated from the CMS by a firewall” on page 189 “Thick client separated from the CMS by a firewall” on page 189 BusinessObjects Enterprise Administrator’s Guide . there is no need to perform any special configuration of your firewalls or of BusinessObjects Enterprise. and no additional configuration is required. you must consider where to place each BusinessObjects Enterprise component. it assumes that the components reside on separate computers. Note: When this section mentions firewalling different BusinessObjects Enterprise components. Simply place all BusinessObjects Enterprise components on computers inside your firewall. However. If the components reside on the same computer. if you need to provide access to BusinessObjects Enterprise to external users. so you need only configure each component to be aware of the location and type of the proxies that they communicate with.

your File Repository Servers. For more information. you should be able to support BusinessObjects Enterprise in wide variety of contexts. see: • • “Configuring NAT when thick client is separated from the CMS” on page 195 “Configuring packet filtering when thick client is separated from the CMS” on page 198 BusinessObjects Enterprise Administrator’s Guide 189 . or by using the Import Wizard or Publishing Wizard. You must configure your CMS. Application tier separated from the CMS by a firewall In most cases. the DMZ is set up between two firewalls: an outer firewall and an inner firewall. you may prefer to place your BusinessObjects Enterprise application server on your internal network. A DMZ is a network area that is neither part of the internal network nor directly part of the Internet. You may chose to place your application server in the DMZ. and your firewall if you want to support this network configuration. However. the thick clients communicate directly with the CMS. while placing the CMS and all other BusinessObjects Enterprise servers on the internal network. This means that if there is a firewall between the computer running one of these thick clients and the CMS. For maximum security. see: • • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring for SOCKS servers” on page 199 Thick client separated from the CMS by a firewall You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. clients access protected information through a web server running in a Demilitarized Zone (DMZ). BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls. For more information. Typically.Working with Firewalls Understanding firewall integration 9 These scenarios are general cases: once you understand the firewalling issues involved. Note: Placing your application server in the DMZ is less secure than placing it on your internal network. this operation fails.

Configuring for Network Address Translation If you use Network Address Translation (NAT) only on the outer firewall of the DMZ. and then specify a firewall rule for the server. then no special configuration is required for BusinessObjects Enterprise to communicate properly. if you separate BusinessObjects Enterprise components using NAT. however. configuring for Network Address Translation can include one or both of the following tasks: • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring NAT when thick client is separated from the CMS” on page 195 Configuring NAT when application tier is separated from the CMS If the application server is separated from the CMS and other BusinessObjects Enterprise servers by NAT. it passes a fully qualified domain name (FQDN) that is routable by the firewall. see “Understanding firewall integration” on page 186. Note: If you have multiple BusinessObjects Enterprise servers of a given type. the overall procedure for configuring your system to work with firewalls will not change.9 Working with Firewalls Configuring the system for firewalls Configuring the system for firewalls This section gives practical step-by-step instructions for configuring your BusinessObjects Enterprise system to work in a firewalled environment. BusinessObjects Enterprise cannot communicate across a firewall whose IP translation is dynamic. It includes: • • • “Configuring for Network Address Translation” on page 190 “Configuring for packet filtering” on page 195 “Configuring for SOCKS servers” on page 199 For a conceptual overview of communications between BusinessObjects Enterprise components and of supported firewall configurations. Configure each server as described in the section that describes your firewall environment. you need to configure these components to communicate properly through the firewall. 190 BusinessObjects Enterprise Administrator’s Guide . However. you must ensure that whenever a BusinessObjects Enterprise server passes an address across the firewall to the application server. Note: You can configure BusinessObjects Enterprise to communicate properly across NAT firewalls that use static IP translation. Depending on your system configuring.

Therefore. To configure the CMS on Windows Start the CCM. see “Changing the default server port numbers” on page 140. click Properties. replace FQDN with the fully qualified domain name of the machine that is running the CMS. Stop the Central Management Server.config file are installed in the Business Objects install directory. On the toolbar. 5. 1.Working with Firewalls Configuring the system for firewalls 9 Ports The application server must be able to communicate with every BusinessObjects Enterprise server behind the firewall. By default the script and the ccm. Configuring BusinessObjects Enterprise for Network Address Translation when the application tier is separated from the CMS by a firewall includes: • • • • “Configuring the CMS” on page 191 “Configuring the BusinessObjects Enterprise servers” on page 192 “Configuring the hosts files” on page 193 “Specifying firewall rules for NAT” on page 194 Configuring the CMS 1. you must open a port on the firewall for each server. In the Command box. To configure the CMS on UNIX Run ccm. substitute your new port number for the default value of 6400. Click OK to return to the CCM. for example /export/home/ businessobjects. 6. BusinessObjects Enterprise Administrator’s Guide 191 . substitute any valid free port number for portnum. The application server must be a Tomcat or IIS server. For the -requestport command. 4.sh. Before changing the port number. Tip: If you want to customize the CMS so that it listens on a port other than the default. This machine must be routable from the application server. If you change the default port number of the CMS you must perform additional system configuration. Start the Central Management Server. 3. add the following option: -port FQDN:6400 -requestport portnum For the -port command. 2.

3. substitute any valid free port number for portnum. On the toolbar. click Properties. each server on that machine must use a unique port number.sh. If more than one server is installed on the same machine. 3. Edit the ccm. replace FQDN with the fully qualified domain name of the machine that is running the server. For the -requestport command. substitute any valid free port number for portnum. This machine must be routable from the application server. By default the script and the ccm. Start the server. for example /export/home/ businessobjects. 6. replace FQDN with the fully qualified domain name of the machine that is running the CMS. • • 1. add the following option: -port FQDN -requestport portnum For the -port command. 2.9 Working with Firewalls Configuring the system for firewalls 2. 192 BusinessObjects Enterprise Administrator’s Guide . 1. To configure BusinessObjects Enterprise servers on UNIX Run ccm. 4. This machine must be routable from the application server. In the Command box. Click OK to return to the CCM. 7. Use ccm. “To configure BusinessObjects Enterprise servers on Windows” on page 192 “To configure BusinessObjects Enterprise servers on UNIX” on page 192 To configure BusinessObjects Enterprise servers on Windows Start the CCM.config file to insert the following command line: -port FQDN:6400 -requestport portnum For the -port command. For the -requestport command.config file are installed in the Business Objects install directory.sh to start the Central Management Server. Stop the Central Management Server. 4. 5. Repeat for each BusinessObjects Enterprise server. Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. Stop the server.

before consulting DNS. This is necessary to enable communication between servers inside the firewall. Consult your UNIX systems documentation for details. BusinessObjects Enterprise Administrator’s Guide 193 . 3. The hosts file is located at \etc\hosts. If more than one server is installed on the same machine.Working with Firewalls Configuring the system for firewalls 9 2. 4. 1. Edit the ccm.sh to start the server. replace FQDN with the fully qualified domain name of the machine that is running the server. Use the internally routable IP address of the machine and its externally routable fully qualified domain name. Open the hosts file using an editor like vi. Repeat for each BusinessObjects Enterprise server. each server on that machine must use a unique port number. The hosts file is located at \WINNT\system32\drivers\etc\hosts.config file to insert the following command line: -port FQDN -requestport portnum For the -port command. 2. Stop the server. “To configure the hosts files on Windows” on page 193 “To configure the hosts files on UNIX” on page 193 To configure the hosts files on Windows Open the hosts file using a text editor like Notepad. 5. Configuring the hosts files On each machine running a BusinessObjects Enterprise server. Use ccm. This machine must be routable from the application server. For the -requestport command. The procedure for configuring the hosts file is different for Windows and UNIX. See: • • 1. substitute any valid free port number for portnum. Follow the instructions in the hosts file to add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server or servers. To configure the hosts files on UNIX Note: Your UNIX operating system must be configured to first consult the hosts file to resolve domain names. you must configure the hosts file so that the server can map the FQDN it receives from the Central Management Server (CMS) to an internally routable IP address. Save the hosts file. 3.

and actualIPaddress is the actual internal IP address for the a server. On the firewall machine. Add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers For details of how to specify these rules. Save the hosts file. 4.9 Working with Firewalls Configuring the system for firewalls 2. each server on that machine must use a unique port number. Where translatedIPDaddress is the actual translated IP address. Specifying firewall rules for NAT When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule. For details about the rules see: • • “Inbound Rules” on page 194 “Outbound Rules” on page 195 The fixed port numbers specified in the chart are the port numbers you specify for servers using -requestport. See “Configuring the CMS” on page 191. Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise Server 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be one inbound firewall rule for each BusinessObjects Enterprise server behind the firewall. 194 BusinessObjects Enterprise Administrator’s Guide . Whenever more than one server is installed on the same machine. Use the translated IP address of the machine and its fully qualified domain name. consult your firewall documentation. add a route from the translated IP address to the actual internal IP address: route add translatedIPaddress actualIPaddress 3. and “Configuring the BusinessObjects Enterprise servers” on page 192 for details.

Configuring NAT when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. These listeners may initiate communication with the application server. Configuring for packet filtering If you use packet filtering only on the outer firewall of the DMZ. you need to configure them to communicate properly through the firewall. then no special configuration is required for BusinessObjects Enterprise to communicate properly.Working with Firewalls Configuring the system for firewalls 9 Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. For full instructions. You do not need to establish an outbound firewall rule. However. This section includes: • • “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring packet filtering when thick client is separated from the CMS” on page 198. this operation fails. or by using the Import or Publishing Wizards. Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses Network Address Translation (NAT) is very similar to configuring your system to support a NAT firewall between the application tier and the Central Management Server. BusinessObjects Enterprise Administrator’s Guide 195 . However. if there is a firewall between the computer running one of these thick clients and the Central Management Server (CMS). follow the detailed steps in “Configuring NAT when application tier is separated from the CMS” on page 190 but: • • Configure only the Central Management Server and the Input File Repository Server. if you separate BusinessObjects Enterprise components using packet filtering. Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server.

2. This includes: • • “Configuring the BusinessObjects Enterprise servers” on page 196 “Specifying firewall rules for packet filtering” on page 197 Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. “To configure BusinessObjects Enterprise servers on Windows” on page 196 “To configure BusinessObjects Enterprise servers on UNIX” on page 196 To configure BusinessObjects Enterprise servers on Windows Start the CCM. 1. see “Changing the default server port numbers” on page 140. Click OK to return to the CCM. 3. substitute any valid free port number for portnum. On the toolbar. you must configure the CMS and every BusinessObjects Enterprise server inside the inner firewall to respond to communications from the application server on a fixed port. also add -port cmsport to the command line. By default the script and the ccm.sh. Before changing the port number. add the following option: -requestport portnum For the -requestport command.config file are installed in the BusinessObjects install directory. If more than one server is installed on the same machine. 5. In the Command box. For example: -port cmsport -requestport portnum If you change the default port number of the CMS you must perform additional system configuration. Tip: If you want to customize the CMS so that it listens on a port other than the default. 196 BusinessObjects Enterprise Administrator’s Guide . See: • • 1. 4. 7. Stop the first server. click Properties. To configure BusinessObjects Enterprise servers on UNIX Run ccm. each server on that machine must use a unique port number. Repeat for each BusinessObjects Enterprise server behind the firewall. Start the server. for example /export/home/ businessobjects. 6. where cmsport is the new port number for the default value of 6400.9 Working with Firewalls Configuring the system for firewalls Configuring packet filtering when application tier is separated from CMS If your firewall performs packet filtering.

Use ccm.config file to insert the following command line: -requestport portnum For the -requestport command. Repeat for each BusinessObjects Enterprise server.sh to start the server. For details about the rules see: • • “Inbound Rules” on page 198 “Outbound Rules” on page 198 The fixed port numbers specified in the chart are the port numbers you specify for the CMS and other BusinessObjects Enterprise servers using -requestport. BusinessObjects Enterprise Administrator’s Guide 197 . Stop the server. 5. each server on that machine must use a unique port number. Tip: If you want to customize the CMS so that it listens on a port other than the default. substitute any valid free port number for portnum. If you change the default port number of the CMS you must perform additional system configuration. Before changing the port number. see “Changing the default server port numbers” on page 140. also add -port 6400 to the command line. If more than one server is installed on the same machine. consult your firewall documentation. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers. Specifying firewall rules for packet filtering When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule.Working with Firewalls Configuring the system for firewalls 9 2. 4. Edit the ccm. substituting your new port number for the default value of 6400. 3. For details of how to specify these rules.

follow the detailed steps in “Configuring packet filtering when application tier is separated from CMS” on page 196 but: • Configure only the Central Management Server and the Input File Repository Server to use fixed port numbers for communication. Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. each server on that machine must use a unique port number. Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses packet filtering is very similar to configuring your system to support a packet filtering firewall between the application tier and the Central Management Server (CMS). However. Whenever more than one server is installed on the same machine. 198 BusinessObjects Enterprise Administrator’s Guide . this operation fails. or by using the Import or Publishing Wizards. These listeners may initiate communication with the application server. Configuring packet filtering when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence.9 Working with Firewalls Configuring the system for firewalls Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise servers 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be an inbound firewall rule for each BusinessObjects Enterprise server behind the firewall. if there is a firewall between the computer running one of these thick clients and the CMS. For full instructions.

The means that applications written using the Java SDK cannot be on the outside of a firewall from any components that must be accessed. Configuring the WCA for SOCKS servers When configuring your WCA for SOCKS.NET SDK. Note: The EBUS layer of the Java SDK does not support communications using the SOCKs protocol. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. but you cannot use JSP pages through a SOCKS firewall. BusinessObjects Enterprise provides direct support for SOCKS proxy server firewalls on Windows installations that use the BusinessObjects Enterprise . As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. If you are using SOCKS proxy servers now. we recommend you switch to a different firewall method. You can configure the Web Component Adapter to communicate through a SOCKS server. Therefore you may be able to configure your system to support a custom CSP application and SOCKS. so you don’t need to configure them separately. Therefore only perform the test cases that utilize socks when using IIS on a windows deployment This list describes when to use the procedures that are provided in the remainder of this section: • • Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the WCA from the CMS. There is limited support of SOCKS for the UNIX installation of BusinessObjects Enterprise. The remaining server components automatically obtain their SOCKS configuration from the CMS. but the Java SDK has no support for SOCKS. You do not need to establish an outbound firewall rule. if the only means of traversing the firewall is using the SOCKs protocol. BusinessObjects Enterprise Administrator’s Guide 199 . or for a Windows installation that uses the BusinessObjects Enterprise Java SDK. Configuring for SOCKS servers Note: Business Objects will be moving away from supporting SOCKS proxy servers. complete these steps regardless of the location of your SOCKS server(s). as required.Working with Firewalls Configuring the system for firewalls 9 • Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server. BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls.

and then enter your user name and password. To configure the CMS on Windows Start the CCM. 8. 3. 2. 5. Select the SOCKS version that you are running (Ver 4 or Ver 5). including the Central Management Server. 9. 1. 4. Configuring the WCA for SOCKS servers Complete these steps if one or more SOCKS servers separates the Web Component Adapter (WCA) from the Central Management Server (CMS). 200 BusinessObjects Enterprise Administrator’s Guide . from the outermost to the innermost. repeat steps 4 to 8 for each additional server. If you have more than one SOCKS server. In the Server Port field. Click OK in all three dialog boxes to return to the CCM. If you are using version 5 and you would like to secure access to the server.9 Working with Firewalls Configuring the system for firewalls Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the application server from the CMS. as required. Then click Up and Down to order the SOCKS servers from the outermost (closest to the application server or Web Component Server) to the innermost (closest to the CMS). 6. These steps provide the WCA with the required information about each SOCKS server. click Properties. select the authentication check box. On the Connection tab. see “Scalability overview” on page 158. type the number of the port that the SOCKS server is listening on. see “For more information about each of these topics. 10. click Add. 7. type the Server Name or IP Address of your SOCKS server. in order.” on page 602. Start the BusinessObjects Enterprise server components. In the SOCKS Proxy dialog box. Select the CMS and. To configure the CMS on UNIX The UNIX version of BusinessObjects Enterprise includes a utility that allows you to configure BusinessObjects Enterprise servers to work with SOCKS servers. The remaining BusinessObjects Enterprise servers automatically obtain their SOCKS configuration from the CMS. Stop all of the Business Objects servers. so you don’t need to configure them separately. For details. on the toolbar. Click OK.

Working with Firewalls Configuring the system for firewalls 9 The outermost SOCKS server is the one closest to the web server. 3. b.war to insert a SOCKS URI (universal resource identifier). 2. Edit the file C:\Inetpub\wwwroot\Web. Enter the SOCKS information. Save the file. To configure the WCA on Windows Add the SOCKS information to the WCA. see “sockssetup. Click Configuration tab. The Properties dialog box appears. Start the CCM. The procedure for configuring the WCA is different for Windows and Unix. b. Configure the BusinessObjects Enterprise server: BusinessObjects Enterprise Administrator’s Guide 201 . Repeat step 3 for all the BusinessObjects Enterprise server. e. c. Edit the web. g. “To configure the WCA on UNIX” on page 201 “To configure the WCA on Windows” on page 201 To configure the WCA on UNIX Run the sockssetup.xml deployment descriptor file associated with the webcompadapter. The innermost SOCKS server is the last SOCKS server that the WCA communicates with before the CMS. Stop the CMS. a. Start the server again. See “Configuring the Web Component Adapter” on page 89 for details on editing web. This URI tells your WCA how to contact the CMS through your SOCKS server(s). For details. Double-click the CMS. d. 1.xml. f.sh” on page 603. See: • • 1. Go to the line: <add key=”connection.socksUri” value-“*”/> Add the following SOCKS server information: *Socks://Version.User:Password@SOCKSserver:Port/ CMSmachine:Port c. a.sh script to configure the BusinessObjects Enterprise servers and WCA to work with the SOCKS servers.config.

9 Working with Firewalls Configuring the system for firewalls 202 BusinessObjects Enterprise Administrator’s Guide .

Managing Auditing chapter .

At regular intervals the CMS communicates with the auditee servers to request copies of records from the auditee’s local log files. while each BusinessObjects Enterprise server that controls actions that you can monitor is an auditee. To ensure that the time stamps of actions on different servers are consistent. Then you must enable auditing of that action in the Servers management area of the Central Management Console. they make a correction to the time stamp they record in their log files for subsequent audit actions. As the auditor. Having information about who is using your system and which objects they are accessing allows you to answer system-level questions like “which groups within the company use our BusinessObjects Enterprise system the most?” or “how many concurrent user licenses are we using at any given time?” Auditing also allows you to better administer individual user accounts and reports by giving you more insight into what actions users are taking and which reports they are accessing. As the auditee. How does auditing work? The Central Management Server (CMS) acts as the system auditor. the CMS controls the overall audit process. This information lets you be more proactive in managing the operation and deployment of your BusinessObjects Enterprise system.10 Managing Auditing Auditing overview Auditing overview Auditing allows you to monitor and record key facts about your BusinessObjects Enterprise system. To audit an action in BusinessObjects Enterprise. When the CMS receives these records it writes data from the log files to the central auditing database. the BusinessObjects Enterprise server will then begin to record these audit actions in a local log file. Once the data is in the auditing database you can run pre-configured reports against the database or design custom reports to suit your own needs. The auditees then compare this time to their internal clocks. The CMS also controls the synchronization of audit actions that occur on different machines. the CMS periodically broadcasts its system time to the auditees. you must first determine which server controls that action. 204 BusinessObjects Enterprise Administrator’s Guide . Each server writes audit records to a log file local to the server. while helping you better evaluate the value that BusinessObjects Enterprise provides to your organization. Each auditee provides a time stamp for the audit actions that it records in its log file. If differences exist.

See “Using sample audit reports” on page 214 or “Creating custom audit reports” on page 217 for more information. another CMS from the cluster will take over and begin acting as auditor. and a variety of other parameters more fully documented in “Auditing database schema reference” on page 218. BusinessObjects Enterprise Administrator’s Guide 205 . BusinessObjects Enterprise records the time of the action. to help you find the server where you enable auditing of these actions. Once you have collected this data. It is organized according to the types of actions that you can audit. see “Enabling auditing of user and system actions” on page 210. the server where it was performed. In a CMS cluster. or create file-based events. see “Reference list of auditable actions” on page 205). For each action. see the “Auditing database schema reference” on page 218. the name and user group of the user who initiated the action. Which actions can I audit? You can use auditing to track the actions of individual users of BusinessObjects Enterprise as they log in and out of the system. access data. and the data that is recorded for each audit action. For step by step instructions on how to enable audit actions. (For a complete list of auditable actions. you can use a custom or pre-configured report to view the raw data. or to answer more complex queries such as “how many concurrent licenses are we using at a given time?”. The CMS acts as both an auditor and as an auditee when you configure it to audit an action that the CMS itself controls. If the machine that is running this CMS fails. See “Configuring the auditing database” on page 209. Reference list of auditable actions This list contains a complete list of the audit actions you can enable in BusinessObjects Enterprise.Managing Auditing Auditing overview 10 Note: • • • You must configure the auditing database on the CMS before you can begin to audit. You can also monitor system actions like the success or failure of scheduled objects. the cluster will nominate one CMS to act as system auditor. For more information about the actions that are audited.

User opens an existing Web Intelligence document. Save document to repository. Cache Server A report could not be viewed. Get list of universes. A report fails to save using a custom application based on the RAS API.) A report has been viewed successfully. A user has selected a universe as they create a new Web Intelligence document. • • A report is opened successfully using: the Advanced DHTML viewer. which triggers a request to the server for the list of available universes. or as they edit an existing Web Intelligence document. location. a custom application that uses RAS SDK. RAS A report fails to open. A report has been created successfully using: • a custom application that uses the RAS SDK. (The name. Selection of universe. • • • A user has saved a Web Intelligence document within BusinessObjects Enterprise. or description of a folder is modified. A folder is deleted. BusinessObjects Enterprise Server CMS Crystal reports A folder is modified.10 Managing Auditing Auditing overview User Actions Actions Folders A folder is created. A report fails to be created. A report is saved successfully (using a custom application based on the RAS SDK). Web Intelligence Web Report Server Intelligence • A user has begun creating a new Web Intelligence documents document. Read Document. 206 BusinessObjects Enterprise Administrator’s Guide .

A user logon fails. User logs off.Managing Auditing Auditing overview 10 Actions Refresh document. A user’s password is changed. A job has been run successfully. and triggers a call to the database for more data. • User drills past the scope of the data currently in memory. • Server generates an SQL query in response to a user action that requires data to be retrieved from a database. A named user logon succeeds. Web Intelligence • User manually refreshes a Web Intelligence documents document. BusinessObjects Enterprise Server Web Intelligence Report Server • • User enters “Edit document” mode for an existing Web Intelligence document. Apply format. (An object has failed to be sent to a destination.) A job failed but will try to run again. Get page. or the user opens a Web Intelligence document that is set to “refresh on open”. Edit document. Drill out of scope. A concurrent user logon succeeds. (A user has successfully sent an object to a destination. User applies a formatting change to an existing Web Intelligence document in a query panel. • Users A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document. • Server renders the pages of a Web Intelligence document in response to a user request to display all or part of a document.) A job has failed to run. Generate SQL. List of values. CMS Send an object to a destination Destination Job Server BusinessObjects Enterprise Administrator’s Guide 207 .

Job Servers For example. Tip: To audit every failure of a scheduled Crystal report. Event Server (Event is created. CMS File-based events Note: You do not need to enable this option to audit every failure of a scheduled Web Intelligence document. a scheduled Crystal report has failed to run. Communication with a running instance is lost. A job failed but will try to run again. a scheduled Crystal report has failed to run because communication with the instance was lost. a scheduled program. a scheduled Crystal report has run successfully. and registered with system) An event is updated. enable auditing of “A job has failed to run” on the Job Server. For example. description. and “Communication with a running instance is lost. or filename of an event is modified.10 Managing Auditing Auditing overview Actions File-based events BusinessObjects Enterprise Server An event is registered. A job has failed to run. For example. (The name. (Event is removed from system.” on the Central Management Server. and the scheduled time for running the report expired.) An event is unregistered. An event is triggered. or a scheduled List of Values. Event Server 208 BusinessObjects Enterprise Administrator’s Guide .) System Actions Actions Scheduled objects BusinessObjects Enterprise Server A job has been run successfully.

then click OK.txt file included with your product distribution for a complete list of tested database software and version requirements. You can use any database server supported for the CMS system database for your auditing database. Note that connection names are case sensitive. and not a User DSN or File DSN. By default. 5. It is recommended that you develop a back up strategy for your auditing database. 6. BusinessObjects Enterprise Administrator’s Guide 209 . Click Specify Auditing Data Source. server services are configured to run under the System account. 4. using the same connection method and the same connection name. which only recognizes System DSNs. you can use different database software for the CMS system database and the auditing database. or through one of the native drivers. (Click New to configure a new DSN. 3. • If you selected ODBC. or you can install these databases on separate servers. (See “Installing a new CMS and adding it to a cluster” on page 94 for more information on CMS clusters. See the Platforms. If you have a CMS cluster. Note: • The CMS system database and the auditing database are independent. Select the ODBC data source that you want to use as the auditing database.Managing Auditing Configuring the auditing database 10 Configuring the auditing database Before you audit actions within BusinessObjects Enterprise. every CMS in the cluster must be connected to the same auditing database.) Use a System DSN. 2. When prompted. you must configure your Central Management Server to connect to an auditing database. The remaining steps depend upon the connection type you selected: • 1.) To configure the auditing database on Windows Start the Central Configuration Manager (CCM). specify whether you want to connect to the new database through SQL Server (ODBC). In the Select Database Driver dialog box. the Windows “Select Data Source” dialog box appears. Click OK. If you choose. Stop the CMS. provide your database credentials and click OK. If necessary. contact your database administrator for more information.

and then supply the requested information about your database server. For example. it will create the auditing database. If you have multiple BusinessObjects Enterprise servers of a given type.sh. Select the CMS. If you enable auditing on only one Central Management Server. and your Password. 210 BusinessObjects Enterprise Administrator’s Guide .sh to start the CMS. 8. you are prompted for your database Server Name. Run cmsdbsetup. 7. Click OK. Choose the “Modify a server” option. When the CMS starts. Choose the selectaudit option. The SvcMgr dialog box notifies you when the auditing database setup is complete. 6. you will only collect audit information about actions that occur on that server. 5. Select “Write server audit information to specified data source”. Use ccm. and then go to the Configuration tab. To configure the auditing database on UNIX For more information on UNIX scripts. Start the CMS. and then click Specify. Provide this information and then click OK. select Properties. be sure to enable identical audit actions on every server. your Login ID.sh to stop the CMS. see “UNIX Tools” on page 597. 4. it will create the auditing database. and enable auditing. Doing so ensures that you collect information on all user or system actions in your BusinessObjects Enterprise system.sh. if you are interested in the total number of concurrent user logons.10 Managing Auditing Enabling auditing of user and system actions • If you selected a native driver. When the CMS starts. Stop the CMS. Note: You can also configure the auditing database using the Properties option for the CMS. 7. 1. Enter the port number of the CMS when prompted (the default value is 6400). Run serverconfig. Enabling auditing of user and system actions To audit an action in BusinessObjects Enterprise you must first determine which BusinessObjects Enterprise server controls the action. enable auditing of concurrent user logons on each of your Central Management Servers. Then you must enable auditing on the server from the Servers management area of the Central Management Console (CMC). 3. Use ccm. 2.

4. 1.) 3. 5.Managing Auditing Enabling auditing of user and system actions 10 In some special cases you may wish to enable auditing on only one server of a given type. Tip: BusinessObjects Enterprise Administrator’s Guide 211 . To enable audit actions Go to the organize Servers area of the CMC. if you are interested in the success or failure of only one kind of scheduled report and you have configured your system so that these reports are processed on one particular Job Server. Click the Auditing tab. 2. Select the Auditing is enabled check box. For example. it is not necessary to enable auditing on every Job Server in your system. Note: You must configure the auditing database before you can collect data on audit actions. 7. Click the server that controls the action that you wish to audit. (See “Optimizing system performance while auditing” on page 213 for information on adjusting the size of log files.) Click Update. See “Configuring the auditing database” on page 209 for instructions. Ensure that your audit log file is located on a hard drive that has sufficient space to store the log files. You only need to enable auditing on the Job Server where the reports are processed. Select the audit actions that you wish to record. (See the “Reference list of auditable actions” on page 205 to find the correct server. 6.

If you want to audit all actions of a given type. • Controlling synchronization of audit actions The CMS controls the synchronization of audit actions that occur on different machines. apply the same command-line options to each server. This CMS will apply its own command-line options. or a scheduled List of Values. you must enable logging of concurrent logons on every Central Management Server in your system. You can change the interval using the command-line option -AuditeeTimeSyncInterval minutes You can turn off this option by setting minutes to zero. audit behavior may not be what you expect. This correction affects only the time stamp that the auditee records in its audit log file. For more accurate and robust time synchronization. By default. and then make the appropriate correction to the time stamp (in UTC) they record for subsequent audit actions. If these options are different than those of the original auditor. 212 BusinessObjects Enterprise Administrator’s Guide . For example. The auditees compare this time to their internal clocks. This built-in method of time synchronization will be accurate enough for most applications. Otherwise your audit record will be incomplete. and “Communication with a running instance is lost. Auditing is enabled independently on each server. configure the auditee and auditor machines to use an NTP (Network Time Protocol) client. enable identical audit actions on every server that supports those actions. another CMS takes over auditing. enable auditing of “A job has failed to run” on the Job Server. and then turn off internal synchronization by setting -AuditeeTimeSyncInterval 0 Tip: If you have a CMS cluster. The CMS periodically broadcasts its system time to the auditees in UTC (Coordinated Universal Time). the CMS broadcasts its system time every 60 minutes. For more information. a scheduled program.” on the Central Management Server. if this CMS fails. However. if you want to track the total number of concurrent logons to your BusinessObjects Enterprise system. see “Central Management Server” on page 586 in “Server Command Lines” on page 583.10 Managing Auditing Controlling synchronization of audit actions • To audit every failure of a scheduled Crystal report. The auditee does not adjust the system time of the machine on which it is running. Only one CMS in the cluster acts as the auditor.

and you can always report accurately on the latest audit actions. In this case you can choose to increase the audit interval. and to decrease the number of audit records in each batch. all audit records are quickly transferred to the auditing database. The maximum number of records that an audited server will store in a single audit log file.) The CMS requests this fixed number of records from each audited server.Managing Auditing Optimizing system performance while auditing 10 Optimizing system performance while auditing Enabling auditing should have minimal effect on the performance of BusinessObjects Enterprise. you may only need to review audit results periodically (weekly. Changing each of these options has a different impact on system performance. However. depending upon activity levels in your system. Choosing these options minimizes the impact that auditing has on the performance of BusinessObjects Enterprise. -AuditBatchSize number. You can use these options to optimize audit performance to meet your needs. BusinessObjects Enterprise Administrator’s Guide 213 . For example. Decreasing the audit batch size decreases the rate at which records are moved from the audit log files on the audited servers to the auditing database. where minutes is between 1 and 15. increasing the audit interval reduces frequency with which the CMS writes events to the auditing database. (The default value is 200. you can choose a short audit interval and a large audit batch size. where number is between 50 and 500. Increasing the maximum number of audit events stored in each audit log file reduces the number of file open and close operations performed by audited servers. -auditMaxEventsPerFile number (number has a default value of 500 and must be greater than 0). you can optimize system performance by fine-tuning these command-line options: • • • -AuditInterval minutes. every time interval. choosing these options may have an impact on the performance of BusinessObjects Enterprise. these options can create a backlog of records stored in audit log files. Alternatively. for example). In this case.) The CMS requests audit records from each audited server every audit interval. Note: Log files remain on the audited server until all records have been requested by the CMS. thereby increasing the length of time that it takes these records to get transferred to the central auditing database. if you frequently need up-to-date information about audited actions. When this maximum value is exceeded. the server opens a new log file. However. (The default value is 5. For example. However.

To use these sample reports. or over a weekend). the DSN was AuditData). 2. Note: To create this folder. To use sample audit reports Create a folder called “admin reports” inside the Report Samples folder to hold the sample auditing reports. 1. see “Server Command Lines” on page 583. or you can use a database server name and database name of your choice. Using sample audit reports BusinessObjects Enterprise ships with several sample audit reports created using Crystal Reports. Publish the sample audit reports to the “admin reports” folder within BusinessObjects Enterprise. See “Configuring the auditing database” on page 209 for instructions. and a database called AuditData. the sample audit reports may contain little or no data the first time you view them. Finally. do so now. For more information on changing command-line options. They are available on your product CD. 214 BusinessObjects Enterprise Administrator’s Guide . Next configure an auditing database.10 Managing Auditing Using sample audit reports This backlog is cleared at times of low system activity (such as overnight. The sample audit reports were created using a ODBC connection to a database server named AuditData (that is. Note: If you have recently enabled auditing. but means that at times your audit reports may not contain records of the most recent audit actions. You can now use the sample reports to view auditing data collected about user and system actions on your installation of BusinessObjects Enterprise. and then click New Folder. and then enable auditing of the user and server actions needed to provide data for the sample reports. 3. first publish them to BusinessObjects Enterprise. Click Report Samples. go to the Folders management area of the Central Management Console (CMC).) For more information about publishing. ensure that the sample reports are configured to use database connection information valid for your auditing database. see “Publishing Objects to BusinessObjects Enterprise” on page 373. You can create an auditing database that uses these names. If you have not already configured your auditing database. (The sample audit reports are in Samples > Reports > AdminReports on your product CD.

Click Report Samples. Note: The description of the sample reports indicates which audit actions to enable for each report. See “Enabling auditing of user and system actions” on page 210 for instructions. BusinessObjects Enterprise Administrator’s Guide 215 . 7. 6. Go to the Folders management area of the CMC. From the Crystal Enterprise Admin Launchpad. Go to the Servers management area of the CMC. BusinessObjects Enterprise will now begin to collect data on audit actions. Enable auditing of the actions that are included in the sample audit report.Managing Auditing Using sample audit reports 10 4. select the Central Management Console (CMC). then admin reports to display the list of sample audit reports. 5.

from the Process tab. Configure the report to use your auditing database. then.10 Managing Auditing Using sample audit reports 8. 9. Click the name of a report that you want to use.” 216 BusinessObjects Enterprise Administrator’s Guide . click “Use custom database logon information specified here. database name. click the Database link. or database logon information for your auditing database are different than the values originally specified for the sample report. If the server name.

Managing Auditing Creating custom audit reports 10 10. Alternatively. The sample audit report is now configured to use your auditing database as its data source. 15. and then type DatabaseName. Creating custom audit reports This section contains information to help you understand the auditing database and the information it records about audit actions. you can use Crystal Reports to create custom audit reports of user and system actions. 16. 14. Click Update. BusinessObjects Enterprise Administrator’s Guide 217 . Type a User name and Password for a user with administrative rights to the auditing database. so that you can create your own Web Intelligence documents. click the Parameters link. 12. where DatabaseName is the name of the database that you specified above. you may wish to use Designer to create a universe against the auditing database. Consult the Designer’s Guide and the Web Intelligence guides for details. Click Specify a custom table prefix. in the box.See your Crystal Reports User’s Guide for full instructions on creating reports. or to indicate that the user should be prompted for a parameter value when the report is run.dbo. Click Update. With this information. 13. From the Process tab. Click the value of any parameter to specify a default value for that parameter. 11. Make sure you select the same database driver that you used when configuring the auditing database. You may now view the report in BusinessObjects Enterprise. Type the Server name (DSN) and Database name that you specified for your auditing database.

10 Managing Auditing Creating custom audit reports Auditing database schema reference The Audit database contains six tables. Combined with the Event_ID to form the primary key for the Audit_Event table. in seconds. Time for start of action in UTC (Coordinated Universal Time) to the nearest millisecond. as shown in the following entityrelationship diagram. Name of user who performed the action. Audit_Event table This table stores one record per action that is audited. Duration. A unique ID generated by the server to identify the audit event. The time stamp is created by the server recording the action in its log file. of the action that is audited. and includes any correction necessary to synchronize with CMS time. Combined with Server_CUID to form the primary key for the Audit_Event table. You may want to correct this time to your local time zone when creating audit reports. Event_ID User_Name Start_Timestamp Duration 218 BusinessObjects Enterprise Administrator’s Guide . Field Server_CUID Description Server process ID.

Information about the audit detail being recorded.Managing Auditing Creating custom audit reports 10 Field Event_Type_ID Description Number that uniquely identifies the type of action the entry represents. There may be more than one record in this table for each audit action recorded in the Audit_Event table. the reasons for that failure are recorded as audit details. Number that uniquely identifies the type of detail about the audit action that the entry represents. Foreign key for the Detail_Type table. when a user logon fails. the detail text would contain the name of that universe. Object_CUID Error_Code Audit_Detail table The Audit_Detail table records more information about each audit action recorded in the Audit_Event table. and the second will have a Detail_ID of 2. For example. This number uniquely identifies an object. That is. Combined with the Event_ID and the Detail_ID to form the primary key for the Audit_Detail table. Field Server_CUID Description Server process ID. Event_ID Detail_ID Detail_Type_ID Detail_Text BusinessObjects Enterprise Administrator’s Guide 219 . Info Object ID of object associated with the action. For example. Foreign key for the Event_Type table. if there are two details associated with a particular audit action. A unique ID generated by the server to identify the audit event. if the Detail_Type_Description were “universe name”. Combined with Server_CUID and the Detail_ID to form the primary key for the Audit_Detail table. The Detail_ID field is used to number the individual details associated with each audit action. Field reserved for error codes generated by the Web Intelligence Report Server. the first will have a Detail_ID of 1.

10 Managing Auditing Creating custom audit reports Server_Process table The Server_Process table contains information about the servers running within your BusinessObjects Enterprise system which can generate audit events. The server’s friendly name is the name displayed in the CMC. The default friendly name is hostname. Event_Type table reference The following tables list the Event_Type_ID and Event_Type_Description of all events that can be audited in your system. the host name. Server_Version Version of BusinessObjects Enterprise on server that produced the action. Event_Type table The Event_Type table contains a static list of the kinds of events that can be audited in your BusinessObjects Enterprise system. Primary key for the Server_Process table. these events are ordered according to the server that generates each type of event. Field Event_Type_ID Description Number that uniquely identifies the type of audit event that the entry represents. Machine name of the server that produced the action. that generated the audit action.servertype. Event_Type_Description Description of the type of audit event. Field Server_CUID Server_Name Description Server process ID. This table provides information roughly equivalent to that provided by AuditIDs and AuditStrings in Crystal Enterprise 10. For your convenience. 220 BusinessObjects Enterprise Administrator’s Guide . Application_Type_ID A unique ID that identifies the type of application Server_FullName Friendly name of the server that produced the action. Foreign key to the Application_Type table. That is.

Note that this audit string will be recorded when a user account (and therefore the user’s folder) is deleted. User logon failed. Job failed. Description User successfully viewed a Crystal report that has saved or live data. The user logged on successfully. A report could not be viewed. but was not successful. or an existing folder is copied. A folder is deleted. Logon failed because there was no valid license key available. New folder created. even though creating a user creates a user folder. location.Managing Auditing Creating custom audit reports 10 CMS audit events Event_Type_ ID Event_Type_Description Description 65537 65538 65540 65541 65539 65542 Concurrent user logon succeeded. The name. Note: This action must be audited by the CMS as Job Servers are not aware of losing communications with a job. 65543 Folder deleted. Reason: Unresponsive Job Server Child process. A new folder is created. User logged off. A scheduled report or scheduled program failed to run because communication with the running instance was lost. Note that this audit string will not be recorded when a new user account is created. using a named user license. BusinessObjects Enterprise Administrator’s Guide 221 . 65544 65545 Folder modified. using a concurrent user license. User attempted to view a Crystal report. and the scheduled time for running the job expired. User password has been changed. or description of the folder was changed. Cache Server audit events Event_Type_ ID Event_Type_Description 196609 196610 Crystal report viewed successfully. The user logged on successfully. Named user logon succeeded.

or by the system. Job failed. Event Server audit events Event_Type_ ID Event_Type_Description Description 262145 Event registered User creates a file-based event that can be used to schedule objects. The object ran as scheduled (or requested) and the job completed successfully. Events are updated when a user modifies the name or description of the file-based event. File-based event was initiated. 262146 262147 Event unregistered Event updated 262148 Event triggered 222 BusinessObjects Enterprise Administrator’s Guide . the audit messages give you information on whether an object was sent to a destination. The scheduled job did not complete successfully. as requested by a user. Event_Type Event_Type_Description Description _ ID 327681 Job successful. the audit messages give you information about the status of scheduled actions. User deletes a file-based event. see “Scheduling objects” on page 466.10 Managing Auditing Creating custom audit reports Job Server audit events For scheduled objects. The job will be retried by the CMS at a later time. The scheduled job did not complete successfully. For more information on scheduling jobs. For the Destination Job Server. 327682 327683 Job failed. Job will be retried by the CMS. For example. Event object was modified by a user. the audit messages can tell you if a scheduled report ran successfully.

There are problems with the database setup for the report. you may see this message when the database driver for the report is not present on the client machine A processing extension associated with the report aborts viewing. this Event_Type_ID may be generated when the report opens but cannot be viewed. Consult your RAS SDK documentation for details. Note: This Event_Type_ID is generated when a custom application created using the RAS SDK saves a report (using the Save method). Consult your RAS SDK documentation for details. Note: In a few cases. This may occur when: • • • • 458754 Report was saved to the CMS. The report could not be opened by the RAS. Event_Type_ ID Event_Type_Description 458753 Description Report was opened for User opened a report for viewing or viewing and/or modification modification. The machine running the RAS ran out of space in its temporary directory. and to create reports using custom applications developed with the RAS SDK. 458756 Report could not be opened. A new report was created and saved. The report used Business Views and the user did not have permissions to refresh the underlying data connections. BusinessObjects Enterprise Administrator’s Guide 223 . An existing report was saved. For example. Note: 458755 Report was created and saved to the CMS • This Event_Type_ID is generated when a custom application created using the RAS SDK saves a new report (using the Save As method).Managing Auditing Creating custom audit reports 10 Report Application Server audit events The Report Application Server (RAS) is used to view reports opened with the Advanced DHTML viewer. or fails.

User selects a universe as part of a document creation workflow. in a query panel. Consult your RAS SDK documentation for details. User manually refreshes a Web Intelligence document. A newly created report could not be saved by RAS. User applies a formatting change to a document. Web Intelligence Report Server audit events Event_Type_ ID Event_Type_Description Description 6 9 11 13 Get list of universes Save document to repository Read document Selection of universe User accesses a list of universes as part of a document creation workflow. User opens an existing Web Intelligence document. User has moved into Edit document mode. 19 Document refresh 21 List of values 22 28 40 Edit document Apply format Get page 224 BusinessObjects Enterprise Administrator’s Guide . This event occurs when a user opens the query panel. A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document. Description An existing report could not be saved by RAS. User action results in a request to server to generate the necessary data and layout to display all or part of a Web Intelligence document.10 Managing Auditing Creating custom audit reports Event_Type_ ID Event_Type_Description 458757 Report could not be saved to the CMS. User saves a Web Intelligence document to BusinessObjects Enterprise. 458758 Report could not be created in the CMS. or user opens a Web Intelligence document that has the “refresh on open” document property assigned. Note: This Event_Type_ID is generated when a custom application created using the RAS SDK cannot save a new report (using the Save As method).

The description of the application generating the audit event. and triggers a call to the database for more data. Application_Type_Description Application_Type table reference Application_Type_ID Application_Type_Description 1 8 11 12 13 14 15 16 18 19 Unknown Application Web Intelligence Report Server Central Management Server (CMS) Cache Server Report Job Server Report Application Server (RAS) Event Server Program Job Server Destination Job Server Web Intelligence Job Server BusinessObjects Enterprise Administrator’s Guide 225 . User drills past the scope of the data currently in memory. In BusinessObjects Enterprise XI. Application_Type table The Application_Type table contains a static list of the applications that can produce audit events. Field Name Application_Type_ID Description A unique ID that identifies the type of application that generated the audit action.Managing Auditing Creating custom audit reports 10 Event_Type_ ID Event_Type_Description Description 41 42 Generate SQL Drill out of scope Appears when a user refreshes a document. the applications that can be audited are servers.

10 Managing Auditing Creating custom audit reports Detail_Type table The Detail_Type table contains a static list of the standard details that can be recorded about audited events. For example. Field Detail_Type_ID Detail_Type_Description Description Number that uniquely identifies the type of audit detail that the entry represents. a user logon can fail for a number of different reasons. The description of the type of audit detail generated by the audit event. These reasons are listed as entries in the Detail_Type table. The information in the Detail_Type table is equivalent to the information that was recorded in variable AuditStrings in Crystal Enterprise 10. 226 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Security Concepts chapter .

instead. LDAP. and groups. For procedures that show how to set up authentication. and Windows AD authentication in order to protect against unauthorized access. Each of the components and key terms is discussed in greater detail later in this chapter. BusinessObjects Enterprise supports dynamically loaded processing extensions. 228 BusinessObjects Enterprise Administrator’s Guide . and other security settings. To allow for further customization of security. granular object rights. As such. see “Controlling User Access” on page 315. The current release supports features such as distributed security. This section describes the authentication and authorization processes in order to provide a general idea of how system security works within BusinessObjects Enterprise. Related topics: • • • For key procedures that show how to modify the default accounts. and authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. it focuses on conceptual information and provides links to key procedures. For procedures that show how to set object rights for your BusinessObjects Enterprise content. BusinessObjects Enterprise allows you to log various web statistics. thus enabling you to detect potential security concerns. and third-party Windows NT. single sign-on.11 BusinessObjects Enterprise Security Concepts Security overview Security overview The BusinessObjects Enterprise architecture addresses the many security concerns that affect today’s businesses and organizations. for monitoring and auditing purposes. see “Managing User Accounts and Groups” on page 249. passwords. resource access security. see “Making initial security settings” on page 43. Because BusinessObjects Enterprise provides the framework for an increasing number of components from the Enterprise family of Business Objects products. this chapter does not provide explicit procedural details. Authentication and authorization Authentication is the process of verifying the identity of a user who attempts to access the system. this chapter details the security features and related functionality to show how the framework itself enforces and maintains security. users. And.

LDAP. This section uses InfoView as a model and describes its default behavior. The Central Management Server (CMS) uses the BusinessObjects Enterprise security plug-in to verify the user name and password against the system database. If the security plug-in reports a successful match of credentials (including a match to an appropriate group membership for Windows NT. Windows AD. Alternatively. if the user specifies Windows NT. this session consumes one user license on the system. LDAP. this session stores information that allows BusinessObjects Enterprise to respond to the user’s requests. Internally. which routes the information to the Web Component Adapter (WCA). The authentication type may be Enterprise. Primary authentication Primary authentication occurs when a user first attempts to access the system. you can customize the system’s behavior to meet your needs. or Windows AD authentication. see the developer documentation available on your product CD. The user provides a user name and password and specifies an authentication type.aspx and runs the script. For procedures that show how to set up the different authentication types. The user’s web browser sends the information by HTTP to your web server. The CMS generates and encodes a logon token and sends it to the WCA. ultimately. this script communicates with the SDK and. For complete details. If you are developing your own BusinessObjects Enterprise end-user or administrative applications using the BusinessObjects Enterprise Software Development Kit (SDK). Windows NT. The WCA stores the user’s information in memory in a WCA session variable. the SDK uses the corresponding security plug-in to authenticate the user. For instance. the authentication and authorization processes may vary from system to system. While active. the CMS grants the user an active identity on the system and the system performs several actions: • • • The CMS stores the user’s information in memory in a CMS session variable. depending upon which type(s) you have enabled and set up in the Authorization management area of the Central Management Console (CMC). The WCA passes the user’s information to logon. or Windows AD Authentication. or LDAP authentication).BusinessObjects Enterprise Security Concepts Authentication and authorization 11 Because BusinessObjects Enterprise is fully customizable. the appropriate security plug-in to authenticate the user against the user database. While active. if the user specifies Enterprise Authentication. the SDK ensures that the BusinessObjects Enterprise security plug-in performs the authentication. see “Available authentication types” on page 252. BusinessObjects Enterprise Administrator’s Guide 229 .

11 BusinessObjects Enterprise Security Concepts Authentication and authorization Note: • • • If you are familiar with the SDK. the web browser sends the request by HTTP to the WCA. Note: • The third-party Windows NT. The WCA sends the logon token to the user’s web browser. LDAP. you should note that the WCA here instantiates the InfoStore object and stores it in the WCA session variable. Before fulfilling the user’s request. However. • Secondary authentication and authorization Secondary authentication is the process of double-checking the identity of each user who attempts to view. Authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. run. For details. its encoded information serves as the user’s valid ticket for the system. the WCA performs a series of security-related steps. The session variable does not contain the user’s password. the WCA proceeds to its next task. the primary authentication process is repeated. BusinessObjects Enterprise retrieves users’ credentials and group information directly from the Windows NT or Windows AD system. If there is no valid logon token. and Windows AD security plug-ins work only once you have mapped groups from the external user database to BusinessObjects Enterprise. Each of these steps contributes to the distributed security of BusinessObjects Enterprise. 230 BusinessObjects Enterprise Administrator’s Guide . if you are developing your own client application and you prefer not to store session state on the WCA. the WCA ensures that the user has a valid logon token: • • If there is a valid logon token. First. schedule. see “Available authentication types” on page 252. In a single sign-on situation. This is the model used in InfoView. 1. Hence. or otherwise act upon an object that is managed by BusinessObjects Enterprise. because each step consists of storing information that is used for secondary identification and authorization purposes. Until the logon token expires. you can design your application such that it avoids using WCA session variables. When a user attempts to access an object on the system. and the web browser caches the token in a cookie. see “Logon tokens” on page 243. For more information about logon tokens. users are not prompted for their credentials.

see “Controlling User Access” on page 315. see “Calculating a user’s effective rights” on page 328. For instance. BusinessObjects Enterprise does not have to prompt the user for credentials. the WCA passes the request along to the Page Server. it queries the CMS database for the rights associated with the object that the user requested. the WCA displays an appropriate message. The WCA then dynamically lists the reports in an HTML page. the WCA queries the CMS database for a list of the reports that the user is authorized to see. • If a different server component must process the request. if the user requests a list of reports in a specific folder. For instance. This secondary authentication and authorization process begins similarly to initial identification. however. For details about how the CMS calculates a user’s effective rights to an object. if the user attempts to refresh a report’s data. Note: If the user does not have the right to perform the requested action. the WCA sends the request and the user’s logon token to the appropriate server component. Second. the authentication algorithm followed by the WCA maintains system security in the fewest number of steps. thereby providing the most efficient response to the user’s initial request. the WCA checks internally for an active WCA session that matches the user’s logon token: • • If the corresponding WCA session variable remains in memory. 3. and the CMS and the WCA recreate the required session variables. and sends the page to the user’s browser. because the encoded logon token contains the required information. Third. the WCA ensures that the appropriate server component actually processes the user’s request: • If the WCA can process the request itself. BusinessObjects Enterprise Administrator’s Guide 231 . the user is logged back on with the logon token. The Page Server passes the logon token to the CMS to ensure that the user is authorized to refresh the report. That server component then queries the CMS database for the rights associated with the object that the user requested. In this case. For details about setting object rights. here.BusinessObjects Enterprise Security Concepts Authentication and authorization 11 2. If the WCA session variable has timed out. the WCA proceeds to its next task. The SDK authenticates the user against the appropriate user database.

see “Disabling the Guest account” on page 44.11 BusinessObjects Enterprise Security Concepts Authentication and authorization About single sign-on The term single sign-on is used to describe different scenarios. anyone can log on to BusinessObjects Enterprise as Guest and will have single sign-on access to BusinessObjects Enterprise. we distinguish the following levels of single sign-on: • • • “Single sign-on to BusinessObjects Enterprise” on page 232 “Single sign-on to database” on page 233 “End-to-end single sign-on” on page 233 Single sign-on to BusinessObjects Enterprise Single sign-on to BusinessObjects Enterprise means that once users have logged on to the operating system they can access BusinessObjects Enterprise without having to provide their logon credentials again. When the Guest user account is enabled. Single sign-on to BusinessObjects Enterprise can be provided by BusinessObjects Enterprise. At its most basic level. see: • • • • “Managing Enterprise and general accounts” on page 253 “Setting up NT single sign-on” on page 292 “Configuring LDAP authentication” on page 263 “Setting up AD single sign-on” on page 282 232 BusinessObjects Enterprise Administrator’s Guide . Single sign-on to BusinessObjects Enterprise was already supported in previous versions of Crystal Enterprise and continues to exist in BusinessObjects Enterprise XI. a logon token is created. For more information. Within the context of BusinessObjects Enterprise. The system uses this token to authenticate the users and grant them access to BusinessObjects Enterprise and its components. which it is by default. The term “anonymous single sign-on” also refers to single sign-on to BusinessObjects Enterprise. or LDAP with SiteMinder. but it specifically refers to the single sign-on functionality for the Guest user account. Windows AD. thus making it easier for users to interact with the system. or by different authentication tools such as Windows NT. For information on configuring single sign-on to BusinessObjects Enterprise. When they log on to the operating system. it refers to a situation where a user can access two or more applications or systems while providing their log-on credentials only once.

It includes: • • • “Web Component Adapter” on page 234 “Central Management Server” on page 234 “Security plug-ins” on page 235 BusinessObjects Enterprise Administrator’s Guide 233 . See “End-to-end single sign-on” on page 233. In BusinessObjects Enterprise XI single sign-on to the database is supported through Windows AD using Kerberos. see “Configuring Kerberos single sign-on” on page 299. For more information see “Configuring Kerberos single sign-on” on page 299.BusinessObjects Enterprise Security Concepts Security management components 11 Single sign-on to database Once users are logged on to BusinessObjects Enterprise. Thus. This section discusses the key components as they relate to system security. and “Configuring web applications for single sign-on to the databases” on page 313. to have access to BusinessObjects Enterprise and to be able to perform actions that require database access. You may want to use single sign-on to the database rather than end-to-end single sign-on. if you don’t want the LocalSystem account for the IIS to be trusted for delegation. such as SiteMinder and Kerberos. when they log on to the operating system. to provide users with even easier access to the resources they need. and third-party authentication tools. and its other objects. but it is managed primarily by the WCA. in particular “Configuring IIS for single sign-on to databases only” on page 309. such as viewing reports. in particular. without having to provide their logon credentials again. the CMS. the security plug-ins. users need to provide their logon credentials only once. Security management components System security within BusinessObjects Enterprise is distributed across most components. These components work together to authenticate and to authorize users who access BusinessObjects Enterprise. Single sign-on to the database can be combined with single sign-on to BusinessObjects Enterprise. For more information. single sign-on to the database enables them to perform actions that require database access. its folders. End-to-end single sign-on End-to-end single sign-on refers to a configuration where users have both single sign-on access to BusinessObjects Enterprise at the front-end. and single sign-on access to the databases at the back-end. viewing reports and Web Intelligence documents. In BusinessObjects Enterprise XI end-to-end single sign-on is supported through Windows AD and Kerberos.

with its thirdparty security plug-ins. the WCA initiates the primary authentication process. so users can log on to BusinessObjects Enterprise with their current Windows NT. When users log on. the CMS then grants the user a logon token and an active session on the system. the CMS allows you to create user accounts and groups within BusinessObjects Enterprise. the WCA receives all HTTP requests that are sent to BusinessObjects Enterprise from users’ web browsers. When a user requests a list of reports in a particular folder.11 BusinessObjects Enterprise Security Concepts Security management components • “Processing extensions” on page 241 Note: Because these components are responsible for additional tasks. several of the components discussed in this section are described in additional detail in “BusinessObjects Enterprise Architecture” on page 53. The CMS supports third-party authentication. the CMS coordinates the authentication process with its security plug-ins. the CMS allows you to reuse existing user accounts and groups that are stored in a third-party system (a Windows NT user database. When you first set up your system. Central Management Server In relation to system security. The CMS also responds to authorization requests made by the rest of the system. The WCA ensures that each user has a valid logon token for the system. For details. the CMS authorizes the request only when it has verified that the user’s account or group membership provides sufficient privileges. see “Sessions and session tracking” on page 244. see “Primary authentication” on page 229. Web Component Adapter The WCA is the gateway between the web server and the remaining BusinessObjects Enterprise components. LDAP. The majority of these tasks rely upon the database that the CMS uses to keep track of BusinessObjects Enterprise system data. the Central Management Server (CMS) performs a number of important tasks. This data includes security information. If the logon token is missing. or a Windows AD server). an LDAP directory server. This session variable contains information that BusinessObjects Enterprise uses when fulfilling user’s requests. or Windows AD credentials. or if it has expired. For details. and object rights that define user and group privileges. As such. And. 234 BusinessObjects Enterprise Administrator’s Guide . The WCA is also responsible for maintaining the user’s session state in the WCA session variable. such as user accounts. group memberships.

you make all of your settings in the CMC. if you map a Windows NT group to BusinessObjects Enterprise. LDAP. LDAP. when you need to assign rights or create new. once you map a Windows NT. Then. When you make subsequent changes to the third-party group membership. custom groups within BusinessObjects Enterprise. because the mapped users and groups are treated as if they were Enterprise accounts. The security plug-ins dynamically maintain third-party user and group listings. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. For more information about the CMS and the CMS database. BusinessObjects Enterprise Administrator’s Guide 235 . So. you need not update or refresh the listing in BusinessObjects Enterprise. the security plug-in dynamically creates an alias for that new user when he or she first logs on to BusinessObjects Enterprise with valid NT credentials. see “Central Management Server (CMS)” on page 61. Windows NT. and Windows AD security plug-ins. LDAP. security plug-ins enable you to assign rights to users and groups in a consistent manner. and some from an LDAP directory server. When users log on to BusinessObjects Enterprise. they choose from the available authentication types that you have enabled and set up in the Authorization management area of the CMC: Enterprise (the system default). or you can create new Enterprise user accounts or groups that corresponds to each mapped entry in the external system. Each security plug-in acts as an authentication provider that verifies user credentials against the appropriate user database. Moreover. For example. Each security plug-in offers several key benefits. You can map third-party user accounts or groups to existing BusinessObjects Enterprise user accounts or groups. Security plug-ins facilitate account creation and management by allowing you to map user accounts and groups from third-party systems into BusinessObjects Enterprise. or Windows AD group into BusinessObjects Enterprise. BusinessObjects Enterprise currently ships with the system default BusinessObjects Enterprise security plug-in and with the Windows NT. For instance. or Windows AD. Security plug-ins Security plug-ins expand and customize the ways in which BusinessObjects Enterprise authenticates users. see “Calculating a user’s effective rights” on page 328. and then you add a new NT user to the NT group.BusinessObjects Enterprise Security Concepts Security management components 11 For details about the CMS and how it calculates a user’s effective rights to an object. all users who belong to that group can log on to BusinessObjects Enterprise. or if your system uses the BusinessObjects Enterprise Java SDK. you might map some user accounts or groups from Windows NT.

For details. or if you disable the Guest account entirely. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows NT Authentication.dll) allows you to map user accounts and groups from your Windows NT user database to BusinessObjects Enterprise. Thus. and users are allowed or disallowed access to the system based solely on that information. when users connect to BusinessObjects Enterprise without specifying a user name and password. This plug-in allows you to create and maintain user accounts and groups within BusinessObjects Enterprise. For details on setting these passwords. If you assign a secure password to the Guest account. Default accounts When you first install BusinessObjects Enterprise. user names and passwords are authenticated against the BusinessObjects Enterprise user list. this plug-in sets up two default Enterprise accounts: Administrator and Guest. Neither account has a default password. and have their membership in a mapped NT group verified before the CMS grants them an active BusinessObjects Enterprise session. the system logs them on automatically under the Guest account. see “Disabling the Guest account” on page 44. In this case.11 BusinessObjects Enterprise Security Concepts Security management components BusinessObjects Enterprise supports the following security plug-ins: • • • • “BusinessObjects Enterprise security plug-in” on page 236 “Windows NT security plug-in” on page 236 “LDAP security plug-in” on page 238 “Windows AD security plug-in” on page 240 BusinessObjects Enterprise security plug-in The BusinessObjects Enterprise security plug-in (secEnterprise. see “Managing Enterprise and general accounts” on page 253. 236 BusinessObjects Enterprise Administrator’s Guide . it also enables the system to verify all logon requests that specify Enterprise Authentication. you disable this default behavior. For details on setting up Enterprise users and groups. Windows NT security plug-in The Windows NT security plug-in (secWindowsNT.dll) is installed and enabled by default when you install BusinessObjects Enterprise. see “Making initial security settings” on page 43. Single sign-on The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account. Users are authenticated against the Windows NT user database.

see “Windows AD security plug-in” on page 240. see “Managing NT accounts” on page 284. and your NT user account is added to the group. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. the security plug-in obtains the security context for the user from the authentication provider. The Business Objects NT Users group is then mapped to BusinessObjects Enterprise.BusinessObjects Enterprise Security Concepts Security management components 11 This plug-in is compatible with NT 4 and Windows 2000 Active Directory user databases (when Windows 2000 Active Directory is configured in non-native mode only). If a Windows 2000 Active Directory user database is configured in native mode and contains universal groups that span several domains. or if your system uses the BusinessObjects Enterprise Java SDK. For more information. A new NT group (called Business Objects NT Users) is created on the local machine. BusinessObjects Enterprise Administrator’s Guide 237 . You can also create your own applications that support NT authentication. The result is that you can log on to BusinessObjects Enterprise with your usual NT user credentials. then this plug-in is enabled by default. and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped NT group: • To obtain NT single sign-on functionality from a thick-client application (such as the Publishing Wizard). Once you have mapped your NT users and groups. In both scenarios. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. In this scenario. thereby allowing authenticated NT users to log on to BusinessObjects Enterprise without explicitly entering their credentials. For information on the Windows AD security plug-in. except for the Import Wizard. see the developer documentation available on your product CD. the user must be running a Windows operating system. all of the BusinessObjects Enterprise client tools support NT authentication. or over the Web. and the application must use the BusinessObjects Enterprise SDK. Default account If you install BusinessObjects Enterprise on Windows as an Administrator of the local machine. For information on mapping Windows NT users and groups to BusinessObjects Enterprise. Single sign-on The Windows NT security plug-in supports single sign-on. you must use the Windows AD security plug-in. the Windows NT security plug-in queries the operating system for the current user’s credentials when the client is launched.

Users are authenticated against the LDAP directory server. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. see “Managing LDAP accounts” on page 262.dll) allows you to map user accounts and groups from your LDAP directory server to BusinessObjects Enterprise. This can result in severe performance degradation. Note: IIS performs the Challenge/Response authentication for every web page viewed. For information on NT single sign-on. You can specify that BusinessObjects Enterprise use a Secure Sockets Layer (SSL) connection to communicate to the LDAP directory server for additional security. Specify multiple host names and their ports. LDAP security plug-in The LDAP security plug-in (secLDAP. LDAP authentication for BusinessObjects Enterprise is similar to NT and AD authentication in that you can map groups and set up authentication. In this scenario. Note: InfoView provides its own form of “anonymous single sign-on. and the web server must be running Internet Information Server (IIS). it also enables the system to verify all logon requests that specify LDAP Authentication. you can do the following: • • • Implement LDAP authentication when BusinessObjects Enterprise is running on Windows or on UNIX. 238 BusinessObjects Enterprise Administrator’s Guide . Map users and groups from the LDAP directory service. Also as with NT or AD authentication. User lists and group memberships are dynamically maintained by BusinessObjects Enterprise. see “Setting up NT single sign-on” on page 292. and alias creation. the user must be running Internet Explorer on a Windows operating system. authorization.11 BusinessObjects Enterprise Security Concepts Security management components • To obtain single sign-on functionality over the Web. Specifically. you can create new Enterprise accounts for existing LDAP users. and have their membership in a mapped LDAP group verified before the CMS grants them an active BusinessObjects Enterprise session. For information on mapping your LDAP users and groups to BusinessObjects Enterprise. and can assign LDAP aliases to existing users if the user names match the Enterprise user names. see “Setting up NT single sign-on” on page 292.” which uses Enterprise authentication. as opposed to Windows NT authentication. the system must use Microsoft components only. Internet Explorer and IIS engage in Windows NT Challenge/Response authentication before IIS forwards the user’s credentials to BusinessObjects Enterprise. For details on configuring IIS for single sign-on. In addition.

NT. If desired. except for the Import Wizard. applicationindependent directory. As long as you have an LDAP server (or servers) running. LDAP is based on the X. Note: The LDAP security plug-in provided with BusinessObjects Enterprise can be configured to communicate with your LDAP server via SSL. Before deploying LDAP authentication in conjunction with BusinessObjects BusinessObjects Enterprise Administrator’s Guide 239 . any client with the proper authorization can access its directories. LDAP offers you the ability to set up users to log on to BusinessObjects Enterprise through LDAP authentication. the LDAP server has a security certificate which BusinessObjects Enterprise uses to verify that it trusts the server. The directory structure within LDAP has entries arranged in a specific schema. You can also create your own applications that support LDAP authentication. you can use LDAP authentication (along with Enterprise. LDAP is an alternative to DAP because it uses fewer resources and simplifies and omits some X. all of the BusinessObjects Enterprise client tools support LDAP authentication. Other common attributes include the organizational unit name (OU). LDAP provides a means for accessing and updating information in a directory. both the LDAP server and BusinessObjects Enterprise have security certificates. and the LDAP server must also verify the client certificate before a connection can be established. Because LDAP is application-independent. a member group may be located in a directory tree as follows: cn=BusinessObjects Enterprise Users. and use LDAP in your existing networked computer systems. Each entry is identified by its corresponding distinguished name (DN) or common name (CN). and the organization name (O).BusinessObjects Enterprise Security Concepts Security management components 11 Once you have mapped your LDAP users and groups. It also enables users to be authorized when attempting to access objects in BusinessObjects Enterprise. while the LDAP server allows connections from anonymous clients. More about LDAP Lightweight Directory Access Protocol (LDAP).500 operations and features. which uses a directory access protocol (DAP) to communicate between a directory client and a directory server. and Windows AD authentication).500 standard. With mutual authentication. enables users to share information among various applications. ou=Enterprise Users A. With server authentication. Refer to your LDAP documentation for more information. the LDAP security plug-in provided with BusinessObjects Enterprise can communicate with your LDAP server using an SSL connection established using either server authentication or mutual authentication. a common. For example. o=Research. Based on an open standard. but always performs basic authentication when verifying users’ credentials.

org/rfcs/rfc2251. the security plug-in obtains 240 BusinessObjects Enterprise Administrator’s Guide . if the administrator changes his or her password or if the account becomes disabled). For more information. Users are authenticated against the Windows AD user database. Note that in order to use the Windows AD security plug-in. Note: • • • AD authentication only works for servers running on Windows systems. For information on mapping Windows AD users and groups to BusinessObjects Enterprise. see RFC2251. and have their membership in a mapped AD group verified before the Central Management Server grants them an active BusinessObjects Enterprise session. thereby allowing authenticated AD users to log on to BusinessObjects Enterprise without explicitly entering their credentials. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. Once you have mapped your AD users and groups. This plug-in is compatible with Windows 2000 Active Directory domains running in either native mode or mixed mode.faqs. which is currently available at http:// www. For details. In both scenarios. see “Managing AD accounts” on page 275. ensure that you are familiar with the differences between these LDAP types. For information on mapping Windows AD users and groups to BusinessObjects Enterprise.11 BusinessObjects Enterprise Security Concepts Security management components Enterprise. see “Managing AD accounts” on page 275. Single sign-on The Windows AD security plug-in supports single sign-on. except for the Import Wizard. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows AD Authentication. the CMS needs to run under a user account that has the “Act as Part of the Operating System” right. AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. or over the Web. You can also create your own applications that support AD authentication. see the developer documentation available on your product CD. See your Windows 2000 documentation for more information.html Windows AD security plug-in Windows AD security plug-in enables you to map user accounts and groups from your Windows 2000 Active Directory (AD) user database to BusinessObjects Enterprise. AD authentication and aggregation is not functional without a network connection. all of the BusinessObjects Enterprise client tools support AD authentication.

so file extension). Note: BusinessObjects Enterprise provides its own form of “anonymous single sign-on. The developer’s code first determines the user who owns the processing job. and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped AD group: • To obtain AD single sign-on functionality from a thick-client application (such as the Publishing Wizard). the user must be running Internet Explorer on a Windows operating system. the Windows AD security plug-in queries the operating system for the current user’s credentials when the client is launched. the user must be running a Windows operating system. as opposed to Windows AD authentication. dynamically loaded libraries are often referred to as shared libraries (. This type of security restricts data access by row within one or more database tables. On UNIX systems. A typical example is a report-processing extension that enforces row-level security.” which uses Enterprise authentication. the BusinessObjects Enterprise administration SDK essentially exposes a “handle” that allows developers to intercept the request. BusinessObjects Enterprise Administrator’s Guide 241 . Note: On Windows systems. Page Server. and the application must use the BusinessObjects Enterprise SDK.dll file extension). You must include the file extension when you name your processing extensions. dynamically loaded libraries are referred to as dynamic-link libraries (. In this scenario. Processing extensions BusinessObjects Enterprise offers you the ability to further secure your reporting environment through the use of customized processing extensions. The developer writes a dynamically loaded library that intercepts view or schedule requests for a report (before the requests are processed by the Job Server. A processing extension is a dynamically loaded library of code that applies business logic to particular BusinessObjects Enterprise view or schedule requests before they are processed by the system. • To obtain single sign-on functionality over the Web. the system must use Microsoft components only. Through its support for processing extensions. For information on AD single sign-on. Design your own web applications accordingly (or modify InfoView) if you want to use AD single sign-on. and the web server must be running Internet Information Server (IIS). Specifically. Developers can then append selection formulas to the request before the report is processed. or Report Application Server).BusinessObjects Enterprise Security Concepts Security management components 11 the security context for the user from the authentication provider. see “Setting up AD single sign-on” on page 282.

processing extensions can be applied only to Crystal report (. a trust relationship between two domains is generally a connection that allows one domain accurately to recognize users who have been authenticated by the other domain. see the Business Views Administrator's Guide. The CMC provides methods for registering your processing extensions with BusinessObjects Enterprise and for applying processing extensions to particular object. 242 BusinessObjects Enterprise Administrator’s Guide . the active trust relationship works similarly to provide each user with seamless access to resources across the system. Once the user has been authenticated and granted an active session. As such. For more information. Included in the SDK is a fully documented API that developers can use to write processing extensions. the active trust relationship allows users to access their BusinessObjects Enterprise resources without ever having to explicitly provide credentials to BusinessObjects Enterprise. By enabling processing extensions. you can also set and enforce rowlevel security through the use of Business Views. Tip: When combined with single sign-on functionality. The code then generates and appends a record selection formula to the report in order to limit the data returned from the database. see “Applying processing extensions to reports” on page 443. the active trust relationship provides the basis for BusinessObjects Enterprise’s distributed security. all other BusinessObjects Enterprise components can process the user’s requests and actions without prompting for credentials. Note: In the current release. In this case.rpt) objects. see the developer documentation available on your product CD. you configure the appropriate BusinessObjects Enterprise server components to dynamically load your processing extensions at runtime. the trust relationship allows users to access resources in multiple domains without repeatedly having to provide their credentials. While maintaining security.11 BusinessObjects Enterprise Security Concepts Active trust relationship then it looks up the user’s data-access privileges in a third-party system. For more information. Active trust relationship In a networked environment. Within the BusinessObjects Enterprise environment. Tip: In BusinessObjects Enterprise XI. the processing extension serves as a way to incorporate customized row-level security into the BusinessObjects Enterprise environment. For details.

other BusinessObjects Enterprise components can read the logon token from the user’s web browser. Both attributes hinder malicious users from gaining unauthorized access to BusinessObjects Enterprise with logon tokens retrieved from legitimate users. to support features such as load balancing. BusinessObjects Enterprise addresses distributed security by implementing a ticket mechanism (one that is similar to the Kerberos ticket mechanism). Logon tokens A logon token is an encoded string that defines its own usage attributes and contains a user’s session information. such as Kerberos or SiteMinder. the active trust relationship allows users to access BusinessObjects Enterprise and other network resources without ever having to explicitly provide credentials to the system. This use of the logon token provides the distributed security that is required for load balancing to be implemented in conjunction with effective fault-protection. An enterprise system may require distributed security. The CMS grants tickets that authorize components to perform actions on behalf of a particular user. BusinessObjects Enterprise Administrator’s Guide 243 . the ticket is referred to as the logon token. The current logon token usage attributes are: • • Number of minutes This attribute restricts the lifetime of the logon token. or transfer of trust (the ability to allow another component to act on behalf of the user). stateless environments. he or she receives a logon token from the CMS. This logon token is most commonly used over the Web. These attributes allow restrictions to be placed upon the logon token to reduce the chance of the logon token being used by malicious users. The logon token’s usage attributes are specified when the logon token is generated. The user’s web browser caches this logon token. for instance. When a user is first authenticated by BusinessObjects Enterprise. Number of logons This attribute restricts the number of times that the logon token can be used to log on to BusinessObjects Enterprise. In BusinessObjects Enterprise. Ticket mechanism for distributed security Enterprise systems dedicated to serving a large number of users typically require some form of distributed security.BusinessObjects Enterprise Security Concepts Active trust relationship 11 When single sign-on functionality is combined third party ticket mechanisms. When the user makes a new request.

In this scenario. active session without prompting the user for his or her credentials. the user is prevented from unnecessarily consuming resources on both Web Component Adapters. The client application logs the user on with the valid logon token.11 BusinessObjects Enterprise Security Concepts Sessions and session tracking The user’s active identity is stored as a session variable on the WCA that processed the request. The BusinessObjects Enterprise logon token is an example of this method. In this way. your web browser retains the state of each session in memory only for as long as any single Web page is displayed. the nature of HTTP limits the duration of each session to a single page of information. and the remaining WCA can authenticate the user and create a new. in addition. BusinessObjects Enterprise uses two common methods to store session state: • Cookies—A cookie is a small text file that stores session state on the client side: the user’s web browser caches the cookie for later use. thus. Consequently. a session is a client-server connection that enables the exchange of information between the two computers. its configuration. the state of the first session is discarded and replaced with the state of the next session. If the WCA that is storing the user’s active session is taken offline. The remaining WCA can then authorize and carry out the user’s request. the system automatically resumes its load balancing responsibilities by routing each subsequent request to the least used WCA. when the original WCA is brought back online. If one WCA ceases to respond to a user’s requests. the user’s active identity is not immediately accessible by the other WCA. the logon token again serves a critical purpose. consequently. A session’s state is a set of data that describes the session’s attributes. but the system does not have to repeatedly prompt the user for his or her credentials. For this reason. Web sites and Web applications must somehow store the state of one session if they need to reuse its information in another. When you establish a client-server connection over the Web. InfoView and the CMC are designed such that the request is redirected to the remaining WCA. the logon token enables the system’s load-balancing and fault-tolerance mechanisms to maintain a secure environment without affecting the user’s experience. security is maintained while providing optimal performance: the user’s identity is verified. By doing so. 244 BusinessObjects Enterprise Administrator’s Guide . or its content. the user’s logon token is used to route all of the user’s requests to the WCA that is storing the user’s session. Sessions and session tracking In general. As soon as you move from one web page to another.

Note: If you are familiar with the SDK. By default. information such as the user’s authentication type is stored in a session variable.aspx pages to timeout earlier if the default of 20 minutes is not desired. CMS session tracking The CMS implements a simple tracking algorithm. If the WCA session fails to communicate with the CMS for a ten-minute time period. BusinessObjects Enterprise Administrator’s Guide 245 . The server-side script pages (Crystal Server Pages) programmatically save variables to the WCA session. the WCA retains the session until the user explicitly logs off. Ideally. And. it can be difficult to know when users leave the system. When a user logs on. because the interaction between a web browser and a web server can be stateless. When BusinessObjects Enterprise grants a user an active identity on the system. to ensure security and to minimize resource usage. or until the WCA session variable is released. However. he or she is granted a CMS session. WCA session tracking The WCA implements session tracking similarly to most web servers. Note: • • If you are familiar with the SDK. or until 20 minutes after the user’s last request (whichever occurs first).BusinessObjects Enterprise Security Concepts Sessions and session tracking 11 • Session variables—A session variable is a portion of memory that stores session state on the server side. you should note that a WCA session is an instance of an InfoStore object. This handles scenarios where client-side components shut down irregularly. the CMS destroys the CMS session. you should note that a CMS session is an instance of an EnterpriseSession object. BusinessObjects Enterprise implements session tracking. The WCA session timeout can be programmatically configured in the server-side . The WCA session is designed to notify the CMS on a recurring basis that it is still active. So long as the session is maintained. To address this issue. the system should destroy the session variable as soon as the user has finished working on the system. which the CMS preserves until the user logs off. so the CMS session is retained so long as the WCA session exists. the system should preserve the session variable while the user is active on the system. the system neither has to prompt the user for the information a second time nor has to repeat any task that is necessary for the completion of the next request. if they do not log off explicitly.

some degree of security is usually required. Supported environments can involve multiple firewalls. For details on securing client connections. or application servers. they operate in an environment that can be difficult to secure. Ensuring that only valid users retrieve information from the web server. For complete details on BusinessObjects Enterprise and firewall interaction. Although the Internet and web-based systems are increasingly popular due to their flexibility and range of functionality. and it supports a multitude of configurations. environment protection is divided into two areas of communication: • • Web browser to web server Web server to BusinessObjects Enterprise Web browser to web server When sensitive data is transmitted between the web browser and the web server. see “Working with Firewalls” on page 181. 246 BusinessObjects Enterprise Administrator’s Guide . and other such mechanisms. Relevant security measures usually involve two general tasks: • • Ensuring that the communication of data is secure.11 BusinessObjects Enterprise Security Concepts Environment protection Environment protection Environment protection refers to the security of the overall environment in which client and server components communicate. web servers. Web server to BusinessObjects Enterprise Firewalls are commonly used to secure the area of communication between the web server and the rest of the corporate intranet (including BusinessObjects Enterprise). refer to your web server documentation. Windows NT Challenge/Response authentication. or SOCKS proxy servers. These tasks are typically handled by web servers through various security mechanisms. You must secure communication between the web browser and the web server independently of BusinessObjects Enterprise. When you deploy BusinessObjects Enterprise. including the Secure Sockets Layer (SSL) protocol. BusinessObjects Enterprise supports firewalls that use IP filtering or static network address translation (NAT).

IP address. lower case letters. numbers. or punctuation. there is often at least one location that is vulnerable to attack: the location where users connect to the system. you decrease a malicious user’s chances of simply guessing a valid user’s password. The various restrictions listed below apply only to Enterprise accounts—that is. because the process of simply guessing a valid user name and password remains a viable way to attempt to “crack” the system. You can enable the following options: • Enforce mixed-case passwords This option ensures that passwords contain at least two of the following character classes: upper case letters. date. Generally. however. port number.BusinessObjects Enterprise Security Concepts Auditing web activity 11 Auditing web activity BusinessObjects Enterprise provides insight into your system by recording web activity and allowing you to inspect and to monitor the details. • Must contain at least N characters By enforcing a minimum complexity for passwords. BusinessObjects Enterprise implements several techniques to reduce the probability of a malicious user achieving access to the system. so you can easily report off the data or import it into other applications. and so on—that you want to record. LDAP. It is nearly impossible to protect this location completely. BusinessObjects Enterprise Administrator’s Guide 247 . Protection against malicious logon attempts No matter how secure a system is. The WCA allows you to select the web attributes—such as time. the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT. The auditing data is logged to disk and stored in comma-delimited text files. or Windows AD). your external system will enable you to place similar restrictions on the external accounts. Password restrictions Password restrictions ensure that Enterprise users create passwords that are relatively complex.

when users connect to BusinessObjects Enterprise without specifying a user name and password.0 second) between logon attempts. To prevent dictionary attacks. they are valid only for a limited time. the system logs them on automatically under the Guest account. Thus.11 BusinessObjects Enterprise Security Concepts Protection against malicious logon attempts Logon restrictions Logon restrictions serve primarily to prevent dictionary attacks (a method whereby a malicious user obtains a valid user name and attempts to learn the corresponding password by trying every word in a dictionary). For details. even if a malicious user does guess or otherwise obtain another user’s credentials. In addition. you disable this default behavior. any malicious user attempting a dictionary attack will have to recommence every time passwords change. If you assign a secure password to the Guest account. or if you disable the Guest account entirely. because password changes are based on each user’s first logon time. see “Disabling the Guest account” on page 44. Additionally. BusinessObjects Enterprise provides several customizable options that you can use to reduce the risk of a dictionary attack: • • • Disable accounts after N failed attempts to log on Reset failed logon count after N minute(s) Re-enable account after N minute(s) User restrictions User restrictions ensure that Enterprise users create new passwords on a regular basis. malicious programs can guess millions of passwords per minute. Guest account restrictions The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account. BusinessObjects Enterprise has an internal mechanism that enforces a time delay (0. Firstly. the malicious user cannot easily determine when any particular password will change. You can enable the following options: • • • Must change password every N day(s) Cannot reuse the N most recent password(s) Must wait N minute(s) to change password These options are useful in a number of ways. And. With the speed of modern hardware. 248 BusinessObjects Enterprise Administrator’s Guide .5–1.

Managing User Accounts and Groups chapter .

12

Managing User Accounts and Groups What is account management?

What is account management?
Account management can be thought of as all of the tasks related to creating, mapping, changing, and organizing user and group information. The Users and Groups management areas of the Central Management Console (CMC) provide you with a central place to perform all of these tasks. In the Users area, you can specify everything required for a user to access BusinessObjects Enterprise. To create user accounts, specify the following:

• • • • • • •

Account name (required) Full name Email Description Password settings Connection type Group membership

In the Groups area, you can create groups that give a number of people access to the report or folder. This enables you to make changes in one place instead of modifying each user account individually. To create groups, specify the following:

• • • • •

Group name (required) Description Users who belong to the group Subgroups that belong to the group Group membership

After the user accounts and groups have been created, you can add report objects and specify rights to them. When the users log on, they can view the reports using InfoView or their custom web application. For more information on objects and rights, see “Controlling users’ access to objects” on page 317.

Default users and groups
This section lists and describes the different types of default users and groups that are found within BusinessObjects Enterprise.

Default users
For procedures on managing users, see “Managing Enterprise and general accounts” on page 253.

250

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Default users and groups

12

Administrator
The Administrator user belongs to the Administrators and Everyone groups. This user can perform all tasks in all BusinessObjects Enterprise applications (for example, the Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator is not assigned a password. For security reasons, it is highly recommended that you create a password for the Administrator user as soon as possible. See “Setting the Administrator password” on page 44. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

Guest
The Guest user is a member of the Everyone group. This user can view reports that are found within the Report Samples folder. Generally, the Guest user accesses reports through InfoView. This account is enabled by default. To disable this default setting, see “Disabling the Guest account” on page 261. By default, the Guest user is not assigned a password. If you assign it a password, the single sign-on to InfoView will be broken. Note: If users in multiple time zones use the Guest account, see “Supporting users in multiple time zones” on page 527.

Default groups
In addition to organizing users and simplifying administration, groups enable you to determine the functionality a user has access to. In BusinessObjects Enterprise, the following default groups are created. For procedures on managing groups, see “Managing Enterprise and general accounts” on page 253.

Administrators
Users who belong to the Administrators group are able to perform all tasks in all of the BusinessObjects Enterprise applications (Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator group contains only the Administrator user. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

BusinessObjects Enterprise Administrator’s Guide

251

12

Managing User Accounts and Groups Available authentication types

BusinessObjects NT Users
When you install BusinessObjects Enterprise on Windows, BusinessObjects Enterprise creates a BusinessObjects NT Users group. This group is also added to Windows on the local machine and the user who installed BusinessObjects Enterprise is automatically added to this group. When NT authentication is enabled, BusinessObjects NT Users can use their NT accounts to log on to BusinessObjects Enterprise. By default, members of this group are able to view folders and reports.

Everyone
Each user is a member of the Everyone group. By default, the Everyone group allows access to all the reports that are found in the Report Samples folder.

Universe Designer Users
Users who belong to this group are granted access to the Universe Designer folder and the Connections folder. They can control who has access rights to the Designer application. You must add users to this group as needed. By default, no user belongs to this group.

Available authentication types
Before setting up user accounts and groups within BusinessObjects Enterprise, decide which type of authentication you want to use:

Enterprise authentication Use the system default Enterprise Authentication if you prefer to create distinct accounts and groups for use with BusinessObjects Enterprise, or if you have not already set up a hierarchy of users and groups in a Windows NT user database, an LDAP directory server, or a Windows AD server. See “Managing Enterprise and general accounts” on page 253.

Windows NT authentication If you are working in a Windows NT environment, you can use existing NT user accounts and groups in BusinessObjects Enterprise. When you map NT accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their NT user name and password. This can reduce the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing NT accounts” on page 284.

252

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

LDAP authentication If you set up an LDAP directory server, you can use existing LDAP user accounts and groups in BusinessObjects Enterprise. When you map LDAP accounts to BusinessObjects Enterprise, users are able to access BusinessObjects Enterprise applications with their LDAP user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing LDAP accounts” on page 262.

Windows AD authentication If you are working in a Windows 2000 environment, you can use existing AD user accounts and groups in BusinessObjects Enterprise. When you map AD accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their AD user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing AD accounts” on page 275.

Note: You can use Enterprise Authentication in conjunction with either NT, LDAP, or AD authentication, or with all of the three authentication plug-ins.

Managing Enterprise and general accounts
Since Enterprise authentication is the default authentication method for BusinessObjects Enterprise, it is automatically enabled when you first install the system. When you add and manage users and groups, BusinessObjects Enterprise maintains the user and group information within its database. This section focuses on the following account management tasks:

• • • • • • • • • •

“Creating an Enterprise user account” on page 254 “Modifying a user account” on page 256 “Deleting a user account” on page 256 “Changing password settings” on page 257 “Creating a group” on page 258 “Modifying a group” on page 260 “Viewing group members” on page 261 “Deleting a group” on page 261 “Disabling the Guest account” on page 261 “Granting access to users and groups” on page 262

BusinessObjects Enterprise Administrator’s Guide

253

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Note: In many cases, these procedures also apply to NT, LDAP, and AD account management. For specific information on NT authentication, see “Managing NT accounts” on page 284. For specific information on LDAP authentication, see “Managing LDAP accounts” on page 262. For specific information on AD authentication, see “Managing AD accounts” on page 275.

Creating an Enterprise user account
When you create a new user, you specify the user’s properties and select the group or groups for the user. For information on setting rights for the user, see “Granting access to users and groups” on page 262. 1. 2. 3. 4. To create a user account Go to the Users management area of the CMC. Click New User. Select the Enterprise authentication type. Type the account name, full name, email, and description information. Use the description area to include extra information about the user or account. 5. Specify the password information and settings. Options include:

• • •

Password Enter the password and confirm. This is the initial password that you assign to the user. The maximum password length is 64 characters. Password never expires Select the check box. User must change password at next logon This check box is selected by default. If you do not want to force users to change the password the first time they log on, clear the check box.


6.

User cannot change password Select the check box.

Select the connection type.

Concurrent User Choose Concurrent user if this user belongs to a license agreement that states the number of users allowed to be connected at one time.

254

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Named User Choose Named user if this user belongs to a license agreement that associates a specific user with a license. Named user licenses are useful for people who require access to BusinessObjects Enterprise regardless of the number of other people who are currently connected.

7.

Click OK. The user is added to the system and is automatically added to the Everyone group. You can now add the user to a group or specify rights for the user. See “Adding a user to groups” on page 255, Chapter 13: Controlling User Access. An inbox is also automatically created for the user. The user is also automatically assigned an Enterprise alias, for example, secEnterprise:bsmith. For more information, see “Managing aliases” on page 294.

Adding a user to groups
Use the following procedure to add a user to one or more groups directly from the user page. Note: You can also add users to a group from the group page. See “Adding users to a group” on page 259. 1. 2. 3. To add a user to a group Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Click the Member of tab to specify the group or groups the user should belong to. Note: All BusinessObjects Enterprise users of the system are part of the Everyone group. 4. 5. Click the Member of button to view the available groups. In the Available groups area, select the group(s) that the new user should be a member of. Use SHIFT+click or CTRL+click to select multiple groups. 6. 7. Click the > arrow to add the group(s); click the < arrow to remove the group(s). Click OK. The “Member of” tab appears and lists the groups in which the user is a member.

BusinessObjects Enterprise Administrator’s Guide

255

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Modifying a user account
Use this procedure to modify a user’s properties or group membership. Note: The user will be affected if he or she is logged on when you are making the change. 1. 2. 3. To modify a user account Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Make the required changes, as necessary, in the available fields. In addition to all of the options that were available when you initially created the account, you now can disable the account by selecting the “Account is disabled” check box. You can also assign aliases. For more information, see “Managing aliases” on page 294. 4. Click Update.

Deleting a user account
Use this procedure to delete a user’s account. The user might receive an error if they are logged on when their account is deleted. When you delete a user account, the Favorites folder, personal categories, and inbox for that user are deleted as well. If you think the user might require access to the account again in the future, select the “Account is disabled” check box in the Properties page of the selected user, instead of deleting the account. See “Modifying a user account” on page 256. Note: Deleting a user account won’t necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. If the user account also exists in a third-party system, and if the account belongs to a third-party group that is mapped to BusinessObjects Enterprise, the user may still be able to log on. For details, see “Deleting an alias” on page 297 and “Disabling an aliases” on page 298.

256

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

1. 2. 3. 4.

To delete a user account Go to the Users management area of the CMC. Select the check box associated with the user you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK. The user account is deleted.

Changing password settings
Within the Central Management Console, you can change the password settings for a specific user or for all users in the system. For information, see “Protection against malicious logon attempts” on page 247. The various restrictions listed below apply only to Enterprise accounts—that is, the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT, LDAP, or Windows AD). Generally, however, your external system will enable you to place similar restrictions on the external accounts. 1. 2. 3. To change user password settings Go to the Users management area of the CMC. Click the user whose password settings you want to change. The Properties tab appears. Select or clear the check box associated with the password setting you wish to change. The available options are:

• • •
4. 1. 2. 3.

Password never expires User must change password at next logon User cannot change password

Click Update. To change password settings Go to the Authentication management area of the CMC. Click the Enterprise tab. Select the check box and enter the value related to the password setting.

BusinessObjects Enterprise Administrator’s Guide

257

12

Managing User Accounts and Groups Managing Enterprise and general accounts

The table below identifies the minimum and maximum values for each of the settings you can configure: Recommended Maximum 100 days 100 passwords 100 minutes 100 failed 100 minutes 100 minutes

Password Setting Must contain at least N characters Must change password every N days Must wait N minutes to change password Disable account after N failed attempts to log on Reset failed logon count after N minutes Re-enable account after N minutes 4. Click Update.

Minimum 1 day 0 minutes 1 failed 1 minute 0 minutes

0 characters 64 characters

Cannot reuse the N most recent passwords 1 password

Creating a group
Groups are collections of users who share the same account privileges. For instance, you may create groups that are based on department, role, or location. Groups enable you to change the rights for users in one place (a group) instead of modifying the rights for each user account individually. Also, you can assign object rights to a group or groups. For information on object rights, see “Managing objects overview” on page 416. For information on granting users and groups administrative rights to other groups, see “Granting access to users and groups” on page 262. After creating a new group, you can add users, add subgroups, or specify group membership so that the new group is actually a subgroup. Because subgroups provide you with additional levels of organization, they are useful when you set object rights to control users’ access to your BusinessObjects Enterprise content. 1. 2. 3. 4. To create a new group Go to the Groups management area of the CMC. Click New Group. On the Properties tab, enter the group name and description. Click OK.

258

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Adding users to a group
Use the following procedure to add users to a group, directly from the group page. Note: You can also add a user to groups from the user page. See “Adding a user to groups” on page 255. 1. 2. 3. 4. To add users to a group In the Groups management area of the CMC, click the link for the group. Click the Users tab. Click Add Users. Select the users to add to the group; then click the > arrow. Tip:

• • •
5.

To select multiple users, use the SHIFT+click or CTRL+click combination. To search for a specific user, use the Look For field. If there are many users on your system, click the Previous and Next buttons to navigate through the list of users.

Click OK. The Users tab appears. It lists all of the users who belong to this group.

Adding subgroups
You can add an existing group as a subgroup to another group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. 5. To add subgroups In the Groups management area of the CMC, click the link for the group. Click the Subgroups tab. Click Add/Remove Subgroups. Select the groups that should be members of this new group; then click the > arrow. Click OK.

BusinessObjects Enterprise Administrator’s Guide

259

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Specifying group membership
You can make a group a member of another group. The group that becomes a member is referred to as a subgroup. The group that you add the subgroup to is the parent group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. To make a group a member of another group In the Groups management area of the CMC, click the link for the group. Click the Member of tab. Click the Member of button. Select the parent groups that this new group will be a member of; then click the > arrow. Any rights associated with the parent group will be inherited by the new group you have created. 5. Click OK.

Modifying a group
You can modify a group by making changes to any of the settings. Note: The users who belong to the group will be affected by the modification if they are logged on when you are making changes. 1. 2. 3. To modify a group In the Groups management area of the CMC, click the link for the group. Under the Group Name column, click the link to the group whose configuration you want to change. Make the necessary changes in one of the four tabs:

• • • •
4.

Properties Users Subgroups Member of

Depending on which tab you have selected, click OK or Update after you have made your changes.

260

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Viewing group members
You can use this procedure to view the users who belong to a specific group. 1. 2. 3. To view group members In the Groups management area of the CMC, click the link for the group. Click Users. Click Refresh. Note: It may take a few minutes for your list to refresh if you have a large number of users in the group or if your group is mapped to an NT user database, LDAP user directory, or AD user directory.

Deleting a group
You can delete a group when that group is no longer required. You cannot delete the default groups Administrator and Everyone. Note: The users who belong to the deleted group will be affected by the change if they are logged on when the group is deleted. To delete a third-party authentication groups, such as the BusinessObjects NT Users group, use the Authentication management area in CMC. See “Unmapping LDAP groups” on page 272, “Unmapping AD groups” on page 280, and “Mapping NT accounts” on page 284. 1. 2. 3. 4. To delete a group Go to the Groups management area of the CMC. Select the check box associated with the group you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK.

Disabling the Guest account
By disabling the Guest account, you ensure that no one can log on to BusinessObjects Enterprise with this account. By disabling the Guest account, you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise, so users will be unable to access InfoView without providing a valid user name and password.

BusinessObjects Enterprise Administrator’s Guide

261

12

Managing User Accounts and Groups Managing LDAP accounts

1. 2. 3. 4. 5.

To disable the Guest account Go to the Users management area of the CMC. In the Account Name column, click Guest. On the Properties tab, select the Account is disabled check box. Click Update. If you are prompted for confirmation, click OK.

Granting access to users and groups
You can grant users and groups administrative access to other users and groups. Administrative rights include: viewing, editing, and deleting objects; viewing and deleting object instances; and pausing object instances. For example, for troubleshooting and system maintenance, you may want to grant your IT department access to edit and delete objects. For more information about granting rights to users and groups, see “Controlling access to users and groups” on page 352.

Managing LDAP accounts
To use LDAP authentication, you need to first ensure that you have your respective LDAP directory set up. For more information about LDAP, refer to your LDAP documentation. For more information on the LDAP security plugin, see “LDAP security plug-in” on page 238. Note: When you install BusinessObjects Enterprise, the LDAP authentication plug-in is installed automatically, but not enabled by default. This section describes tasks related to LDAP accounts in BusinessObjects Enterprise. In particular, it includes information on:

• • • • • • •

“Configuring LDAP authentication” on page 263 “Mapping LDAP groups” on page 269 “Unmapping LDAP groups” on page 272 “Viewing mapped LDAP users and groups” on page 272 “Changing LDAP connection parameters and member groups” on page 272 “Managing multiple LDAP hosts” on page 273 “Troubleshooting LDAP accounts” on page 274

262

BusinessObjects Enterprise Administrator’s Guide

Repeat this step to add more than one LDAP host of the same server type if you want to add hosts that can act as failover servers. Type your LDAP host and port information in the Add LDAP host (hostname:port) field (for example.Managing User Accounts and Groups Managing LDAP accounts 12 Configuring LDAP authentication To simplify administration. Click Next. “Configuring the Secure Socket Layer authentication for LDAP” on page 264. then click Add. 3. BusinessObjects Enterprise supports LDAP authentication for user and group accounts. “myserver:123”). The LDAP Configuration Wizard will lead you through the setup of LDAP authentication. When you map an LDAP account. Configuring LDAP authentication includes the following main steps: • • • • “Configuring the LDAP host” on page 263. refer to “Managing multiple LDAP hosts” on page 273. you need to map their LDAP account to BusinessObjects Enterprise. “Configuring LDAP single sign-on with SiteMinder” on page 267. Before setting up and enabling LDAP authentication. ensure that you have your LDAP directory set up. For more information on multiple hosts. If you want to remove a host. 5. To configure the LDAP host Go to the Authentication management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 263 . step by step. Select your server type from the LDAP Server Type list. Before users can use their LDAP user name and password to log on to BusinessObjects Enterprise. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. By default. The first screen of the wizard asks for information about your LDAP host. Configuring the LDAP host 1. For more information. each supported server type’s server attribute mappings and search attributes are already set. and then click “Start LDAP Configuration Wizard”. refer to your LDAP documentation. 4. Click the LDAP tab. highlight the host name and click Delete. “Configuring LDAP mapping options” on page 267. 2. Click Show Attribute Mappings if you want to view or change any of the LDAP Server Attribute Mappings or the LDAP Default Search Attributes.

If your LDAP Server allows anonymous binding.businessobjects. The host being referred to has been configured to not allow anonymous binding. type the distinguished name (for example. refer to http:// www. 7. 12. Click Next. Enter the credentials required by the LDAP hosts.12 Managing User Accounts and Groups Managing LDAP accounts 6. 8. no referrals will be followed.techsupport. Proceed with configuring the Secure Socket Layer. • Enter another distinguished name and password in the “LDAP Referral Credentials” area if all of the following apply: • • • The primary host has been configured to refer to another directory server that handles queries for entries under a specified base. 10. type the distinguished name and password for a user account that is authorized to administer your LDAP server. leave this area blank—BusinessObjects Enterprise servers and clients will bind to the primary host via anonymous logon. 264 BusinessObjects Enterprise Administrator’s Guide . For additional information or for information on configuring the LDAP host server. Therefore if you have multiple referral hosts. Click Next. Click Next. If this field is set to zero. Enter the number of referral hops in the Maximum Referral Hops field. you must create a user account on each host that uses the same distinguished name and password. In the Base LDAP Distinguished Name field. 11.com or your LDAP vendor documentation. 9. Although groups can be mapped from multiple hosts. A group from the host being referred to will be mapped to BusinessObjects Enterprise. only one set of referral credentials can be set. o=SomeBase). • In the “LDAP Server Administration Credentials” area. Configuring the Secure Socket Layer authentication for LDAP Note: This section describes the CMC related information for configuring SSL for LDAP only.

it must receive a security certificate from the LDAP host. BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database. Click Next until the screen of the wizard asks for the Secure Socket Layer authentication information. • Accept server certificate if it comes from a trusted Certificate Authority This is a medium security option. and then click Start LDAP Configuration Wizard. go to the Authentication management area of the CMC again. if you entered the LDAP host name as ABALONE. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). Server Authentication. It must also be able to confirm that the CN attribute on the server certificate exactly matches the host name of the LDAP host as you typed it in the “Add LDAP host” field in the first step of the wizard. BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database. To verify the certificate. To configure the Secure Socket Layer authentication If necessary.net:389. • Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server This is the highest security option. regardless of the setting you choose. That is. To verify the certificate. or Mutual Authentication) your LDAP hosts uses to establish a connection with BusinessObjects Enterprise. If you selected Server Authentication or Mutual Authentication.Managing User Accounts and Groups Managing LDAP accounts 12 1.rd. Click Next. Click the LDAP tab. BusinessObjects Enterprise does not verify the certificate it receives. it must receive and verify a security certificate sent to it by the LDAP host. Tip: Java applications (such as the Java version of InfoView) always use this option. choose one of the following options: 2. using CN =ABALONE:389 in the certificate would not work. Otherwise. skip to step 2. BusinessObjects Enterprise Administrator’s Guide 265 . • Always accept server certificate This is the lowest security option. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). 3. Select the type of SSL authentication (Basic (no SSL). it must receive and verify a security certificate sent to it by the LDAP host.crystald.

Now configure the SSL settings for each SSL host in the list.12 Managing User Accounts and Groups Managing LDAP accounts Tip: The host name on the server security certificate is the name of the primary LDAP host. Then type your values for the path to the certificate and key database files. Type a nickname for the client certificate in the cert7. starting with the default host. the password for the key database. select its name in the list on the left. and then click Add. To select settings for another host. 4.) Type the host name of each machine in the SSL Host box.db if you selected mutual authentication. The settings for the default host are used: • • • for any setting (for any host) where you leave the “Use default value” box checked. Therefore if you select this option you cannot use a failover LDAP host. for any machine whose name you do not explicitly add to the list of SSL hosts. you must next add the host name of each machine in your BusinessObjects Enterprise system that uses the BusinessObjects Enterprise SDK. Then type the appropriate values in the boxes on the right. 5. In the SSL host box. 266 BusinessObjects Enterprise Administrator’s Guide . first clear the Use default value boxes. • To select settings for the default host. (This includes the machine running your Central Management Server and the machine running your WCA.

and then click Add. Enter the shared secret again. refer to the SiteMinder documentation. Proceed with configuring the LDAP options. In order to use SiteMinder.Managing User Accounts and Groups Managing LDAP accounts 12 6. Click Next until the screen of the wizard asks you to map the LDAP users to BusinessObjects Enterprise users. Click Next until the screen of the wizard asks for the LDAP single sign-on authentication. For each Policy Server Host. In the Policy Server Host box. Proceed with configuring LDAP for single sign-on. specify the Accounting. If you selected SiteMinder. Click the LDAP tab. Click the LDAP tab. Authentication and Authorization port numbers. To configure LDAP mapping options If necessary. go to the Authentication management area of the CMC again. 7. Enter the name of the Web Agent and the Shared Secret. you need to configure the single sign-on authentication for the LDAP plug-in. 2. Otherwise. Select the type of single sign-on authentication (Basic (no SSO) or SiteMinder). 4. skip to step 2. To configure LDAP for single sign-on with SiteMinder If necessary. 1. 6. configure the SiteMinder hosts: 2. Click Next. 3. and then click Start LDAP Configuration Wizard. Click Next. Otherwise. type the name of each Policy Server. skip to step 2. The next screen of the wizard controls how BusinessObjects Enterprise maps LDAP users to BusinessObjects Enterprise users. Configuring LDAP mapping options 1. go to the Authentication management area of the CMC again. BusinessObjects Enterprise Administrator’s Guide 267 . • • • 5. Click Next. Configuring LDAP single sign-on with SiteMinder SiteMinder is a third-party user access and authentication tool that you can use with the LDAP security plug-in to create single sign-on to BusinessObjects Enterprise. and then click Start LDAP Configuration Wizard. For more information about SiteMinder and how to install it.

or for all users if you selected the “Create a new account for every added LDAP alias” option. New LDAP accounts are added for users without BusinessObjects Enterprise accounts. LDAP aliases will be assigned to existing users (auto alias creation is turned on). Instead. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. 268 BusinessObjects Enterprise Administrator’s Guide .12 Managing User Accounts and Groups Managing LDAP accounts New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. Users who do not have an existing Enterprise account. but only a few of them will use BusinessObjects Enterprise. or who do not have the same name in their Enterprise and LDAP account. it creates aliases (and accounts. are added as new LDAP users. if required) only for users who log on to BusinessObjects Enterprise. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users. 3. Update Options allow you to specify if LDAP aliases are automatically created for all new users. that is. or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user.

3. This provides named users with access to the system regardless of how many other people are connected.Managing User Accounts and Groups Managing LDAP accounts 12 4. To map LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. you can map LDAP groups to Enterprise groups. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. Select either: • New users are created as named users New user accounts are configured to use named user licenses. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. depending on how often and how long users access BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 269 . If LDAP authorization is configured. specify your LDAP group (either by common name or distinguished name) in the Add LDAP group (by cn or dn) field. 5. Mapping LDAP groups Once you have configured LDAP authentication using the LDAP configuration wizard. You must have a named user license available for each user account created using this option. a 100 user concurrent license could support 250. See “Configuring LDAP authentication” on page 263. 2. The LDAP Server Summary page appears. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. 500. click Add. Click Finish to save your LDAP settings. In the “Mapped LDAP Member Groups” area. 1. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. For example. This type of licensing is very flexible because a small concurrent license can support a large user base. Click the LDAP tab. or 700 users. the LDAP summary page appears.

that is. LDAP aliases will be assigned to existing users (auto alias creation is turned on). Users who do not have an existing Enterprise account. 4.12 Managing User Accounts and Groups Managing LDAP accounts You can add more than one LDAP group by repeating this step. New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts. highlight the LDAP group and click Delete. are added as new LDAP users. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. or who do not have the same name in their Enterprise and LDAP account. 270 BusinessObjects Enterprise Administrator’s Guide . To remove a group.

but only a few of them will use BusinessObjects Enterprise. New LDAP accounts are added for users without BusinessObjects Enterprise accounts. if required) only for users who log on to BusinessObjects Enterprise. Instead. 6. For example. This type of licensing is very flexible because a small concurrent license can support a large user base. or for all users if you selected the “Create a new account for every added LDAP alias” option. Click Update. it creates aliases (and accounts. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. 500. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. depending on how often and how long users access BusinessObjects Enterprise. This provides named users with access to the system regardless of how many other people are connected.Managing User Accounts and Groups Managing LDAP accounts 12 or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user. 5. a 100 user concurrent license could support 250. BusinessObjects Enterprise Administrator’s Guide 271 . 7. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. You must have a named user license available for each user account created using this option. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. Update Options allow you to specify if LDAP aliases are automatically created for all new users. Select either: • New users are created as named users New user accounts are configured to use named user licenses. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. or 700 users.

select the LDAP group you would like to remove. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. Tip: To deny LDAP Authentication for all groups. 1. clear the “LDAP Authentication is enabled” check box and click Update. it is possible to unmap groups using BusinessObjects Enterprise. For more information. 272 BusinessObjects Enterprise Administrator’s Guide . For information on configuring LDAP authentication using the LDAP configuration wizard. Click Delete. 2. 5. If LDAP authorization is configured. If LDAP authorization is configured. see “Configuring LDAP authentication” on page 263. 4. disable or delete the user’s Enterprise account. Click Update. Click the LDAP tab. To restrict access. To unmap LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. To change connection settings Go to the Authentication management area of the CMC. Changing LDAP connection parameters and member groups After you have configured LDAP authentication using the LDAP configuration wizard. 3. the Mapped LDAP Member Groups area displays the LDAP groups that have been mapped to BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing LDAP accounts Unmapping LDAP groups Similar to mapping. you can change LDAP connection parameters and member groups using the LDAP Server Configuration Summary Page. Viewing mapped LDAP users and groups You can view your LDAP mapped groups in BusinessObjects Enterprise by clicking the LDAP tab (located in the Authentication management area). The users in this group will not be able to access BusinessObjects Enterprise. In the “Mapped LDAP Member Groups” area. see “Managing Enterprise and general accounts” on page 253. the LDAP summary page will appear. 1.

followed by the remaining failover hosts. Managing multiple LDAP hosts Using LDAP and BusinessObjects Enterprise. In the LDAP Server Configuration Summary area. Click the LDAP tab. Change your Alias and New User options.Managing User Accounts and Groups Managing LDAP accounts 12 2. Subsequent hosts are treated as failover hosts. Click Update. 5. BusinessObjects Enterprise uses the first host that you add as the primary LDAP host. On this page you can change any of the connection parameter areas or fields. Delete currently mapped groups that will no longer be accessible under the new connection settings.) Or if you have already configured LDAP. Click Update. Click Update. You can also modify the Mapped LDAP Member Groups area. go to the Authentication management area of the Central Management Console and click the LDAP tab. click the name of the LDAP host to open the page that enables you to add or delete hosts. 7. For more information about LDAP hosts and referrals. 6. Change your connection settings. and each LDAP host must refer to all additional hosts from which you wish to map groups. If LDAP authorization is configured. To add multiple LDAP Hosts. 10. 4. enter all hosts when you configure LDAP using the LDAP configuration wizard (see “Configuring LDAP authentication” on page 263 for details. so ensure that you add the primary host first. Note: • The order in which the hosts are communicated with matters. the LDAP Server Configuration Summary page appears. 9. 3. The primary LDAP host and all failover hosts must be configured in exactly the same way. Map your new LDAP member groups. you can add fault tolerance to your system by adding multiple LDAP hosts. BusinessObjects Enterprise Administrator’s Guide 273 . Click Update. see your LDAP documentation. 8.

see “Viewing mapped LDAP users and groups” on page 272. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. For more information. If you create a new LDAP group account.”) For more information. add it to BusinessObjects Enterprise. refresh the user list. • Disabling an LDAP user account If you disable an LDAP user account. you cannot select “Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server. or add the new LDAP user account to a group that is already mapped to BusinessObjects Enterprise. and that LDAP user account is mapped to BusinessObjects Enterprise. If you create a new LDAP user account. For more information. the user can still access BusinessObjects Enterprise using that account. For more information. you cannot use the highest level of SSL security (that is. if the user also has an account that uses Enterprise authentication.12 Managing User Accounts and Groups Managing LDAP accounts • If you use failover LDAP hosts. see “Configuring LDAP authentication” on page 263. see “Configuring LDAP authentication” on page 263. 274 BusinessObjects Enterprise Administrator’s Guide . see “Viewing mapped LDAP users and groups” on page 272. • Creating a new LDAP group account • If you create a new LDAP group account. However. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. see “Configuring LDAP authentication” on page 263. For more information. Troubleshooting LDAP accounts Creating a new LDAP user account • If you create a new LDAP user account. either map the group to BusinessObjects Enterprise. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise. refresh the group list. the user will not be able to log on to BusinessObjects Enterprise. and the account belongs to a group account that is mapped to BusinessObjects Enterprise.

AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. However. Users cannot log on to BusinessObjects Enterprise using AD authentication via the Java SDK. all of the BusinessObjects Enterprise client tools support AD authentication. For information on how AD authentication works in conjunction with BusinessObjects Enterprise. except for the Import Wizard. Managing AD accounts This section provides an overview of AD authentication and the tasks related to managing it. AD authentication and aggregation is not functional without a network connection. For more information. if the administrator changes his or her password or if the account becomes disabled). see “Windows AD security plug-in” on page 240.Managing User Accounts and Groups Managing AD accounts 12 Disabling an LDAP group account If you disable an LDAP group account. if the user also has an account that uses Enterprise authentication. You can also create your own applications that support AD authentication. the users who belong to that group will not be able to log on to BusinessObjects Enterprise. “Mapping AD accounts” on page 276 “Unmapping AD groups” on page 280 “Viewing mapped AD users and groups” on page 280 “Troubleshooting AD accounts” on page 281 “Setting up AD single sign-on” on page 282 Managing AD accounts includes the following tasks: • • • • • BusinessObjects Enterprise Administrator’s Guide 275 . Note: • • • • AD authentication only works for servers running on Windows systems. and that LDAP group account is mapped to BusinessObjects Enterprise. the user can still access BusinessObjects Enterprise using that account. Once you have mapped your AD users and groups. see the developer documentation available on your product CD.

276 BusinessObjects Enterprise Administrator’s Guide . ensure that you have the appropriate AD domain and group information. 4. For details. If you will be using single sign-on. 2. you must have created a domain user account on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. 1. you must also configure the IIS for single sign-on. Click the Windows AD tab. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. In the “AD Administration Credentials” area. enter the name and password of the domain user account you’ve set up on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. 5. BusinessObjects Enterprise supports AD authentication for user and group accounts. before users can use their AD user name and password to log on to BusinessObjects Enterprise. As well. When you map an AD account. However. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. Go to the Authentication management area of the CMC. select the Single Sign On is enabled check box. see “Setting up AD single sign-on” on page 282. To map AD users and groups Before starting this procedure. 3. Ensure that the Windows Active Directory Authentication is enabled check box is selected. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. Note: If you select this option.12 Managing User Accounts and Groups Managing AD accounts Mapping AD accounts To simplify administration. their AD user account needs to be mapped to BusinessObjects Enterprise.

Managing User Accounts and Groups Managing AD accounts 12 BusinessObjects Enterprise Administrator’s Guide 277 .

New Alias Options allow you to specify how AD aliases are mapped to Enterprise accounts. users from the default domain do not have to specify the AD domain name when they log on to BusinessObjects Enterprise via AD authentication.. and so on. This means that local users who belong to a mapped local group will not be mapped to BusinessObjects Enterprise... AD aliases will be assigned to existing users (auto alias creation is turned on). Therefore they will not be able to access BusinessObjects Enterprise. Users who do not have an existing Enterprise account. 6. Select either: • Assign each added AD alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. In the “Mapped AD Member Groups” area.12 Managing User Accounts and Groups Managing AD accounts Administration credentials can use one of the following formats: • • NT name (DomainName\UserName) UPN (user@DNS_domain_name) Administration credentials must be entered to enable AD authentication. check rights. or • Create a new account for every added AD alias Use this option when you want to create a new account for each user. that is. dc=com) Note: If you want to map a local group. Note: • • 7. The group is added to the list. or who do not have the same name in their Enterprise and AD account. Windows AD does not support local users.. Groups from the default domain can be mapped without specifying the domain name prefix. you can use only the NT name format (\\ServerName\GroupName). By entering the Default AD Domain name. . 9. 8. Click Add. are added as new AD users. dc=DomainName. Complete the Default AD Domain field. enter the AD domain\group in the Add AD Group (Domain\Group) field. Groups can be mapped using one of the following formats: • • NT name (DomainName\GroupName) DN (cn=GroupName. 278 BusinessObjects Enterprise Administrator’s Guide . map groups...

Instead. 500. BusinessObjects Enterprise Administrator’s Guide 279 . This type of licensing is very flexible because a small concurrent license can support a large user base.Managing User Accounts and Groups Managing AD accounts 12 10. This provides named users with access to the system regardless of how many other people are connected. if required) only for users who log on to BusinessObjects Enterprise. Update Options allow you to specify if AD aliases are automatically created for all new users. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. Select either: • New users are created as named users New user accounts are configured to use named user licenses. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every AD user mapped to BusinessObjects Enterprise. For details. 11. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to AD accounts. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. You must have a named user license available for each user account created using this option. or 700 users. a 100 user concurrent license could support 250. Note: You can also add AD users individually by adding them as a new user in BusinessObjects Enterprise and selecting Windows AD authentication. New AD accounts are added for users without BusinessObjects Enterprise accounts. For example. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. or for all users if you selected the “Create a new account for every added AD alias” option. it creates aliases (and accounts. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. or • No new aliases will be added and new users will not be created Use this option when the AD directory you are mapping contains many users. depending on how often and how long users access BusinessObjects Enterprise. see “Creating a user and a third-party alias” on page 294. but only a few of them will use BusinessObjects Enterprise.

Click Delete. 1. For more information. disable or delete the user’s Enterprise account. Viewing mapped AD users and groups 1. 5. Click Update. 3. users cannot be viewed from the Windows AD tab. Click the Windows AD tab. Click OK. Under Group Name. A message appears stating that it will take several seconds to update the member groups. select the AD group you would like to remove. it is possible to unmap groups using BusinessObjects Enterprise. The users in the deleted group will no longer be able to access BusinessObjects Enterprise. Click Update. click the hyperlink to a Windows AD group Click the Users tab. To unmap AD groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. see “Managing Enterprise and general accounts” on page 253. 2. To restrict access. Note: The only exceptions to this occur when a user has an alias other than the one assigned for AD authentication. Tip: To deny AD authentication for all users. Go to the Groups management area of the CMC. 3. 4. 280 BusinessObjects Enterprise Administrator’s Guide .12 Managing User Accounts and Groups Managing AD accounts 12. Unmapping AD groups Similar to mapping. 2. Note: You can view the groups by clicking the Windows AD tab from the Authentication management area and then viewing the “Mapped AD Member Groups” area. clear the “Windows Active Directory Authentication is enabled” check box and click Update. 13. In the “Mapped AD Member Groups” area.

and the account belongs to a group account that is mapped to BusinessObjects Enterprise.Managing User Accounts and Groups Managing AD accounts 12 Troubleshooting AD accounts Creating a new AD user account • If you create a new AD user account. In this case all AD users will be added to BusinessObjects Enterprise. and then click Update. see “Viewing mapped AD users and groups” on page 280. ensure that you update the user list by clicking Update in the Windows AD tab found in the Authentication management area. • Adding an AD group account to a mapped AD group • When you add an AD group account to an AD group that was previously mapped to BusinessObjects Enterprise. and you would like the users of this nested group to get imported into BusinessObjects Enterprise. and the AD group to which the account belongs is already mapped to BusinessObjects Enterprise. You can go to the Windows AD tab in the Authentication management area and select the option to add all new aliases and create all new users. This is the simplest method and it doesn’t require any extra steps. For information on viewing AD users and groups. see “Mapping AD accounts” on • • • BusinessObjects Enterprise Administrator’s Guide 281 . Note that you must click Update to ensure that new users are imported properly. • When you have added a new account in AD. Note: The nested AD group will not get mapped to BusinessObjects Enterprise by this operation. there are three ways you can get the new AD account into BusinessObjects Enterprise. The user is added and is automatically assigned a Windows AD alias. User accounts are automatically created for AD users who are added to an AD group when these users successfully log on to BusinessObjects Enterprise. Choose the method that works best for your situation: When the new AD user logs on to BusinessObjects Enterprise and selects AD authentication. See “Creating a user and a third-party alias” on page 294. For details. You can add the new user to BusinessObjects Enterprise and select Windows AD authentication. but the user won’t be added until he or she logs on to BusinessObjects Enterprise. you need to click Update in the Windows AD tab (found in the Authentication management area). the system will add the user to BusinessObjects Enterprise.

Note: For AD single sign-on to function correctly. Note: • • • • • AD single sign-on is not supported on client machines running on Windows 98. see “Enabling AD single sign-on in CMC” on page 283. you have to configure the IIS Business Objects virtual directory. Ensure that Integrated Windows authentication check box is selected.12 Managing User Accounts and Groups Managing AD accounts page 276. Setting up AD single sign-on to BusinessObjects Enterprise includes the following tasks: “Configuring IIS for AD single sign-on” on page 282 “Enabling AD single sign-on in CMC” on page 283 “Modifying the web. you may want to add the user individually instead.config file.config file for AD single sign-on” on page 283 Note: For information on how to set up end-to-end single sign on with AD and Kerberos. By default. Restart your IIS server.config file for AD single sign-on” on page 283. Modify the web. To configure the IIS web server for AD single sign-on Using the documentation included with your IIS server. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282. However. See “Modifying the web. 282 BusinessObjects Enterprise Administrator’s Guide . Configuring IIS for AD single sign-on 1. 3. For details. AD single sign-on is not enabled. Setting up AD single sign-on Installation of the Active Directory plug-in for BusinessObjects Enterprise enables you to use AD single sign-on. see “Configuring Kerberos single sign-on” on page 299. Note: You must also enable AD single sign-on in the CMC. for AD single sign-on to work. However. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. 2. if the AD group contains many users who don’t require access to BusinessObjects Enterprise.

config file for AD single sign-on Make the following modifications to the web. Click the Windows AD tab.config file: • • 2. 1. 3. For details. see “Configuring IIS for AD single sign-on” on page 282. you must also configure the IIS for single sign-on.config file: • • 3. Select the Single sign-on is enabled check box.config file to make sure Windows authentication is enabled.config file as shown: <!-. 4. Click Update. <identity impersonate="true" /> <Authentication mode="Windows" /> Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. Note: If you select this option.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web.<remove name=“WindowsAuthentication”/> --> Note: For AD single sign-on to function correctly. Modifying the web. To modify the web. To enable the Windows AD plug-in for single sign-on in CMC Go to the Authentication management area of the CMC. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account.Managing User Accounts and Groups Managing AD accounts 12 Enabling AD single sign-on in CMC 1. Note: For AD single sign-on to function correctly. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group.config file for AD single sign-on Add the following lines to the <system. BusinessObjects Enterprise Administrator’s Guide 283 . 2. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282.

by using the User Manager in Windows NT or Computer Management in Windows 2000. or 2003 accounts. 1. click User Manager. “Mapping NT accounts” on page 284 “Unmapping NT groups” on page 288 “Viewing mapped NT users and groups” on page 289 “Troubleshooting NT accounts” on page 290 “Setting up NT single sign-on” on page 292 Managing NT accounts includes the following tasks: Mapping NT accounts To simplify administration. Note: NT accounts refer to both Windows NT and 2000 accounts. To map NT users and groups using Windows NT From the Windows Administrative Tools program group. If you install BusinessObjects Enterprise on a Windows NT. or through the CMC. 284 BusinessObjects Enterprise Administrator’s Guide . see “Windows NT security plugin” on page 236. NT authentication is installed and enabled by default. NT accounts refer to Windows NT. However. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. For information on how NT authentication works in conjunction with BusinessObjects Enterprise. 2000. before users can use their NT user name and password to log on to BusinessObjects Enterprise. Note: • • • • • • • NT authentication only works for servers running on Windows systems. 2000. 2. or 2003 machine.12 Managing User Accounts and Groups Managing NT accounts Managing NT accounts This section provides an overview of NT authentication and the tasks related to managing it. When you map an NT account. Note: Ensure that you have selected the domain that contains the BusinessObjects NT Users group. their NT user account needs to be mapped to BusinessObjects Enterprise. Select the BusinessObjects NT Users group. BusinessObjects Enterprise supports user and group accounts that are created using Windows NT. You can map NT accounts to BusinessObjects Enterprise through Windows.

Click OK to add the group(s) and/or user(s). 3. Select the group(s) and/or user(s). ensure you have the NT domain and group information. 2. select Properties. BusinessObjects Enterprise Administrator’s Guide 285 . Click OK to add the group(s) and/or user(s). Under System Tools. Click OK or Apply (and then Close) to complete the process. click Computer Management. Select the group(s) and/or user(s). 6. click Properties. 7. Click OK to complete the process. 5. 1. select Local Users and Groups. 7. 5. 3. Select the BusinessObjects NT Users and from the Action menu. 4. 6. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Click Add. To map NT users and groups using BusinessObjects Enterprise Before starting this procedure.Managing User Accounts and Groups Managing NT accounts 12 Note: The BusinessObjects NT Users group is created automatically in Windows NT when you install BusinessObjects Enterprise on Windows NT. 1. then click Add. From the User menu. then click Add. To map NT users and groups using Windows 2000 From the Windows Administrative Tools program group. Click Add. Click the Groups folder. Go to the Authentication management area of the CMC. 4. 8.

Click the Windows NT tab. you don’t have to specify the NT domain name when you map groups. Note: By typing the default NT Domain Name. For details.12 Managing User Accounts and Groups Managing NT accounts 2. 5. 286 BusinessObjects Enterprise Administrator’s Guide . you must also configure the IIS for single sign-on. To change the Default NT domain. If you will be using single sign-on. Ensure that the NT Authentication is enabled check box is selected. Also. click the domain name. Note: If you select this option. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. users do not have to specify the NT Domain Name when they log on to BusinessObjects Enterprise via NT authentication. 3. see “Setting up NT single sign-on” on page 292. Complete the Default NT Domain field. select the Single Sign On is enabled check box. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. 4.

New NT accounts are added for users without BusinessObjects Enterprise accounts. but only a few of them will use BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 287 . enter the NT domain\group in the Add NT Group (NT Domain\Group) field. if BusinessObjects Enterprise user bsmith already exists and an NT user with the same is added. or for all users if you selected the “Create a new account for every added NT alias” option. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. that is. or • Create a new account for every added NT alias Use this option when you want the system to create a new account for each user.Managing User Accounts and Groups Managing NT accounts 12 6. are added as new NT users. New Alias Options allow you to specify how NT aliases are mapped to Enterprise accounts. Instead. Select either: • Assign each added NT alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. NT aliases will be assigned to existing users (auto alias creation is turned on). For example. 7. or • No new aliases will be added and new users will not be created Use this option when the NT directory you are mapping contains many users. if required) only for users who log on to BusinessObjects Enterprise. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every NT user mapped to BusinessObjects Enterprise. Users who do not have an existing Enterprise account. the new user will be bsmith01. 9. Note: If you want to map a local NT group. In the Mapped NT Member Groups area. The group is added to the list. Update Options allow you to specify if NT aliases are automatically created for all new users. or who do not have the same name in their Enterprise and NT account. Click Add. The system ensures that the users are created with unique names. it creates aliases (and accounts. you must type \\NTmachinename\groupname. 8.

This provides named users with access to the system regardless of how many other people are connected. see “Managing Enterprise and general accounts” on page 253. Select BusinessObjects NT Users. For example. disable or delete the user’s Enterprise account. depending on how often and how long users access BusinessObjects Enterprise. 1. Unmapping NT groups Similar to mapping. This type of licensing is very flexible because a small concurrent license can support a large user base. Click Update. For more information. The user or group will no longer be able to access BusinessObjects Enterprise. 3. click User Manager. click Properties. To restrict access. Click OK. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. 5. it is possible to unmap groups using the administrative tool in Windows NT/2000. or BusinessObjects Enterprise. 288 BusinessObjects Enterprise Administrator’s Guide . A message appears stating that it will take several seconds to update the member groups. a 100 user concurrent license could support 250. then click Remove. Named user licenses are associated with specific users and allow people to access the system based on their user name and password.12 Managing User Accounts and Groups Managing NT accounts 10. You must have a named user license available for each user account created using this option. Select the user(s) or group(s). or 700 users. Select either: • New users are created as named users New user accounts are configured to use named user licenses. 12. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to NT accounts. 500. From the User menu. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. 11. To unmap NT users and groups using Windows NT From the Administrative Tools program group. Click OK. 4. 2.

4. Click the Groups folder.Managing User Accounts and Groups Managing NT accounts 12 1. Click Delete. 3. The user or group will no longer be able to access BusinessObjects Enterprise. Select BusinessObjects NT Users. 4. 1. clear the “NT Authentication is enabled” check box and click Update. To restrict access. To unmap NT users and groups using Windows 2000 From the Administrative Tools program group. click Properties. see “Managing Enterprise and general accounts” on page 253. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. To restrict access. Under System Tools. 6. Click OK or Apply (and then Close) to complete the process. Click the Windows NT tab. disable or delete the user’s Enterprise account. 7. select the NT group you would like to remove. For more information. select Local Users and Groups. For more information. disable or delete the user’s Enterprise account. From the Action menu. Select the user(s) or group(s). 5. The users in this group will not be able to access BusinessObjects Enterprise. 2. 5. then click Remove. Click Update. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. The method you use depends on the way the groups and users have been mapped. BusinessObjects Enterprise Administrator’s Guide 289 . To unmap NT groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. Viewing mapped NT users and groups There are two methods to view mapped users and groups in BusinessObjects Enterprise. click Computer Management. 2. Tip: To deny NT Authentication for all groups. 3. see “Managing Enterprise and general accounts” on page 253. In the Mapped NT Member Groups area.

If you create a new NT user account. Click OK to the message which states that accessing the user list may take several seconds. Click OK. • 290 BusinessObjects Enterprise Administrator’s Guide . 3. Go to the Authentication management area of the CMC. see “Mapping NT accounts” on page 284. then select the appropriate group. Click Refresh. add it to BusinessObjects Enterprise. 2. Click the Windows NT tab. 4. 6. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. 2. refresh the user list. Note: You can view the groups and users by selecting the appropriate group from the Groups management area and then clicking the Users tab. Click the Users tab. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. To view users and groups that have been added using BusinessObjects Enterprise 1. For more information. see “Viewing mapped NT users and groups” on page 289. then click BusinessObjects NT Users. If you added users and groups through Windows NT/2000. For more information. If you added users and groups through the CMC. Go to the Groups management area of the CMC. The “Mapped NT Member Groups” area displays the groups that have been mapped to BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing NT accounts To view users and groups that have been added using Windows NT/ 2000 or BusinessObjects Enterprise 1. 5. Troubleshooting NT accounts Creating a new NT user account • If you create a new NT user account.

and the NT group to which the account belongs is already mapped to BusinessObjects Enterprise. and then click Update. refresh the group list. This is the simplest method and it doesn’t require any extra steps. Choose the method that works best for your situation: • When the new NT user logs on to BusinessObjects Enterprise and selects NT authentication. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise. • • Creating a new NT group account • If you create a new NT group account. but the user won’t be added until he or she logs on to BusinessObjects Enterprise. The user is added and is automatically assigned a Windows NT alias. the system will add the user to BusinessObjects Enterprise. You can go to the Windows NT tab in the Authentication management area and select the option to add all new aliases and create all new users. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. However. the user will not be able to log on to BusinessObjects Enterprise using the mapped NT account. see “Mapping NT accounts” on page 284. • Disabling an NT user account • If you disable an NT user account (using Windows Administrative Tools). For more information. For details. In this case all NT users will be added to BusinessObjects Enterprise. you may want to add the user individually instead. see “Viewing mapped NT users and groups” on page 289. there are three ways you can get the new NT account into BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 291 . See “Creating a user and a third-party alias” on page 294. If you create a new NT group account. if the NT group contains many users who don’t require access to BusinessObjects Enterprise. if the user also has an account that uses Enterprise authentication. add it to BusinessObjects Enterprise. For more information. see “Mapping NT accounts” on page 284. You can add the new user to BusinessObjects Enterprise and select Windows NT authentication. However. the user can still access BusinessObjects Enterprise using that account.Managing User Accounts and Groups Managing NT accounts 12 Adding an NT account to a mapped NT group When you have added a new account in NT.

even when you disable the Guest account. Note: This feature is available if you are using a Microsoft Internet Information Server (IIS) web server and users are using Internet Explorer as their web browser. Users need only to enter their NT user name and password information once at the beginning of the NT session. However. You can disable this feature—for more information. 292 BusinessObjects Enterprise Administrator’s Guide .txt file included with your product distribution for a complete list of version requirements. See the Platforms. For instance.12 Managing User Accounts and Groups Managing NT accounts Setting up NT single sign-on You can configure BusinessObjects Enterprise to allow users to use various BusinessObjects Enterprise applications without being prompted to log on. the user can select Windows NT from the Authentication list and click Log On without entering his or her user name or password.” which uses Enterprise authentication. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. refer to the tutorial for an example on creating a web application that uses single sign-on. see “Disabling the Guest account” on page 261.config file for NT single sign-on” on page 293 Note: BusinessObjects Enterprise does not support the Kerberos protocol for Windows NT. To configure the IIS web server for NT single sign-on Using the documentation included with your IIS server. as opposed to Windows NT authentication. when you launch the CMC. With single sign-on enabled. You are not required to enter any additional information. NT authentication occurs in the background. For information on how to set up end-to-end single sign on with AD and Kerberos. he or she can log on using the Guest account (Enterprise authentication). Ensure that the Integrated Windows authentication check box is selected. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. BusinessObjects Enterprise is designed to display a logon page. In the developer documentation. Setting up NT single sign-on to BusinessObjects Enterprise includes the following tasks: • • • “Configuring IIS for NT single sign-on” on page 292 “Enabling NT single sign-on in CMC” on page 293 “Modifying the web. Configuring IIS for NT single sign-on 1. BusinessObjects Enterprise provides its own form of “anonymous single signon. When a user launches InfoView. see “Configuring Kerberos single sign-on” on page 299. if you have set up NT single sign-on.

Click Update. 3. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group.config file: • • <identity impersonate="true" /> <Authentication mode="Windows" /> BusinessObjects Enterprise Administrator’s Guide 293 . To enable the Windows NT plug-in for single sign-on in CMC Go to the Authentication management area of the CMC. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. To modify the web.Managing User Accounts and Groups Managing NT accounts 12 2. Note: If you select this option. Modify the web. For details. Modifying the web. because when users access one of the web applications they would automatically have the same access privileges as the IIS machine account. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. 2. see “Configuring IIS for NT single sign-on” on page 292.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. Note: For NT single sign-on to function correctly. Enabling NT single sign-on in CMC 1.config file. See “Modifying the web.config file for NT single sign-on Make the following modifications to the web.config file to make sure Windows authentication is enabled. Select the Single Sign On is enabled check box. Note: For NT single sign-on to function correctly. 3.config file for NT single sign-on” on page 293. Restart your IIS server.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web. Click the Windows NT tab.config file: • • 2. you must also configure the IIS for single sign-on. 1.config file for NT single sign-on Add the following lines to the <system. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. 4.

you can use the Reassign Alias feature to reassign an alias to a different a user. You can also reassign an alias in BusinessObjects Enterprise. the system creates the new user in BusinessObjects Enterprise and creates a third-party alias for the user. In CMC. Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web. Managing aliases If a user has multiple accounts in BusinessObjects Enterprise. 294 BusinessObjects Enterprise Administrator’s Guide . A user can have any combination of BusinessObjects Enterprise. the user can log on using either a third-party user name and password or an Enterprise user name and password. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292.config file as shown: <!-. AD. Managing aliases includes: • • • • • • “Creating a user and a third-party alias” on page 294 “Creating an alias for an existing user” on page 296 “Assigning an alias” on page 296 “Reassigning an alias” on page 297 “Deleting an alias” on page 297 “Disabling an aliases” on page 298 Creating a user and a third-party alias When you create a user and select an authentication type other than Enterprise. By assigning an alias to the user. Thus. This is useful when a user has a third-party account that is mapped to Enterprise and an Enterprise account.12 Managing User Accounts and Groups Managing aliases 3.<remove name=”WindowsAuthentication”/> --> Note: For NT single sign-on to function correctly. the alias information is displayed at the bottom of the properties page for a user. For example. LDAP. you can link the accounts using the assign alias feature. an alias enables a user to log on via more than one authentication type. after you map your third-party accounts to BusinessObjects Enterprise. or NT aliases.

and reassign aliases to user. The user account must exist in the third-party authentication tool. To create a user and add a third-party alias Go to the Users management area of the CMC. for example. for example. The New User Properties page appears. you can add. 3. Windows NT. The format of the account name must agree with the format required for the authentication type. Click New User. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC. Click OK. 4. Select the connection type for the user.Managing User Accounts and Groups Managing aliases 12 Note: For the system to create the third-party alias. 2. 1. secWindowsNT:ENTERPRISE:bsmith. The user is added to BusinessObjects Enterprise and is assigned an alias for the authentication type you selected. Select the authentication type for the user. 6. bsmith. assign. If required. The New User Properties page appears. 5. for example. Type in the third-party account name for the user. and it must belong to a group that is already mapped to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 295 .

Click the link for the user that you want to add an alias to. 6. Click New Alias. at least two aliases are shown. personal categories. and it must belong to a group that is mapped to BusinessObjects Enterprise. The New Alias page appears. The format of the account name must agree with the format required for the authentication type. 296 BusinessObjects Enterprise Administrator’s Guide . Click OK. 3. for example. Select the authentication type for the user. To assign an alias from another user Go to the Users management area of the CMC. Type in the account name for the user. 1. 2. 5. Note: For the system to create the third-party alias. The alias can be an Enterprise alias. The Assign Alias page appears. The user account must exist in the third-party authentication tool. When you view the user in CMC. You cannot assign or reassign Enterprise aliases. or an alias for a third-party authentication tool. An alias is created for the user. and inbox for that account. Assigning an alias When you assign an alias to a user. Windows NT. the one that was already assigned to the user and the one you just created. and the Favorites folder.12 Managing User Accounts and Groups Managing aliases Creating an alias for an existing user You can create aliases for existing BusinessObjects Enterprise users. Click Assign Alias. Note: If a user has only one alias and you assign that last alias to another user. you move a third-party alias from another user to the user you are currently viewing. the system will delete the user account. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC. 1. 2. 4. Click the link for the user you want to assign an alias to. 3. To create a new alias for a user Go to the Users management area of the CMC.

personal categories. for example. 4. Click OK.Managing User Accounts and Groups Managing aliases 12 4. The user bsmith can no longer use this alias. bsmith. jbrown. for example. You cannot assign or reassign Enterprise aliases. Click the Reassign Alias button for the alias. and inbox for that account. BusinessObjects Enterprise Administrator’s Guide 297 . The user jbrown can now log on using the third-party user account and authentication method. In the list. If a user has only one alias and you delete that alias. and the Favorites folder. use the Look For field. Click the link for the user whose alias you want to reassign. the alias is removed from the system. Select the alias you want in the list of available aliases. personal categories. 5. the system will delete the user account. and inbox for that account. Deleting an alias When you delete an alias. To select multiple aliases. 2. The Reassign Alias page appears. Click OK. click the name of the user that you want to assign the alias to. Note: If a user has only one alias and you reassign that alias to another user. 1. and the Properties page for user jbrown is displayed. Reassigning an alias When you reassign an alias. 3. 5. use the SHIFT+click or CTRL+click combination. To search for a specific alias. you move a third-party alias from the user that you are currently viewing to another user. the system automatically deletes the user account and the Favorites folder. Click the > arrow. The alias for bsmith has now been assigned to the user jbrown. To reassign an alias to another user Go to the Users management area of the CMC. Tip: • • 6.

then BusinessObjects Enterprise will still allow the user to log on. disable all aliases for that user. 2. If the user account still exists in the third-party system. then BusinessObjects Enterprise will still allow the user to log on. See also “Deleting an alias” on page 297. 298 BusinessObjects Enterprise Administrator’s Guide . To ensure a user can no longer use one of his or her aliases to log on to BusinessObjects Enterprise. To prevent a user from accessing BusinessObjects Enterprise altogether. Click the name of the user whose alias you want to disable. and if the account belongs to a group that is mapped to BusinessObjects Enterprise. 1. 3. Click the link for the user whose alias you want to delete. Disabling an aliases You can prevent a user from logging on to BusinessObjects Enterprise using a particular authentication method by disabling the user’s alias associated with that method. 3. Whether the system creates a new user or assigns the alias to an existing user. clear the Enabled check box for the alias you want disable. Click the Delete Alias button for the alias. Click Update. it is best to disable the alias. To disable an alias Go to the Users management area of the CMC. Note: Deleting a user from BusinessObjects Enterprise does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. The alias is deleted from the system. If the user account still exists in the third-party system. depends on which Update Options you have selected for the authentication tool in the Authentication management area of CMC. 2. and if the account belongs to a group that is mapped to BusinessObjects Enterprise. The user can no longer log on using the type of authentication that you just disabled. Repeat this step for each alias you want to disable. Note: Deleting a user’s alias does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again.12 Managing User Accounts and Groups Managing aliases 1. To delete an alias Go to the Users management area of the CMC. 4. In the Alias area on the Properties page.

you require a service account. BusinessObjects Enterprise currently supports single sign-on to the database with Windows AD using Kerberos for the Windows platform only. See the Platforms. Configuration process overview Configuring end-to-end single sign-on using Kerberos includes the following main steps: 1. However. 6. You can either create a new domain account or use an existing domain account. 3. For general information about the levels of single sign-on that are supported in BusinessObjects Enterprise. 4. 7. it is recommended you use a service account. see “About single sign-on” on page 232. 5. 2. “Setting up a service account” on page 299 Note: The order in which you complete these steps is not important. It requires a Microsoft Internet Information Services (IIS) web server and users require Internet Explorer (IE) as their web browser. “Configuring the servers” on page 300 “Configuring the Windows AD plug-in for Kerberos authentication” on page 301 “Configuring the IIS and browsers” on page 303 “Configuring IIS for end-to-end single sign-on” on page 305 “Configuring BusinessObjects Enterprise web applications” on page 312 “Configuring the databases for single sign-on” on page 313 Setting up a service account To configure BusinessObjects Enterprise for end-to-end single sign-on using Kerberos and Windows AD authentication. you could use a user or computer domain account.txt file included with your product distribution for a complete list of version requirements. The service account will be used to run the BusinessObjects Enterprise servers. However. This must be a domain account that has been trusted for delegation.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring Kerberos single sign-on This section tells you how to set up end-to-end single sign-on to your BusinessObjects Enterprise system and its back-end databases by using Kerberos and Windows AD authentication. before you can proceed you must have set up the service account. Note: Instead of a service account. BusinessObjects Enterprise Administrator’s Guide 299 .

com. 3. ensure that the following two options have been selected for the account: • • Trust this user for delegation to specified service only Use Kerberos only If you are using Windows 2003. Double-click Act as part of the operating system. refer to http://msdn. In Windows 2003. you must grant the service account the right to act as part of the operating system. Click Local Policies. ensure that the Account is trusted for delegation option has been selected for the account. See “Setting up a service account” on page 299. 2. 5. Double-click the service account. depending on whether you are using Windows 2000 or Windows 2003: • • In Windows 2000. 300 BusinessObjects Enterprise Administrator’s Guide . Click Add.microsoft. set up the domain service account. and then click OK. For detailed instructions. Click Start > Administrative Tools > Local Security Policy. This must be done on each machine running the following servers: • • • • CMS Page Server Report Application Server Web Intelligence Report Server To configure the server machines Note: To complete this procedure. 4. you require a service account that has been trusted for delegation. Configuring the servers Configuring the BusinessObjects Enterprise servers includes: • • “Configuring the server machines” on page 300 “Configuring the servers to use the service account” on page 301 Configuring the server machines In order to support end-to-end single sign-on. 1. you may have to first add a service principal name (SPN) for the domain account. then click User Rights Assignment.12 Managing User Accounts and Groups Configuring Kerberos single sign-on To set up the service account On the domain controller. Note: The procedure for setting up a domain service account varies.

7. Start the CCM. Click Apply. and then click OK. 4. See “Setting up a service account” on page 299. deselect the System Account check box. the CMS server. Configuring the servers to use the service account In order to support Kerberos single sign-on. Enter the user name and password for the service account. 1. Double-click the server you want to configure. The Properties dialog box is displayed. 5. For detailed instructions. Configuring the Windows AD plug-in for Kerberos authentication In order to support Kerberos single sign-on. 2.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 6. In the Log On As area. Stop the server you want to configure. 3. for example. you require a service account that has been trusted for delegation. c. BusinessObjects Enterprise Administrator’s Guide 301 . 6. Start the server again. see “Controlling users’ access to objects” on page 317. On the Properties tab: a. Repeat the above steps on each machine running a BusinessObjects Enterprise server. Repeat steps 2 through 5 for each BusinessObjects server that has to be configured. you have to configure the Windows AD security plug-in in the CMC to use Kerberos authentication. Ensure that the Local Policy Setting check box is selected. you must use CCM and configure the following servers to log on as the service account: • • • • CMS server Page Server Report Application Server Web Intelligence Report Server To configure a server Note: To complete this procedure. b. and then click OK. This includes: • Ensuring Windows AD authentication is enabled.

it does not require any other rights. it does not require any other rights. Select the Single sign-on is enabled check box. 6. 8. Click Update. Under Authentication Options select the following: 7. Note: This must be the same account that you use to run the BusinessObjects Enterprise servers. 5. Click AD Administrator Name. enter the service principal name of the service account. Select the Cache Security context (required for SSO to database) check box. This account requires read access to Active Directory only. map the AD group for the AD users who require access to BusinessObjects Enterprise via AD authentication and single sign-on. See “Setting up a service account” on page 299. Enter the name and password for the account and the default AD Domain. 2. 4. • • • Select the Use Kerberos authentication check box. In the Service Principal Name box. b. To configure the Windows AD security plug-in Go to the Authentication management area of the CMC. In the “Mapped AD Member Group” area. 1. 3. Ensure that the Windows Active Directory Authentication is enabled check box is selected. Click the Windows AD tab. Click Update. c. Set up the AD administrator account: a. 302 BusinessObjects Enterprise Administrator’s Guide . See “Mapping AD accounts” on page 276.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • Setting up an AD Administrator account. see “Managing AD accounts” on page 275. Enabling Kerberos single sign-on and setting the service principal name (SPN) to use a service account. Note: The AD Administrator account requires read access to Active Directory only. Note: For related information about configuring the Windows AD plug-in.

Report Application Server. Use the following procedure to change these settings when needed. 5. you have to configure the BusinessObjects Enterprise clients. If the CMS cache expiry is zero. Configuring the IIS and browsers In order to support Kerberos end-to-end single sign-on. This includes: • • “Configuring the BusinessObjects Enterprise clients on the IIS” on page 304 “Configuring the Internet Explorer browser on a client machine” on page 304 BusinessObjects Enterprise Administrator’s Guide 303 . 1. This applies to the CMS. Regardless of whether the cache expiry for the server is greater or less than that of the ticket. and Web Intelligence Report Server. Click the Single Sign-On tab. The other servers use either their cache expiry or the ticket expiry. the system renews the ticket until the CMS cache expiry is reached. Note: If you are running multiple instances of a server. you can control the cache expiry for each instance individually. Click the link for the server. whichever has the lowest value. The CMS uses the cache expiry as follows: • • • If the CMS cache expiry is greater than that of the ticket. the ticket will expire when the CMS cache expiry is reached. 4. 2. To configure the servers in CMC Go to the Servers management area of the CMC. the ticket will expire when the lowest expiry value is reached. the system will use the globally set ticket expiry.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring the cache expiry When the system is using AD and Kerberos single sign-on. 3. Click Update. Type in a new cache expiry value. Page Server. If the CMS cache expiry is less than that of the ticket. it uses the cache expiry for certain BusinessObjects Enterprise servers to determine whether a logon ticket is still valid. The system comes configured with default values for the server cache expiry.

4. Note: You can automate the following steps through a registry key. Configuring the Internet Explorer browser on a client machine To support Kerberos end-to-end single sign-on. 1. Click the Enable integrated windows authentication option. 3. Click the Advanced tab. you do not need to configure the browser for single sign-on. 7. and then click OK again. and then click Apply. expand the tree on the left and go to businessobjects under Default Web Site. d. To configure the IE browser on the client machines On the client machine. To configure the clients for Windows authentication On the IIS. 5. 304 BusinessObjects Enterprise Administrator’s Guide . Turn on Integrated Windows Authentication. in the Internet Information Services window. open an Internet Explorer browser window. Note: If configuring the IIS for single sign-on to the database only. Click Tools > Internet Options. This includes: • • Setting up the client machines for integrated Windows authentication. b. 2. Repeat the above for crystalreportviewer. c.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring the BusinessObjects Enterprise clients on the IIS To support Kerberos single sign-on. 1. Click OK. On the Directory Security tab. 2. Enable integrated windows authentication: a. click Edit. The Internet Options dialog box appears. you have to configure the BusinessObjects clients on the IIS to use integrated Windows authentication. Adding the IIS to the trusted sites. For details. Turn off Anonymous Access. Right-click businessobjects and select Properties. 6. See also “Configuring IIS for single sign-on to databases only” on page 309. refer to you Windows documentation. you have to configure the Internet Explorer (IE) browser on the BusinessObjects Enterprise client machines. Navigate to the Security settings.

depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for Kerberos end-to-end single sign-on” on page 305 “Configuring IIS6 for Kerberos end-to-end single sign-on” on page 307 Note: Instead of configuring the IIS worker processes for end-to-end single sign-on you can configure them to use single sign-on to the database only. Click Tools > Internet Options. and then click Add. Refer to either of the following procedures. and then click OK twice more to close the Internet Options dialog box. Type in the web site for the IIS. b. 4. Repeat the above steps on each BusinessObjects Enterprise client machine. d. Close the Internet Explorer browser windows and then open them again for the changes to take effect. for example. Add the IIS to the Trusted sites. Click the Security tab.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3. see: • • “Configuring IIS for single sign-on to databases only” on page 309 “Configuring web applications for single sign-on to the databases” on page 313. you have to set the IIS and the Aspnet_wp.exe worker process to run as a domain account that has been trusted for delegation. Click OK. if you don’t want to run the IIS worker processes under an account that has been trusted for delegation. The Internet Options dialog box appears. BusinessObjects Enterprise Administrator’s Guide 305 . Click Advanced. Configuring IIS for end-to-end single sign-on To support Kerberos end-to-end single sign-on. e. For more information. Click Sites. You can enter the full domain name of the site: a. c. the worker processes of the IIS have to run under a domain account that is trusted for delegation. Configuring IIS5 for Kerberos end-to-end single sign-on To support Kerberos end-to-end single sign-on. f. 5. You may want to do this.

If the machine name for the web server is different from the name that is used to access it.12 Managing User Accounts and Groups Configuring Kerberos single sign-on You can run the IIS either under the machine domain account or under a user domain account. Set the Aspnet_wp.domainname. Note: Configuring the Aspnet_wp. if access is via www. To do this. but the password could be exposed or modified.NET\Framework\version\CONFIG\machine. 2. • • userName="SYSTEM" Password="AutoGenerate" In the above path name.com serverhost For example. config file: 1. 306 BusinessObjects Enterprise Administrator’s Guide .exe to run as a machine domain account. Which approach you use. the password will be automatically generated and won’t expire. Refer to either of the following procedures. 3. nor can it be exposed or modified. depending on whether you want to use a machine or user domain account: • • “To run the IIS5 worker process under the machine domain account” on page 306 “To run the IIS5 worker process under a user domain account” on page 307 To run the IIS5 worker process under the machine domain account On the domain controller. depends on how you want to manage your system security.microsoft.com. refer to the Microsoft web site: www. version represents the software version. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Each approach has advantages and disadvantages: • • If you use a machine domain account.NET web applications on the web server to run as privileged system accounts. which would result in an error condition. For complete information about security risks associated with system or user domain accounts. Changing this property can take several minutes to propagate. set the domain account of the IIS machine to be trusted for delegation.com. Note: For security reasons.com but the machine name is web. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft.domainname.exe account to run as a machine domain account will cause all ASP. make sure that the account which the IIS helper processes run under does not belong to a mapped group. If you use a user domain account you have more control over the rights for the account. and it may expire.domainname.

version represents the software version.com serverhost For example. and it may expire.com. which would result in an error condition.com but the machine name is web. Configuring IIS6 for Kerberos end-to-end single sign-on To support Kerberos for end-to-end single sign-on. Refer to either of the following procedures. Which approach you use. but the password could be exposed or modified.domainname.domainname.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1. To run the IIS5 worker process under a user domain account Set the Aspnet_wp. In the above path name. the password will be automatically generated and won’t expire.NET\Framework\ version\CONFIG\machine. depending on whether you want to use a machine or user domain account: BusinessObjects Enterprise Administrator’s Guide 307 . you have to set the IIS and w3wp. Note: For security reasons. 2. For complete information about security risks associated with system or user domain accounts. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost.com. make sure that the account which IIS helper processes run under does not belong to a mapped group. If you use a user domain account you have more control over the rights for the account.exe to run as a user domain account that has been trusted for delegation. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. Each approach has advantages and disadvantages: • • If you use a machine domain account. If the machine name for the web server is different from the name that is used to access it.microsoft. depends on how you want to manage your system security. if access is via www. and password is the password for the domain account. To do this.config file: • • userName="domainaccount" Password="password" Where domainaccount is a domain account that you have set to be trusted for delegation.domainname. You can run the IIS either under the machine domain account or under user domain account. nor can it be exposed or modified.exe worker process to run as an account that has been trusted for delegation. refer to the Microsoft web site: www.

On the Identity tab select LocalSystem from the list. right-click the machine name and select Application Pool > New. Right-click InfoView and select Properties. 308 BusinessObjects Enterprise Administrator’s Guide . expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX. b. Right-click the application pool you created. d. set account of the IIS machine to be trusted for delegation. See also “Configuring IIS for single sign-on to databases only” on page 309.NET web applications on the web server to run as privileged system accounts.com but the machine name is web. On the Directory tab select the new application pool name from the list. Changing this property can take several minutes to propagate! If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database. and then click Apply. 3. In the tree panel on the left. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Configure the account for the w3wp. Note: For security reasons. make sure that the account which the IIS worked processes run under does not belong to a mapped group.domainname. skip step 1.exe account to run as a LocalSystem account will cause all ASP. f. e.com.domainname.com serverhost For example. 1. Type in a name for the application pool.exe worker process: a. and then click Apply. In the Internet Service Manager window. Note: Configuring the w3wp. if access is via www. and select Properties. c.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • “To run the IIS6 worker process under the machine domain account” on page 308 “To run the IIS6 worker process under a user domain account” on page 309 To run the IIS6 worker process under the machine domain account On the domain controller. If the machine name for the web server is different from the name that is used to access it. 2. g.domainname.

domainname. skip step 1. When users log on to BusinessObjects Enterprise. you can choose whether you want to provide end-to-end single sign-on. Where domainaccount is a domain account that you have set to be trusted for delegation. Note: If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database.com. To run the IIS6 worker process under a user domain account Set the w3wp. make sure that the account which the IIS worker processes run under does not belong to a mapped group. or whether you want users to provide their logon credentials when they log in to BusinessObjects Enterprise.domainname. 1. depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for single sign-on to database only” on page 310 “Configuring IIS6 for single sign-on to database only” on page 311 BusinessObjects Enterprise Administrator’s Guide 309 . add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. version represents the software version. Add the domain account to the IIS_WPG local group. Configuring IIS for single sign-on to databases only When using Kerberos with Windows AD. To do this. 2.config file: • • userName="domainaccount" Password="password" In the above path name. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. If the machine name for the web server is different from the name that is used to access it. the system generates a logon token to provide single sign-on access to the databases.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1. see http://msdn.com but the machine name is web. For security reasons.com serverhost 3.exe to run as a user domain account that has been trusted for delegation.com. and password is the password for the domain account. if access is via www. and give it the relevant rights to access the needed files. For more information.NET\Framework\ version\CONFIG\machine. For example. Refer to either of the following procedures. To use single sign-on to the databases only Configure the IIS worker processes to run as a domain account in order for the network to recognize their accounts.domainname. See also “Configuring IIS for single sign-on to databases only” on page 309. but the account does not have to be trusted for delegation.Microsoft.

3. Configuring IIS5 for single sign-on to database only To support single sign-on to the database only. and it may expire. See “Configuring web applications for single sign-on to the databases” on page 313. Note: • • Configuring the Aspnet_wp. make sure that the account which IIS runs under does not belong to a mapped group. See “Configuring the Internet Explorer browser on a client machine” on page 304.NET web applications on the web server to run as privileged system accounts. Which approach you use. refer to the Microsoft web site: www.exe worker process to run as a domain account. Configure the web applications for single sign-on to the database instead of end-to-end single sign-on.microsoft. you have to set the Aspnet_wp. but the account does not have to be trusted for delegation.12 Managing User Accounts and Groups Configuring Kerberos single sign-on 2.NET\Framework\version\CONFIG\machine. config file: • • userName="SYSTEM" Password:="AutoGenerate" In the above path name. you do not need to configure the browser for single sign-on. For complete information about security risks associated with system or user domain accounts. depends on how you want to manage your system security. but the password could be exposed or modified. 2. Clear the Single Sign On is enabled check box on the Windows AD page in the Authentication management area in CMC. 310 BusinessObjects Enterprise Administrator’s Guide . For security reasons. version represents the software version. Each approach has advantages and disadvantages: • • If you use a machine domain account.exe account to run as a machine domain account will cause all ASP. the password will be automatically generated and won’t expire. 1. change the following parameters to the <processModel> block in the \WINDOWS\Microsoft.exe to run as a machine domain account. Note: If configuring the IIS for single sign-on to the database only. To do this. nor can it be exposed or modified. To configure the IIS5 for single sign-on to databases only Make sure IIS is running as a domain account Set the Aspnet_wp.com. You can run the IIS worker process either under the machine domain account or under a user domain account. If you use a user domain account you have more control over the rights for the account. which would result in an error condition.

d. Configuring the w3wp.com but the machine name is web. the password will be automatically generated and won’t expire.NET web applications on the web server to run as privileged system accounts. In the Internet Service Manager window. On the Directory tab select the new application pool name from the list. which would result in an error condition. Right-click the application pool you created.domainname. Type in a name for the application pool.domainname. c. For complete information about security risks associated with system or user domain accounts. Note: • BusinessObjects Enterprise Administrator’s Guide 311 .Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3. right-click the machine name and select Application Pool > New. b. refer to the Microsoft web site: www. you have to set the w3wp. You can run the IIS worker process either under the machine domain account or under a user domain account. and it may expire. 2. but the account does not have to be trusted for delegation. On the Identity tab select LocalSystem from the list. if access is via www.exe worker process: a. Right-click InfoView and select Properties. nor can it be exposed or modified. If the machine name for the web server is different from the name that is used to access it. depends on how you want to manage your system security. e. Configure the account for the w3wp. Each approach has advantages and disadvantages: • • If you use a machine domain account. In the tree panel on the left. Configuring IIS6 for single sign-on to database only To support single sign-on to the database only. but the password could be exposed or modified.com serverhost For example.microsoft. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. f.domainname. Which approach you use.exe account to run as a machine domain account will cause all ASP. and then click Apply. and select Properties.com.com.exe worker process to run as a machine or user domain account. If you use a user domain account you have more control over the rights for the account. 1. g. To configure the IIS6 for single sign-on to databases only Make sure IIS is running as a domain account. and then click Apply. expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX.

<identity impersonate="true" /> <Authentication mode="Windows" /> Enable Windows authentication by commenting out the following line in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web.com serverhost For example. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system.config file: • • 3.domainname. For security reasons. you have to set the BusinessObjects Enterprise web applications to not impersonate a user.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • 3.com.config file: • • 2. To configure the web applications for full single sign-on Add the following lines to the <system.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web.config files on the IIS as follows. Configuring web applications for end-to-end single sign-on In order to use up end-to-end single sign-on. See “Configuring web applications for end-to-end single sign-on” on page 312. 1.com but the machine name is web. See “Configuring web applications for single sign-on to the databases” on page 313. you have to set both the CMC and InfoView web applications to impersonate the user. if access is via www. you have to configure the BusinessObjects Enterprise web applications to impersonate the user. Note: If you want to use single sign-on to the databases instead of end-toend single sign-on.domainname. edit the respective Web. To do this.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. Configuring BusinessObjects Enterprise web applications In order for the end-to-end single sign on to work. make sure that the account which IIS runs under does not belong to a mapped group.config as shown: <!-.<remove name=”WindowsAuthentication”/> --> 312 BusinessObjects Enterprise Administrator’s Guide .domainname. If the machine name for the web server is different from the name that is used to access it.

Note: If you want to use single sign-on to the database only. edit their Web. by adding the following lines to the <system. Once they are logged on. For general information and for information about single sign-on to other supported databases.config files on the IIS as follows. you have to set BusinessObjects Enterprise web applications to not impersonate the user. the users will have single sign-on access to the databases associated with BusinessObjects Enterprise. 1.txt file included with your product distribution for a complete list of tested database software and version requirements. <identity impersonate="false" /> <Authentication mode="Windows" /> Set InfoView to not impersonate the users. Mapping AD accounts for Kerberos single sign-on In order for the Kerberos single sign-on to work. ensure that the mapped groups do not contain the domain account that the IIS is running under. BusinessObjects Enterprise Administrator’s Guide 313 . refer to the database vendors support documentation. see also “Configuring IIS for single sign-on to databases only” on page 309. See “Mapping AD accounts” on page 276.web> block in the Web Content\Enterprise 11\InfoView\Web. To do this.config file: • • 2.config file: • • <identity impersonate="false" /> <Authentication mode="Windows" /> Note: Make sure you set identity impersonate to false.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring web applications for single sign-on to the databases If you want to use single sign-on to the databases instead of end-to-end single sign-on. Users will now be able to log on to BusinessObjects Enterprise by providing their logon credentials in the InfoView or CMC logon dialog box and selecting Windows AD authentication. Configuring the databases for single sign-on This section provides information that is specific to setting up single sign-on to SQL Server databases.web> block in the Web Content\Enterprise 11\WebAdmin\Web. Note: For security reasons. See the Platforms. you must map the groups containing the AD users that are to have access to BusinessObjects Enterprise to a BusinessObjects Enterprise group. To configure the web applications for single sign-on to the databases Set the CMC to not impersonate the user by adding the following lines to the <system.

3. you may have to first add a service principal name (SPN) for the domain account. depending on whether SQL Server has been configured to run under the LocalSystem account or under a service account: • If SQL Server is running under the LocalSystem account. set up the SQL Server service account for security delegation: a. • • In Windows 2000. In Windows 2003. Add an SPN for the service account of the SQL Server: setspn -A MSSQLSvc/host:port serviceaccount Where host:port is the name of the machine running SQL Server and the port that. To run SQL Server under a service account In Active Directory. no additional configuration is required. How to set up security delegation varies. and then click OK.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring SQL Server for single sign-on In order for Kerberos single sign-on to work. 2. If you are using Windows 2003. Right-click the domain account and select Properties. the system automatically un-registers the SPNs for the LocalSystem account. Computer is trusted for delegation Click Apply. c. and serviceaccount is the name of the SQL Server service account. Set the machine running SQL Server as follows: • a. If SQL Server is running under a service account. ensure that the Account is trusted for delegation option has been selected for the account. On the Accounts tab. SQL Server registers itself when it starts and the system registers the SPN. 314 BusinessObjects Enterprise Administrator’s Guide . When SQL Server shuts down. the machines running SQL Server database must be trusted for delegation. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. b. you have to configure to be trusted for delegation. make sure the following options are selected: • 1. ensure that the following two options have been selected for the account: Trust this user for delegation to specified service only and Use Kerberos only.

Controlling User Access chapter .

Most importantly. and other features in BusinessObjects Enterprise. if a right is left “not specified. the advanced object rights allow you to explicitly deny any user or group the right to perform a particular task. To facilitate administration and maintenance. For more information. to delegate user and group management to different departments. applications. 316 BusinessObjects Enterprise Administrator’s Guide . and to provide your IT people with administrative access to servers and server groups. Each access level grants a set of rights that combine to allow users to accomplish common tasks (such as view reports. users. the right is denied by default. or Inherited. user. and both users and groups can inherit rights from parent folders. For details. see “Setting common access levels” on page 320. Additionally. you can set security levels that affect individual users and groups. see “Object rights for the Report Application Server” on page 568. or groups. Each right can be Explicitly Granted.13 Controlling User Access Controlling user access overview Controlling user access overview Rights are the base units for controlling users’ access to objects. or server and then you specify the rights for different users and groups. subgroups can inherit rights from parent groups. It is recommended that you use the predefined access levels whenever possible. you can also take advantage of the inheritance patterns recognized by BusinessObjects Enterprise: users can inherit rights as the result of group membership. Users require specific licensing and rights to create or modify reports through the Report Application Server (RAS).” the right is denied by default. and so on). Rights allow you to control access to your BusinessObjects Enterprise content. To set rights within the Central Management Console (CMC). Whether or not you use access levels. This “denial based” design assists in ensuring that users and groups do not automatically acquire rights that are not explicitly granted. servers. When you need to disable inheritance or to customize security levels for particular objects. Explicitly Denied. When granted. each right provides a user or group with permission to perform a particular action. Using rights. if contradictory settings result in a right being both granted and denied to a user or group. you first locate the object. BusinessObjects Enterprise includes a set of predefined access levels that allow you to set common security levels quickly. schedule reports. because they can greatly reduce the complexity of your object security model. users. the Advanced Rights pages allow you to choose from the complete set of available object rights. The BusinessObjects Enterprise security model is designed such that.

For objects that can be scheduled. BusinessObjects Enterprise Administrator’s Guide 317 . and other BusinessObjects Enterprise objects. program objects. you can set rights for each object. You set security settings at the object level. these limits will be in effect for all objects that inherit rights from the folder (including any objects found within the subfolders). You control which folders. You can set rights for folders. Tip: For detailed tutorials that walk you through sample implementations of object rights. and other objects users and groups can access using BusinessObjects Enterprise. you can grant or deny access to users and groups in your system. Setting object rights for users and groups Object rights enable you to set access levels for your users and groups. see “Controlling users’ access to objects” on page 317. the security settings are also reflected in the object instances object. To facilitate administration. You can ensure that confidential employee records can be accessed only by the human resources department. BusinessObjects Enterprise includes a set of predefined rights (“access modes”) that allow you to set common security levels quickly. you can also set user and group rights at the folder level. For example. you can use rights to make sure that you are the only one who can access your reports. For each object. you can control users’ access to specific content. reports. report objects. These include the following: • • • • • • • Inherited Rights No Access View Schedule View On Demand Full Control Advanced In addition to setting user and group rights for report objects from the Objects management area. For detailed information on the different “access modes” for object rights and information on inherited rights. When you set rights at the folder level. see “Customizing a ‘top-down’ inheritance model” on page 331.Controlling User Access Controlling users’ access to objects 13 Controlling users’ access to objects To secure the content that you publish to BusinessObjects Enterprise. By setting object rights.

The Rights tab appears. The Rights tab appears. Click the Rights tab.13 Controlling User Access Controlling users’ access to objects 1. To change a group or user’s report rights In the Objects management area of the CMC. Click the > arrow to add the group(s) or user(s). select an object by clicking its link. Click OK. Select the group(s) or user(s) you would like to add or remove. 4. 1. Click Add/Remove. Select an option in the Select Operation list. 3. 5. To add groups or users to an object’s rights settings In the Objects management area of the CMC. 6. Click the Rights tab. select an object by clicking its link. 318 BusinessObjects Enterprise Administrator’s Guide . 2. click the < arrow to remove the group(s) or user(s). 2. 7.

This section shows how to locate the rights for any object and briefly explains the information displayed on the Rights tab. The Net Access column is BusinessObjects Enterprise Administrator’s Guide 319 . Go to the Folders management area in the CMC to browse your folder hierarchy for an object. Viewing object rights settings Use the CMC to view the object rights that a user or group has to any folder. Click Add/Remove to add or remove a user or group to this object. or other BusinessObjects Enterprise object. users have been divided into two groups—Everyone and Administrators—which have been granted rights to the folder object. you grant or deny granular rights from the Advanced Rights page. You can locate any given object in several ways.Controlling User Access Controlling users’ access to objects 13 3. see “Setting common access levels” on page 320. The Access Level column shows how each user’s or group’s rights are determined. The Name column lists all users and groups who have been given rights to the object. You can change the rights for either group by selecting a predefined access level (or by selecting Advanced) from the list in the Access Level column. instead. then click the object’s Rights tab. report. see “Setting advanced object rights” on page 322. For more information. then click Update. In this example. users have not been specified individually. The Object column shows whether the entry is a User or a Group. both groups possess Inherited Rights. or go to the Objects management area in the CMC to view a list of all the objects on the system. Change the access level for a group or user by selecting a right from the appropriate list in the Access Level column. In this case. Click the link that corresponds to the folder or other object whose rights you want to see. When you change an entry in the Access Level column. the Net Access column shows the effective rights that each user or group has to the object. The Net Access column displays the net effect of whatever is selected in the Access Level column. For more information. A page similar to the following appears: This example shows the rights for the Report Samples folder. That is. click Update to effect your changes. If you select Advanced from the list.

then he or she inherits the combination of each group’s rights. and Full Control. each access level builds upon the rights granted by the previous level. Click Cancel to exit without making changes. Schedule. The Net Access column shows that the rights inherited from the parent folder are equivalent to the Schedule access level. because it allows users to inherit the greatest rights when they belong to multiple groups: • When you assign an access level to a group. when a user is a member of multiple groups. the best strategy is to set the appropriate rights for users and groups at the folder level first. see “Setting advanced object rights” on page 322. see “Access levels” on page 565. If the user is a member of multiple groups. you ensure that the user has only that level of access to the object. View. • 320 BusinessObjects Enterprise Administrator’s Guide .13 Controlling User Access Controlling users’ access to objects particularly useful when you are working with inheritance. When you assign an access level directly to a user. For a complete listing of the object rights that make up each access level. This is important. For detailed tutorials that walk you through sample implementations of object rights. Access levels are based on a model of increasing rights: beginning with No Access and ending with Full Control.” The system then denies the “not specified” rights by default. BusinessObjects Enterprise provides a set of access levels that allow you to set common object security levels quickly. each user in the group will have at least that level of access to the object. each access level grants some rights and leaves the other rights “not specified. The available predefined access levels are No Access. you prevent the user from inheriting rights that he or she may have otherwise acquired by virtue of group membership. Tip: If you want to view the individual object rights that make up a user’s (or group’s) Net Access. the Schedule access level includes and adds to the rights that are granted by the View access level. Then publish objects to that folder. Thus. they do not explicitly deny any object rights. The Advanced Rights page displays the user’s full array of object rights that have been specified explicitly and/or inherited. In this example. View On Demand. Although access levels grant predefined sets of object rights. Consequently. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. For example. Instead. the Everyone group inherits rights from a parent folder—one that is not displayed on this screen. he or she inherits the greatest possible rights. Tip: By default. Setting common access levels An access level is essentially a predefined set of object rights. see “Customizing a ‘top-down’ inheritance model” on page 331. click the corresponding Access Level list and select Advanced. In other words. For more information.

including the object rights that are set on the folder or object. InfoView. pick servers to process jobs. and to generate instances by scheduling the object to run against the specified data source once or on a recurring basis. • View If this access level is set at the folder level. Full Control This access level grants all of the available advanced rights. the user or group is able to view the folder. add contents to the folder. it allows you to customize a user’s or group’s access to an object by selecting from the complete range of available object rights. edit. and the CMC enforce this right by ensuring that the object is not visible to the user. the user can view the object. without being members of the actual Administrators group. Basically. objects. and all generated instances of each object. • • View On Demand In addition to the rights provided by the Schedule access level. • Advanced This access level does not include a predefined set of object rights. set parameters and database logon information. and copy the object or folder. see “Setting advanced object rights” on page 322. and remove content as required. the objects contained within the folder. They can also schedule to different formats and destinations. This access level also allows users to modify all of the object’s properties.Controlling User Access Controlling users’ access to objects 13 This list provides a brief description of each access level: • No Access The user or group is not able to access the object or folder. and all generated instances of the object. this access level is designed to provide a user or group with administrative control over one or more folders or objects. schedule the object or refresh it against its data source. For more information. and instances). the Publishing Wizard. The user cannot. however. Users can then log on to the CMC and add. It is the only access level that allows users to delete objects (folders. and pause the scheduling of instances that they own. • Schedule The user or group is able to view the object or folder and its contents. BusinessObjects Enterprise Administrator’s Guide 321 . the user gains the right to refresh data “on demand” against the data source. The user or group can view. If this access level is set at the object level. delete. Instead. the history of the object.

the CMC allows you to make Advanced object rights settings for any user or group. 3. 4. To set an access level for a user or group Go to the Objects or Folders management area of the CMC. Note: In the developer documentation. and then click its Rights tab. The result is an increased flexibility as you define security levels for objects that you have published to BusinessObjects Enterprise. see “Object rights for the Report Application Server” on page 568. For details. These Advanced settings enable you to choose from a complete set of granular object rights. select the access level (No Access. In the Name column. You are returned to the object’s Rights tab. Add the appropriate user or group and click OK. 1. For a detailed listing of the object rights that make up each access level. the best strategy is to set the appropriate rights for users and groups at the folder level first. 6. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder.13 Controlling User Access Controlling users’ access to objects Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS). you make changes to group memberships or folder security levels. see “Customizing a ‘top-down’ inheritance model” on page 331. Locate the object whose rights you want to modify. Click the link to the object. access levels are referred to as roles. or Full Control) that is appropriate for the user or group. If the user or group is not listed. In the Access Level column. if you need to customize a user’s or group’s rights to a particular object or set of objects. locate the user or group whose rights you want to specify. Setting advanced object rights To provide you with full control over object security. 322 BusinessObjects Enterprise Administrator’s Guide . use advanced rights to explicitly deny a user or group any right that should not be permitted to change when. Tip: By default. see “Rights and Access Levels” on page 563. 5. View On Demand. in the future. Consequently. Schedule. View. Use advanced rights. Most importantly. Click Update. Then publish objects to that folder. or if you want to customize the default inheritance patterns. click Add/Remove. 2. Tip: For detailed tutorials that walk you through sample implementations of object rights. for instance.

5. and then click its Rights tab. 3. click Add/Remove. The available object rights are displayed in the Advanced Rights page. This example shows advanced rights being applied to the Guest user for an Employee Profile report. Locate the object whose rights you want to modify. 2. You are returned to the object’s Rights tab. If the user or group is not listed. Add the appropriate user or group and click OK. locate the user or group whose rights you want to specify. To view or set advanced rights Go to the Objects or Folders management area of the CMC. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. you must disable inheritance entirely when you need to explicitly grant a right that has been denied elsewhere to the user or group. 4. For complete details. BusinessObjects Enterprise Administrator’s Guide 323 . Click the link to the object. If the Access Level is already set to Advanced. see “Priorities affecting advanced inheritance settings” on page 330. click the list and select Advanced. In the Name column. click the Advanced link in the Net Access column.Controlling User Access Controlling users’ access to objects 13 Note: Because of the relative priorities assigned by BusinessObjects Enterprise to granted and denied rights. 1.

In this example. If an inherited right is labelled as “Not Specified”. these rights are not specified. the Guest user has two inherited rights (the right to “View document instances that the user owns” and to “Pause and Resume document instances that the user owns”). some rights may remain “not specified”—that is. the rights will also change for this report object. click OK. But. even if its group membership is modified or changed completely. Again. because the system automatically updates those rights as you modify and update your security settings throughout the folder and group hierarchies. A user or group can be granted or denied a right by virtue of inheritance. the user or group will automatically inherit the right at this level. To customize the overall security levels. In addition. This demonstrates how you can use explicit rights to override a group’s rights for a particular group member. Tip: For scalability and manageability. In this example. the Guest user will retain these rights.” and so on). it is recommended that you leave as many rights as possible inherited. this demonstrates how you can use explicit rights to override a group’s rights for a particular group member. or you can specify that you want certain rights to be inherited.13 Controlling User Access Controlling users’ access to objects The first two options specify which types of inheritance affect the Guest user’s rights to this object. 324 BusinessObjects Enterprise Administrator’s Guide . The remainder of the Advanced Rights page lists all available object rights and shows how each right applies to the Guest user. When you have made your changes on the Advanced Rights page. The Explicitly Denied column works similarly to the Explicitly Granted column. the Guest user has been explicitly denied eleven rights (the right to “Add objects to the folder.” and so on). Regardless of any future changes to the user’s group membership. This demonstrates how inheritance can facilitate future changes to the overall security model. The Guest user is currently granted eleven rights to this report (the right to “View objects. so the rights are denied by default. the Guest user may inherit any rights that he or she has been granted to this report’s parent folder. Currently. However.) In this example. BusinessObjects Enterprise treats it as having been denied. Because group inheritance is disabled.” “Edit objects. if the Guest user’s rights should change on the report’s parent folder. the Guest user cannot inherit rights by virtue of group membership.” “Schedule the document to run. an explicitly denied right always prevents a user from performing the associated action. you can explicitly grant or deny any given right. The Explicitly Granted column shows which actions the Guest user is allowed to perform on this report. (And if the right is later granted for a parent group or object. The Inherited column serves as an indicator to show how inherited rights affect the Guest user’s effective rights to this report object. they are neither granted nor denied.

such as Crystal report objects. the “Refresh the report’s data” right applies only to report objects. these groups make it easier to see where the rights will be applied. and Web Intelligence Document. In addition to these base rights. each type of object provides an additional set of rights that apply only to that object type. see “Customizing a ‘top-down’ inheritance model” on page 331. you can reduce the amount of time it takes to secure the content that you have published to BusinessObjects Enterprise. these rights may apply to objects that inherit rights from the folder. and to other BusinessObjects Enterprise objects. For example. BusinessObjects Enterprise Administrator’s Guide 325 . Available rights are displayed for every object on the system for purposes of inheritance. For example. Although certain object-specific rights do not strictly apply to the folder object itself. The Central Management Server (CMS) is the component that keeps track of available rights. Note: This is only one type of object inheritance. The list of available rights includes the base rights and all other object-specific rights that have been provided by particular object types. Text. you will find that all of the available rights are displayed for every object on the system. however. so that you can set object security at the folder level (rather than repeating the same settings for every object in the folder). Additionally. the object-specific right “Refresh the report’s data” appears in the Report folder because it only applies to report objects.Controlling User Access Controlling users’ access to objects 13 Tip: For detailed tutorials that walk you through sample implementations of object rights. When you are setting rights for folders. The four groups are General. you can set up BusinessObjects Enterprise such that you can integrate new users and new content quickly and easily. In other words. see “Group and folder inheritance” on page 326. BusinessObjects Enterprise recognizes two types of inheritance: group inheritance and folder inheritance. By taking advantage of the ways in which object rights are inherited. the “Refresh the report’s data” right is displayed for the folder object so that you can grant a user the right to refresh the data in all reports for which the user inherits rights from this folder. to reports. For more information. On the Advanced Rights pages. Base rights and available rights The BusinessObjects Enterprise system defines a set of base rights that apply to all objects in the system. Using inheritance to your advantage In regards to object rights. Report. the “View objects” right is a base right: it applies equally well to folders. These rights are grouped based on what type of file they apply to. For example.

Folder inheritance allows users to inherit any rights that they have been granted on an object’s parent folder. Note: If you need to disable or modify inheritance patterns for a particular folder or object within your folder hierarchy. then Sample User will automatically inherit the appropriate rights for each of the reports and folders that the Sales group has been added to. Additionally. the rights of both groups are considered when the system checks credentials. see “Customizing a ‘top-down’ inheritance model” on page 331. and you need only set the object rights once. thus. Consequently. at the folder level. the Sales group will have View On Demand access to all of the reports. Then publish objects to that folder. the user is granted only those rights that are granted in one or more groups (explicitly or through access levels) and never explicitly denied. it is recommended that you enable and disable inheritance with access levels whenever possible (instead of with advanced rights). you can do so with access levels or with advanced rights. Folder inheritance proves especially powerful when you organize BusinessObjects Enterprise content into a folder hierarchy that reflects your organization’s current security conventions. if you create a user called Sample User. it is recommended that you make your initial settings at the top-level BusinessObjects Enterprise folder and disable inheritance only when necessary. When group inheritance is enabled for a user who belongs to more than one group. Group and folder inheritance Group inheritance allows users to inherit rights as the result of group membership. the best strategy is to set the appropriate rights for users and groups at the folder level first. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. and add it to an existing group called Sales. and you provide your Sales group with View On Demand access to this folder. For example. The user is denied any right that is explicitly denied in any group. By default. every user that has rights to the Sales Reports folder will inherit the same rights to the reports that you subsequently publish to this folder. suppose that you create a folder called Sales Reports.13 Controlling User Access Controlling users’ access to objects To facilitate administration. Group inheritance proves especially powerful when you organize all of your users into groups that coincide with your organization’s current security conventions. For detailed tutorials that walk you through sample implementations of object rights. Consequently. For example. and the user is denied any right that remains completely “not specified”. 326 BusinessObjects Enterprise Administrator’s Guide . Tip: By default.

Note: If the entry displayed in the Net Access column is Advanced. folder inheritance. click Add/Remove. 2. click Add/Remove.Controlling User Access Controlling users’ access to objects 13 Enabling and disabling inheritance with access levels With access levels. Locate the object whose rights you want to modify. select the access level (No Access. For details. see “Setting advanced object rights” on page 322. and then click its Rights tab. BusinessObjects Enterprise Administrator’s Guide 327 . You can alternatively enable one or both types of inheritance with Advanced rights settings. In the Access Level column. locate the user whose rights you want to specify. this procedure does not prevent group members from inheriting rights by virtue of membership in other groups. View On Demand. 6. Because you have disabled all inheritance. In the Name column. or both. To enable inheritance with an access level Go to the Objects or Folders management area of the CMC. You are returned to the object’s Rights tab. 3. Click the link to the object. 4. 3. Click Update. Click the link to the object. Add the appropriate user and click OK. Schedule. select Inherited Rights for the user or group. Click Update. Add the appropriate user or group and click OK. 5. To disable inheritance with an access level Note: This procedure disables group and folder inheritance for a user account. In the Name column. 5. and then click its Rights tab. 2. If the user or group is not listed. locate the user or group whose rights you want to specify. 1. 4. In the Access Level column. the Net Access entry equals the Access Level entry. you can enable or disable group inheritance. 1. View. For details. Locate the object whose rights you want to modify. If the user is not listed. 6. When applied to a group. Go to the Objects or Folders management area of the CMC. The Net Access column now displays the effective rights that the user has to the object. ensure that both types of inheritance are enabled in the parent folder’s advanced rights settings. You are returned to the object’s Rights tab. or Full Control) that is appropriate for the user. see “Inheritance with advanced rights” on page 328. The Net Access column now displays the effective rights that the user or group has inherited for this object.

2. the CMS determines the user’s rights to that object. To take full advantage of inheritance patterns and Advanced rights settings. For complete details on setting up a system that makes sense for your BusinessObjects Enterprise system. keep in mind that you can always assign a user a specific set of rights. The CMS immediately denies any right that is explicitly denied. Tip: If an individual user’s account has not been assigned any rights to the object. this option does not appear if you are setting rights for a group. and its various possible outcomes. If folder inheritance is enabled for the user. see “Group and folder inheritance” on page 326. If the user possesses sufficient rights. Although the calculations performed by the CMS can become quite complex. the CMS permits the user to perform the requested action. The CMS determines 328 BusinessObjects Enterprise Administrator’s Guide . it is useful to understand not only the types of inheritance that are available. Calculating a user’s effective rights When a user attempts to perform an action on a BusinessObjects Enterprise object. For more information on the two types of inheritance. To calculate the user’s effective rights. The CMS checks the rights that have been directly granted or denied to the user’s account. but also the ways in which a user’s effective rights are calculated by the CMS. The algorithm is described here and then illustrated in a different way using pseudocode: 1. the settings for inheriting rights from parent folders or groups serve as powerful tools that allow you to customize inheritance patterns in many ways. the CMS determines the rights that the user has to the object’s parent folder. is provided for administrators and/or system architects who prefer to know exactly how the CMS calculates the rights a user has to any object. As the result. This sequence of steps. then group inheritance is enabled by default. there are several ways to keep your object security model clear. On the Advanced Rights pages. Tip: When modifying inheritance patterns with Advanced rights settings. see “Customizing a ‘topdown’ inheritance model” on page 331. and easy to maintain.13 Controlling User Access Controlling users’ access to objects Inheritance with advanced rights When you apply an Advanced set of object rights to a user or group for a particular object. Note: You see the “Username will inherit rights from its parent groups” option if you are setting rights for a user. consistent. you can make all your object rights settings at the group level to save administrative effort. the CMS follows a complex algorithm. you can enable or disable group and folder inheritance together or individually. either by explicitly applying a predefined access level. or by explicitly applying an Advanced setting in which both types of inheritance are disabled.

When you disable folder inheritance for a user. and 5). and folder inheritance is enabled for a group that the user belongs to. The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). the CMS grants the user only those rights that he or she has been explicitly granted. when both types of inheritance are enabled. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied. the CMS determines the rights specified on the object for each of the groups that the user belongs to. If group inheritance is enabled for the user. you reduce this algorithm to three different steps (1. you reduce this algorithm to two steps (1 and 5). This pseudocode is provided as another way to illustrate and describe the algorithm that the CMS follows in order to determine whether a user is authorized to perform an action on a particular object: IF { (User granted right to object = True) OR [ (Inherit Parent Folder Rights = True) AND (User granted right to parent folder = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to object = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to parent folder = True) ] } BusinessObjects Enterprise Administrator’s Guide 329 . The CMS completes the algorithm by denying any rights that remain “Not Specified. The CMS denies any right that is explicitly denied (even if the right had already been explicitly granted). 5. In both cases. and 5). As the result. When you disable group inheritance for a user. When you disable both types of inheritance for a user. 3. Thus. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied.” 4. these rights by ascending the inheritance tree to the level at which the inherited rights begin to take effect.Controlling User Access Controlling users’ access to objects 13 3. If group inheritance is enabled for the user. This provides you with the least complicated way of ensuring that a user has only those rights that you have explicitly granted to him or her for a particular object. then the CMS determines the rights that the group has to the parent folder. 2. you reduce this algorithm to three steps (1.

330 BusinessObjects Enterprise Administrator’s Guide . the Manager user is effectively denied the ability to see the folder. and the “Respect current security by inheriting rights from parent groups” check box is selected. To remedy this situation. Denied rights take precedence over granted rights. This can cause seemingly contradictory results when inheritance is enabled. In this scenario. For the same folder. Where relevant. these considerations appear elsewhere in this chapter. The Manager user is a member of the Sales group. or you could remove the Manager user from the Sales group. Because denied rights take precedence. the Manager user is both granted and denied the “See object” right to the folder. you could clear the “Respect current security by inheriting rights from parent groups” check box on the Advanced Rights page for the Manager user. the “View objects” right has been explicitly granted to a Manager user.13 Controlling User Access Controlling users’ access to objects AND { (User denied right to object = False) AND [ (Inherit Parent Folder Rights = False) OR ((Inherit Parent Folder Rights = True) AND (User denied right to parent folder = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to object = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to parent folder = False)) ] } THEN { User action authorized = True } ELSE { User action authorized = False } Priorities affecting advanced inheritance settings When you modify inheritance patterns with advanced rights. They have been summarized here for reference. Suppose that the “View objects” right is explicitly denied to a Sales group for a particular folder of reports. there are several important considerations to keep in mind. so long as the user account inherits rights from its parent group (Sales).

On the Advanced Rights page for any object. you may decide to add users to each group and to publish objects to each folder. As you add folders and subfolders to the system. and advanced rights. By making all of your security settings at the group and folder levels. you increase the rights of users and groups. users and groups cannot access any objects on the system. To this purpose. or you can create new groups that correspond to those used in the tutorial. BusinessObjects Enterprise Administrator’s Guide 331 . so too can that system become more difficult and time-consuming to maintain. BusinessObjects Enterprise automatically denies rights that are not specified. the Inherited Rights column may label certain rights as “Not Specified. This section recommends two general ways of setting up object security such that you achieve the desired security levels without complicating future administrative tasks. all users and groups are first granted rights to all objects on the system. To prevent possible security breaches. you can customize your object-level security environment in many ways.Controlling User Access Controlling users’ access to objects 13 Rights that are not specified are denied by default. or LDAP groups when following along with these tutorials. you decrease the rights of users and groups. see “Creating groups for the tutorials” on page 332. in order to secure particular BusinessObjects Enterprise content. As you add folders and subfolders to the system. inheritance. After finishing each tutorial.” This entry denotes rights that are neither granted nor denied by inheritance. this section provides two tutorials that shows how to set up object security from the top-level folder (the root folder) down: • “Setting up an open system of decreasing rights” on page 334 This detailed tutorial creates an open security model. as required. • “Setting up a closed system of increasing rights” on page 346 This shorter tutorial creates the basis for closed security model. you reduce the administrative efforts now and later. NT. By default. If you do so. You can use your own Enterprise. you will specify the object rights that particular groups have to certain folders on the system. Customizing a ‘top-down’ inheritance model With the flexibility offered by object rights. For details on setting up these groups and subgroups. as required. However. in order to grant access to particular BusinessObjects Enterprise content. By default. as the complexity of any security system increases. In each tutorial. each user will inherit the appropriate rights for every folder and object on the system.

Sales Japan. The four primary groups are named Administrators. type This group contains all users who work in Marketing. The Marketing group is added to the system and the page is refreshed. Everyone. 5. and Marketing. Click OK. 332 BusinessObjects Enterprise Administrator’s Guide . In the Group Name field. Repeat steps 1 to 5 to create another group called Sales. 2. and Sales Managers subgroups. 3. you need only create the Sales group and its Sales USA. To create the Sales and Marketing groups Go to the Groups management area of the CMC.13 Controlling User Access Controlling users’ access to objects Creating groups for the tutorials The object security tutorials make use of eight Enterprise groups. 1. and Sales Report Designers. Use this description for the group: This group contains all users who work in Sales (worldwide). Note: For the shorter tutorial entitled “Setting up a closed system of increasing rights” on page 346. Click New Group. 4. 6. Tip: Click the Users tab if you want to add your own users to this group. type Marketing. The Sales group has four additional subgroups: Sales USA. The Administrators and Everyone groups are created by default when you install BusinessObjects Enterprise. Sales Japan. Sales Managers. Sales. In the Description field. The new group’s Properties tab appears. so these two procedures show only how to create the remaining groups for the tutorials.

type This group contains all users who work in Sales in the USA. The Sales USA group is added to the system and the page is refreshed. Tip: Click the Users tab if you want to add your own users to this group. 2.Controlling User Access Controlling users’ access to objects 13 1. Click New Group. Click the Member of tab. then click the > arrow. In the Group Name field. Click OK. The Modify Member of page appears. then click the Member of button. 7. type Sales USA In the Description field. To create the Sales subgroups Go to the Groups management area of the CMC. as displayed here: BusinessObjects Enterprise Administrator’s Guide 333 . The Sales group is added to the “Sales USA is a member of” list. 6. 4. In the Available groups list. select Sales. 3. 5.

wherein groups of users are first granted rights to all objects on the system by default. 9. Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials. 334 BusinessObjects Enterprise Administrator’s Guide . Setting up an open system of decreasing rights This tutorial shows how to create an open security model. as required. As you add folders and subfolders to the system. you decrease the rights of users and groups. You are returned to the “Member of” tab. Use the following values for the Group Name and Description fields: Group Name Sales Japan Description This group contains all users who work in Sales in Japan. all of the new groups are displayed as follows: You are now ready to proceed to either of the object security tutorials: • • “Setting up an open system of decreasing rights” on page 334. The Sales USA group is now a member (or subgroup) of the Sales group. Sales Managers This group contains all users who manage a Sales team. Click OK. in order to secure particular BusinessObjects Enterprise content.13 Controlling User Access Controlling users’ access to objects 8. Sales Report Designers This group contains all users who design and publish reports for the Sales teams. If you now return to the Groups management area of the CMC. “Setting up a closed system of increasing rights” on page 346.

For a shorter. Sales Managers require Full Control access to the management reports. or other object that you add to this top-level folder will by default inherit rights from this folder. Sales Managers are allowed to refresh most reports against the database to view the most recent data. Sales staff can also view reports for their own regions. report. he or she can view and refresh reports from all regions. less detailed tutorial. Changing default rights on the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder. you are creating folders for several groups within your organization. Sales Report Designers require custom administrative privileges to all Sales folders. Sales Managers are allowed to refresh most reports against the database to view the most recent data. The Sales groups need a hierarchy of folders containing worldwide reports. you minimize the need to repeatedly customize object rights throughout your folder hierarchy. These are your security requirements for each folder: • • • • • Everyone must be able to view the majority of your reports.Controlling User Access Controlling users’ access to objects 13 In this scenario. you set security on the top-level folder in order to meet your first three security requirements: • • • Everyone must be able to view the majority of your reports. see “Setting up a closed system of increasing rights” on page 346. You have some reports that you want to add to the system immediately. you also need to give some users the ability to add subfolders and to publish reports. and management reports: • • • • All Sales staff can view worldwide reports. Each subfolder. Because some groups plan to add their own reports later. Administrators require Full Control access to all folders and objects on the system. So. regional reports. The Marketing group needs Full Control access to its own set of folders that no other user can access (other than Administrators). Administrators require Full Control access to all folders and objects on the system. BusinessObjects Enterprise Administrator’s Guide 335 . This folder serves as the root for all other folders and objects that you add to the system. With this procedure. by setting rights here first. If the staff member is also a Manager.

In the Select Operation list. 8. 5. 7. You now need to reduce the rights of the Everyone group and to increase the rights of the Sales Managers. 336 BusinessObjects Enterprise Administrator’s Guide . and select View. Click Add/Remove. You are returned to the Rights tab on the Settings page. 3. the Everyone and the Administrators groups are granted access to this folder. create folders for all of your generally accessible inventory reports. click Add/Remove Groups. In the Available groups list. Administrators. You might. 6. for instance. This provides the Sales Managers group with sufficient rights to refresh reports. 4.13 Controlling User Access Controlling users’ access to objects 1. purchasing order reports. To change the rights on the top-level folder Go to the Settings management area of the CMC. and Sales Managers groups will initially inherit these rights for any folders. Now you will customize the top-level rights for the Sales Managers group. Now that you have created an open basis for your object security model. Click Update. The rights for the Everyone group are reduced and the View access level is now displayed in the Net Access column. select Sales Managers. Ensure that you grant the Sales Managers group View On Demand access. you will create a private folder called Marketing Only and ensure that only the appropriate group of users has access to its contents. If necessary. your system meets your first three security requirements. Now. and so on. change the Access Level list and click Update. 2. Click the > arrow. you will proceed to restricting access to certain folders within the system. Decreasing rights to a private folder Another security requirement for this tutorial is that the Marketing group needs Full Control access to their own set of folders that no other user can access. The Everyone. Click the Access Level list that corresponds to the Everyone group. then click OK. subfolders. or reports that you subsequently publish to BusinessObjects Enterprise. The Add/Remove page appears. customer list reports. To accomplish this. By default. Click the Rights tab.

Click the Access Level list that corresponds to the Marketing group. On the Properties tab. click Add/Remove Groups. In the Available groups list. The Add/Remove page appears. To decrease rights to a private folder Go to the Folders management area of the CMC. Click Update. Click the > arrow. 7. Next. Click Add/Remove. type Marketing Only In the Description field. 6. Before setting the rights for each group. Members of this group now have the ability to perform all tasks in this folder. The Net Access column shows that you have secured this folder from all users other than Administrators. Click OK. you need to customize the rights that various Sales groups have to a hierarchical set of Sales folders. you will grant the Marketing group Full Control access to this folder. and subfolders. you will see how to create multiple folders quickly when you publish a set of reports to BusinessObjects Enterprise. 4. In the Access Level column. and select Full Control. 13. You are returned to the Rights tab. You need to change the default setting to grant them Full Control access. and export reports to all available destinations and formats. 2. 5. The Marketing group is granted access to the folder. schedule. Click New Folder. Administrators: (Inherited Rights) Everyone: No Access Sales Managers: No Access Click Update. folders. 9. In the Select Operation list. 14. 12. then click OK. select the following rights for each group: • • • 8. They can add and delete reports. 10. To complete this tutorial. The Net Access column shows that you have granted the Marketing group Full Control access to this folder.Controlling User Access Controlling users’ access to objects 13 1. 11. in the Folder Name field. Click the Rights tab. type This folder is accessible only to Marketing. select Marketing. 3. BusinessObjects Enterprise Administrator’s Guide 337 . and they can view.

all Sales staff can view the worldwide reports. 338 BusinessObjects Enterprise Administrator’s Guide . the Publishing Wizard provides the quickest way to add content and create folders at the same time. create a set of folders that correspond to the folders you want to add to BusinessObjects Enterprise. The regional reports will go in subfolders that are accessible only to users who belong to the appropriate regional Sales group. depending upon your version of BusinessObjects Enterprise). However. regional reports. and management reports.rpt files) in the new folders on your local hard drive. If you do not have any of your own reports. Otherwise. Note: To complete this procedure. 1. so the folder for those reports requires the lowest level of security. The management reports will be located in subfolders of each of the regional folders. for example. You could create this set of folders using the CMC. In this case. To create a set of folders while publishing reports On your local hard drive. as in the earlier sections of this tutorial. Because this tutorial sets up a system of decreasing rights. They require a hierarchy of folders containing worldwide reports. de. or jp. fr. en. Arrange your reports (. you will first create a set of folders that places the most general content at the top of the directory tree. you must place at least one report file in each of the folders that you have created on your local hard drive. The sample reports are typically installed to C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Samples\language \Reports (replace language with. if you already have a set of reports. For this tutorial. the Publishing Wizard will not create the appropriate directories on the BusinessObjects Enterprise system. use some of the sample reports included with BusinessObjects Enterprise. the Sales folders are named and arranged hierarchically as follows: 2.13 Controlling User Access Controlling users’ access to objects Publishing a set of folders and reports The final security requirements for this tutorial are related to the Sales group and its subgroups.

type the name of the CMS to which you want to add objects. From the Authentication list. 8.Controlling User Access Controlling users’ access to objects 13 3. In the System field. Select the Include subfolders check box. The Select A File dialog box appears. select the appropriate authentication type. 4. click Next. when it appears. 9. and then click OK. Select the top level Worldwide Sales folder that you created on your local hard drive. 6. start the Publishing Wizard and. 10. Click Next. From the BusinessObjects Enterprise XI Programs group. type your BusinessObjects Enterprise credentials. BusinessObjects Enterprise Administrator’s Guide 339 . 7. Click Add Folders. In the User Name and Password fields. 5.

In the Specify Location dialog box. All of the reports are added to the list. 11. Click Next. 13. as shown here: 340 BusinessObjects Enterprise Administrator’s Guide . Name the folder Worldwide Sales and ensure that it is located at the top of the directory tree. The Specify Location dialog box appears.13 Controlling User Access Controlling users’ access to objects You are returned to the Select A File dialog box. 12. click New Folder.

see “Publishing with the Publishing Wizard” on page 376. then click Next. it displays a summary: 18. Select Duplicate the folder hierarchy to duplicate the local folder hierarchy on the BusinessObjects Enterprise system. Click Next. Proceed through the rest of the Publishing Wizard and make any desired changes to your reports. The Confirm Location dialog box appears. 16. You can see here that the Regional Sales folders will be created below the Worldwide Sales folder. and the Managers Only folders will be created as additional subfolders. The actual report files are arranged in the appropriate folders. When the Publishing Wizard has added the reports and folders to the system. 15. BusinessObjects Enterprise Administrator’s Guide 341 . 17. Click Finish to close the Publishing Wizard. Tip: If you are publishing sample reports for the purpose of this tutorial. The Specify Folder Hierarchy dialog box appears. Click Next.Controlling User Access Controlling users’ access to objects 13 14. For more information on the rest of the Publishing Wizard. click Next to accept all the default values.

click Add/Remove Groups. 342 BusinessObjects Enterprise Administrator’s Guide . 4. Click the link to the Worldwide Sales folder. On the folder’s Rights tab. he or she can view and refresh reports from all regions. then click OK. You are returned to the Rights tab. Tip: Use CTRL+click to select multiple groups. In the Select Operation list. To set the base rights on the Worldwide Sales folder Go to the Folders management area of the CMC. In the Available groups list. 5. select Sales and Sales Report Designers. 2. Sales Report Designers require custom administrative privileges to all Sales folders. Setting the base rights on the Sales folders Now that you have used the Publishing Wizard to add reports and create the appropriate folders and subfolders. you are ready to set the object rights for each level of reporting content. Click the > arrow. click Add/Remove. 6. Sales Managers require Full Control access to the management reports. If the staff member is also a Manager. 1.13 Controlling User Access Controlling users’ access to objects You are now ready to set each Sales group’s object rights for the new set of Sales folders. 3. The security requirements are as follows: • • • • All Sales staff can view worldwide reports. Sales staff can also view reports for their own regions.

In the Access Level list for the Sales Report Designers group. To create a group of Sales folder administrators If you are not already there. Click Apply. clear the “Worldwide Sales” will inherit rights from its parent folders check box. you can accomplish this with the Full Control access level. You will use advanced rights to make these changes in the next procedure. you will not let any group member delete objects that have been added to a Sales folder. go to the Rights tab of the Worldwide Sales folder. You will use this page to grant group members a high level of control over the folder and its contents. 8. You now need to grant the Sales Report Designers group a set of advanced rights. The Net Access column is updated to show your new security settings. uses advanced rights to grant the Sales Report Designers group a particular set of administrative privileges to all Sales folders. In general. so group members can administer all the Sales folders. The Advanced Rights page appears. Creating a group of folder administrators This section of the tutorial shows how to provide a particular group of users with a customized level of administrative control over a set of folders. 1. however. Now that you have disabled all rights inheritance. • • Modify the rights users have to objects Delete objects BusinessObjects Enterprise Administrator’s Guide 343 . In the Explicitly Denied column. For now. select Advanced. Click Update.Controlling User Access Controlling users’ access to objects 13 7. 2. leave the Access Level list with the default settings. select the following rights: 4. This example. To ensure that you completely break all inheritance patterns. select the following rights for each group: • • • • • Administrators: Inherited Rights Everyone: No Access Sales: View Sales Managers: Inherited Rights Sales Report Designers: This group requires additional rights to publish content to this folder. the advanced rights that you specify will be the only rights that group members have to the folder. 5. In the Access Level column. However. 3.

you could deny the “Copy objects to another folder” right.13 Controlling User Access Controlling users’ access to objects Tip: You may choose to explicitly deny additional rights to suit your needs. 6.JP folder. he or she can view and refresh reports from all regions. 5. 6. 2. For instance. 7. Now that you have set object rights on the uppermost Sales folder. If the staff member is also a Manager. In the Explicitly Granted column. 4. Or. you will proceed to decrease rights as you descend the folder hierarchy. to prevent these folder administrators from copying confidential reports to public folders. To decrease rights to the regional Sales folders Go to the Regional Sales . Click the > arrow. Click Add/Remove. 1. you could deny the “Define server groups to process jobs” right. if you prefer to retain all administrative control over report-processing servers. select all remaining rights. In the Available groups list. 3. In the Select Operation list. Tip: Click the Advanced link in the Net Access column when you need to review or modify a set of advanced rights that have already been applied to a user or group. select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: No Access 344 BusinessObjects Enterprise Administrator’s Guide .JP folder and click its Rights tab. click Add/Remove Groups. In the Access Level column. You will use the various Sales groups to decrease rights appropriately for each Regional Sales folder. You are returned to the Rights tab of the Regional Sales . You are returned to the Rights tab for the Worldwide Sales folder. select Sales Japan. Click OK. then click OK. The Net Access column now shows that the Sales Report Designers group has Advanced rights to this folder. Decreasing rights to the Sales subfolders Recall that the security requirements for the regional sales reports are as follows: • • Sales staff can view reports for their own region and can refresh these reports against the database to view the most recent data.

The Sales Report Designers retain their advanced rights. 2. and Sales Report Designers groups all have Full Control access to the folder. Sales Japan: View On Demand Sales Managers: Inherited Rights Sales Report Designers: Inherited Rights Click Update. Go to the Regional Sales . select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights BusinessObjects Enterprise Administrator’s Guide 345 . 1. which allows them to refresh reports against the database to view the latest data. To decrease rights to the Managers Only folders Go to the Regional Sales . 6. select the following rights for each group: • • • • • • 4. Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights Sales Japan: No Access Sales Managers: Full Control Sales Report Designers: Inherited Rights Click Update. 5. 7. Members who do not belong to one of these groups are completely restricted from the folder. and all other users are prevented from accessing the folder (except for Administrators). but grant View On Demand access to the Sales USA group (instead of to the Sales Japan group). Sales Managers. In the Access Level column. Repeat steps 1 to 6 for the Regional Sales . 3. In the Access Level column. As required. 8. The Net Access column shows your new security settings. Click the link to the Managers Only folder and click its Rights tab. The Rights tab of this Managers Only folder now shows that the Administrators. Click the link to the Managers Only folder and click its Rights tab. the Sales Japan and the Sales Managers groups have View On Demand access.JP folder and click its Subfolders tab.Controlling User Access Controlling users’ access to objects 13 • • • 7.USA folder and click its Subfolders tab.USA folder. You are now ready to complete the tutorial by customizing security for the final level of Sales folders—the Managers Only folders.

The Rights tab of this Managers Only folder shows again that the Administrators. as required. InfoView. so they can access their BusinessObjects Enterprise content. Thus. Sales Managers: Full Control Sales Report Designers: Inherited Rights Sales USA: No Access Click Update. and then gradually increases access to subfolders further down the folder hierarchy. Sales staff can only view reports for their own region. Because this scenario first completely restricts access to the top-level folders. In this scenario. The Sales groups need a hierarchy of folders containing management reports and regional reports: • • Only the Sales Managers can view the management reports and all regional reports.13 Controlling User Access Controlling users’ access to objects • • • 8. wherein groups of users are first denied rights to all objects on the system by default. You can access these applications from the Client Samples area of the Crystal Enterprise Launchpad. the results are essentially incompatible with the design of InfoView. you increase the rights of users and groups. adheres to a hierarchical view of the system’s folder structure. they have no way of browsing its subfolders (even if they have Full Control over those subfolders 346 BusinessObjects Enterprise Administrator’s Guide . Administrators require Full Control access to all folders and objects on the system. Sales Managers. by contrast. and Sales Report Designers groups all have Full Control access to the folder. if users cannot access a top-level folder. you are creating folders for several groups within your organization. You have now reached the end of this tutorial. The sample Report Thumbnail Client and the Inframe Client applications provide examples that are compatible with a closed security model. Members who do not belong to one of these groups are completely restricted from the folder. The closed security model works best when you deploy a web desktop or other application that provides users with a list of all reports and/or folders to which they have access. As you add folders and subfolders to the system. Setting up a closed system of increasing rights This tutorial shows how to set up the basis for a closed security model. These are your security requirements for each folder: • • • The majority of your reports should be inaccessible to most users.

you have to break all inheritance patterns in order to grant the same right further down the folder hierarchy. To change the rights on the top-level folder Go to the Settings management area of the CMC. you minimize the need to repeatedly customize object rights throughout your folder hierarchy. and select No Access. So. Click the Rights tab.Controlling User Access Controlling users’ access to objects 13 and their contents). This procedure gives the Everyone group No Access to all published content. Click Update. report. 2. more detailed tutorial. You need only reduce the rights of the Everyone group. you set security on the top-level folder in order to meet your first two security requirements: • • The majority of your reports should be inaccessible to most users. however. If you implement this closed security model in conjunction with InfoView. Restricting access from the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder. Click the Access Level list that corresponds to the Everyone group. by setting rights here first. Administrators require Full Control access to all folders and objects on the system. or other object that you add to this top-level folder will inherit rights from this folder by default. The rights for the Everyone group are reduced and No Access is displayed in the Net Access column. BusinessObjects Enterprise Administrator’s Guide 347 . be able to search for reports by name or description. This folder serves as the root for all other folders and objects that you add to the system. Each subfolder. they will be unable to browse subfolders once you make this initial security setting. 3. Users will. Note: If users access reports through BusinessObjects Enterprise. Do not use advanced rights to explicitly deny rights to the Everyone group (or any other group) at the top-level folder of your BusinessObjects Enterprise system. With this procedure. 4. users will need to search for specific reports by name or description. For a lengthier. see “Setting up an open system of decreasing rights” on page 334. This is how you set the basis for a closed security model. because once a right has been explicitly denied. 1.

Click New Folder. In the Available Groups list. To provide minimal access to the management reports Go to the Folders management area of the CMC. 5. and the Administrators group retains Full Control in order to maintain the system. The Rights tab now shows that the Sales Managers group has View access to this folder and to any objects that you subsequently publish to it. As required. With these procedures. You are returned to the Rights tab of the Management Reports folder. Click the Access Level list for the Sales Managers group. your system meets your first two security requirements. Increasing access by descending the folder hierarchy The remaining security requirements for this tutorial are related to the Sales group and its subgroups. in the Folder Name field. you create the folder hierarchy and set access levels in order to meet the remaining security requirements: • • 1. 348 BusinessObjects Enterprise Administrator’s Guide . Only the Sales Managers can view the management reports and all regional reports. In the Select Operation list. the Everyone and Administrators groups have inherited the rights that you set on the top-level BusinessObjects Enterprise folder. Click the > arrow. Now that you have created a closed basis for your object security model. 9. then click OK. click Add/Remove. select Sales Managers. 6. 8. Because this tutorial sets up a system of increasing rights. 3. Sales staff can only view reports for their own region. click Add/Remove Groups. type Management Reports Click OK. They require a hierarchy of folders containing management reports and regional reports. 2. 4. On the Properties tab. On the Rights tab. The new folder is created and the page is refreshed. you will increase access to certain folders within the system. 10. The Everyone group is prevented from seeing all subsequently published content. the most secure content will be stored at the top of the directory tree.13 Controlling User Access Controlling users’ access to objects Now. Click Update. 7. and select View.

the Rights tab of the Regional Reports . On the Subfolders tab. In the Select Operation list. On the Properties tab. The Administrators. 10. In the Available Groups list. 9. 4. You can grant or deny users access to the Central Management Console. 7. 11. and Sales Managers groups automatically inherit the appropriate rights for this folder. The Rights tab now shows that the Sales Japan group has View access to this folder and to any objects that you subsequently publish to it.JP Click OK. type Regional Reports . For InfoView. In the Access Level list for the Sales Japan group. 6. click Add/Remove. When you finish. click New Folder. 5. in the Folder Name field. On the Rights tab. 8. you can grant users or groups the ability to: • • • change their preferences organize folders search BusinessObjects Enterprise Administrator’s Guide 349 . click Add/Remove Groups. then click OK. select Sales Japan. Controlling access to applications You can use rights to control users’ access to certain features in BusinessObjects Enterprise applications. Click the > arrow. Click Update. To provide selective access to the regional reports If you are not already there. You are returned to the Rights tab of the Management Reports folder. 3. Everyone. The new folder is created and the page is refreshed.Controlling User Access Controlling access to applications 13 Now you need only create folders for the regional reports and grant access to the appropriate regional Sales groups. Repeat this procedure to create a subfolder called Regional Reports USA and to provide the Sales USA group with View access to the folder. You have now reached the end of this tutorial. select View. 1. 2.USA folder shows that you have set the rights as required for this tutorial. go to the Management Reports folder.

Click the Rights tab. Tip: If you have many users on your system. in the Select Operation list. On the Add/Remove page. or Remove Users. if you have already created your users’ folders using a standard naming convention. 350 BusinessObjects Enterprise Administrator’s Guide . Add Users. 2.13 Controlling User Access Controlling access to applications • • filter object listings by object type view the Favorites folder For example. you may want to deny your users the ability to organize their own folders. Note: By default. Click Add/Remove to add users or groups you want to give access to the features. then use the “Look for” field to search for a particular account. select the Add Users operation. On the Rights tab. Click OK. Select the user or group you want to grant access to the features. To grant access to a Business Objects application’s features Go to the BusinessObjects Enterprise Applications management area of the CMC. 8. 3. 6. 7. 1. 4. 5. select Add/ Remove Groups. click Advanced. all users have access to these features. Click the link for the application whose access rights you want to change.

Explicitly Granted. For each feature. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. Or you may have one administrator who handles high-level management of BusinessObjects Enterprise. For example. it can be very helpful to delegate responsibility to other managers and groups. With all of the tasks facing a BusinessObjects Enterprise administrator. BusinessObjects Enterprise Administrator’s Guide 351 . but you want all server management to be handled by people in your IT department. groups. Controlling administrative access In addition to controlling access to objects and settings. servers. and server groups. Note: For the Web Intelligence application.Controlling User Access Controlling administrative access 13 9. you may want people from different departments to manage their own BusinessObjects Enterprise users and groups. This section describes how to grant rights for managing users. make sure you grant access to the Allows interactive HTML viewing option in order for users to be able use the Interactive view format and use the Query HTML panel. Click OK. or Explicitly Denied for the user or group. you can use rights to divide administrative tasks between functional groups within your organization. choose Inherited. 10.

Note: For complete details on the predefined access levels and advanced rights. see “Rights and Access Levels” on page 563. In the Select Operation list. or Remove Users. Tip: If you have many users on your system. Click OK. 1. Click Add/Remove to add users or groups that you want to give access to the selected user or group. Controlling access to user inboxes When you add a user. only the user and the administrator have the right to access a user’s inbox. By default. 2. as required. 6. For more information. then use the “Look for” field to search for a particular account. Select the user or group you want to grant access to the specified user or group. Use the following procedure to change the access rights to a user’s inbox as needed. 10. you can specify that you want the system to store the report instances in the inbox of one or more users. You can also send existing report objects or instances to a user’s inbox by using the “Send to” feature. On the Rights tab. 7. choose Advanced. User inboxes can serve as destinations for scheduled reports. 5.13 Controlling User Access Controlling administrative access Controlling access to users and groups You can delegate user and group administration to the appropriate people in your organization by granting specific access rights. Add Users. Click Update. select the Add Users operation. The inbox has the same name as the user. change the Access Level for each user or group. 4. 352 BusinessObjects Enterprise Administrator’s Guide . 3. the system automatically creates an inbox for that user. and “Sending an object or instance” on page 420. Click the Rights tab. see “Selecting a destination” on page 481. 8. When scheduling a report. The Add/Remove page appears. To choose specific rights. To grant access to a user or group Go to the Users or Groups management area of the CMC. Select the user or group you want to grant access to. select Add/Remove Groups. 9.

or Remove Users. see “Rights and Access Levels” on page 563. 5. 2. 1. 3. you may want to limit server management to the BusinessObjects Enterprise administrator. You may also want to delegate BusinessObjects Enterprise server administration tasks to other people. 4. On the Rights tab. Note: For complete details on the predefined access levels and advanced rights. 8. Depending on your system configuration and security concerns. allowing them to perform tasks such as starting and stopping servers. Add Users.Controlling User Access Controlling administrative access 13 1. Select the inbox you want to grant access to. 7. Click the Rights tab. Select the server or server group you want to grant access to. Click Update. you may need to provide access to other people using those servers. change the Access Level for each user or group. In the Select Operation list. 10. select Add/Remove Groups. If your server team needs to perform regular server maintenance tasks that require them to shut down and start up servers. To choose specific rights. you need to grant them rights to the servers. Click Add/Remove to add users or groups that you want to give access to the selected user or group. To grant access to a server or server group Go to the Servers or Server Groups management area of the CMC. 6. as required. choose Advanced. The Add/Remove page appears. Select the user or group you want to grant access to the specified inbox. 2. 3. 9. Click OK. Or you may want different groups within your organization to have control over their own server management. However. BusinessObjects Enterprise Administrator’s Guide 353 . Controlling access to servers and server groups You can use rights to grant people access to servers and server groups. To grant a user access to another user’s inbox Go to the Inbox management area of the CMC. Click the Rights tab. Many organizations have a group of IT professionals dedicated to server management.

5. 5. select Add/Remove Groups. 354 BusinessObjects Enterprise Administrator’s Guide . Click OK. Tip: If you have many users on your system. In the Select Operation list. 1. 8. or Remove Users. see “Rights and Access Levels” on page 563. In the Name column. locate the user or group whose rights you want to specify. If the Access Level is already set to Advanced. choose Advanced. select the Add Users operation. The Add/Remove page appears. To control who has access to a universe Go to the Universes management area of the CMC. Click Update. Note: For complete details on the predefined access levels and advanced rights. as required. 2. Add Users. On the Rights tab. click the list and select Advanced. Select the user or group you want to grant access to the specified server or server group. Add the appropriate user or group and click OK. Click Add/Remove to add users or groups that you want to give access to the selected server or server group. click Add/Remove. 6. 7. then use the “Look for” field to search for a particular account. allowing them to create and view Web Intelligence documents that use universes and connections. Click the link for the universe. To choose specific rights. You are returned to the object’s Rights tab. click the Advanced link in the Net Access column. If the user or group is not listed. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. Controlling access to universes You can use rights to grant people access to universes. 4. Click the Rights tab.13 Controlling User Access Controlling administrative access 4. 3. change the Access Level for each user or group. 9.

If the Access Level is already set to Advanced. click Add/Remove. Click the Rights tab. Add the appropriate user or group and click OK. 5. Click the link for the connection.Controlling User Access Controlling administrative access 13 Controlling access to universe connections You can use rights to grant people access to universe connections. You are returned to the object’s Rights tab. 4. BusinessObjects Enterprise Administrator’s Guide 355 . In the Name column. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. Add the appropriate user or group and click OK. or you can set the rights to individual universe connections. click the Advanced link in the Net Access column. 3. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. You are returned to the object’s Rights tab. locate the user or group whose rights you want to specify. 1. locate the user or group whose rights you want to specify. click the list and select Advanced. 2. 1. If the user or group is not listed. allowing them to create and view Web Intelligence documents that use universes and universe connections. If the Access Level is already set to Advanced. 3. 2. click the list and select Advanced. To view or set the access levels for all universe connections Go to the Universe Connections management area of the CMC. click the Advanced link in the Net Access column. To view or set who has access to a specific universe connection Go to the Connections management area of the CMC. You can either set the rights to all universes by using the Rights button on the Universe Connections page. If the user or group is not listed. In the Name column. click Add/Remove. 4. Click the Rights button.

13 Controlling User Access Controlling administrative access 356 BusinessObjects Enterprise Administrator’s Guide .

Organizing Objects chapter .

It’s good practice to set up folders that represent a structure that already exists in your organization. rather than setting them for each report or object. BusinessObjects Enterprise provides two methods for organizing content: folders and categories. and then use categories to create an alternate filing system that divides content according to different roles in your organization. Then use categories to set up an alternate system of organization. regions. such as departments. such as managers or VPs. new objects that you add to a folder or category inherit the object rights that are specified for the folder or category. Working with folders Folders are objects used to organize documents. 358 BusinessObjects Enterprise Administrator’s Guide . because you can set object rights and limits once at the folder or category level.14 Organizing Objects Organizing objects overview Organizing objects overview Creating an intuitive and logical organizational structure is the key to ensuring that your users can find the information they need quickly and easily. Creating and deleting folders There are several ways to create new folders in BusinessObjects Enterprise. They are useful when there are a number of reports that a department or area requires frequent access to. Because you can set security at the folder level. This organizational model allows you set security on groups of documents based on department or job role. You can use folders to separate content into logical groups. About folders and categories Folders and categories provide you with the ability to organize and facilitate content administration. By default. and setting appropriate rights for them. For example. or even your database table structure. In the Central Management Console (CMC). By combining folders and categories. you could organize your content into departmental folders. you can organize data according to multiple criteria and improve both security and navigation. go to the Folders management area to create new folders and to add subfolders to the existing hierarchy of folder objects. you can use folders as a tool for controlling access to information.

Click New Folder. 1. in effect. For details. The new folder is added to the system. type the name. Creating a new folder This procedure shows how to create a new folder at the top of your folder hierarchy. This example creates a new Marketing folder: 4. 3. 2. Subfolders. subfolders of the top-level (or root) BusinessObjects Enterprise folder. You can now use the Objects. description. and Rights tabs to add objects and to change settings for this folder. This method provides you with an efficient way of creating multiple folders and subfolders at the same time. and its Properties tab is refreshed.Organizing Objects Working with folders 14 Tip: When you publish local directories and subdirectories of reports with the Publishing Wizard. and keywords of the new folder. On the Properties tab. Go to the Folders management area of the CMC. Click OK. BusinessObjects Enterprise Administrator’s Guide 359 . you can duplicate your local directory structure on the BusinessObjects Enterprise system. see “Publishing with the Publishing Wizard” on page 376. Folders created in this way are. Limits.

You can now use the Objects. Click New Folder. 5. Click the Subfolders tab. type the name and description of the new folder. The new folder is added to the system.14 Organizing Objects Working with folders Creating a new subfolder at any level 1. 6. 3. Tip: You can browse through existing subfolders to add a new folder elsewhere in the folder hierarchy. Click OK. and its Properties tab is refreshed. Go to the Folders management area of the CMC. On the Properties tab. The Subfolders tab appears. go to its Subfolders tab. 360 BusinessObjects Enterprise Administrator’s Guide . 4. The initial level of folders is displayed. click the link to the folder where you want to add a subfolder. and Rights tabs to add objects and to change settings for this folder. In the Title column. Subfolders. 2. Limits. When you have found the right parent folder.

BusinessObjects Enterprise treats the folder’s object rights differently. Select the check box associated with the folder you want to delete. and click OK to confirm. reports. locate its parent folder. Copying and moving folders When you copy or move a folder. Select the check box associated with the folder that you want to copy or move. Click Delete. if you move a private Sales folder into a publicly accessible folder. the newly created folder does not retain the object rights of the original. For instance. Tip: Select multiple check boxes to delete several folders from their parent folder. all of the folder’s object rights are retained. 2. the contents of the new Sales folder will be accessible to all users who have rights to the Public folder. Tip: Select multiple check boxes to copy or move several folders from their parent folder to a different folder. if you copy a private Sales folder into a Public folder.Organizing Objects Working with folders 14 Deleting folders When you delete a folder. If the folder you want to delete is not at the top level. To copy or move a folder Go to the Folders management area of the CMC. and other objects contained within it are removed entirely from the system. If the folder you want to copy or move is not at the top level. Then make your selection on the parent folder’s Subfolders tab. Instead. For instance. To delete folders Go to the Folders management area of the CMC. 3. depending upon whether you copy or move the folder: • When you copy a folder. all subfolders. Then make your selection on the parent folder’s Subfolders tab. BusinessObjects Enterprise Administrator’s Guide 361 . the Sales folder will remain inaccessible to most users. 1. the copy inherits the object rights that are set on its new parent folder. • 1. the objects contained within it are also copied or moved. 2. When you move a folder. locate its parent folder.

Adding a report to a new folder You can add objects individually to any folder in a number of ways. Select the Destination folder from the list. Next. Click Copy/Move. as requested. Click OK. Copy to: Makes a copy of the folder. 362 BusinessObjects Enterprise Administrator’s Guide . 4. The Copy/Move Folder page appears. For complete information on publishing reports and other objects. and Show Subfolders to browse the folder hierarchy. Tip: If there are many folders on your system. to the new destination.14 Organizing Objects Working with folders 3. Move to: Moves the folder. Follow this procedure to add a report to a new folder that you have just created. see “Publishing overview” on page 374. or click Previous. Select the action to perform: • • 5. The folder you selected is copied or moved. 6. use the “Look for” field to search.

clear the Generate thumbnail for the report check box. On the Report tab. BusinessObjects Enterprise Administrator’s Guide 363 . To add a report to a new folder Once you’ve created the new folder. Click New Object. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. If you do not know the path. The New Object page appears. open the report in Crystal Reports and click Summary Info on the File menu. in the File name field. Preview the first page of the report and save your changes. Tip: To display thumbnails for a report. 2. 3. Select the “Save preview picture” check box and click OK. 4.Organizing Objects Working with folders 14 1. click Browse to perform a search. type the full path to the report. click its Objects tab.

see “Controlling users’ access to objects” on page 317. Click OK. select the Use Object Repository when refreshing report check box to update these objects now. Tip: If there are many folders on your system. use the “Look for” field to search. 364 BusinessObjects Enterprise Administrator’s Guide . 2. The report is published to BusinessObjects Enterprise. 7. The Add/Remove page appears. and Show Subfolders to browse the folder hierarchy. Ensure that the correct folder name appears in the Destination field. If the report references objects in your BusinessObjects Enterprise Repository. Next. For details about setting up the BusinessObjects Enterprise Repository. see “BusinessObjects Enterprise Repository overview” on page 174. For complete information on object rights. click its Rights tab. 6. new objects that you add to a folder inherit the object rights that are specified for the folder. Specifying folder rights Follow this procedure to change the object rights for a new folder that you have just created. or click Previous. To specify rights for a new folder Once you’ve created the new folder. 1.14 Organizing Objects Working with folders 5. Click Add/Remove to add groups or users to this folder. By default.

as required. see “Controlling users’ access to objects” on page 317. Limits that you set on a folder affect all objects that are contained within the folder.Organizing Objects Working with folders 14 3. At the folder level. select Add/Remove Groups. The page is refreshed and displays options that depend upon whether you are working with users or with groups. 4. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the folder. For more information on limits. select the Add Users operation. Click OK. see “Setting instance limits for an object” on page 498. The example above shows the options that are available when you are working with groups. users. Tip: If you have many users on your system. Setting limits for folders. Change the Access Level for each user or group. Note: For complete details on the predefined access levels and advanced rights. Add Users. In the Select Operation list. Click Update. BusinessObjects Enterprise Administrator’s Guide 365 . and groups Limits allow you to delete report instances on a regular basis. 7. then use the “Look for” field to search for a particular account. you can limit the number of instances that remain on the system for each object or for each user or group. 6. you can also limit the number of days that an instance remains on the system for a user or group. You are returned to the Rights tab. 5. Follow this procedure to enforce default limits on a folder that you have just created. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. or Remove Users.

Modify the available settings according to the types of instance limits that you want to implement. click its Limits tab.) • Delete instances after N days for the following users/groups To limit the age of instances per user or group. select this check box. Select from the available users and groups and click OK. Then type the maximum number of instances that you want to remain on the system.) • Delete excess instances for the following users/groups To limit the number of instances per user or group. Select from the available users and groups and click OK. Then type the maximum number of instances in the Instance Limit column. The available settings are: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object. click Add/Remove in this area. click Add/Remove in this area. (The default value is 100. 2. (The default value is 100. and click Update after each change.) 366 BusinessObjects Enterprise Administrator’s Guide . To limit instances at the folder level Once you’ve created the new folder. Then type the maximum age of instances in the Maximum Days column. (The default value is 100.14 Organizing Objects Working with folders 1.

BusinessObjects Enterprise Administrator’s Guide 367 . When you log on to the CMC and view the list of User Folders. If it is not already displayed. you will see only those folders to which you have View access (or greater). it will not appear in the list. When a user logs on to BusinessObjects Enterprise. A list of subfolders appears. These folders are organized within the CMC as User Folders.Organizing Objects Working with folders 14 In this example. and to keep a maximum of 25 instances that belong to any member of the Administrators group. By default. Managing User Folders BusinessObjects Enterprise creates a folder for each user on the system. Click the User Folders link. 2. there are User Folders for the Administrator and Guest accounts.) 1. (Users can change this default behavior my modifying their Preferences. click the Subfolders tab. these folders are referred to as the Favorites folders. To view the User Folders Go to the Folders management area of the CMC. Within InfoView. two settings have been combined to keep a maximum of 50 instances of any object in the folder. he or she is redirected immediately to his or her Favorites folder. Unless you have View access (or greater) to a subfolder. 3. Each subfolder corresponds to a user account on the system.

2. You can now use the Documents. Subcategories.14 Organizing Objects Working with categories Working with categories Like folders. and its Properties tab is refreshed. 4. BusinessObjects Enterprise provides two types of categories: • • Administrative (or corporate) categories are created by the administrator. Go to the Categories management area of the CMC. you can create administrative categories. The new category is added to the system. Creating a new subcategory at any level 1. 2. You can associate documents with multiple categories. On the Properties tab. In the Central Management Console (CMC). If you have the appropriate rights. see “Importing information from BusinessObjects Enterprise 6. go to the Categories management area to create new categories and to add subcategories to the existing hierarchy of category objects. Note: For information about importing existing categories. Go to the Categories management area of the CMC. categories are objects used to organize documents. Click Update. 3. Creating a new category 1.x” on page 390. and Rights tabs to add objects and to change settings for this category. type the name and description of the new category. and you can create subcategories within categories. 368 BusinessObjects Enterprise Administrator’s Guide . click the link for the category where you want to add a subcategory. Personal categories can be created by each user to organize their own personal documents. In the Title column. The initial level of categories is displayed. Click New Category. Creating and deleting categories There are several ways to create new categories in BusinessObjects Enterprise. or other users who have been granted access to these categories.

any object assigned to the category maintains its association with it. When you have found the right parent category. All of the category’s object rights are retained. 1. To move a category Go to the Categories management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 369 . You can now use the Documents. Moving categories When you move a category. 2. Click the Subcategories tab. Subcategories. The new category is added to the system. To delete categories Go to the Categories management area of the CMC. and its Properties tab is refreshed. For instance. the reports and other objects contained within the category are not deleted from the system. 4. all subcategories within it are remove entirely from the system. Tip: Select multiple check boxes to delete several categories from their parent category. Tip: You can browse through existing subcategories to add a new category elsewhere in the hierarchy. If the category you want to move is not at the top level. locate its parent category. 3. Click Delete.Organizing Objects Working with categories 14 3. 2. Select the check box associated with the category that you want move. the Sales category will remain inaccessible to most users. Then make your selection on the parent category’s Subcategories tab. type the name and description of the new folder. Click New Category. 5. Deleting categories When you delete a category. Select the check box associated with the category you want to delete. Click Update. go to its Subcategories tab. On the Properties tab. 6. and Rights tabs to add objects and to change settings for this category. Unlike folder deletion. if you move a private Sales category into a publicly accessible category. locate its parent category. 1. Then make your selection on the parent category’s Subcategories tab. If the category you want to delete is not at the top level. and click OK to confirm.

Select the check box for the object or objects you want to remove or delete. you remove it from the category only. The New Document page appears. Click OK. To remove or delete objects from a category Go to the Categories or Personal Categories management area of the CMC. The category you selected is moved to the new destination. 3. see “Publishing overview” on page 374. When you remove an object. Select the Destination category from the list. and Show Subcategories to browse the category hierarchy. Next. you remove it from the category and also delete it from the system. 3. 1. Follow this procedure to add a report to a new category that you have just created. When you delete an object. 4. 5. Click Move. 2. 4. The Move page appears. For complete information on publishing reports and other objects. 370 BusinessObjects Enterprise Administrator’s Guide . Adding an object to a new category You can add objects individually to any category in a number of ways.14 Organizing Objects Working with categories Tip: Select multiple check boxes to copy or move several categories from their parent category to a different category. use the “Look for” field to search. To add a report to a new category Once you’ve created the category. 2. Click New Document. 1. Click the Objects tab. Tip: If there are many categories on your system. or click Previous. click its Documents tab. Click the link for the category from which you want to remove or delete an object. Removing or deleting objects from a category You can either remove or delete objects from a category.

By default. The Add/Remove page appears.Organizing Objects Working with categories 14 5. To specify rights for a new category Once you’ve created the category. as required. Note: For complete details on the predefined access levels and advanced rights. The example above shows the options that are available when you are working with groups. 7. click its Rights tab. Change the Access Level for each user or group. Click OK. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the category. 6. depending on what you want to do: • • Click Remove to remove the object from the category only. Click Update. In the Select Operation list. Specifying category rights Follow this procedure to change the object rights for a new category that you have just created. Click either of the following buttons. select the Add Users operation. You are returned to the Rights tab. The page is refreshed and displays options that depend upon whether you are working with users or with groups. Click Add/Remove to add groups or users to this category. see “Controlling users’ access to objects” on page 317. see “Controlling users’ access to objects” on page 317. or Remove Users. For complete information on object rights. Add Users. Click Delete to remove the object from the category and at the same time delete it from the system. new objects that you add to a category inherit the object rights that are specified for the category. 4. select Add/Remove Groups. Tip: If you have many users on your system. then use the “Look for” field to search for a particular account. the object continues to exist in the system. 3. 2. In this case. 1. BusinessObjects Enterprise Administrator’s Guide 371 . 5.

1. A list of the user’s personal categories appears. For more information. Click the user account whose personal categories you want to view. To view the Personal Categories Go to the Personal Categories management area of the CMC. and delete users’ personal categories. 2. see “Managing User Accounts and Groups” on page 249. 372 BusinessObjects Enterprise Administrator’s Guide . edit. you can view.14 Organizing Objects Working with categories Managing personal categories If you are granted the appropriate rights.

Publishing Objects to BusinessObjects Enterprise chapter .

For details. programs. an entry is made in the Central Management Server (CMS) database. For details. Performing tasks remotely. Microsoft PowerPoint files. the appropriate server component then retrieves and processes the object file from the Input File Repository. The processed instance is stored by the Output File Repository Server below the \Enterprise\FileStore\Output\data\ directory. OLAP Intelligence. only these three types of objects have instances. Adobe Acrobat PDFs. Microsoft Word files. Note: Only reports. Creating other objects with BusinessObjects Enterprise plug-in components. When you publish an object to BusinessObjects Enterprise. Use the Central Management Console (CMC) when you are: • • • • Publishing a single object. Using the OLAP Intelligence Application Designer. which consist of report and/or program objects. BusinessObjects Enterprise queries the CMS for the location of the object file. programs. For details. When a user schedules an instance of any object. 374 BusinessObjects Enterprise Administrator’s Guide . Thus. Taking care of other administrative tasks. Microsoft Excel files. see “Publishing with the Publishing Wizard” on page 376. and hyperlinks. Save directly to your Enterprise folders when you are: • • • Designing reports with Crystal Reports. text files. and object packages can be scheduled. The Input File Repository Server stores the new object below the \Enterprise\FileStore\Input\ data\ directory.15 Publishing Objects to BusinessObjects Enterprise Publishing overview Publishing overview Publishing is the process of adding objects such as reports to the BusinessObjects Enterprise environment and making them available to authorized users. as well as object packages. see “Publishing with the Central Management Console” on page 385. see “Saving objects directly to the CMS” on page 387. Are adding multiple objects or an entire directory. There are several types of objects that you can publish to BusinessObjects Enterprise: reports (from Crystal Reports. and Web Intelligence). You can publish objects to BusinessObjects Enterprise in three ways: • Use the Publishing Wizard when you: • • • Have access to the locally installed application. rich text format files.

allowing multiple users to access the report at the same time. and displayed in version XI format. or have frequent data changes. reports are saved. you specify how often an object is run.Publishing Objects to BusinessObjects Enterprise Publishing overview 15 Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. each of them being generated by hitting the Page Server and database. Publishing options During the publishing process. Each unique report page is cached separately. processed. The report instance is static (contains saved data) and is stored on the Cache Server. You can choose to set a schedule (recurring). It’s possible that the Cache Server can contain many copies of the cached report. For RPT report files. Multiple users generating reports at the same time increases the load on the system and the number of times the database is hit. The report instance the users see is based on the selection criteria (parameters and record selection formulas) and schedule set by the administrator. Benefits • • • Users are able to determine the frequency in which the data in the report is updated. Once published to BusinessObjects Enterprise. require separate database logon credentials. this affects when data is refreshed and what data users see.) Each publishing option has potential benefits and drawbacks: • Specifying the data that users see (recurring) This option is recommended for objects that are accessed by a large number of people and that do not require separate database logon credentials. Drawbacks BusinessObjects Enterprise Administrator’s Guide 375 . reducing the number of times the database is hit (and thus system resources are used more effectively). Drawbacks • • Allowing users to update the data in the report (on demand) This option is recommended for smaller reports that use parameters and selection formulas. or you can choose to let users set the schedule themselves (on demand). Benefits • • Users view the same instance of the report. (You cannot schedule OLAP Intelligence reports (CAR files).

click Publishing Wizard. click either Add Files or Add Folders. Repeat steps 1 and 2 for each of the objects you want to add. 2. 3. it will appear in the folder you specified in InfoView (or other web desktop) and in the Objects management area of the CMC. 5. 32-bit Windows application. you may not be able to publish objects using the Publishing Wizard. In the System field. type your BusinessObjects Enterprise credentials. Note: Depending on the rights assigned by your BusinessObjects Enterprise administrator. select the appropriate authentication type. 4. 4.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Publishing with the Publishing Wizard The Publishing Wizard is a locally installed. 3. In the Select Files dialog box. by default this value is set to Report (*. This section of the guide features a series of procedures to help you through the Publishing Wizard.rpt). If you are adding a folder. From the Authentication list. In the User Name and Password fields. 376 BusinessObjects Enterprise Administrator’s Guide . Adding objects 1. The Select Files dialog box appears. Tip: Ensure the appropriate file type is listed in the Files of type field. Navigate to and select the object you want to add. From the BusinessObjects Enterprise XI program group. Only the screens applicable to the objects or folders you are publishing appear. 6. Click Next. you can choose to also add its subfolders by selecting the Include Subfolders check box. Logging on to BusinessObjects Enterprise 1. depending on the type of object you are adding. type the name of the CMS to which you want to add objects. For example. Once the object has been published. Click Next. The wizard is made up of a series of screens. 2. Click Next. the settings for parameters and schedule format do not appear when you publish OLAP Intelligence applications.

BusinessObjects Enterprise Administrator’s Guide 377 . you can delete only new folders and object packages. existing folders are yellow. select a parent folder and then click the New Object Package button. The new object package appears and can be renamed. To add a new object package to the CMS.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 Note: If the Specify Object Type dialog box appears.) If you are adding multiple objects and want to place them in separate directories. see “Duplicating the folder structure” on page 378. choose a file type for each unrecognized object. click the folder you want to add the objects to. Only the folders that you have full control access to will appear. 1. To add a new folder to the CMS. then click Next. select a parent folder and then click the New Folder button. (New folders are green. you must create or select a folder on the host CMS. The Confirm Location dialog box appears. To delete a folder or object package. 2. Click + to the left of the folder to view the subfolders. The Specify Location dialog box appears. In the Specify Location dialog box. Creating and selecting a folder on the CMS To add the selected objects. The new folder appears and can be renamed. select the item and click the Delete button. Click Next. Note: From the wizard.

The Specify Categories dialog box appears.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Moving objects between folders 1. Click Next when you are finished. You can display the objects’ local file names by clicking the “Show file names” button. To delete a folder or object packages. And you can right-click objects to rename them. 1. In the Specify Folder Hierarchy dialog box. objects are displayed using their titles. By default. select Put the files in the same location. You can drag-and-drop objects to place them where you want. You can also add folders and object packages by selecting a parent folder and clicking the New Folder or New Object Package button. select it and click the Delete button. In the Confirm Location dialog box. 2. move objects to the desired folders by selecting each object and then clicking Move Up or Move Down. Duplicating the folder structure If you are adding multiple objects from a directory and its subdirectories. you are asked if you want to duplicate the existing folder hierarchy on the CMS. 378 BusinessObjects Enterprise Administrator’s Guide . To place all of the objects in a single folder. choose a folder hierarchy option.

Choose the topmost folder that you want to include in the folder hierarchy. The object is not run again until you reschedule it. The new category appears and can be renamed. Note: From the wizard. Select one of three intervals: • Run once only Selecting the “Run once only” option provides two more sets of options: • when finished this wizard This option runs the object once when you’ve finished publishing it. Note: This dialog box appears only for objects that can be scheduled. 1. To delete a category or to remove an object from a category. existing categories are blue. In the Specify Categories dialog box. then click the Insert File button. program. In the Specify Schedule dialog box. Adding objects to a category If you want to add the selected objects to a category. and/or object package that you are publishing to run at specific intervals. you can create or select a category on the host CMS. select the object you want to schedule.) 3. The Confirm Location dialog box appears. select Duplicate the folder hierarchy. choose the object that you want to add to the category. 2. click the category you want to add the objects to. BusinessObjects Enterprise Administrator’s Guide 379 . Click + to the left of the folder to view the subfolders. select a parent category and then click the New Category button. To add a new category to the CMS. 2. (New categories are green. you can delete only new categories. select the item and click the Delete button. Changing scheduling options The Specify Schedule dialog box allows you to schedule each report. Click Next.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 To recreate all of the folders and subfolders on the CMS as they appear on your hard drive. The Specify Schedule dialog box appears. 2. In the File list. 1. Click Next.

see “What are report objects and instances?” on page 425. and then select the Use Object Repository when refreshing report check box if you want to refresh it against the repository. 2. 380 BusinessObjects Enterprise Administrator’s Guide . In the Specify Repository Refresh dialog box. Run on a recurring schedule Once you have selected this option. custom functions. bitmaps. For details. The options in this dialog box allow you to choose when and how often the object runs. Select the appropriate options and click the OK button. Refreshing repository fields The BusinessObjects Enterprise Repository is a central location which stores shared elements such as text objects. Tip: Click the Enable All button if you want to refresh all objects that reference the repository. Click Next after you have set the schedule for each object you are publishing. For details about program objects and program object types. Let users update the object This option does not schedule the object. 3. Note: The Specify Repository Refresh dialog box appears only when you publish report objects. click the Disable All button if you want to refresh none of the objects. To complete this task. it leaves the task of scheduling up to the user. select a report. You can choose to refresh an object’s repository fields if the object references the repository. the Publishing Wizard needs to connect to your BusinessObjects Enterprise Repository database from the local machine. click the Set Recurrence button to set the scheduling options. The “Pick a recurrence schedule” dialog box appears. Click Next when you are finished. see “BusinessObjects Enterprise Repository overview” on page 174.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard • • • at the specified date and time This option runs the object once at a date and time you specify. 1. The object is not run again until you reschedule it. Instead. Selecting a program type The Program Type dialog box appears only when you publish program objects. and custom SQL commands. universes.

or shell scripts. In the Program Credentials dialog box. In the Program Type dialog box. click Next. To publish objects without making modifications Select Publish without modifying properties. click Next. The Program Credentials dialog box appears. select a program. In the User Name and Password fields. or you can go through the remaining screens and make changes. Changing default values You can publish objects without changing any of the default properties. • • 3.sh. Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. select a program. 1. 3. The rights of the program are limited to those of the account that it runs as. Specify one of three program types: • Binary/Batch Binary/Batch programs are executables such as binary files.jar file extension.exe. BusinessObjects Enterprise Administrator’s Guide 381 . Specifying program credentials 1. 2. 2. . . or if the parameter values are invalid. Click Next through the wizard’s remaining dialog boxes. your object may not schedule properly if the database logon information is not correct. batch files. Note: If you use the default values. Once you have specified the type of each program you are adding.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 1. The Change Default Values dialog box appears. They generally have a . Script Script program objects are JScript and VBScript scripts. .bat.com. They generally have file extensions such as: . specify the user credentials for the account for the program to run as. You can publish any executable program that can be run from the command line on the machine where the Program Job Server is running. 2. Once you have specified the user credentials for each program to run as.

Enter a new title or description. Tip: The “Generate thumbnail image” check box is available only if the object is an RPT file and was saved appropriately. 4. In the Review Object Properties dialog box. If objects you are adding are of this type. 3. double-click the object. follow these steps. open the report in Crystal Reports and click Summary Info on the File menu. 2. 382 BusinessObjects Enterprise Administrator’s Guide . 2. Changing object properties 1. To review or modify objects before publishing Select Review or modify properties. In the Specify Database Credentials dialog box. 1. To display thumbnails for a report. Entering database logon information Some objects use data sources that require logon information. Click Next. select the object you want to modify. Select the Generate thumbnail image check box if you want users to see a thumbnail of a report object before they open it. or click + to the left of the object to expose the database. Select the “Save preview picture” check box and click OK. Preview the first page of the report and save your changes. The Specify Database Credentials dialog box appears if it is needed. The Review Object Properties dialog box appears.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 1. Click Next.

select the object whose schedule format you want to change. Click Next. Setting parameters Some objects contain parameters for data selection. BusinessObjects Enterprise Administrator’s Guide 383 . Note: Enter user name and password information carefully. enter the number of lines per page. 2. The Specify Format dialog box appears. Setting the schedule output format You can choose an output format for each scheduled report that you publish. In the Set Report Parameters dialog box. and so on). The Set Report Parameters dialog box appears if it is needed. Before such an object can be scheduled. 4. customize the schedule format options. Once you have completed the logon information for each object using a different database. you must set the parameters in order to determine the default prompts. Click Next after you have finished editing the prompts for each object. different dialog boxes appear. 3.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 2. If you want to set the prompts to contain a null value (where possible). 2. if you select Paginated Text. 3. leave the fields blank. 1. you can customize the schedule format options. 3. If it is entered incorrectly. The object’s prompts and default values appear in a list on the right-hand side of the screen. Select a format from the list (Crystal Report. Depending on the type of parameter you have chosen. Microsoft Word. Click Edit Prompt to change the value of a prompt. For example. 1. In the Specify Format dialog box. Where applicable. Adobe Acrobat. then click Set Prompts to NULL. the object cannot retrieve data from the database. Select the database and change the logon information in the appropriate fields. Microsoft Excel. click Next. If the database does not require a user name or password. select the object whose prompts you want to change. For some of the formats.

Finalizing the objects to be added After you have provided all of required information for the objects. Select a program. 3. you are returned to the final screen of the Publishing Wizard. 1. In the Command line area. 2. The objects are added to the CMS. Once you have added all necessary extra files for each program.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Adding extra files for programs Some programs require access to other files in order to run. When the processing is done. the Publishing Wizard displays a final list of the objects that it is going to publish. without parsing. click Next. Once you have specified all necessary command-line arguments for each program. They are passed directly to the command-line interface. type the command-line arguments for your program. 2. The Command line for Program dialog box appears. click Next. you can specify any command-line arguments supported by your program’s command-line interface. and run as specified. Select a program. 3. To view the details for an object. 3. Click Finish to close the wizard. 2. After ensuring all the objects you want to publish have been added to the list. using the same format you would use at the command line itself. Specifying command line arguments For each program. scheduled. 1. 1. Click Add to navigate to and select the necessary file. 384 BusinessObjects Enterprise Administrator’s Guide . click Next. select it from the list.

4. 1. Click New Object. with the Report properties displayed. 3. 2. To add an object with the CMC Go to the Objects management area of the CMC. The New Object page appears. click the type of object you want to add. Enter the object’s properties. BusinessObjects Enterprise Administrator’s Guide 385 .Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console 15 Publishing with the Central Management Console If you have administrative rights to BusinessObjects Enterprise. you can publish objects over the Web from within the CMC. On the left side of the page.

or Script. clear the “Generate thumbnail for the report” check box. Java. Text. Preview the first page of the report and save your changes. Microsoft PowerPoint. Run JScript and VBScript programs as Script program objects. Rich Text Object Package. Tip: To display thumbnails for a report. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. Use Object Report Repository when refreshing report Program Type Program Select this option to automatically refresh an object's repository fields against the repository each time the report runs. Select the “Save preview picture” check box and click OK. Type a description of the object. Title Description Generate thumbnail for the report Type the name of the object. Run all other programs as Executable program objects. Type the URL address of the page you want the hyperlink object to link to. 386 BusinessObjects Enterprise Administrator’s Guide . Hyperlink Report Description Type the full path to the object. Select Executable. Tip: • • • URL Hyperlink Run Java programs as Java program objects. Program.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console The properties that appear vary according to the type of object you are adding: Property File name Object Types Report. open the report in Crystal Reports and click Summary Info on the File menu. or click Browse to perform a search. Microsoft Excel. Microsoft Word. Adobe Acrobat. Hyperlink Object Package.

Tip: • • To expand a folder. When the object has been added to the system. then. For instance. Ensure that the correct folder or object package name appears in the Destination field. If necessary. log on to the Central Management Server (CMS). Specify the folder where you want to save the report and click Save. user rights. click Enterprise Folders. Note: Only report and program objects can be published to object packages. 7.Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 15 5. BusinessObjects Enterprise Administrator’s Guide 387 . when prompted. Click OK. In the Save As dialog box. click Save As on the File menu. you can now modify the object’s properties. such as Crystal Reports or OLAP Intelligence. If you want to place the object in a category. scheduling information. after designing a report in OLAP Intelligence. To search for a specific folder or object package. the CMC displays the Properties screen. select the category from the list. select it and click Show Subfolders. use the Look For field. the database logon information. Saving objects directly to the CMS If you have installed one of the Business Objects designer components. and so on. 6. you can use the Save As command to add objects to BusinessObjects Enterprise from within the designer itself. such as its title and description.

15 Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 388 BusinessObjects Enterprise Administrator’s Guide .

Importing Objects to BusinessObjects Enterprise chapter .

x Crystal Enterprise 10 Crystal Enterprise 9 Crystal Enterprise 8. and reports to your new BusinessObjects Enterprise system. For details. the Import Wizard imports settings that are specific to each object. a global “minimum number of characters” password restriction is not imported.5 Crystal Enterprise 8 Crystal Info 7.x If you have upgraded from BusinessObjects Enterprise 6.x” on page 390 “Importing information from Crystal Enterprise” on page 396 “Importing information from Crystal Info” on page 400. see the section for the product from which you are importing information: • • • “Importing information from BusinessObjects Enterprise 6. and third-party documents to BusinessObjects Enterprise XI. You can import information from any of these products: • • • • • • • BusinessObjects Enterprise XI BusinessObjects Enterprise 6. The Import Wizard runs only on Windows. universes. Web Intelligence documents. universe restriction sets. Importing information from BusinessObjects Enterprise 6. In general.5 The functionality provided by the Import Wizard varies.x. depending upon the product from which you are importing information. use the Import Wizard to import existing user accounts. But a user-level “must change password at next log on” restriction is imported with the user account. groups. For procedural details. For instance. folders. rather than global system settings.16 Importing Objects to BusinessObjects Enterprise Importing information Importing information The Import Wizard is a locally installed Windows application that allows you to import existing user accounts. but you can use it to import information from a source environment that is running on Windows or UNIX to a new BusinessObjects Enterprise system that is running on Windows or on UNIX. connection objects. see “Importing with the Import Wizard” on page 402. groups. 390 BusinessObjects Enterprise Administrator’s Guide . categories.

Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. installdir/nodes/<name of node>/mycluster/user Map this folder if you are importing personal documents and categories. If you need to access the repositories from a 6.x 16 Before importing from BusinessObjects Enterprise 6. you will need to restore them from your backup copies. create data sources on the destination machine for every domain that is part of the source deployment. map drives to the following folders (where installdir represents the BusinessObjects Enterprise 6.x source environment. Note: The Import Wizard modifies BusinessObjects Enterprise 6. Start the following servers in the BusinessObjects Enterprise XI deployment: • • Central Management Server Input File Repository Server and Output File Repository Server BusinessObjects Enterprise Administrator’s Guide 391 . Back up all repositories in the source deployment. • • Stop all servers in the source deployment.5 format before importing data into BusinessObjects Enterprise XI. On the machine that is running the Import Wizard.x repositories to make them consistent with version 6. installdir/nodes/<name of node>/mycluster/mail Map this folder if you are importing the content of users’ Inbox folders.x installation directory). you need to perform the following steps: • • Make sure the Import Wizard is deployed on a Windows machine. Use the Custom installation if you want to install only the Import Wizard on a machine.x Before you use the Import Wizard to import data into the new BusinessObjects Enterprise XI system.x deployment. • • • • • installdir/nodes/<name of node>/mycluster/locdata Map this folder for access to the .key files. The name and configuration details for the data sources must match the data sources in the source deployment. If you are importing from a BusinessObjects Enterprise 6.

connections. When you import a universe from a domain. the Import Wizard also imports connection objects associated with the universe. and objects that are associated with the documents you are importing. Known as document dependency. the Import Wizard automatically selects the associated universe for import. By default. Generally.x universes. this option imports only the objects used by the Web Intelligence documents that you are importing.x into BusinessObjects Enterprise XI.x.16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. the associated connections are imported automatically. You can also use this option if you want to import a subset of selected universes and their dependencies. They are converted into connection objects. an imported object will not overwrite an object with the same name that is already stored in the BusinessObjects Enterprise XI CMS database. There are two ways to import the universes: • • Import all universes. Each universe folder will be named after the corresponding Business Objects 6. This may involve installing database drivers or configuring connection settings on the machine. When you select a Web Intelligence document to import.x The following sections describe what happens to objects that have been imported from BusinessObjects Enterprise 6. Universes You can import universes into the BusinessObjects Enterprise repository. and associated objects. You can select additional universes for import. It also imports universe restriction sets associated with the universe (if the restriction sets are associated with users or groups that are being imported). When you import connection objects from BusinessObjects Enterprise 6. connections. ensure that the Import Wizard can access the database the same way that the BusinessObjects Enterprise 6. Note: • Universe domains are converted into folders under the Universe folder.x accesses it. Import only universes. When you import a universe. it is placed in the corresponding domain folder. You cannot select individual universes or connections to import. You must import all the universes in one batch. • • 392 BusinessObjects Enterprise Administrator’s Guide . the Import Wizard imports the object if it is an object type that is supported by BusinessObjects Enterprise XI. When you import BusinessObjects Enterprise 6.x Importing objects from BusinessObjects Enterprise 6.x universe domain.

they are converted into objects. then all relevant core universes and their connections will also be imported. Added to the Administrators group.x are mapped to default groups in BusinessObjects Enterprise XI as follows: BusinessObjects Enterprise 6.x user. see “Selecting information to import” on page 405.x user profile BusinessObjects Enterprise XI default group Added to the Everyone group. Users are imported into the BusinessObjects Enterprise repository. When restriction sets are migrated.x users and groups can be migrated to BusinessObjects Enterprise XI. • • If a selected universe is a derived universe.x source environment. If no principal users or groups are selected for import. Universe restriction sets The Import Wizard automatically migrates all universe restriction sets that are associated with the imported universes for any of the selected users and groups being imported. you must configure the connections on the destination machine via the Control Panel before you import the connection objects. For each BusinessObjects Enterprise 6. Users and groups All existing BusinessObjects Enterprise 6. a personal category.x and BusinessObjects Enterprise XI (and how they handle rights aggregation). They remain connected to the universes that they were connected to on your existing installation. and an Inbox folder. • • All user profiles General Supervisor BusinessObjects Enterprise Administrator’s Guide 393 . the Import Wizard may create additional restriction sets on the destination deployment in order to preserve the restriction sets for all imported users.Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. For more information about importing universes. if you import SQL Server connection objects from a BusinessObjects Enterprise 6. Because of the differences between restriction sets in BusinessObjects Enterprise 6. Universe restriction sets are migrated using both object names and object IDs to identify universe components. BusinessObjects Enterprise XI creates a user folder. User profiles from BusinessObjects Enterprise 6. no restriction sets are imported.x 16 For example. You must use the exact same name and settings as the connection used on the source machine when you created the domain key.

x BusinessObjects Enterprise 6. but not added to the Administrators group. the Import Wizard sets the effective rights as determined by aggregation rules in the source deployment for the principal user or group on the object in the destination deployment. If effective rights in the source and destination environments do not match for a principal on an object. select all users and groups that are principals on the selected object and ensure that you select the “Enforce rights fidelity” option in the Import Wizard. Note: • • The Import Wizard migrates external users and groups (LDAP or Windows AD users and groups. Added to the Universe Designer Users group. For more information about the migration of security settings. for example).16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6.x security settings are preserved in BusinessObjects Enterprise XI. selected personal categories are imported to a new subfolder (named after the user) under the Personal Categories folder. BusinessObjects Enterprise 6. Corporate (or administrative) categories are imported as categories under the Categories folder. • • • • Supervisor Designer Supervisor-Designer User/Versatile If you want to preserve security settings that are assigned to an imported object.x user profile BusinessObjects Enterprise XI default group Granted appropriate rights on all imported objects. 394 BusinessObjects Enterprise Administrator’s Guide . Added to the Universe Designer Users group. see the BusinessObjects Enterprise Installation Guide. For each imported user. Objects corresponding to the universes and documents contained in these domains are imported to these folders. By default. The “Enforce rights fidelity” option ensures that the effective rights match between the source and destination environments.x right does not map exactly to a BusinessObjects Enterprise XI right. Whenever possible. and categories Universe and document domains are converted to folders named after the respective domains. BusinessObjects Enterprise XI creates folders for Categories and Personal Categories and preserves the hierarchy of subcategories. If a BusinessObjects Enterprise 6. Folders. domains. Added to the Everyone group. the right will not be granted to the user.

x suite. Inbox documents Version 6. BusinessObjects Enterprise Administrator’s Guide 395 .wid format.x deployment. Documents (and universes) cannot be imported without importing the domain. the user must be granted access to the document in BusinessObjects Enterprise 6. BusinessObjects (. When you select a document. the document's domain is also imported. are not supported in BusinessObjects Enterprise XI.rep) documents BusinessObjects (.Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6.wid) format—in a separate procedure—before migrating the system. You can select individual corporate categories and import Web Intelligence documents grouped by corporate category. These documents are added to the user’s Favorites folder. To migrate . Instructions are in the Report Migration Utility guide.x Inbox documents are migrated to the user’s Inbox folder in BusinessObjects Enterprise. it may require significant processing time. you must migrate your . and the user must be a member of the group to which the document is assigned.x 16 Personal categories can be imported only as part of a batch import.x Personal documents to BusinessObjects Enterprise. Note: If you import a large number of Web Intelligence documents from your existing BusinessObjects Enterprise 6. also known as “full-client” documents.rep) documents.rep documents to .x. delivered with the BusinessObjects 6. Documents To have access to a Web Intelligence document from the Import Wizard. Therefore. you can use the Report Migration Utility. Inbox rights • • • Everyone [Add Document] Administrators [Full Control] Owner [Full Control] Personal Documents You can import BusinessObjects Enterprise 6.rep documents to Web Intelligence (. You can select which domains or documents you want to import into BusinessObjects Enterprise.

the Import Wizard maps all rights for the user on the source system to the existing user on the destination system. 396 BusinessObjects Enterprise Administrator’s Guide . and server groups. As another. the object becomes owned by the Administrator: User A loses Full Control rights. You can also use the Import Wizard to import information from an existing version XI installation to a new version XI installation. if any of an object’s dependencies are not imported. the wizard makes appropriate modifications to the object (in most cases. events. If User D runs the Import Wizard and brings the object across along with User C. repository objects. all rights information for that user is discarded.txt documents. and *.x to BusinessObjects Enterprise XI. The Import Wizard migrates these documents into BusinessObjects Enterprise XI if the format is supported. Microsoft PowerPoint.5 or 9 installation. even if the user already exists in the destination system. groups. For example. if a user has Full Control rights on an object. When doing so. and report instances to BusinessObjects Enterprise XI. but User C still has View rights on the object. If the user already exists. but not User A. Note: Always import users if you want to bring across the associated rights for an object. the dependency is removed). In the case of objects brought across without their owners.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise Third-party documents BusinessObjects Enterprise 6. Events and server groups can also be imported from a version 8. Word. User A owns an object and has Full Control rights while User C has View rights on the same object. Importing information from Crystal Enterprise If you have upgraded from Crystal Enterprise. If the user is not brought across. and Excel. folders. When using the Import Wizard. Timestamps Timestamps are not migrated from BusinessObjects Enterprise 6. you have the additional option of importing calendars. use the Import Wizard to import existing user accounts. but the user is not imported. RTF. the Full Control right for that user is discarded when the object is imported. the Administrator becomes the new owner of the objects. more involved example. Supported formats are: Adobe Acrobat PDF.x supports third-party (agnostic) documents. report objects.

the wizard imports all users as Concurrent Users. the list of group members is updated with any additional users who were members of the group in the source environment. then the Import Wizard imports the object. However. Note: BusinessObjects Enterprise XI does not include a New Sign-Up feature.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 Importing objects from Crystal Enterprise The following sections describe what happens to the objects that are imported from a Crystal Enterprise 8. if the source environment uses Named User licensing. However. BusinessObjects Enterprise Administrator’s Guide 397 . If the source environment uses Concurrent licensing. the wizard imports all users as Concurrent Users. If there are not enough Named User licenses in the destination environment. These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. see “Licensing overview” on page 530. If there are enough Named User licenses in the destination environment. ensure that the administrative credentials are the same on both the source and destination systems.x system. A user or group is imported only if it does not exist already by name. Aliases If a user in the destination system has an alias that is identical to a user who is being imported. Generally. the wizard imports all users as Named Users. Active Directory authentication must also be enabled on the destination system. the destination user keeps all aliases. the group is migrated to the destination BusinessObjects Enterprise XI environment. and the imported user loses that particular alias. For more information about licensing. User licensing can affect the behavior of the Import Wizard. Windows AD When importing users that employ Windows Active Directory authentication. Users and groups The Import Wizard imports users and groups and their hierarchical relationships. If you import a group that already exists in the destination environment. if your Crystal Enterprise source environment includes users that belong to the New Sign-Up group. the wizard first checks the number of Named User license keys in the destination environment. if the object will not overwrite an object that is already in the BusinessObjects Enterprise system.

whether or not they exist already in the destination environment. However. LDAP authentication must also be enabled on the destination system. the ownership properties of its objects and instances are reset to your current administrative account. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). Rights When you import folders and reports from one BusinessObjects Enterprise system to another. To ensure that existing folders are not overwritten. the associated object rights are imported for every user or group who is imported at the same time. you can ensure that a particular user account retains ownership of its objects and scheduled instances by importing the user along with the content. 398 BusinessObjects Enterprise Administrator’s Guide . Crystal Info Views. You can import the report instances for each report object. the Host list and Base LDAP name need to be the same on both the source and destination systems. the object rights are discarded. Folders Folders are imported. whether or not they exist already in the destination environment. In the SDK.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise LDAP When importing users that employ LDAP authentication. When you import content from one deployment to another. If the user or group is not imported at the same time. ODBC data sources. and the scheduling patterns that you have set up in the source environment are imported automatically. or Business Views. When this option is selected. if you import a folder called Sales Reports when a folder called Sales Reports already exists. ownership is reflected by an object’s SI_OWNERID property and by a scheduled instances’s SI_SUBMITTERID properties. Supported reports are always imported with their parent folders. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. suppose that you import a report that explicitly grants View On Demand rights to the Everyone group in the source environment—but you do not import the Everyone group. For example.” option in the “Please choose an import scenario” dialog box. make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system. so as not to overwrite existing folders. If you don’t import the user account. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. For instance. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. OLAP data sources.

Objects that have server group restrictions lose the restrictions if the objects are imported and the server group is not.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 In this case. For more information about how to do this. The same logic applies for events: if an object is set up to wait for an event or to trigger an event. Instead.5 or later system. So the newly imported report in the destination environment will explicitly grant the View On Demand right to the Everyone group. Note: • If Event A is being imported from the source system but there is already an Event A on the destination system. if the server group exists on the destination system. if a report is scheduled to run only under server group A and that server group is not imported. the report loses that restriction and will run under any server group. and it is a different type (for BusinessObjects Enterprise Administrator’s Guide 399 . or triggers. the report objects are added to the existing group and the source system’s server group is not imported. you have the additional option to import events and server groups from the source environment. If you have jobs scheduled or pending on a server or server group that you are importing. suppose that you import the report and the Everyone group. You need to manually add servers to the imported group in the Central Management Console (CMC). In this case. the event. modifying the example above. the newly imported report in the destination environment will not grant the same explicit rights to the Everyone group. Events and server groups When you use the Import Wizard to import information from a Crystal Enterprise 8. the Import Wizard imports the object rights along with the report. Note: • • When importing report objects associated with a server group. and it already exists by name in the destination environment. For instance. the report inherits any rights that have been set on its parent folder. you might notice odd behavior on the destination system with the individual jobs involved until they run or time out. If you do import the appropriate user or group. then the corresponding object rights are imported and applied to the existing user or group. see the BusinessObjects Enterprise Administrator’s Guide. Otherwise. You need to import the server group at the same time as the objects that use it to keep the relationship between them. For example. the object is imported without the dependency and no longer waits for. you need to import the event at the same time as the object. When importing server groups. the wizard does not bring across the servers that belong to that group.

and if the Crystal Info object will not overwrite an object that is already in the BusinessObjects Enterprise system. Generally. a File event instead of a Custom event). These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. Note: Users who are accessing your Crystal Info implementation when you are importing objects to BusinessObjects Enterprise might experience a delay. If the source environment uses Concurrent licensing. 400 BusinessObjects Enterprise Administrator’s Guide . Importing information from Crystal Info Importing objects from Crystal Info The following sections describe what happens to objects that have been imported from Crystal Info to BusinessObjects Enterprise. the wizard imports all users as Concurrent Users. see “Licensing overview” on page 530. the list of group members is updated with additional users who were members of the Crystal Info group. the event should work as expected. since servers are not imported. the wizard removes the dependency on Event A from the object when it is imported. User licensing can affect the behavior of the Import Wizard. • Events are based on Event Servers and. you need to manually reset the event server and file name information on the event in the destination system. then the Import Wizard imports the object. Users and groups The Import Wizard imports users and groups and their hierarchical relationships as they exist in Crystal Info. the wizard imports all users as Concurrent Users. However. the wizard imports all users as Named Users. For more information about licensing. if the Crystal Info object is of a type that is supported within BusinessObjects Enterprise. if the source environment uses Named User licensing. If you import a group that already exists in BusinessObjects Enterprise. the wizard first checks the number of Named User license keys in the destination environment. If there are enough Named User licenses in the destination environment. If there are not enough Named User licenses in the destination environment.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info example. A user or group is added to BusinessObjects Enterprise only if it does not exist already by name. Once this is set.

whether or not they exist already in BusinessObjects Enterprise. or OLAP data sources. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. After converting the reports. make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system” option in the “Please choose an import scenario” dialog box. the Administrators group will have Full Control access to it. which differ from the user rights used within Crystal Info. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info 16 Folders Folders are imported. To ensure that existing folders are not overwritten. so as not to overwrite existing folders. you are prompted to save the report files. When this option is selected. If the owner of the report is not an administrator. Rights BusinessObjects Enterprise enforces security through object rights. the rights associated with the report are not transferred. you can publish them to BusinessObjects Enterprise with the Publishing Wizard. You can then run a conversion utility on all reports in that folder to convert them to use metadata. ODBC data sources. the Import Wizard does not import any of the folder security that is set up within the Crystal Info environment. only the ownership. Recurrence patterns that cannot be automatically recreated within BusinessObjects Enterprise are written to the log file created by the Import Wizard. For example. if you import a folder called Sales Reports. When you import reports based on a Crystal Info View. whether or not they exist already in the destination environment. when a folder called Sales Reports already exists in BusinessObjects Enterprise. However. the report will be transferred and the View On Demand access mode will be associated with the report. BusinessObjects Enterprise Administrator’s Guide 401 . Supported reports are always imported with their parent folders. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. If the owner of a report is the Administrators group. Consequently. If you transfer reports from Crystal Info to BusinessObjects Enterprise. Choose a specific folder where you want to save these reports. The Import Wizard can import successful instances and some recurring instances from Crystal Info systems.

query objects. 1. Open OLAP cubes. When you import information. and reports. Before starting this procedure. click Import Wizard. You then select the information that you want to import. 2. The overall process is divided into the following procedures: • • • • • • “Specifying the source and destination environments” on page 402 “Selecting information to import” on page 405 “Importing objects with rights” on page 407 “Choosing an import scenario” on page 407 “Importing specific objects” on page 409 “Finalizing the import” on page 414 Specifying the source and destination environments This procedure shows how to specify a source environment and a destination environment using the initial screens of the Import Wizard. groups.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Other objects The Import Wizard cannot import Crystal Info objects that are not supported by BusinessObjects Enterprise. you first connect to the Central Management Server (CMS) of your existing installation (the source environment) and specify the CMS of your new BusinessObjects Enterprise system (the destination environment). Such objects include report packages. Info cubes. or you can update the destination with the contents of the source CMS. The screens that appear depend on the source environment and the types of information that you choose to import. To specify the source and destination environments From the BusinessObjects Enterprise program group. and Crystal reports based on query files. Click Next. 402 BusinessObjects Enterprise Administrator’s Guide . You can choose to merge the contents of the source repository into the destination repository. ensure that you have the Administrator account credentials for both the source and the destination environment. Holos Applications. and the Import Wizard copies the requested information from the source to the destination. Importing with the Import Wizard The Import Wizard provides a series of screens that guide you through the process of importing user accounts. folders.

type the name of the source environment’s CMS (Central Management Server).x BusinessObjects Enterprise XI You are prompted for administrative account information. select the product from which you want to import information.5 Crystal Enterprise 9 Crystal Enterprise 10 BusinessObjects Enterprise 6. If your source environment is Crystal Info. The available options are: • • • • • • • Crystal Info 7. BusinessObjects Enterprise Administrator’s Guide 403 . The fields that appear depend on the type of source environment you chose. 3.5 Crystal Enterprise 8 Crystal Enterprise 8. Crystal Enterprise 10 or earlier. 4. In the Source list. or BusinessObjects Enterprise XI: • • In the CMS Name field.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 The “Specify source environment” dialog box appears. This example imports information from BusinessObjects Enterprise XI. Type the User Name and Password that provide you with administrative rights to the source environment.

7. Click Next. then click Next. 8. 404 BusinessObjects Enterprise Administrator’s Guide . Type the User Name and Password that provide you with administrative rights to the source environment.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 5.x: • • 6. In the Domain key file field. The “Specify destination environment” dialog box appears. Note: You must have the General Supervisor profile. type the name of the destination environment’s Central Management Server. provide the full path of the domain file for the BusinessObjects Enterprise system. Type the User Name and Password of an Enterprise account that provides you with administrative rights to the BusinessObjects Enterprise system. The “Choose objects to import” dialog box appears. or click the browse button to select the domain file. In the CMS Name field. If your source environment is BusinessObjects Enterprise 6.

All object can be imported from BusinessObjects Enterprise XI. groups. Repository objects and calendars can be imported from Crystal Enterprise 10. If you have not already started the Import Wizard. 3.5 or later. and Web Intelligence documents can be imported from BusinessObjects Enterprise 6.x. If the “Import personal documents and inbox documents” dialog box appears. 4. Events and server groups can be imported from Crystal Enterprise 8. folders. Universes. If the “Import universe and connection objects” options dialog box appears. provide the paths for your personal and/or inbox documents. select the check box (or boxes) corresponding to the information you want to import: • Import users and user groups • • • • • • • • • • • • • Import inbox documents Import personal categories Import personal Web Intelligence documents Import favorite folders for selected users Import application rights Import corporate categories Import corporate Web Intelligence documents Import folders and objects • Import discussions associated with the selected reports Import events Import server groups Import repository objects Import calendars Import universes Note: The options available depend on the version of the source environment. 1. categories. Click Next. choose an import option: BusinessObjects Enterprise Administrator’s Guide 405 . Note: You do not need to provide a path for corporate documents because they are stored in the repository. and reports that you want to import.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Selecting information to import This procedure shows how to select the users. see “Specifying the source and destination environments” on page 402. 2. To choose which objects to import In the “Choose objects to import” dialog box.

Click Next. this option imports only the objects used by the Web Intelligence documents that you are importing. Known as document dependency. and associated objects. The “Import Object Principals Option” dialog box appears. 406 BusinessObjects Enterprise Administrator’s Guide . This option imports all universes from the source environment in one batch. 5.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • • Import all universes. You cannot select individual universes or connections to import. Import only the universes and connection objects that are associated with the documents you are importing. You can also use this option if you want to import a subset of selected universes and their dependencies. connections.

or you can add the source system’s information to the destination system without merging. To preserve the rights from the source system. Proceed to “Choosing an import scenario” on page 407. If you do not enable rights fidelity. users and groups from the source system overwrite users and groups that have the same name on the destination system. If you enable rights fidelity. 2. you need to import the users and groups that have been granted these rights. BusinessObjects Enterprise Administrator’s Guide 407 . the rights on the destination system will closely match those on the source system. If you enable rights fidelity. select the “Enforce rights fidelity” option. To enable rights fidelity In the “Import Object Principals Option” dialog box.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Importing objects with rights If you import objects that already have rights assigned to them. Choosing an import scenario You can merge the source and destination systems. The “Please choose an import scenario” dialog box appears. 1. If you enable rights fidelity. only the update option is available. enable the rights fidelity setting in the Import Wizard. the Import Wizard prompts you to either merge or update users and groups that have the same name on both the source and destination systems. The setting also affects how the system handles duplicate objects. Click Next.

For more information about merging and updating systems. the Import Wizard adds all objects from the source system into the destination CMS without overwriting objects in the destination. When you update the contents of the destination system using the source system as a reference.” 408 BusinessObjects Enterprise Administrator’s Guide . choose “I want to merge the source system into the destination system.” To add the source system’s information to the destination system without merging.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Merging systems If you merge the source and destination systems. choose “I want to update the destination system by using the source system as a reference. choose the type of import you want. Also. Updating the destination system You can add the source system’s information to the destination system without merging. 1. To choose an import scenario In the “Please choose an import scenario” dialog box. All of the objects in the destination system are preserved. Note: This is the safest import option. If an object in the source system has the same unique identifier as an object in the destination. you add all objects in the source system to the destination CMS. all objects from the source system with a unique title are copied to the destination system. see “Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS” on page 174. To merge the source and destination systems. the object in the destination is overwritten. at a minimum.

You can import all of the objects or select individual objects. In the Groups list. categories. choose how you want to map third-party groups. If the “Information collection complete” dialog box appears. and click Next. folders. Note: • Ensure that the third party authentication is configured the same way on both the source and destination environments. If you are prompted to select specific objects for import. universes. select specific members of any group. groups. 2. Importing specific objects If you chose to import users. the “Select Users and Groups” dialog box appears. This example imports all but one of the users in the Administrators group.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 2. Click Next. proceed to “Finalizing the import” on page 414. 3. In the Subgroups and Users list. Click Next. you are prompted to choose the specific objects you want to import. select the groups that you want to import. proceed to “Importing specific objects” on page 409. BusinessObjects Enterprise Administrator’s Guide 409 . domains. If the “Import Groups Option” dialog box appears. To select users and groups If you chose to import users and groups. 4. or repository objects. 1. Web Intelligence documents.

410 BusinessObjects Enterprise Administrator’s Guide .x. • To select categories If you chose to import categories. the “Select Domains and Web Intelligence documents” dialog box appears. Select the check boxes for the categories that you want to import. Select the check boxes for domains or individual documents that you want to import. then click Next. The Import Wizard imports the selected categories and the objects that belong to the categories.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • If you are importing third-party (or external) users and groups from BusinessObjects Enterprise 6. the “Select categories” dialog box appears. you need to determine how these users will be handled upon import into BusinessObjects Enterprise XI. • To select domains and Web Intelligence documents If you chose to import Web Intelligence documents. For information about setting alias creation and assignment for LDAP and Active Directory users. see “Managing User Accounts and Groups” on page 249. then click Next.

Select the check boxes for the universes that you want to import. Before you can import connection objects from BusinessObjects Enterprise 6.x. ensure that the Import Wizard can access the database the same way that the source environment BusinessObjects Enterprise Administrator’s Guide 411 . To select universes or universe folders If you chose to import a subset of the universes from the source environment. the “Select Universe Folder and Universes” dialog box appears. its connection objects are imported automatically. Note: When you import a universe. then click Next.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 1.

16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard accesses it. Then click Next. 2. but you do not need to provide SSO information for described connections.x source environment. Tip: You can also choose to “Import all instances of each selected report and object package. You can enable SSO only for connections that support Kerberos SSO in BusinessObjects Enterprise XI. You can specify logon credentials for access when scheduling. If your database supports Kerberos authentication. and click Next. the “Select Folders and Objects” dialog box appears. To select folders and objects If you chose to import folders and objects. the “Connection SSO Option” dialog box appears. 412 BusinessObjects Enterprise Administrator’s Guide . and you can enable Single Sign-On for database access during viewing and designing. Note: • • • • SSO can be enabled. For example. if you import SQL Server connection objects from a BusinessObjects Enterprise 6. Select the check boxes for the folders and reports that you want to import. This may involve installing database drivers or configuring connection settings on the machine.” This example imports the Report Samples folder and a subset of its contents. you can specify logon credentials for database access during scheduling. provide your connection information. and if SSO is not enabled. If the universe uses a connection object that is associated with a secure connection that was created with the “Use Business Objects username and password” option selected. you must configure the connections on the destination machine via the Control Panel before you import the connection objects. Select the connection object. these credentials will also be used for access when viewing Web Intelligence documents or designing universes. You must use the exact same name and settings as the connection used on the source machine when you created the domain key.

BusinessObjects Enterprise Administrator’s Guide 413 .Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 • To select repository objects If you chose to import repository objects. then click Next. Choose an importing option for repository objects. the “Import repository objects options” dialog box appears.

If the import summary shows that some information was not imported successfully. When the “Information collection complete” dialog box appears.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Finalizing the import 1. By default. this directory is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ The log file includes a system-generated ID number. click View Detail Log for a description of the problem. click Finish to begin importing the information. Note: The information that appears in the Detail Log is also written to a text file called ImportWiz. and a field that describes the action and the reason why it was taken. Otherwise. click Done. a title that describes the imported information. which you will find in the directory from which the Import Wizard was run.log. The “Import Progress” dialog box displays status information and creates an Import Summary while the Import Wizard completes its tasks. 2. 414 BusinessObjects Enterprise Administrator’s Guide .

Managing Objects chapter .

how to modify object properties. Microsoft PowerPoint files. For more information. “General object management” on page 417 This section describes general object management concepts that apply to all objects. Tip: • • Go to the Object management area by clicking the Objects link on the CMC Home page. It also describes how to search for objects. as well as object packages. this section covers type-specific program object configuration. and security considerations for program objects. using filters. programs. Use folders to organize and facilitate object administration for you and your users. changing database information. such as moving. Additionally. rich text format files. • “Program object management” on page 451 This section explains program objects and instances. Additionally. Managing report objects includes applying processing extensions. this section explains how to create an object package and how to add objects to an object package. Microsoft Excel files. updating parameters. and how to manage them through the Central Management Console (CMC). and how to set object rights for users and groups. and working with hyperlinked reports. see “Managing User Folders” on page 367. Adobe Acrobat PDFs.17 Managing Objects Managing objects overview Managing objects overview There are several types of objects that can exist in BusinessObjects Enterprise: reports. After publishing objects to BusinessObjects Enterprise. Microsoft Word files. and hyperlinks. specifying alert notification. and deleting objects. which consist of report and/or program objects. text files. and how to manage them through the Central Management Console (CMC). and how to manage them through the Central Management Console (CMC). This chapter is broken up into four sections: • • “Report object management” on page 425 This section explains report objects and instances. copying. 416 BusinessObjects Enterprise Administrator’s Guide . • “Object package management” on page 459 This section explains object packages and instances. Web Intelligence documents. you manage them through the Central Management Console (CMC) by going to the Objects management area.

to copy the objects to the package. “Create shortcut” enables you to create an alternate. or creating a shortcut for an object Use this procedure to copy or move an object. for example. or to create a shortcut to an object within BusinessObjects Enterprise: • “Copy” creates another copy of the object in a different location. See “Scheduling objects using object packages” on page 471. The shortcut inherits object rights from its parent folder. and selecting the object that is located under the Object Title column. Copying. more convenient. You use copy. The object retains its original set of object rights. For example. It includes the following sections: • • • • • • “Copying. The new copy of the object inherits all object rights from its new parent folder.Managing Objects General object management 17 General object management This section describes general tasks related to managing objects and their instances. if a user does not have rights to schedule a report. moving. access route for an object. the shortcut object rights do not override the rights of the original object. You can also create a shortcut to give users access to the object when you don’t want them to access the folder that the actual object is located in. selecting a folder (and any subfolders) by clicking the appropriate link(s). However. BusinessObjects Enterprise Administrator’s Guide 417 . Note: For information setting the rights for an object. moving. when scheduling objects by using an object package. • • “Move” changes the location of the object from one folder to another. or creating a shortcut for an object” on page 417 “Deleting an object” on page 419 “Searching for an object” on page 419 “Sending an object or instance” on page 420 “Changing properties of an object” on page 422 “Assigning an object to categories” on page 424 Tip: You can also manage an object by going to the Folders management area in the CMC. See Chapter 14: Organizing Objects. they are not able to schedule that report even through a shortcut that allows them full rights. see “Setting object rights for users and groups” on page 317.

or create a shortcut for. 2.17 Managing Objects General object management 1. Click Copy/Move/Shortcut. For more information on folder rights. users who have access to the folder where the shortcut is located can access this object and its instances. or create a shortcut for an object Go to the Objects management area of the CMC. then click OK. see “Specifying folder rights” on page 364. use the Look For field. After you create the shortcut. move. Select one of the following options: • • • Copy to Move to Create shortcut in Tip: You may want to create a shortcut if you want to give someone access to an object without giving that user access to the entire folder that the object is located in. 418 BusinessObjects Enterprise Administrator’s Guide . Tip: • • To expand a folder. Select the appropriate destination folder. select it and click Show Subfolders. 5. 4. 3. To search for a specific folder or object package. The Copy/Move/Create Shortcut page appears. Select the check boxes associated with the object(s) you want to copy. To copy. move.

As well. For more information. rather than the object itself. You can also delete a folder (by selecting a folder and clicking Delete in the Folders management area). which deletes all of the objects and instances that are stored in that folder. 1. you have the option of deleting object instances. contains. type the text to search for. To search for an object or objects Go to the Objects management area of the CMC. Specify the search criteria. 3. Searching for an object The search feature enables you to search for specific text within object titles or descriptions. In the “Search for” fields. Click Search. Click Delete. 3. specify the object field to search (title or description) and the matching method to use (is. 1. Note: When you delete an object. 2. all of its existing instances and scheduled instances will be deleted. does not contain). is not. Select the check boxes associated with the object(s). Click OK. In the Text field.Managing Objects General object management 17 Deleting an object This procedure explains how to delete either a single object or multiple objects. 4. To delete an object Go to the Objects management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 419 . 2. see “Managing and viewing the history of instances” on page 495.

You can send an object. or a shortcut to the object or instance. and then select the check boxes for the instances you want to send. 3. or you can send instances of an object. To send an instance of the object. see See also “Available destinations by object type” on page 421. The “Send to” function handles existing objects or instances only. 420 BusinessObjects Enterprise Administrator’s Guide . a Word or Excel file.17 Managing Objects General object management Sending an object or instance You can use the “Send to” feature to send existing objects or instances of an object to different destinations. Click Send to. a report instance. for example. Select only instances with a status of Success or Failed. 1. You can send either a copy of an object or instance. The Send to page appears. click the link for the object. To send an object or an instance to a destination Go to the Objects management area of the CMC. for example. 2. For details about which types of objects can be sent to which destinations. You can also select the destination. Select the check boxes for the objects that you want to send. Not all types of objects can be sent to all destinations. nor does it refresh the data for a report instance. for example. Click the History tab. Instances with a status or Recurring or Pending are scheduled and do not contain any data yet. FTP or Inbox. It does not cause the system to run the object and create new instances.

you must specify additional parameters for the destination information. If you select this option. Note: Send Web Intelligence documents to the “Inbox” destination only. If you want. DIsk Yes Yes Email (SMTP) FTP Yes Yes File Yes Yes Link Yes Yes Inbox File Yes Yes Yes Link Yes Yes Yes Object type Report Object Package Program BusinessObjects Enterprise Administrator’s Guide 421 . select the Set this destination as the selected object’s scheduling destination option. If you want to keep these 5. or to an Email destination within BusinessObjects Enterprise. The following table summarizes which objects cannot use certain destinations. See “Available destinations by object type” on page 421 and “Selecting a destination” on page 481. deselect Clean up temporary objects created after objects have been sent. Select the destination option you want: • • Each selected object’s scheduling destination Sends the objects or instances to the destination specified on the Destination pages for the objects. The system sends the selected objects or instances to the specified destinations. For example. Click Send. you can the temporary instances that are created when you send an object or instance. 6. The system will update the destination information for the object when you click Send.Managing Objects General object management 17 4. this option is selected and the system deletes any temporary objects or instances after they have been sent. If you want the destination to become the default destination for the object. A new destination for all selected objects Allows you to specify a destination. Unm. for a Web Intelligence document you cannot specify an unmanaged disk destination. By default. Available destinations by object type Most destinations can be used for most types of objects. but there are some exceptions. In some cases recipients must have access to the BusinessObjects Enterprise system to be able to open the object.

17 Managing Objects General object management Object type Web Intelligence document Excel file Word file PDF file Text file RTF file PowerPoint file Hyperlink Unm. you can modify an object’s title and description. programs. you can see the last times the object was modified and/or run. 422 BusinessObjects Enterprise Administrator’s Guide . you cannot click Reset to undo changes. you can view its file name. Microsoft Excel. its location. For objects that can be scheduled (reports. View button For Microsoft Word. Microsoft PowerPoint. and the date it was created. change any of the properties as required. and object packages). 1. Note that once you have clicked Update. As well. and Rich Text objects. To change the properties of an object In the Objects management area of the CMC. On the Properties page. DIsk Yes Yes Yes Yes Yes Yes - Email (SMTP) FTP Yes Yes Yes Yes Yes Yes File Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Inbox File Yes Yes Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Changing properties of an object In the Properties page of an object. 3. a View button appears on the Properties page. Provided that you have the appropriate software installed on your browser machine. Text. select an object by clicking its link. Click Update. 2. Adobe Acrobat. you can click the View button to open and view the object.

BusinessObjects Enterprise connects to the report’s data source(s) if no cached pages are available.Managing Objects General object management 17 Preview button Similarly. The Preview button enables you to view a report on demand with all of your current report settings. for report objects and Web Intelligence documents. If the original report does not contain a thumbnail. the user will need to have rights at the View level or higher. then a thumbnail will not be stored on BusinessObjects Enterprise. see “Report object management” on page 425. a Preview button appears. If you do not want a thumbnail preview of this report to be available in InfoView or another web application. To use the Preview function. the “Show report thumbnail” check box is selected by default. For details about object rights. administrators have rights at the Full Control level (the highest rights setting) for all report objects. clear the Show report thumbnail check box. The Show report thumbnail checkbox does not apply to Web Intelligence document objects. the user will need to have rights at the Schedule level or higher. (To preview a report with saved data.) By default. Note: A thumbnail is a graphical representation of the first page of a report. BusinessObjects Enterprise Administrator’s Guide 423 . Show report thumbnail option For reports.

(A component is an object in an object package. select the category that you want the object to belong to and use the arrow buttons to move to the Assigned Categories list. Use the following procedure to assign an object to a category by using the objects page. If you do not want the object package instance to fail if one of the objects fails. Note: To remove an object from a category. The Available Categories list includes all corporate or personal categories and their subcategories. 2. See “Adding an object to a new category” on page 370. Repeat this step for each category that you want the object to be assigned to. categories are objects used to organize documents. 5. You can associate objects with multiple categories. 6.17 Managing Objects General object management Scheduled package fails upon individual component failure option For object packages. For complete information. A category can be a corporate or a personal category. Click Assign Categories. Click OK. 424 BusinessObjects Enterprise Administrator’s Guide . 1. Assigning an object to categories Like folders. or subcategories within categories. In the Available Categories list. Click the Categories tab. see Chapter 14: Organizing Objects. select an object by clicking its link. The Assign Corporate Categories page appears. Otherwise. 4. To assign an object to a category In the Object management area of the CMC. skip this step. clear the “Scheduled package fails upon individual component failure” check box. You can also assign objects to a category by using the categories page. see “Removing or deleting objects from a category” on page 370. click the Personal link. the object package instance in the History will appear as Failed. the “Scheduled package fails upon individual component failure” check box is selected by default. 3.) This means that if one of objects in a package fails. To assign an object to a personal category.

Managing Objects Report object management 17 Report object management This section explains report objects and instances. and how to manage them through the Central Management Console (CMC). BusinessObjects Enterprise Administrator’s Guide 425 . Both types of objects contain report information (such as database fields). you can schedule one instance that contains report data that is specific to one department and schedule another instance that contains information that is specific to another department. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. if you run a report object with parameters. A scheduled instance contains object and schedule information. Any exceptions have been identified. the system creates a scheduled instance for the object. For example. A report object or Web Intelligence document object can be made available to everyone or to individuals in selected user groups. Typically. You can schedule objects either from CMC or by using a BusinessObjects Enterprise application. It does not contain any data yet. Both types of objects can also contain saved data. such as InfoView or a custom web application. even though both instances originate from the same report object. For more information about scheduling. report objects are designed such that you can create several instances with varying characteristics. It includes the following sections: • • • • • “What are report objects and instances?” on page 425 “Setting report refresh options” on page 426 “Setting report processing options” on page 428 “Applying processing extensions to reports” on page 443 “Working with hyperlinked reports” on page 447 Note: Most information in this section also applies to Web Intelligence document objects. Scheduled instances When you schedule an object. see Chapter 18: Scheduling Objects. A Web Intelligence document object Web Intelligence is created using the Report panel and HTML Query panel in InfoView. What are report objects and instances? A report object is an object that is created using a Business Objects designer component (such as Crystal Reports or OLAP Intelligence).

Any changes that you have made to the default value of the parameter in BusinessObjects Enterprise are overwritten. reports are saved. the report refresh settings allow you to control which settings in the report object are updated with values from the source . processed. It appears on the History page of the object and has a status of Success or Failed. BusinessObjects Enterprise compares the report object stored in BusinessObjects Enterprise with the original . When you refresh a report object.rpt file. You can then change these settings as needed for the scheduled instance you want to create.rpt file stored in the Input File Repository Server.17 Managing Objects Report object management Object instances At the specified time. Setting report refresh options Note: This feature does not apply to Web Intelligence document objects. For example. the new default settings are displayed. Making changes to an object Any changes you make to the an object (by making the changes and then clicking Update) affect the default settings for the object only. This holds true no matter which report refresh options you select. Where report elements are the same in the source report and the report object. whether you use CMC or an application such as InfoView. BusinessObjects Enterprise deletes or adds report elements in the report object to make it match the . 426 BusinessObjects Enterprise Administrator’s Guide . The next time you schedule the object. The instance contains actual data from the database. then refreshing the report adds the prompt to the report object. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports.rpt file. If a prompt appears in both the source . if a prompt appears only in the source . You can set report refresh options that determine which settings of a report object are updated when you refresh it in BusinessObjects Enterprise. and displayed in version XI format. then BusinessObjects Enterprise updates the default value of the prompt in the report object.rpt and the report object and you have selected the “Prompt Values” option. overwriting any changes you’ve made in BusinessObjects Enterprise. Once published to BusinessObjects Enterprise. the system runs the object and creates an object instance. Those changes do not affect any existing scheduled instances or object instances.rpt file.

4. BusinessObjects Enterprise ensures that changes to the metadata describing a prompt is updated in the report object. click the Universes link. 2.Managing Objects Report object management 17 To preserve your changes to the values of report elements when you refresh a report. On the Properties page. repository objects in the report object will be refreshed against the repository. “Can be null” is a prompt option. If you select “Use Object Repository when refreshing report”. On the Properties page. BusinessObjects Enterprise ensures that changes to either the default value of a prompt or to the current value of a prompt are updated in the report object when the report is refreshed. 1. select a Web Intelligence document object by clicking its link. Note: • • • If you select Prompt Values. Viewing the universes for a Web Intelligence document You build queries for Web Intelligence documents using objects in a universe. 2. 1. click the Refresh Options link. For example. BusinessObjects Enterprise Administrator’s Guide 427 . Click Refresh Report. A universe is a representation of the information available in the database. In CMC you can view which universes are used by a Web Intelligence document. 3. select a report object by clicking its link. If you select Prompt Options. The Universes page appears. see “Refreshing repository objects in published reports” on page 179. To view the universes for a Web Intelligence document In the Objects management area of the CMC. To set a report object’s refresh options In the Objects management area of the CMC. listing the universes that are used by the document. Choose the report elements that you want to refresh from the source report file. For more information. clear the appropriate report refresh option.

17

Managing Objects Report object management

Setting report processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the report processing options includes the following tasks:

• • • • • • • •

“Setting report viewing options” on page 428 “Specifying servers for scheduling” on page 430 “Specifying servers for viewing and modification” on page 432 “Changing database information” on page 434 “Updating parameters” on page 437 “Using filters” on page 439 “Setting printer and page layout options” on page 441 “Applying processing extensions to reports” on page 443

Setting report viewing options
Note: This feature does not apply to Web Intelligence document objects. The report viewing options available in BusinessObjects Enterprise allow you to balance users’ need for up-to-date information with the need to optimize data retrieval times and overall system performance. BusinessObjects Enterprise allows you to enable data sharing, which permits different users accessing the same report object to use the same data when viewing or refreshing a report. Enabling data sharing reduces the number of database calls, thereby reducing the time needed to generate a report instance for subsequent users of the same report, while greatly improving overall system performance under load. You can control data sharing settings on either a per-report or a per-server basis:

If you specify which servers a report uses for viewing, you can use perserver settings to standardize data sharing settings for groups of reports, and centrally administer these settings. (See “Specifying servers for viewing and modification” on page 432.) Per-report settings permit you to specify that particular reports will not share data. They also allow you to tailor the data sharing interval for each report to meet the needs of that report’s users. In addition, per-report settings enable you to decide on a report-by-report basis whether it is appropriate to allow users to access the database whenever they refresh reports.

428

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Data sharing may not be ideal for all organizations, or for all reports. To get full value from data sharing, you must permit data to be reused for some period of time. This means that some users may see “old” data when they view a report on demand, or refresh a report instance that they are viewing. The default report viewing options for BusinessObjects Enterprise emphasize data freshness and integrity. By default, when you add a report to BusinessObjects Enterprise it is configured to use per-server settings for report sharing. The default server settings ensure that users always receive up-to-date information when they refresh a report, and guarantee that the oldest data given to any user is 0 minutes old. If you choose to enable perreport settings, the default settings allow data sharing, allow a viewer refresh to retrieve fresh data from the database, and ensure that the oldest data given to a client is 5 minutes old. Tip: Disabling the sharing of report data between clients is not the same as setting the “Oldest on-demand data given to a client” to 0 minutes. Under high load, your system may receive more than one request for the same report instance at the same time. In this case, if the data sharing interval is set to 0 but the “Share report data between clients” option is enabled, BusinessObjects Enterprise shares data between the client requests. If it is important that data not be shared between different clients (for example, because the report uses a User Function Library (UFL) that is personalized for each user), disable data sharing for that report. For details on setting report viewing options on a per-server basis, see:

• • • •

“Modifying Cache Server performance settings” on page 112 “Modifying Page Server performance settings” on page 115 “Modifying performance settings for the RAS” on page 120 “Configuring the Web Intelligence Report Server” on page 122

For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system, see the planning chapter in the BusinessObjects Enterprise Installation Guide. Note: This feature does not apply to Web Intelligence document objects. 1. 2. 3. 4. To set report viewing options for a report In the Objects management area of the CMC, select a report by clicking its link. Click the Process tab. In the “Data Refresh for Viewing” area, click “Use report specific viewing settings.” Then select the options that you want to set for this report. Click Update.

BusinessObjects Enterprise Administrator’s Guide

429

17

Managing Objects Report object management

Specifying servers for scheduling
You can specify the default servers that BusinessObjects Enterprise will use to run an object, and to schedule and process instances. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Report Job Server. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Also, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Note:

If you choose the “Use the first available server” option, the Central Management Server (CMS) will check the job servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each job server. If all of the job servers have the same load percentage, then the CMS will randomly pick a job server. If you are scheduling a program object that requires access to files stored locally on a Program Job Server, but you have multiple Program Job Servers, you must specify which server to use to run the program. See “Specifying servers for viewing and modification” on page 432 for information on specifying the servers used to view or modify an object. To specify the servers to use for an object In the Objects management area of the CMC, select an object by clicking its link.

• •

1.

430

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

2.

Click the Process tab.

3.

In the “Default Servers To Use For Scheduling” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of scheduling. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

BusinessObjects Enterprise Administrator’s Guide

431

17

Managing Objects Report object management

4. 5.

Click Update. In the “Default Servers To Use For Viewing” area, repeat the activities from steps 3 and 4. Note: “Default Servers To Use For Viewing” applies only to report objects.

Specifying servers for viewing and modification
You can specify the default servers that BusinessObjects Enterprise will use when a user views or modifies a report or Web Intelligence document. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Cache Server and Page Server, or the Report Application Server, depending on which viewer is used. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your viewing, as specific reports can be processed using specific servers. You must first create server groups by going to the Server Groups management area in the CMC before you are able to select servers that belong to a selected group. You can also set the maximum number of jobs a server will accept. For more information, see “Modifying Cache Server performance settings” on page 112, “Modifying Page Server performance settings” on page 115, or “Modifying performance settings for the RAS” on page 120.

432

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Note:

If you choose the “Use the first available server” option, the Central Management Server(CMS) will check the servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each server. If all of the servers have the same load percentage, then the CMS will randomly pick a server. See “Specifying servers for scheduling” on page 430 for information on specifying Job Servers used to schedule an object. To specify the servers to use for a report object In the Objects management area of the CMC, select an object by clicking its link. Click the Process tab.

1. 2.

BusinessObjects Enterprise Administrator’s Guide

433

17

Managing Objects Report object management

3.

In the “Default Servers To Use For Viewing” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of viewing. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

4.

Click Update.

Changing database information
Note: This feature does not apply to Web Intelligence document objects. You can select your database type and set the default database logon information on the Database page for a report. The Database page displays the data source or data sources for your report object and its instances. You can choose to prompt the user for a logon name and password when he or she views a report instance. 1. 2. To change database settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the database link.

434

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

The Database page appears.

BusinessObjects Enterprise Administrator’s Guide

435

17

Managing Objects Report object management

3. 4.

In the Data Source(s) list, select the data source. Select Use original database logon information from the report or Use custom database logon information specified here. If you select the first option, you can specify a user name and password to be used with the original report database. If you select the second option, you can specify a server name (or a DSN in the case of an ODBC data source), a database name, a user name, and a password for a number of predefined database drivers, or for a custom database driver that you’ve specified. If you’ve changed the default table prefix in your database, specify a custom table prefix here. For a complete list of supported databases and drivers, refer to the
platform.txt file included with your installation.

5.

Select the database logon option you want.

Prompt the user for database logon The system will prompt users for a password when they refresh a report. Note: This option has no effect on a scheduled instance. Also, BusinessObjects Enterprise only prompts users when they first refresh a report; that is, if they refresh the report a second time, they will not be prompted.

Use SSO context for database logon The system will use the user’s security context, that is, the user’s logon and password, to log on to the database. Note: For this option to work, you must have your system configured for end-to-end single sign-on, or for single sign-on to the database. For more information, see “Configuring Kerberos single sign-on” on page 299.

Use same database logon as when report is run The system will use the same database logon information as was used when the report was run on the job server.

6.

Click Update.

436

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Updating parameters
Note: This feature does not apply to Web Intelligence document objects. Parameter fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default parameter value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users are either able to use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Parameters link is available only if the report object contains parameters. 1. 2. To view parameter settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Parameters link.

3.

Under the Value column, select the value associated with the parameter you want to change. A page opens that allows you to change the parameter value. Depending on the parameter value type, you either type a value in the field or choose a value from a list. If there is a list, you can also click Edit to type a new value.

BusinessObjects Enterprise Administrator’s Guide

437

17

Managing Objects Report object management

4. 5.

Select the Clear the current parameter value(s) check box if you want to clear the current value that is set for the specified parameter. Select the Prompt the user for new value(s) when viewing check box if you want your users to be prompted when they view a report instance through a BusinessObjects Enterprise application such as InfoView. Click Update.

6.

Updating prompts for Web Intelligence document objects
Note: This feature does not apply to Crystal reports objects. See “Updating parameters” on page 437 instead. Prompt fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default prompt value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users can either use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Prompts link is available only if the Web Intelligence document object contains prompts.

438

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2. 3. 4.

To update the prompts for a Web Intelligence document object In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Prompts link. The Prompts page appears, showing a dialog box with prompts. Select the prompt and enter a value for the prompt. Repeat this step for every prompt whose you want to change. Click Update.

Using filters
Note: This feature does not apply to Web Intelligence document objects. In the Filters page, you set the default selection formulas for the report. Selection formulas are similar to parameter fields in that they are used to filter results so that only the required information is displayed. Unlike parameters, end users will not be prompted for selection formula values when they view or refresh the report. When users schedule reports through a web-based client such as InfoView, they can choose to modify the selection formulas for the reports. By default, if any formulas are set in the CMC, they will be used by the web-based client. For more information on selection formulas, see the Crystal Reports User’s Guide. In addition to changing selection formulas, if you have developed your own processing extensions, you can select the processing extensions that you want to apply to your report. For more information, see “Applying processing extensions to reports” on page 443. When you use filters in conjunction with processing extensions, a subset of the processed data is returned. Selection formulas and processing extensions act as filters for the report. 1. 2. To use filters In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Filters link. The Filters page appears.

BusinessObjects Enterprise Administrator’s Guide

439

17

Managing Objects Report object management

440

BusinessObjects Enterprise Administrator’s Guide

Click Update. and if printed. the printer to use. and the page range. Note: The Job Server must run under an account that has sufficient privileges to access the printer you specify. 5. See “Changing the server user account” on page 146 for information on changing the user account. You can choose to print a report instance when scheduling it. • Group Selection Formula Use the Group Selection Formulas to create or edit a group selection formula or formulas that limit the groups used when you or a user schedules a report. BusinessObjects Enterprise prints your report after it is processed. When printing a report. The Print Setup page contains two areas: the first area specifies whether or not a report instance is printed. • Record Selection Formula Use the Record Selection Formula to create or edit a record selection formula or formulas that limit the records used when you or a user schedules a report. In the processing extensions area. Repeat this step until you have selected the processing extensions you want. 4. the second area specifies custom layout settings for changing the page size and orientation (regardless of whether the report instance is printed or not). Update or add new selection formulas. report instances are always printed in Crystal Reports format. By selecting the Printer destination. Setting printer and page layout options Note: This feature does not apply to Web Intelligence document objects. and move it to the Use these Processing Extensions list. the number of copies. BusinessObjects Enterprise Administrator’s Guide 441 . Specifying a printer Note: This feature does not apply to Web Intelligence document objects.Managing Objects Report object management 17 3. select a processing extension you want from the Available Processing Extensions list. You can choose to print a report (each time it runs) using the Job Server’s default printer or a different printer. you can set the number of copies and the page range.

and printername is the name of your printer. in the “Specify a printer” field. On the Process tab. 5. Leave Default printer selected if you want to print to the Job Server’s default printer. Click Update. Select Print in Crystal Reports format using the selected printer when scheduling if you want report instances to be sent directly to a printer. The report instances are automatically sent to the printer in Crystal Reports format. 4. you can first specify page layout criteria such as page orientation.17 Managing Objects Report object management 1. If your job server is using Windows. This does not interfere with the format selected when scheduling the report. The settings you choose in this section of the Print Setup page affect how you’ll see a report instance when displaying it. When viewing or scheduling a report instance to any format. 442 BusinessObjects Enterprise Administrator’s Guide . select a report object by clicking its link. Specifying page layout Note: This feature does not apply to Web Intelligence document objects. the font metrics and other layout settings of the display and/or the printer). type the print command that you normally use. page size. The Print Setup page appears.” 6. type: \\printserver\printername Where printserver is the name of your printer server. Enter a printer’s path and name. The overall look is affected by the properties of the device for which the report is displayed in (that is. otherwise. To assign a printer In the Objects management area of the CMC. 2. and so on. but also to the overall look of the report. and choose the print page range. click the Print Setup link. select the number of copies. If your job server is running on UNIX. select Specify a printer. 3. type: lp -d printername Note: Ensure that the printer you are using (on UNIX) is “shown” and not “hidden. Note: Page layout settings are not specifically related only to scheduling a report to a printer. in the “Specify a printer” field. For instance.

Managing Objects Report object management

17

1. 2.

To set a report’s page layout In the Objects management area of the CMC, select a report object by clicking its link. On the Process tab, click the Print Setup link. The Print Setup page appears.

3.

Make your settings according to the type of layout you want. The options are as follows:

• •

Report file default Choose this option if you want the page layout to conform to the settings that were chosen for the report in Crystal Reports. Specified printer settings Choose this option if you want the page layout to conform to the settings of a specified printer. You can choose the Job Server’s default printer or another printer. For information about specifying another printer, see “Specifying a printer” on page 441. When you choose this option, you can print scheduled report instances only to the printer you specify in the “Specified printer settings” area. In other words, you cannot set your report to display with one printer’s setting and then print to a different printer.

Custom settings Choose this option if you want to customize all page layout settings. You can choose page orientation, page size, measurement units (inches or millimeters), page width, and page height.

4.

Click Update.

Applying processing extensions to reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports the use of customized processing extensions. A processing extension is a dynamically loaded library of code that applies your business logic to particular BusinessObjects Enterprise view or

BusinessObjects Enterprise Administrator’s Guide

443

17

Managing Objects Report object management

schedule requests before they are processed by the system. This section shows how to register your processing extension with BusinessObjects Enterprise, and how to apply an available processing extension to a particular report object. For general information about processing extensions and how you can use them to customize report processing and security, see “Processing extensions” on page 241. For information on writing your own processing extensions with the Processing Extension API, see the developer documentation available on your product CD. Note: On Windows systems, dynamically loaded libraries are referred to as dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded libraries are often referred to as shared libraries (.so file extension). You must include the file extension when you name your processing extensions. Also, file names cannot include the \ or / characters.

Registering processing extensions with the system
Note: This feature does not apply to Web Intelligence document objects. Before you can apply your processing extensions to particular objects, you must make your library of code available to each machine that will process the relevant schedule or view requests. The BusinessObjects Enterprise installation creates a default directory for your processing extensions on each Job Server, Page Server, and Report Application Server (RAS). It is recommended that you copy your processing extensions to the default directory on each server. On Windows, the default directory is C:\Program
Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProcessExt. On UNIX, it is the bobje/processext

directory. Tip: It is possible to share a processing extension file. For details, see “Sharing processing extensions between multiple servers” on page 447. Depending upon the functionality that you have written into the extension, copy the library onto the following machines:

• • •

If your processing extension intercepts schedule requests only, copy your library onto each machine that is running as a Job Server. If your processing extension intercepts view requests only, copy your library onto each machine that is running as a Page Server or RAS. If your processing extension intercepts schedule and view requests, copy your library onto each machine that is running as a Job Server, Page Server, or RAS.

Note: If the processing extension is required only for schedule/view requests made to a particular Server Group, you need only copy the library onto each processing server in the group.

444

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2.

To register a processing extension with the system Go to the Objects management area of the CMC. Click Object Settings.

3. 4.

In the Name field, type a display name for your processing extension. In the Location field, type the file name of your processing extension along with any additional path information:

• •

If you copied your processing extension into the default directory on each of the appropriate machines, just type the file name (but not the file extension). If you copied your processing extension to a subfolder below the default directory, type the location as: subfolder/filename

Note: Although the actual file name must include the .dll or .so extension (as appropriate to the server’s operating system), you must not include the file extension in the Location field. 5. 6. Use the Description field to add information about your processing extension. Click Add. You can now select this processing extension to apply its logic to particular objects. For details, see “Selecting a processing extension for a report” on page 445. Tip: To delete a processing extension, select its check box and click Delete. (Make sure that no recurring jobs are based on this processing extension because any future jobs based on this processing extension will fail.)

Selecting a processing extension for a report
Note: This feature does not apply to Web Intelligence document objects. 1. 2. To select a processing extension for a report Go to the Objects management area of the CMC. Click the link to the report object that you want to apply your processing extension to.

BusinessObjects Enterprise Administrator’s Guide

445

17

Managing Objects Report object management

3.

Click the Process tab, and then click the Filters link.

4.

Select your processing extension in the Available Processing Extensions list. Note: Your processing extensions appear in this list only after you have registered them with the system. For details, see “Registering processing extensions with the system” on page 444. Tip: You may apply more than one processing extension to a report object. Repeat steps 4 and 5 for each processing extension; then use the up and down arrows to specify the order in which the processing extensions should be used.

5.

Click Update. Your processing extension is now enabled for this report object.

446

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Sharing processing extensions between multiple servers
Note: This feature does not apply to Web Intelligence document objects. If you want to put all processing extensions in a single location, you can override the default processing extensions directory for each Job Server, Page Server, and RAS. First, copy your processing extensions to a shared directory on a network drive that is accessible to all of the servers. Map (or mount) the network drive from each server’s machine. Note: Mapped drives on Windows are valid only until you reboot the machine. For details, see “Ensuring that server resources are available on local drives” on page 526. If you are running servers on both Windows and on UNIX, you must copy a .dll and an .so version of every processing extension into the shared directory. In addition, the shared network drive must be visible to Windows and to UNIX machines (through Samba or some other file-sharing system). Finally, change each server’s command line to modify the default processing extensions directory. Do this by adding “-report_ProcessExtPath <absolute path>” to the command line. Replace <absolute path> with the path to the new folder, using whichever path convention is appropriate for the operating system that the server is running on (for example, M:\code\extensions, /home/shared/code/extensions, and so on). The procedure for making this modification depends upon your operating system:

• •

On Windows, use the CCM to stop the server. Then open the server’s Properties to modify the command line. Start the server again when you have finished. On UNIX, run ccm.sh to stop the Job Server/Page Server. Then edit ccm.config to modify the server’s command line. Start the server again when you have finished. For reference, see “ccm.sh” on page 598.

Working with hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. Crystal Reports lets you use hyperlinks to navigate from one report object to another. You can move to a Report Part within the report itself, to other report objects or their parts, or to specific instances of reports or Report Parts. This navigation is available only in the new script-based DHTML viewers (zeroclient, server-side viewers) included in BusinessObjects Enterprise XI. By linking directly from one object to another, the required data context is passed automatically so that you navigate to the object and data that is relevant.

BusinessObjects Enterprise Administrator’s Guide

447

17

Managing Objects Report object management

Initially, when you add hyperlinks between reports in Crystal Reports, you create a link from one file directly to another. However, when you publish linked report files simultaneously to the same object package, the links are modified to point to managed report objects. (Each link is changed, so that it references the appropriate destination report by Enterprise ID, rather than by file path.) Also, the modified links become relative inside the object package. When you schedule the object package, BusinessObjects Enterprise processes its reports, and again modifies hyperlinks within each report instance: hyperlinks between report objects in an object package are converted to hyperlinks between report instances in a specific instance of the object package. For more information on object packages, see “Scheduling objects using object packages” on page 471. To view hyperlinked reports, you must publish both the home and destination reports to the same BusinessObjects Enterprise system. (A home report is one that contains a hyperlink to another report: the destination report.) Note: For information about how to create hyperlinks between report objects, see the Crystal Reports Online Help.

Publishing and hyperlinking reports
Note: This feature does not apply to Web Intelligence document objects. To avoid breaking hyperlinks between reports, it is best to publish the reports first and then to create the hyperlinks. 1. 2. 3. 4. To publish and then hyperlink reports Create the reports, without hyperlinks, in Crystal Reports. Publish them to BusinessObjects Enterprise. Use Crystal Reports to log on to your BusinessObjects Enterprise system. Create the hyperlinks between the home and destination reports. See the Crystal Reports Online Help.

Crystal Reports automatically determines what type of link—relative or absolute—to establish between the reports. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances.

Publishing reports with existing hyperlinks
Note: This feature does not apply to Web Intelligence document objects. The recommended method for creating hyperlinked reports is first to publish the individual reports, then create hyperlinks between them. See “Publishing and hyperlinking reports” on page 448.) However, because this is not always

448

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

possible, use the following procedure to publish reports after they have been hyperlinked. When you publish reports this way, the hyperlinks are converted to relative links.

BusinessObjects Enterprise Administrator’s Guide

449

17

Managing Objects Report object management

To publish reports with existing hyperlinks Using the Publishing Wizard, publish the reports (that are linked to each other) to the same object package. Note: If you publish hyperlinked reports independently of each other, rather than publishing them simultaneously to the same object package, all hyperlinks between the reports will break. You must re-establish the links using Crystal Reports and save the report back to BusinessObjects Enterprise. (For more information, see the Crystal Reports Online Help.)

Viewing hyperlinks in a report
Note: This feature does not apply to Web Intelligence document objects. You can view a list of the links in a report by clicking the Links link on the report’s Properties page. The links are listed as either relative or absolute. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances. 1. 2. To view a list of links in a report object In the Objects management area of the CMC, select the report object by clicking its link. Click the Properties tab, and then click the Links link. The Links page appears.

Viewing hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports navigation between hyperlinked reports only with script-based viewers, specifically the DHTML and Advanced DHTML viewers in InfoView. To change your preferred viewer in the CMC, click the Preferences button in the upper-right corner of the CMC, and select the appropriate viewer from the Viewer list. For information on how to change your preferred viewer, see the BusinessObjects Enterprise User’s Guide. Parameter information is not carried over between the home and destination reports. That is, when you view a destination report by clicking a hyperlink in a home report, you are prompted to enter any parameters that the destination report requires.

450

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Security considerations
To view hyperlinked reports through BusinessObjects Enterprise, you must have the appropriate rights both in BusinessObjects Enterprise and at the database level. In BusinessObjects Enterprise, to view a destination report through a hyperlink in a home report, you must have View rights to the destination report. When the hyperlink points to a report object, you must have View On Demand rights to be able to refresh the data against the data source. For information about setting the levels of access to objects, see “Setting common access levels” on page 320. Database logon information is carried over between hyperlinked reports. If the credentials you specified to view the home report are not valid for the destination report, you are prompted for a valid set of database logon credentials for the destination report.

Program object management
This section explains program objects and instances, and how to manage them through the Central Management Console (CMC). It includes the following sections:

• •

“What are program objects and instances?” on page 451 “Setting program processing options” on page 453

What are program objects and instances?
A program object is an object in BusinessObjects Enterprise that represents an application. Publishing a program object to BusinessObjects Enterprise allows you to use BusinessObjects Enterprise to schedule and run the program object and to manage user rights in relation to the program object. For information about publishing program objects, see “Publishing overview” on page 374. When you publish a program object or its associated files to BusinessObjects Enterprise, they are stored in the Input File Repository Server (FRS). Each time a BusinessObjects Enterprise program runs, the program and files are passed to the Program Job Server, and BusinessObjects Enterprise creates a program instance. Unlike report instances, which you can view in their completed format, program instances exist as records in the object history. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. This file appears when you click a program instance in the object History.

BusinessObjects Enterprise Administrator’s Guide

451

17

Managing Objects Program object management

Program types Three types of applications can be published to BusinessObjects Enterprise as program objects:

Executable Executable programs are binary files, batch files, or shell scripts. They generally have file extensions such as: .com, .exe, .bat, .sh. You can publish any executable program that can be run from the command line on the machine that runs the Program Job Server.

Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. For Java program objects to have access to Java SDK objects, your class must implement the IProgramBase interface from the BusinessObjects Enterprise Java SDK (com.businessobjects.sdk.plugin.desktop.program.IProgramBase). For details, see the BusinessObjects Enterprise Java SDK Guide.

Script Script program objects are JScript and VBScript scripts. They are run on Windows using an embedded COM object and can—once published— reference the BusinessObjects Enterprise SDK objects. For details, see the BusinessObjects Enterprise COM SDK Guide. Note: Script program objects are not supported on UNIX.

Note: As the administrator, you can choose to enable or disable any of the types of program objects. For details, see “Authentication and program objects” on page 458. Once you have published a program object to BusinessObjects Enterprise, you can configure it in the Objects management area of the CMC. For each type of program object (Executable, Java, or Script) you can choose to specify command-line arguments and a working directory. For executable and Java programs, there are additional ways, both required and optional, to configure the program objects and provide them with access to other files. Tip: Program objects allow you to write, publish, and schedule scripts or Java programs that run against BusinessObjects Enterprise, and perform maintenance tasks, such as deleting instances from the history. Furthermore, you can design these scripts and Java programs to access BusinessObjects Enterprise session information. This ensures that the scheduled program objects retain the security rights or restrictions of the user who scheduled the job. (Your scripts or java programs require access to the BusinessObjects Enterprise SDK. For details, see the BusinessObjects Enterprise COM SDK Guide or the BusinessObjects Enterprise Java SDK Guide.)

452

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Setting program processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the program processing options includes the following tasks:

• • • • •

“Specifying command-line arguments” on page 453 “Setting a working directory for a program object” on page 454 “Configuring executable programs” on page 455 “Configuring Java programs” on page 456 “Authentication and program objects” on page 458

Specifying command-line arguments
For each program object you can specify command-line arguments on the Parameters page for the object. You can specify any argument that is supported by the command-line interface for your program. Arguments are passed directly to the command-line interface, without parsing. 1. 2. To specify command-line arguments In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears.

3.

In the Arguments field, type the command-line arguments for your program, using the same format you would use at the command line itself. For example, if your program has a loops option, to set the loops value to 100, you might type -loops 100

4.

Click Update.

BusinessObjects Enterprise Administrator’s Guide

453

17

Managing Objects Program object management

Setting a working directory for a program object
By default, when a program object runs, BusinessObjects Enterprise creates a temporary subdirectory in the Program Job Server’s working directory, and uses this subdirectory as the working directory for the program. The subdirectory is automatically deleted when the program finishes running. You can specify an alternative working directory for the program object by modifying the Working Directory field on the Parameters page of the object. Or, you can modify the default setting for the working directory for the Program Job Server. Note: The account under which the program runs must have appropriate rights to the folder that you set as the working directory. The level of file permissions required depend on what the program does; however, the program’s account generally needs read, write, and execute permissions to the working directory. For information about setting credentials for an account under which a program object will run, see “Authentication and program objects” on page 458 1. 2. 3. To set a working directory for a program object In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the Working Directory field, type the full path to the directory that you want to set as the program object’s working directory. For example, on Widows, if you created a working directory named working_directory, type C:\working_directory On UNIX, type /working_directory 4. 1. 2. 3. 4. Click Update. To modify the default working directory for the Program Job Server Go to the Servers management area of the CMC. Click the link for Program Job Server. The Properties page appears. In the Temp Directory field, type the full path to the directory you want to set as the working directory for the Program Job Server. Click Update.

454

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Configuring executable programs
When you publish an executable program object to the CMC, you can:

• •

Configure the object to have access to external or auxiliary files. See “Providing Java programs with access to other files” on page 457. Customize environment variables for the shell in which BusinessObjects Enterprise runs the program. See “Specifying environment variables” on page 456.

Providing executable programs with access to other files
Some binary files, batch files, and shell scripts require access to external or auxiliary files to run. Aside from setting a working directory for the program object, there are two ways to provide access to these files:

• •

If a required file is on the same machine as the Program Job Server, you can specify the full path to the file. Alternatively, if the file is not located on the Program Job Server, you can upload the file to the File Repository Server, which will pass the files to the Program Job Server as necessary. To specify paths to required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the External Dependencies field, type the full path to the required file and click Add. Repeat step 3 for each file required. Click Update.

1. 2. 3. 4. 5.

Tip: To edit or remove external dependencies that you have specified, select the file path (in the list of external dependencies on the Parameters page) and click the appropriate button, either Edit or Remove. 1. 2. 3. 4. 5. To upload required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Auxiliary Files link. The Auxiliary Files page appears. Click Browse to navigate to the required file, then click Add File. Repeat step 3 for each required file. Click Update.

BusinessObjects Enterprise Administrator’s Guide

455

For example. See “Providing Java programs with access to other files” on page 457. Configuring Java programs To successfully schedule and run Java programs in BusinessObjects Enterprise. rather than append to it. Thus. Tip: To edit or remove environment variables that you have specified. Click Update. In the Environment Variables field. you can provide the Java program with access to other files located on the Program Job Servers. Specifying environment variables In the CMC. you must specify the required parameters for the program object. select the file(s) (in the list of external dependencies on the Parameters page) and click Remove File(s). all name values on UNIX must be typed in upper-case. Click the Process tab. 3. To add an environment variable In the Objects management area of the CMC. on UNIX you must follow convention. and click the appropriate button. Additionally. For example. select the variable (in the list of environment variables on the Parameters page).17 Managing Objects Program object management Tip: To remove auxiliary files that you have specified.c:\usr\bin On UNIX. However. then click the Parameters link. when the program exits. 2. Any changes you make to environment variables exist only in the temporary shell in which BusinessObjects Enterprise runs the program. click the link for the program object. you can configure your program by adding or modifying environment variables. The Parameters page appears. Modifications to an existing environment variable override this variable. you can set the path variable to append a user’s bin directory to the existing path: • • On Windows. either Edit or Remove. where name is the environment variable name and value is the value for the environment variable. and use the appropriate case. type the environment variables you want to set. 1. 456 BusinessObjects Enterprise Administrator’s Guide . Use the form name=value. 4. the environment variables are destroyed. you might type: path=%path%. you might type:PATH=$PATH:/usr/bin Note: BusinessObjects Enterprise sets your environment variables using the syntax that is appropriate for your operating system. and you can specify Java Virtual Machine options. See “Setting required parameters for Java programs” on page 457.

you must provide BusinessObjects Enterprise with the base name of the . click the link for the Java program object. Click the Parameters tab. Click the Process tab.class file that implements the IProgramBase from the BusinessObjects Enterprise Java SDK (com. BusinessObjects Enterprise Administrator’s Guide 457 .IProgramBase).Managing Objects Program object management 17 Setting required parameters for Java programs To successfully schedule and run a Java program.class file that implements the IProgramBase interface from the BusinessObjects Enterprise Java SDK. type the base name of the . located on the Program Job Server. click the link for the Java program object. The Parameters page appears. To specify required parameters for Java programs In the Objects management area of the CMC. Click Update. Note: The Java Runtime Environment must be installed on each machine that is running a Program Job Server.class. In the Class to run field. You must separate multiple paths with the classpath separator that is appropriate to your operating system: a semi-colon for Windows. if the file name is Arius. type the full paths to the locations of any Java library files that are required by the Java program. 2. 1. and stored on the Program Job Server.program. 4. Click Update. In the Classpath field. 3. type Arius 4. 3.desktop.businessobjects. a colon for UNIX. then click the Parameters link. To provide Java programs with access to other files In the Objects management area of the CMC.plugin. The Parameters page appears. 2. 1.sdk. For example. such as Java libraries. Providing Java programs with access to other files You can provide Java programs with access to files.

To provide default credentials. to give the program access to the system. 2. when you schedule a program object. the program will run under that user account. Click “Schedule with the following operating system credentials” and provide a default user name and password. to have the program object run as that account. Authentication on all platforms In the Objects management area of the CMC.17 Managing Objects Program object management Authentication and program objects Be aware of the potential security risks associated with the publication of program objects. This feature allows you. and the rights of the program will be limited to those of the user. to set up a specific user account for the program. and assign it appropriate rights. if any. The level of file permissions for the account under which a program object runs will determine what modifications. The Logon page appears. If you choose not to specify a user account for a program object. You can control the types of program objects users can run. 4. then click the Logon link. Enabling or disabling a type of program object As a first level of security. Click Update. it runs under the default system account. and you can configure the credentials required to run program objects. To specify a user account for a program object In the Objects management area of the CMC. 1. you can configure the types of program objects available for use. click the link for the program object. the job fails if credentials are not specified. 2. Thus. which generally has rights locally but not across the network. click Object Settings in the Objects management area. As the administrator. For details. 3. Note: By default. see “Controlling users’ access to objects” on page 317. 1. then click the Program Objects tab. you must protect the system against abuse. Select the type or types of program objects you want users to run. you must specify credentials for the account under which the program runs. 458 BusinessObjects Enterprise Administrator’s Guide . Click the Program Objects tab. the program can make to files. Alternatively. To enable or disable a type of program object In the Objects management area of the CMC. the administrator. users who publish program objects to BusinessObjects Enterprise can assign their own credentials to a program object. Click the Process tab. click Object Settings.

The first entry points to the BusinessObjects Enterprise Java SDK and allows program objects full rights to all BusinessObjects Enterprise JAR files. 4. It uses the same security settings for unsecure code as the Java default for unsecure code.Managing Objects Object package management 17 3. The second code base entry applies to all local files. By default.policy On UNIX.policy Object package management This section explains object packages and instances. type the credentials for the user account under which the program should run. Authentication for Java programs BusinessObjects Enterprise allows you to set security for all program objects. In the User Name and Password fields. the Java Policy File is installed to the Java SDK directory in the BusinessObjects Enterprise install root directory. For Java programs. Click Update. and instances?” on page 460 “Creating an object package” on page 460 “Adding objects to an object package” on page 461 “Configuring object packages and their objects” on page 462 “Authentication and object packages” on page 463 BusinessObjects Enterprise Administrator’s Guide 459 .. Note: • • The settings for the Java Policy are universal for all Program Job Servers running on the same machine. For example. a typical location on Windows is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\conf\crystal-program.. Use the Java Policy Tool (available with the Java Development Kit) to modify the Java Policy File. The Java Policy Tool has two code base entries. which has a default setting that is consistent with the Java default for unsecure code. to suit your specific needs. and how to manage them through the Central Management Console (CMC). It includes: • • • • • “What are object packages./solaris_install/bobje/enterprise11/JavaSDK/crystalprogram. components. BusinessObjects Enterprise forces the use of a Java Policy File. a typical location is .

and they do not appear in the list of all objects on the first page of the Objects management area of the CMC. select it and click Show Subfolders. type the name of the object package you want to create. The Object Package tab appears. For details about hyperlinked reports. For example. and Hyperlink objects. Rather. object packages allow users to view synchronized data across reports. (NonBusinessObjects Enterprise objects. rather than to component objects. the hyperlinks point to the other report instances in the same object package instance. This field is optional. 5. BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise creates an object package instance each time it runs an object package. then click the Object Package tab. Component objects are not autonomous. Ensure the correct folder name appears in the Destination field. the existing object package instance does not change. it still contains the report instance from the report object that you removed. Word. type a description of the object package. cannot be added to object packages.17 Managing Objects Object package management What are object packages. Future instances of the object package. Click New Object. 4. Creating an object package 1. Tip: • 460 To expand a folder. 3. In the Description field. Object packages can be composed of any combination of report and program objects that are published to the BusinessObjects Enterprise system. Acrobat.) Placing multiple objects in a single object package allows you to schedule them simultaneously. and thereby create an instance. such as Excel. along with all of their contents. For hyperlinked report instances in object package instances. Go to the Objects management area of the CMC. For reports. Think of them as folders you can schedule. components. In the Title field. will reflect the change. The object package instance contains individual instances of each of its component objects. and instances? Object packages function as distinct objects in BusinessObjects Enterprise. They have more limited configuration options than other objects. Text. 2. Component instances are tied to object package instances. then remove a report object from the object package. if you run an object package. see “Working with hyperlinked reports” on page 447. Rich Text. PowerPoint. Note: You cannot place object packages in the top level folder or inside other object packages. you can only view them by opening their object package. however.

Note: You publish objects to new or existing object package using the Publishing Wizard. 4. For details on copying objects. Note that you can add only report objects or program objects to an object. Changes in one object are not reflected in the other. You can add previously unpublished objects directly to the object package. To search for a specific folder. A list of object tabs appears. you can add report and/or program component objects to it. once you create the copy of the original object inside the object package. after you have created an object package. moving. 1. 6. Specify the file name or. view an object package by clicking its link. For details. and notification for the object package. To publish a new object directly to an object package In the Objects management area of the CMC. you cannot move the existing objects themselves. For reports. You can now modify the properties. You can only move copies of existing objects into the object package. or Script. contents. destination. then click the New Object button. or between object packages. use the Look For field. When you copy an object into an object package. the CMC displays the Properties page. Click OK. the component object retains the same settings as the original object. • • 7. 2. Set the appropriate properties. the component and the original are separate entities. Click the Objects tab. see “Copying. set whether to generate a thumbnail for the report. or creating a shortcut for an object” on page 417. or click browse to navigate to the object you want to publish. user rights. Java. object settings. However. or you can copy existing objects into the object package.Managing Objects Object package management 17 • 6. and whether to use the Object Repository when refreshing the report. For programs. set the program type: Executable. BusinessObjects Enterprise Administrator’s Guide 461 . Note: When the object package has been added to the system. Adding objects to an object package In the CMC. scheduling information. 3. 5. see “Publishing with the Publishing Wizard” on page 376. Report or Program. Click the appropriate tab. Click OK.

The following table indicates which configuration parameters you can modify for an object package or for individual objects in a package. Note: Because the objects in an object package are copies of objects that exist outside the package. but you cannot specify destinations for the individual objects in the package. and some at the object level. that is. The parameters are identified by tab or link. you configure some parameters at the object package level. it will save the output instances to the destination you specified for the object package. you have to specify the destination for an object package.17 Managing Objects Object package management Configuring object packages and their objects Object packages are intended to save you time scheduling objects that have similar scheduling requirements. for the individual objects in the object package. For example. For information on how to set or modify these parameters. When the system runs the object package. the changes you make will not affect the objects outside the object package. see: • • • • “General object management” on page 417 “Report object management” on page 425 “Program object management” on page 451 Chapter 18: Scheduling Objects Configure for an object package yes --yes Scheduling server ----yes --Configure for individual objects in a package yes yes yes -View & Modify server yes yes yes yes -yes yes Configuration tabs and links Properties tab Refresh Options Links History tab Process tab Database Parameters Filters Print Setup Schedule tab Notification Alert Notification 462 BusinessObjects Enterprise Administrator’s Guide . As a result.

you specify database logon information for each report component object in the object package.Managing Objects Object package management 17 Configuration tabs and links Format Destination Schedule For Categories tab Corporate Personal Rights tab Configure for an object package -yes yes n/a yes yes yes Configure for individual objects in a package yes --n/a yes yes -- Authentication and object packages Object packages simplifies both Enterprise and database authentication.) BusinessObjects Enterprise Administrator’s Guide 463 . the component instance(s) fail(s). it initially inherits the database logon information of the original report. Consequently. If you attempt to schedule a package that contains one or more component objects to which you do not have schedule rights. For database authentication. (If you copied the report into the object package. including all of its component objects. You enter your Enterprise authentication only once to schedule the object package. you must have scheduling rights for each of the objects inside the object package.

17 Managing Objects Object package management 464 BusinessObjects Enterprise Administrator’s Guide .

Scheduling Objects chapter .

a report or program instance. it creates an output instance for the object. “Managing instances” on page 495 This section describes how to manage instances for an object. Output instances also appear on the History page of an object and have a status of Success or Failed. A scheduled instance contains object and schedule information. Scheduled instances use the settings that are presently configured for the object in CMC. “Setting the scheduling options” on page 476 This section describes the options on the different Schedule pages for an object. and object packages. program objects. For details about object types and object management. When the system runs the object. the system creates a scheduled instance for the object. You can schedule report objects. you must provide logon information for the account that the program object will run as. It does not contain any data yet. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. This chapter contains the following sections: • • • “Scheduling objects” on page 466 This section provides information on how to schedule objects. 466 BusinessObjects Enterprise Administrator’s Guide . such as Notification. It does not contain any data yet. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. Web Intelligence documents. for example.18 Scheduling Objects Scheduling objects overview Scheduling objects overview Scheduling an object lets you run it automatically at specified times. A program instance is a text file that contains the standard out and standard error produced when the program object was run. A report instance contains actual data from the database. When you schedule an object. In order for a program object to be successfully scheduled and run. Scheduling objects When you schedule an object. or Destination. see “Authentication and program objects” on page 458. A scheduled instance contains object and schedule information. the system creates a scheduled instance for the object. For details. see Chapter 17: Managing Objects.

For example. For details. see “Setting the scheduling options” on page 476. Therefore. click Update. because running the document at scheduled times will not reduce the number of database hits. Click the Schedule tab. see “Run options and parameters” on page 469. Friday. Select the recurrence pattern you want. Specify the Run option and parameters that you want. Note: To save the schedule settings as the new default setting for the object. See also “Managing and viewing the history of instances” on page 495.Scheduling Objects Scheduling objects 18 For end users to schedule and run objects. Note: If a Web Intelligence document has been set to “refresh on open” then the system will access the database to obtain the latest information each time a user views the document. they must use a web-based client such as InfoView or a custom web application. Click Schedule. 5. see “Scheduling an object with events” on page 473. For a list and descriptions of the Run options and parameters. Many scheduling options allow you to schedule an instance with events. To schedule an object In the Objects management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 467 . showing the default settings for the object. select “Every week on” and then specify Monday. For a list and descriptions of the recurrence patterns. The Schedule page appears. select Weekly. 3. 2. The new settings on the Schedule tab for the object are saved. whereas CMC enables you to manage and administer objects in addition to scheduling objects and viewing reports. it may not be advantageous to schedule Web Intelligence documents that are set to “refresh on open”. You can view the scheduled instance on the History page for the object. see “Recurrence patterns” on page 469. 4. 6. Wednesday. select an object by clicking its link. Set any of the other schedule options and parameters as required. 1. InfoView is designed primarily to schedule objects and view reports. For details. For example. The system creates a scheduled instance and it will run the instance according to the schedule information you just specified.

you select Daily or Weekly. The recurrence patterns appear on the left of the Schedule page.18 Scheduling Objects Scheduling objects About the scheduling options and parameters When you schedule an object. You then specify additional parameters to control exactly when and how often the object will be run. you choose the recurrence pattern that you want. 468 BusinessObjects Enterprise Administrator’s Guide . “Every week on”). For example. and then the run option (for example. The Run options list and related parameters appear to the right of the recurrence patterns.

In many case the same parameters appear. Daily—The object will be run every day.” To see all the Run options for a recurrence pattern. BusinessObjects Enterprise Administrator’s Guide 469 . refer to the software. The names of the recurrence patterns.” If you select Monthly. Run options and parameters This section describes the Run parameters for scheduling an object. you can select to run the object “On the Nth day of the month” or “On the first Monday of the month. and a start and end date you want it to run. but the options vary depending on which recurrence pattern you select. See Chapter 19: Managing Calendars.Scheduling Objects Scheduling objects 18 Which run options and parameters are available depends on the recurrence pattern you selected. but for a complete description. Calendar—The object will be run on the dates specified in a calendar. if you select Daily. you can select to run the object “Once each day” or “Every X day(s). you can choose from the following recurrence patterns: • • • • • • On demand—The object will only be run when a user request it to be run. Not all parameters apply in all cases. but when they apply. It can be run now or in the future. Weekly—The object will be run every week. You can specify which days. You can specify on which days of the month. It can be run once or several times a day. Monthly—The object will be run every month or every several months. such as start and end dates. options. Run This list always appears. and fields are generally self explanatory. what time. their function is the same. The calendar must have been previously created. It can be run once a week or several times a week. You can specify what time as well as a start and end date. Once—The object will be run only once. what time. see: • • “Recurrence patterns” on page 469 “Run options and parameters” on page 469 Recurrence patterns When scheduling an object. or when a specified event has occurred. and a start and end date. For example. You can specify which calendar.

Once the End Date has passed. If you don’t change the X or N value. 470 BusinessObjects Enterprise Administrator’s Guide . Start Date Applies to most. in seconds. and Chapter 20: Managing Events. For example. that the system will wait before it attempts to process the object again if the first attempt is unsuccessful. but not all. Specify a different End Date if required. The default is the current time and a date in the distant future. if you specify a start date that is three months into the future. You cannot trigger file or custom events. You can then changes these values as needed. The system will run the object only when those events have been successfully completed. to ensure an object will be run indefinitely. recurrence patterns and Run options. See also “Scheduling an object with events” on page 473. The default is the current date and time. The number of times the system attempts to process an object if the first attempt is not successful. if you select the “Daily” recurrence pattern and the “Every X hour(s). the system won’t run the object until the start date has passed. For example. The system will run the object according to the schedule that you specified. after the Start Date has passed. Number of retries allowed Always applies. N minute(s)” Run option. the system will run the report every hour. you could specify to run the report every 4 (X) hours and 30 (N) minutes. You can select one or several events. After that. The period. By default. Retry interval in seconds Always applies. When you select a Run option that contains these variables. See also “Scheduling an object with events” on page 473. This list of events contains schedule events only. Available Schedule Events Applies to all Run options that include “with events. Available Events Applies to all Run options that include “with events. as soon as it can. even if all the other criteria are met.18 Scheduling Objects Scheduling objects X and N variables Applies to certain Daily and Monthly recurrence patterns only. the system displays their default values. A successful run of the object will trigger the events that you specified. End Date Applies to most.” Select an event and click the Add button to move it to the “Events to trigger on completion” box. the system no longer runs the object. You can select one or several events.” Select an event and click the Add button to move it to the “Events to wait for” box. the system will run the report at the specified time. but not all recurrence patterns and Run options. the number is zero.

For details on configuring object packages. Click OK. see “Object package management” on page 459. you must configure it through the Print Setup link available on the report object’s Process tab. For details on publishing directly to an object package. Using object packages simplifies authentication. This procedure describes how to use the CMC to schedule objects by using object packages. Finally. For more information about configuring objects. assign the object package to a category. b. c. and Web Intelligence documents. e. see “Managing Objects” on page 415. They can contain any combination of objects that can be scheduled. For example. • 1. Object packages function as distinct objects in BusinessObjects Enterprise. and then click the Object Package tab. First you publish an object package. See also “Publishing with the Central Management Console” on page 385. you copy existing objects into the object package. Select a destination for the object package. you schedule the object package as you would any object. skip this step. d. you can publish objects directly to an object package. Alternatively. Click New Object. f. see “Working with hyperlinked reports” on page 447. if you want a report object in an object package to print when scheduled. and then you can schedule that object packages as you would any object. BusinessObjects Enterprise Administrator’s Guide 471 . To schedule objects using object packages Go to the Objects management area of the CMC. For information about publishing hyperlinked report objects. Note: • You must configure the processing information of each of the components of an object package individually. 2. it allows users to view synchronized data across instances.Scheduling Objects Scheduling objects 18 Scheduling objects using object packages You can schedule objects in batches using the object packages feature. In terms of reports and Web Intelligence document. If you want. If the object package already exist. Type the package name and a description. Otherwise: a. Then. such as report and program objects. see “Publishing overview” on page 374. Go to the Objects management area of the CMC again.

Tip: • • • 7. Click Copy/Move/Shortcut.18 Scheduling Objects Scheduling objects 3. Note: Existing objects cannot be moved into an object packages. 472 BusinessObjects Enterprise Administrator’s Guide . To expand a folder. 6. 5. 4. Select Copy to. To search for a specific folder or object package. Object packages are indicated by [square brackets]. select it and click Show Subfolders. Schedule the object package. use the Look For field. Select the object package you created as the Destination for the objects. The Copy/Move/Create Shortcut page appears. they must be copied to the object package. Select the check boxes associated with each object you want to place in the object package. and then click OK. See “Scheduling objects” on page 466.

Also. and if the event is not triggered before the end date occurs. For a list and descriptions of the recurrence patterns. the object will be run only when the additional condition (that is.Scheduling Objects Scheduling objects 18 Scheduling an object with events When you schedule an object with events. 2. For example. A schedule-based event is triggered by another object being run. the event must be triggered within the 24-hour period on Monday. When the object is run. you must choose a schedule-based event. BusinessObjects Enterprise will trigger the specified event. If you want a scheduled object to trigger an event. 3. Scheduling objects based on an event When you schedule an object that waits for a specified event. the event won’t be triggered if the instance fails. custom-based. then the report will not run. or all of the three event types: file-based. or calendar schedule. See “Managing events overview” on page 510. If the event is triggered before the start date of the object. To schedule an object to run based on events In the Objects management area of the CMC. and only when the rest of the schedule conditions are met. For a schedule-based event. The event must be triggered within this specified time for the object to run. Note: A file-based event is triggered upon the existence of a specified file. the object will have a specified time frame in which it can be processed. the object will not run. the object will not run because not all of the conditions will have been met. For a sample scenario on when you would use a schedule-based event. if you choose a weekly. You can tell an object to wait for any. if the event is triggered outside of the 24-hour period. If you have specified an end date for this object. if the event is based on the instance being run successfully. Select the recurrence pattern you want. first ensure that you have created the event. For example. A custom-based event is triggered manually. select an object by clicking its link. BusinessObjects Enterprise Administrator’s Guide 473 . the object will run only when the event is triggered. 1. and schedule-based. Click the Schedule tab. the event) occurs. if you schedule a weekly report object that runs every Monday. select Weekly. see “Schedule-based events” on page 512. monthly. for example. see “Recurrence patterns” on page 469. Scheduling objects to trigger an event You can also schedule an object which triggers a schedule-based event upon completion of the object being run. Note: To schedule an object with events.

For example. In the Available Events area. 6. 474 BusinessObjects Enterprise Administrator’s Guide . To update the default scheduling information. click Update. any changes you made to the scheduling information are not saved. In the Run list. select from the list of events and click Add. select a run option that contains the words. the report object above is set to wait for a Custom-based event to occur before the report is processed. Start Date. If you don’t click Update. and so on). “with events.18 Scheduling Objects Scheduling objects 4. 7. For a list and descriptions of the Run options and parameters. Click the Schedule button to schedule the object. 8.” 5. End Date. Select and complete the schedule parameters for your object (scheduling option. see “Run options and parameters” on page 469.

End Date. For a list and descriptions of the recurrence patterns. 4. In the Run list. select a run option that contains the words. 2. 5. select from the list of events and click Add. Weekly. or by Calendar. Click the Schedule tab. “with events. BusinessObjects Enterprise Administrator’s Guide 475 . From the list on the left of the page. 6. 3.” Select and complete the schedule parameters for your object (scheduling option. select an object by clicking its link. and so on). Start Date. In the Available Schedule Events area. Monthly. To schedule an object to trigger an event In the Objects management area of the CMC.Scheduling Objects Scheduling objects 18 1. see “Recurrence patterns” on page 469. Daily. select a recurrence pattern: Once.

click Update. any changes you made to the scheduling information are not saved. Setting the scheduling options includes the following tasks: • • • • • • “Scheduling objects” on page 466 “Setting notification for an object’s success or failure” on page 476 “Specifying alert notification” on page 479 “Selecting a destination” on page 481 “Choosing a format” on page 491 “Scheduling an object for a user or group” on page 493 Setting notification for an object’s success or failure You can set scheduling options that automatically send notification when an object instance succeeds or fails.18 Scheduling Objects Setting the scheduling options For example. You can also combine multiple notification methods. If you don’t click Update. For example. You need to check each instance to make sure it ran properly. it would take too much time to manually check the reports and contact the users who need the information. Using notification settings in BusinessObjects Enterprise. you may have a large number of reports that run every day. and you can automatically inform users when new report instances run successfully. 476 BusinessObjects Enterprise Administrator’s Guide . 8. Note: You can only select schedule-based events in this list. Click the Schedule button to schedule the object. 7. You can send notification using audit or email notification. With thousands of reports. the report object above is set to trigger a Schedule-based event only if the report is successfully processed. and then send out emails to the users who need to know that the new report is available. and provide different notification settings for successful and failed instances. Setting the scheduling options BusinessObjects Enterprise allows you to control the process and schedule settings for an object. you can set each object to automatically notify you when the report fails to run properly. To update the default scheduling information.

To change this setting. The conditions required for an instance’s success or failure depend on the type of object you schedule: • Report and Web Intelligence document objects A report instance runs successfully if it doesn’t encounter any errors while processing the report object or accessing the database. then the object instance fails. To monitor object successes and failures from a more general perspective. but does not perform the tasks it is supposed to. A report instance may fail if the user does not provide the correct parameters or logon information. You can select unique notification options for each object.Scheduling Objects Setting the scheduling options 18 Determining an object’s success or failure When you schedule an object. For example. the program must run in order to succeed. Note: You cannot set audit or email notification for object packages. You can choose to notify using: BusinessObjects Enterprise Administrator’s Guide 477 . then the notification fails and the object instance is recorded as a failure in the object’s history. You can also set scheduling options for individual objects within an object package. About notification You can set notification at the object level. BusinessObjects Enterprise does not monitor problems with the program object’s code. If notification fails. the instance is considered a failure. For more information about events. You can also schedule object packages with events on the Schedule tab. see “Schedule-based events” on page 512. If the program does not run. click the object package’s Properties tab and clear the “Scheduled package fails upon individual component failure” option. which will trigger an event based on success or failure of the object package. If the program runs. you can set only event notification. use the auditing functionality within BusinessObjects Enterprise. but you can set any type of notification for the individual objects in the object package. sending different types of notification for different conditions. the scheduled instance either succeeds or fails. • Object packages An object package may fail if one of its components fails. it is still considered a successful instance because the program object ran. For object packages. • Program objects For program objects. if an email notification sends a message to an invalid email address.

To set notification for an instance’s success or failure Select a object in the Objects management area of the CMC. see “Managing Auditing” on page 203. you must have the Email SMTP destination enabled and configured on the job servers. Choose the specific settings for the notification. You can choose to have a notification sent to the auditing database when the job runs successfully. When you select audit notification. • Email notification You can send an email as a notification of an object instance’s success or failure. Note: If the notification type is already being used. 478 BusinessObjects Enterprise Administrator’s Guide . 3. information about the scheduled object is written to the auditing database. or both. but when the report succeeds you can automatically send a notification to everyone who needs the report to let them know it is now available. the notification has nothing to do with the contents of the report . it will be labelled “Enabled”. For more information about configuring the auditing database and enabling auditing. Alert notification must be built into the design of the report. Click the notification type (or types) you want to use. You can choose the sender and recipients of the email message. If not. you could send your administrator an email if the report fails. 1. Click the Schedule tab. Note: To enable email notification. then click the Notification link.it’s just about whether or not the report object instance has failed or succeeded. If you use auditing to monitor your BusinessObjects Enterprise system. it will be labelled “Not in use”. For example. 2.18 Scheduling Objects Setting the scheduling options • Audit notification To use audit notification. See “Configuring the destinations for job servers” on page 125 Note: Notification of a scheduled object’s success or failure is not the same as alert notification. 4. alert notification can send an email to you whenever a specific value in the report exceeds $1000000. when it fails to run. You can send an email when the instance fails and when it succeeds. For example. In this case. you must configure the auditing database and enable auditing for the servers. Note: For the job servers you can also set audit notification on the Auditing tab. you can use audit notification.

you must have the Email SMTP destination enabled and configured on the job servers. See “Configuring the destinations for job servers” on page 125. you can choose to send alert notification when scheduling a report. Note: By default. To enable alert notification. Specifying alert notification Note: This feature does not apply to Web Intelligence document objects. the notification is sent to the server’s default email destination. 5.” and “From” fields for the email. Note: • • • The Alert Notification link is available only if the report object contains alerts. select “A job has failed to run. If you enable alert notification. Alerts may indicate action to be taken by the user or information about report data. You can configure email delivery options. and the message. BusinessObjects Enterprise Administrator’s Guide 479 . that appear when certain conditions are met by data in a report. select “A job has been run successfully. Click Update. messages are sent through an SMTP server. the alert is triggered and its message is displayed. select “Set the vales to be used here” and provide the From and To email addresses. To specify the contents and recipients of the email notification.” “Cc. For details on how to change the default email settings. created in Crystal Reports. specify the “To. Alerts are custom messages.” To send a record when the job fails. In BusinessObjects Enterprise. Alerts are triggered in the report object even if you disable alert notification.” Email notification Choose whether you want to send a notification when the job fails or when it succeeds. set a URL for the viewer you want the email recipient to use. the email subject line. and set the maximum number of alert records to send. see “Email (SMTP) destination properties” on page 128. add subject and message information.Scheduling Objects Setting the scheduling options 18 Audit notification To send a record to the auditing database when the job succeeds. If the alert condition (as defined in Crystal Reports) is true.

3. You can change these settings in the Servers management area. To set alert notification In the Objects management area of the CMC. 2. BusinessObjects Enterprise will deliver the alert notification using the Job Server’s default settings. and then click the Alert Notification link. 480 BusinessObjects Enterprise Administrator’s Guide . If you select the first option. For more information. Click the Schedule tab. see “Configuring the destinations for job servers” on page 125. The Alert Notification page appears. Clear the Enable alert notification check box if you do not want to send an alert notification. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here.18 Scheduling Objects Setting the scheduling options 1. select a report object by clicking its link. 4.

Type the maximum number of alert records to be included in the alert notification. Note: You must use World Wide Web Consortium (W3C) URL encoding when typing the viewer URL. Use this field to limit the number of records displayed. Message Type a short message. The hyperlink in the alert notification displays a report page that contains the records that triggered the alert. you can select the default viewer by clicking Use default. Note: Separate multiple addresses or distribution lists using semicolons. if required. it always stores the output instance on the Output FRS. For example. 5. see http://www. The viewer URL appears in the hyperlink that is sent in the alert notification email. Cc Type the addresses or distribution list that you wish to send a copy of the alert notification to. When the system runs an object. Alternatively. you can specify the email settings: • • • • • From Type a return address or distribution list. Being able to choose an additional destination gives you the flexibility to deliver instances across your enterprise system or to destinations outside your enterprise system.w3. Selecting a destination Using BusinessObjects Enterprise. 7. Tip: The Alert Name and Status fields are set in Crystal Reports.Scheduling Objects Setting the scheduling options 18 If you select the second option. see the developer documentation available on your product CD. For more information. you can configure an object or instance for output to a destination other than the default Output File Repository Server (FRS). For more information. You can set the default URL by clicking Object Settings on the main page of the objects management area of the CMC. Type the URL for the viewer in which you want the email recipient to view the report. Click Update. replace spaces in the path with %20. Subject Complete the subject field.org/ 6. To Type the addresses or distribution list that you wish to send the report to. BusinessObjects Enterprise Administrator’s Guide 481 .

See “Setting printer and page layout options” on page 441. name or title of the object.” BusinessObjects Enterprise generates a unique name for the output file or files. or the date and time information. The following table summarizes which destinations you can configure for which types of objects. because the recipients must have access to the BusinessObjects Enterprise system to be able to open these types of objects. DIsk No No Email (SMTP) FTP No No File No No Link No Inbox File Link - 482 BusinessObjects Enterprise Administrator’s Guide . For program and report objects you can specify any of the available destinations. you can set an object to have its output automatically delivered by email to other users. these settings are also reflected in the default scheduling settings for InfoView. you cannot specify Unmanaged Disk as a destination for a Web Intelligence document. When you specify the destination settings through the CMC. Note: You can also configure object instances to be printed after they have been run. For example. Object type Report Object Package Program Web Intelligence document Unm. for object packages and Web Intelligence documents you cannot do this. However. When you specify a destination other then “Default. owner information. To generate a file name.18 Scheduling Objects Setting the scheduling options For example. The following destinations are available: • • • • • “Default destination support” on page 483 “Unmanaged Disk destination support” on page 483 “FTP support” on page 485 “Email (SMTP) support” on page 487 “Inbox support” on page 490 Note: You can change the destination setting for an object or instance either in the Central Management Console (CMC) or in InfoView. you can use a combination of ID.

If the object is a Web Intelligence document or an object package. Unmanaged Disk destination support When scheduling objects. 2. The location must be a local or mapped directory on the processing server. In that case. you cannot specify Unmanaged Disk as a destination. If you want to save instances to the FRS only and not to any other destinations. 1. The Destination page appears. you must have the destination enabled and configured on the job servers. select an object by clicking its link. select that option. To use a destination. Click the Schedule tab. The Destination page appears. the system will save an output instance to both the Output File Repository Server and the specified destination. Click Update. then click the Destination link. Click the Schedule tab. 3. Select Default from the Destination list. 4.Scheduling Objects Setting the scheduling options 18 Default destination support By default. To set your destination to unmanaged disk In the Objects management area of the CMC. The processing server must have sufficient rights to the specified location. BusinessObjects Enterprise Administrator’s Guide 483 . select an object by clicking its link. object instances are saved to the Output File Repository Server (FRS). for an object package you can configure the individual objects in the object package for output to Unmanaged Disk. Note: • • • 1. For servers using Windows. However. then click the Destination link. To set your destination to default In the Objects management area of the CMC. See “Configuring the destinations for job servers” on page 125. the location can also be a Universal Naming Convention (UNC) path. 2. you can configure the objects for output to an unmanaged disk.

or a UNC path. 3. When that option is selected. select the Clean up instance after scheduling option. If you select the first option. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. For more information. If you want. 4. see “Configuring the destinations for job servers” on page 125. 484 BusinessObjects Enterprise Administrator’s Guide . you can set the file name properties and enter user information: • Destination Directory Enter a local location. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. If you select the second option. mapped location. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. You can change these settings in the Servers management area.18 Scheduling Objects Setting the scheduling options Select Unmanaged Disk from the Destination list.

the system will save an output instance to both the Output File Repository Server and the specified destination. • • User Name Specify a user who has permission to write files to the destination directory. To add a variable. FTP support When scheduling objects. 1. The Destination tab appears. Click Update. When the instance is run. See “Configuring the destinations for job servers” on page 125. Note: To use a destination.If you specify an FTP destination. BusinessObjects Enterprise Administrator’s Guide 485 . Password Type the password for the user. Click the Schedule tab. Note: You can specify a user name and password only for servers using Windows. you must have the destination enabled and configured on the job servers. you must specify a user who has the necessary rights to upload files to the server. 2. the variable will be replaced with the specified information from the instance. To connect to the FTP server. 5. its file name will include the object owner’s name. select an object by clicking its link.” when you schedule an object. However. if you add the variable “Owner. then click the Destination link. choose a placeholder for a variable property from the list and click Add.Scheduling Objects Setting the scheduling options 18 • • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. you cannot specify FTP as a destination. you can configure the objects for output to a File Transfer Protocol (FTP) server. If the object is a Web Intelligence document or an object package. for an object package you can configure the individual objects in the object package for output to FTP. For example. Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. To set an FTP server as the destination In the Objects management area of the CMC.

4. You can change these settings in the Servers management area. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. Select FTP from the Destination list. 486 BusinessObjects Enterprise Administrator’s Guide . select the Clean up instance after scheduling option. 5. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. For more information see “Configuring the destinations for job servers” on page 125.18 Scheduling Objects Setting the scheduling options 3. If you want. If you select the first option. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. When that option is selected.

to one or more email destinations. BusinessObjects Enterprise Administrator’s Guide 487 . • • • Destination Directory Enter the FTP directory that you want the object to be saved to. After it has run the object. Email (SMTP) support With Simple Mail Transfer Protocol (SMTP) mail support. Account Enter the FTP account information. you can choose to send the instances of an object. To add a variable. 6. for example. Provide the appropriate account only if your FTP server requires it. choose a placeholder for a variable property from the list and click Add. Account is part of the standard FTP protocol. FTP Password Enter the user’s password. if required. you can set the FTP and file name properties: • • • • • Host Enter the FTP host information. the system will send a copy of the output instance as an attachment to the email addresses you specified.Scheduling Objects Setting the scheduling options 18 If you select the second option. When you select the Email (SMTP) destination. Port Enter the FTP port number (the default is 21). Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. a report instance. BusinessObjects Enterprise supports Multipurpose Internet Mail Extensions (MIME) encoding. FTP User Name Specify a user who has the necessary rights to upload an object to the FTP server. the system will save the instance to the Output File Repository Server as well as email it to the specified destinations. Click Update. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. but it is rarely implemented.

If you want.18 Scheduling Objects Setting the scheduling options Note: To use a destination. Select Email (SMTP) from the Destination list 4. you must have the destination enabled and configured on the job servers. The Destination page appears. 2. Note: If the object is a Web Intelligence document. 3. See “Configuring the destinations for job servers” on page 125. To send an object by email In the Objects management area of the CMC. Click the Schedule tab. then click the Destination link. 1. select the Clean up instance after scheduling option. 488 BusinessObjects Enterprise Administrator’s Guide . select an object by clicking its link. you cannot specify Email (SMTP) as a destination.

Scheduling Objects Setting the scheduling options 18 5. you can specify the email settings and the file name properties: • From Enter a return address. if required. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. If you select the second option. For more information. • Attach object instance to email message Clear this check box if you do not want a copy of the instance attached to the email. You can change these settings in the Servers management area. When that option is selected. choose a placeholder for a variable property from the list and click Add. • Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the object. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC. • Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. To add a variable. Click Update. • Message Type a short message. 6. • Subject Complete the subject field. BusinessObjects Enterprise Administrator’s Guide 489 . BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. • To Enter an address or addresses that you wish to send the object to. Separate multiple addresses with semicolons. If you select the first option. • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. see “Configuring the destinations for job servers” on page 125. • Cc Enter an address or addresses that you wish to send a carbon copy of the object to.

To send an object to inboxes In the Objects management area of the CMC. Note: To use a destination. See “Configuring the destinations for job servers” on page 125. the system will save the instance to both the Output File Repository Server and the inboxes you specified. you can configure objects for output to the inboxes of users. 3. Click the Schedule tab. The Destination tab appears. you must have the destination enabled and configured on the job servers. select an object by clicking its link. 2. then click the Destination link. In this case. you can choose to send a shortcut. Select Inbox from the Destination list. Instead of sending the actual file to the inboxes. 490 BusinessObjects Enterprise Administrator’s Guide .18 Scheduling Objects Setting the scheduling options Inbox support When scheduling objects. 1.

select the Clean up instance after scheduling option. For more information. otherwise skip this step: Send Document as • • • • 7. If you selected “Set the values to be used at schedule time here. Select the processing option that you want: • Use the Job Server’s defaults BusinessObjects Enterprise will schedule the object with the job server’s default settings. Look for Use this feature to search for a specific user or users group. Click Update. You can select individual users or user groups. When that option is selected.Scheduling Objects Setting the scheduling options 18 4. see “Selecting a destination” on page 481. For more information on destinations. Copy The system will send a copy of the instance. If you want. This format will be saved to the destination you have selected. Type the name and then click Find now. 5. Send List Operation Specify who must receive the report instance. Shortcut The system will send a shortcut to the instance. • Set the values to be used at schedule time here BusinessObjects Enterprise will schedule the object with the parameters you specify. you can select the format that the document will be saved in when it is generated. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. see “Configuring the destinations for job servers” on page 125.” set the parameters for that option. rather than send a copy of the instance itself. 6. Choosing a format Web Intelligence document formats For Web Intelligence documents. You can select from the following formats: • • • WebIntelligence Microsoft Excel Adobe Acrobat BusinessObjects Enterprise Administrator’s Guide 491 .

while Excel (Data only) saves only the data. Tab-separated Values. Each of these two formats produce data lists. see “Selecting a destination” on page 481. The Tab-separated Values format places a tab character between values. you specify certain formatting properties for the report. This does not conflict with the format you select when scheduling the report. you can enter characters for the separator and delimiter. the report instance is automatically sent to the printer in Crystal Reports format. you can select the format that a report instance will be saved in when it is generated by BusinessObjects Enterprise. In contrast. The difference between Excel and Excel (Data only) is that Excel attempts to preserve the look and feel of your original report. with each cell representing a field.” Note: • If you choose to print the report when it is scheduled (by checking the “Print in Crystal Reports format using the selected printer when scheduling” check box on the Print Setup page). if you select Character-separated Values. you can also select the two check boxes: “Same number formats as in report” and “Same date formats as in report. and Character-separated Values. For more information on destinations. • • 492 BusinessObjects Enterprise Administrator’s Guide . the Character-separated Values format places a specified character between values. Paginated Text. This format will be saved to the destination you have selected for the report object and its instances. For example. the Tab-separated Text format attempts to preserve the formatting of the report. You can select from the following formats: • • • • • • • • • • • • Crystal Report Microsoft Excel Microsoft Excel (Data Only) Microsoft Word (RTF) Adobe Acrobat Rich Text Editable Rich Text Plain Text Paginated Text Tab-Separated Text Tab-Separated Values Character-separated Values For Excel.18 Scheduling Objects Setting the scheduling options Crystal report formats For Crystal report objects.

Complete any fields that appear below the list and select (where appropriate) the check boxes that appear. select a report object by clicking its link. On the Schedule tab. The Format page appears. Select the format you want. On the Schedule tab. Selecting cache options for Web Intelligence documents When the system runs a scheduled Web Intelligence document it stores the the instance it generates on the Output File Repository Server. the format you specified on the Schedule tab for the object must be WebInteligence.Scheduling Objects Setting the scheduling options 18 1. then the system won’t cache the document when it runs the document. you can choose to have the system cache the report on the Web Intelligence Report Server by selecting a cache format for the document. Scheduling an object for a user or group The Schedule For feature allows you to generate reports that contain data for specific users only. 5. Select a format from the Format list. To select a cache format for Web Intelligence documents In the Objects management area of the CMC. Click Update. 4. 1. Click Update. 2. The Caching Options page appears. click the Caching Options link. If you select a different format. select Web Intelligence object by clicking its link. If you don’t select a cache format. In addition. the Cache Options link is disabled for the object. 2. 4. 3. To select a format for the report In the Objects management area of the CMC. It is intended to be used for either of the following types of objects: • • Crystal reports that are based on Business Views Web Intelligence documents that use Universes BusinessObjects Enterprise Administrator’s Guide 493 . click the Format link. Note: To select a cache option. 3.

select one or more users or groups and add them to the “Groups to be added to the scheduling list” by using the arrow buttons. Each instance would contain sales information for the individual sales representative only. Select who you want to schedule the object for. skip this step. 2. 3. At the specified time.18 Scheduling Objects Setting the scheduling options Using the Schedule For feature you can schedule an object and specify for which users you want the system to run the object. select a report object by clicking its link. Otherwise. • • 4. 1. Click Update. Schedule only for myself Schedule for specified users and user groups If you selected Schedule for specified users and user groups. For example. On the Schedule tab. 5. Each instance will contain data that is relevant to the individual user only. The Schedule For page appears. The system will run the object and generate multiple instances of the report or document. you can schedule a sales report and on the Schedule For page you can specify the users names for all your sales representatives. 494 BusinessObjects Enterprise Administrator’s Guide . To change the Schedule For settings for an object In the Objects management area of the CMC. the system runs the report object and generates the individual report instances. click the Schedule For link.

will have a status of Success or Failed. which can be viewed in their completed format. the Arguments column lists the command-line options that were or will be passed to the command line interface for each instance. For program objects. To manage storage space. A program instance stores the program’s standard out and standard error in a text output file. Essentially. or to provide a time limit for the instances. For report objects. You can view specific report instances on the History page of the report object. That page lists the scheduled instances and the output instances for an object: • • Scheduled instances will have a status of Recurring or Pending. Managing and viewing the history of instances The History page displays all of the instances for a selected object. The system has not yet run these instances.Scheduling Objects Managing instances 18 Managing instances To view or manage instances. See “Managing and viewing the history of instances” on page 495. Each instance contains data that is current at the time the report is processed. The Run By column indicates which user scheduled the instance. run. That is. and the instances do not contain any data yet. actual report or program instances. a report instance is a report object that contains report data that is retrieved from one or more databases. From the History page. or will be stored in and the Parameters column indicates what parameters were or will be used for each instance. it is good practice to limit the number of possible instances for an object. you can also choose to delete. BusinessObjects Enterprise creates a program instance each time that a program object is scheduled and run by the Program Job Server. The Instance Time column displays the title of the instances and the date of the last update for each instance. go to the History page for the object. program BusinessObjects Enterprise Administrator’s Guide 495 . BusinessObjects Enterprise creates instances from objects. and refresh instances. which indicate whether they were run successfully: • • A report instance contains actual report data. a report instance is created when a report object is scheduled and run by the Job Server. that is. Unlike report instances. Output instances. pause. The Status column displays the status of each instance. the Format column displays which format the report is. See “Setting instance limits for an object” on page 498.

2. Send to. Resume. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. “Viewing an instance” on page 496 “Pausing or resuming an instance” on page 497 “Deleting an instance” on page 498 “Sending an object or instance” on page 420 To manage instances In the Objects management area of the CMC. Note: To refresh the list. The History tab appears. For information about the Send to button. In this case you don’t need to select an instance first. If you click Run Now. Managing instances includes the following tasks: • • • • 1. Viewing an instance 1. select an object by clicking its link. 4. Click the History tab. Click the History tab. This file appears when you click a program instance in the object History. Pause. the system schedules the object to be run immediately. see “Sending an object or instance” on page 420. To view an instance Select a object in the Objects management area of the CMC. To select all instances. Select an instance or instances by selecting the appropriate check boxes. Click either Run Now. 496 BusinessObjects Enterprise Administrator’s Guide . or Delete. click Refresh. click the check box in the column heading. 3.18 Scheduling Objects Managing instances instances exist as records in the object history. The scheduled job will have a status of Pending. 2.

Click Pause.Scheduling Objects Managing instances 18 The History page appears. you can resume the scheduled object. For example. Access the Instance Manager by clicking its link in the Administrative Tools area of the BusinessObjects Enterprise Administration Launchpad. 3. This prevents the system from running the object. 3. Pause and resume can be applied to scheduled instances only. 2. click the instance you want to view. Click Resume. Select the check box for the scheduled instance you want to pause. To pause and resume an instance Go to the History page for an object. In the Instance Time column. 3. 2. When the job server is running again. Pausing or resuming an instance You can pause and then resume an instance as needed. if a job server is down for maintenance reasons. BusinessObjects Enterprise Administrator’s Guide 497 . you may want to pause a scheduled instance. 1. and the object from failing because the job server is not running. 1. Select the check box for the scheduled instance you want to resume. To resume an instance after pausing it Go to the History page for an object. that is. You can also use the Instance Manager tool to view a list of instances by status or by user. instances that have a status of Recurring or Pending.

users. Click Delete. that is. For information on setting folder limits. Setting instance limits for an object In the Limits page. To set limits for instances In the Objects management area of the CMC. which have a status of success of failed. see “Setting limits for folders. When you set limits at the folder level. 1. you can limit the number of instances that remain on the system for the object or for each user or group. 498 BusinessObjects Enterprise Administrator’s Guide . you can also limit the number of days that an instance remains on the system for a user or group. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. select an object by clicking its link. On the History tab. In addition to setting the limits for the objects from the Objects management area. Note: When you set the limits at the object level. click the Limits link. these limits will be in effect for all objects that reside within the folder (including any objects found within the subfolders). which have a status of recurring or pending. you can set the limits for the selected object and its instances. 1. To delete an instance Go to the History page for an object. 2. the object limits will override the limits set for the folder. At the object level. the object will not inherit the limits of the folder. and groups” on page 365. and report or program instances.18 Scheduling Objects Managing instances Deleting an instance You can delete instances from an object as needed. Select the check box for the instance or instances you want to delete. You can delete both scheduled instances. 2. you can also set limits at the folder level.

click Add/Remove in this area.Scheduling Objects Managing instances 18 The Limits page appears.) 4. Then type the maximum age of instances in the Maximum Days column. (The default value is 100.) • Delete instances after N days for the following users/groups To limit the number of days that instances are saved for users or groups. Then type the maximum number of instances that you want to remain on the system. Click Update. (The default value is 100. Then type the maximum number of instances in the Instance Limit column. 3. select this check box. (The default value is 100. The options are as follows: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object. Select from the available users and groups and click OK. Select from the available users and groups and click OK.) • Delete excess instances for the following users/groups To limit the number of instances for users or groups. click Add/ Remove in this area. BusinessObjects Enterprise Administrator’s Guide 499 . Make your settings according to the types of limits you want to set for your instances.

18 Scheduling Objects Managing instances 500 BusinessObjects Enterprise Administrator’s Guide .

Managing Calendars chapter .

502 BusinessObjects Enterprise Administrator’s Guide . they can use a calendar to run the job on a predefined set of dates. Calendars you create appear in the Calendar selection list available when you choose to schedule an object using a calendar. go to the Calendars management area to create new calendars and to modify existing calendars. By providing calendars for your users. you need to provide a name and description. You can set up as many calendars as you want in BusinessObjects Enterprise. you can create more complex processing schedules than you can with the standard scheduling options. and object packages. if you want a report object to run every business day except for your country’s statutory holidays. For example. on which the report object cannot be run. Tip: It is good practice to create a calendar for users to use as a template for creating new calendars. Calendars also allow you to create more complex processing schedules. Calendars are particularly useful when you want to run a recurring job on an irregular schedule. combining unique scheduling dates with recurring ones. program objects. For example. runs the job on the run dates as scheduled. Managing calendars includes: • • • • “Creating calendars” on page 502 “Adding dates to a calendar” on page 503 “Deleting calendars” on page 507 “Specifying calendar rights” on page 508 Creating calendars In the Central Management Console (CMC). including report objects. When you apply the calendar to a job. You can apply calendars to any object that can be scheduled. They can copy this template calendar and modify it as necessary. When users schedule objects. or if you want to provide users with sets of regular scheduling dates to choose from. BusinessObjects Enterprise will run the job every day you have specified as a “run” day in your calendar. you can create a default Weekdays calendar that includes all days as run dates except weekends and company holidays. you can create a calendar with the holidays marked as “non-run” days. When the calendar is created. you can add run dates to it using the Dates tab. A calendar is a customized list of run dates for scheduled jobs.19 Managing Calendars Overview Overview Calendars make it easy for you to schedule complex recurring jobs efficiently. To create a calendar.

4. Adding dates to a calendar You can add dates to a calendar using a number of different formats. For details. type the name and description of the new calendar. or you can choose recurring dates using general formats based on the day of the month or week. or monthly view of the calendar. Click the Dates tab. and its Properties tab is refreshed. 3. see “Adding dates to a calendar” on page 503. 3. quarterly. This example creates a calendar for Canadian employees that schedules an object on all weekdays except statutory Canadian holidays.Managing Calendars Adding dates to a calendar 19 1. Click New Calendar. 2. You can choose specific dates using a yearly. See “Recurring dates” on page 506. The new calendar is added to the system. You can now use the Dates tab to add run dates to this calendar. Click Update. 1. 2. To add dates to a calendar Go to the Calendars management area of the CMC. To create a calendar Go to the Calendars management area of the CMC. Click the link for the calendar you want to change. On the Properties tab. BusinessObjects Enterprise Administrator’s Guide 503 .

Week 1 starts on the Sunday of the week of the Start Date you specify. by Day of Week formats. To remove a run day. Click the days of the month that you want to include as run days for the calendar. You can change the displayed month using the Previous Month and Next Month buttons. • Monthly Monthly displays the calendar’s run dates for the current month. you can select multiple dates at once by clicking the row or column headings. 504 BusinessObjects Enterprise Administrator’s Guide . by Day of Week allows you to add general recurring dates based on the day of the week.19 Managing Calendars Adding dates to a calendar 4. 5. See also “Specific dates” on page 505 and “Recurring dates” on page 506. • Generic Monthly. where you can add run dates to specific days. click a month to open it in Monthly format. you can click the Previous Year and Next Year buttons. it does not display currently selected dates from the calendar. In the “Select a calendar displaying format” list. by Day of Month allows you to add general recurring dates based on the day of the month. The dates are applied to the months specified between the Start and End Dates. click Update. where you can add run dates to specific days. it only allows you to add new dates and update the schedule. Note that this format does not display the currently selected dates from the calendar. Tip: For the Monthly and Generic Monthly. by Day of Week Generic Monthly. This format allows you to add new dates and update the schedule. click a month to open it in Monthly format. To add a date from the Yearly format. The dates are applied to the months specified between the Start and End Dates. 6. You can change the displayed quarter using the Previous Quarter and Next Quarter buttons. • Quarterly Quarterly displays the calendar’s run dates for the current calendar quarter. click the day again. To add a date from the Quarterly format. • Generic Monthly. To add the new dates to the calendar. choose from one of the five calendar format options: • Yearly Yearly displays the calendar’s run dates for the year. To change the year displayed. by Day of Month Generic Monthly.

Note: When you change an existing calendar. you can change the displayed time range by clicking the previous and next buttons. Quarterly. Specific dates To add a specific date to a calendar. In all three formats. the Yearly format will automatically appear. You can add specific dates in the Monthly calendar format. BusinessObjects Enterprise checks all currently scheduled instances in your system. Objects that use the edited calendar are automatically updated to run on the revised date schedule. To add dates for the Yearly and Quarterly calendar formats. displaying the new dates.Managing Calendars Adding dates to a calendar 19 If you added dates using a generic format. The Yearly format displays the run schedule for the entire year. you can create a list of these dates in a “Shipping dates” calendar. The Shipping department can now check the inventory after each shipment by scheduling a report that uses the calendar to run at the end of each shipping day. and Monthly formats to add dates to the calendars. BusinessObjects Enterprise Administrator’s Guide 505 . For example. You can also view the Monthly format for the calendar. where you can select specific days as run dates. The Quarterly format displays the run dates for the current quarter. if your company ships products according to an irregular schedule that cannot be defined using the daily or weekly settings. which displays the run dates for the current month. click a month to open it in the Monthly format. use the Yearly.

Then. You can add the generic dates based on the day of the week or the day of the month. use the Generic Monthly. 506 BusinessObjects Enterprise Administrator’s Guide . use the generic Monthly formats. For example. Although you can set a recurring schedule using the standard scheduling options. by Day of Week format. You can also run instances on dates that do not follow the pattern by adding individual days to a calendar. and on the second and fourth Friday of every month. first create a new calendar object and name it.19 Managing Calendars Adding dates to a calendar Recurring dates To create a recurring pattern of monthly run dates. When you update the calendar. use the Generic Monthly. the generic formats are used to add dates to the calendar. by Day of Month format to add the first four days of the month to this calendar. Quarterly. to schedule a report object to run on the first four days of every month. or Monthly format. To view existing run dates. calendars allow you to specify several different recurring run patterns at once. you must use the Yearly. To add every second and fourth Friday to the calendar. the Yearly format appears with the new run dates.

3. Click Delete. and click OK to confirm. To ensure the objects continue to be run. change the scheduling information for the objects either by selecting a different calendar or a different recurrence pattern. 1. any objects that are scheduled according to the deleted calendar will be run one more time by the system. After that. BusinessObjects Enterprise Administrator’s Guide 507 . the system won’t be able to schedule the objects again. To delete a calendar Go to the Calendars management area of the CMC. because the calendar no longer exists. See “Scheduling objects” on page 466.Managing Calendars Deleting calendars 19 Deleting calendars When you delete a calendar. Tip: Select multiple check boxes to delete several calendars. 2. Select the check box associated with the calendar you want to delete.

inheriting rights from the users’ parent folders. 2.19 Managing Calendars Specifying calendar rights Specifying calendar rights You can grant or deny users and groups access to calendars. see “Rights and Access Levels” on page 563. Click the Rights tab. select Add/Remove Groups. select the Add Users operation. 8. By default. your finance team may use a series of financial tracking dates that aren’t useful for other departments. choose Advanced. 9. For example. 6. calendars are based on current security settings. The Add/Remove page appears. Add Users. 3. To choose specific rights. Select the calendar you want to grant access to. For complete details on the predefined access levels and advanced rights. 5. as required. or Remove Users. 508 BusinessObjects Enterprise Administrator’s Guide . 1. 7. To grant access to a calendar Go to the Calendars management area of the CMC. Click Add/Remove to add users or groups that you want to give access to the selected calendar. Select the user or group you want to grant access to the specified calendar. change the Access Level for each user or group. 10. Click OK. In the Select Operation list. Click Update. Users will only be able to see the calendars they have the rights to see. If you have many users on your system. Depending how you organize your calendars. 4. so you can use rights to hide calendars that aren’t applicable to a particular group. you may have specific sets of dates that you want to be available only for certain employees or departments. then use the “Look for” field to search for a particular account. On the Rights tab. Follow this procedure to change the rights for a calendar.

Managing Events chapter .

see “Custom events” on page 514. Working with events consists of two steps: creating an event and scheduling an object with events. or you might want a particular sales summary report to run only when a detailed sales report runs successfully. This chapter shows how to create events in the Events management area of the Central Management Console (CMC). schedule-based events allow you to set up contingencies or conditions between scheduled objects. • Schedule events When you define a schedule-based event. For instance. you might want certain large reports to run sequentially. For details. When the file appears. You can create three kinds of events: • File events When you define a file-based event. That is. see “Schedule-based events” on page 512. In this way. your custom event occurs only when you or another administrator clicks the corresponding “Trigger this event” button in the CMC. • Custom events When you create a custom event. you specify a filename that the Event Server should monitor for a particular file. you can select it as a dependency when you schedule an object.20 Managing Events Managing events overview Managing events overview Event-based scheduling provides you with additional control over scheduling objects: you can set up events so that objects are processed only after a specified event occurs. you create a shortcut for triggering an event manually. you might want to make some reports dependent upon the regular file output of other programs or scripts. Basically. you select an object whose existing recurrence schedule will serve as the trigger for your event. see “File-based events” on page 511. The scheduled job is then processed only when the event occurs. For details. For details. once you create an event. 510 BusinessObjects Enterprise Administrator’s Guide . the Event Server triggers the event. For instance.

and then schedule your daily reports with this event as a dependency. For instance. the event is not triggered. see “Scheduling an object with events” on page 473. see “Scheduling an object with events” on page 473. The New Event page appears. Click New Event. When the file that you specify appears. the event is triggered only when the file is removed and then recreated. In addition. 2. File-based events File-based events wait for a particular file (the trigger) to appear before the event occurs. To do this.Managing Events File-based events 20 When working with events. Before scheduling an object that waits for a file-based event to occur. the Event Server triggers the event. File-based events are monitored by the Event Server. Note: For information on scheduling an event-based object in the Objects management area of the CMC. Then you can schedule the object and select this event. you must remove and recreate the file each time. once a day (so long as the file that you specify appears every day). Note: If the file already exists prior to the creation of the event. the event is triggered and the reports are processed. the event must occur within the time frame established when you actually schedule the event-based report. For more information on scheduling an object with events. In this case. To create a file-based event Go to the Events management area of the CMC. you specify the log file in your file-based event. you must first create the file-based event in the Events management area of the CMC. 1. If you want an event to be triggered multiple times. For instance. The Central Management Server (CMS) then releases any schedule requests that are dependent on the event. When the log file appears. keep in mind that an object’s recurrence schedule still determines how frequently the object runs. a daily report that is dependent upon a file-based event will run. at most. suppose that you want your daily reports to run after your database analysis program has finished and written its automatic log file. BusinessObjects Enterprise Administrator’s Guide 511 .

The first object serves as the trigger for the event: when the object is processed. Ideally. select File. Type a name for the event in the Event Name field. a schedule-based event is triggered when a particular object has been processed.20 Managing Events Schedule-based events 3. Schedule-based events Schedule-based events are dependent upon scheduled objects. or it can be based simply on the completion of the job. Most importantly. Complete the Description field. The second object is 512 BusinessObjects Enterprise Administrator’s Guide . 8. When you create this type of event. 6. Type a filename in the Filename field. Note: Type the absolute path to the file that the Event Server should look for (for example. the directory should be on a local drive. The drive and directory that you specify must be visible to the Event Server. the event occurs. 5. select the Event Server that will monitor the specified file. it can be based on the success or failure of a scheduled object. Click OK. In the Server list. you must associate your schedule-based event with at least two scheduled objects. 4. In the Type list. That is. or /home/folder/filename). C:\folder\filename. 7.

For more information on scheduling objects with events. which means that the event is triggered only when program P1 runs successfully. Now. see “Scheduling an object with events” on page 473. the schedulebased event is triggered. and reports R1 and R2 are subsequently processed. 3. when program P1 runs successfully. this second object runs. and select your new schedule-based event as the dependency. Schedule program P1 with events. For instance. Then. Type a name for the event in the Event Name field. You specify the “Success” option for the event. The New Event page appears. BusinessObjects Enterprise Administrator’s Guide 513 . Complete the Description field. select Schedule. suppose that you want report objects R1 and R2 to run after program object P1 runs. To create a schedule-based event Go to the Events management area of the CMC. In the Type list. you create a schedule-based event in the Events management area. and set program P1 to trigger the schedule-based event upon successful completion. you schedule reports R1 and R2 with events. 2. Click New Event.Managing Events Schedule-based events 20 dependent upon the event: when the event occurs. 4. 1. 5. To do this.

see “Scheduling an object with events” on page 473. If you neglect to trigger the event in the morning and trigger it only in the afternoon. To do this. In the “Event based on” area. and schedule the reports with that event. 7. when you trigger the event again in the afternoon. create a new custom event. triggers any dependent schedule requests. the remaining set of programs is run. Custom events A custom event occurs only when you explicitly click its “Trigger this event” button. regardless of whether that object was processed successfully or not. 514 BusinessObjects Enterprise Administrator’s Guide . select from three options: • • • Success The event is triggered only upon successful completion of a specified object. Success or Failure The event is triggered upon completion of a specified object. you may have a scenario where you want to schedule a number of reports. For more information. When you update the data in the database and you need to run the reports. one set of programs is run. Failure The event is triggered only upon non-successful completion of a specified object. both sets of programs run at that time.20 Managing Events Custom events 6. Note: You can trigger a custom event multiple times. and one set runs in the afternoon. as required. As with all other events. Click OK. Tip: When developing your own web applications. return to the event in the CMC and trigger it manually. you can trigger Custom events from within your own code. For example. you might schedule two sets of event-based program objects to run daily—one set runs in the morning. BusinessObjects Enterprise then runs the reports. see the developer documentation available on your product CD. When you first trigger the related custom event in the morning. For more information on event-based scheduling. Custom events are useful because they allow you to set up a shortcut that. For instance. an object based on a custom event runs only when the event is triggered within the time frame established by the object’s schedule parameters. but you want to run them after you have updated information in your database. when clicked.

BusinessObjects Enterprise Administrator’s Guide 515 . so you can use rights to hide events that aren’t applicable to a particular group. 4. Users will only be able to see events they have the rights to see. 3. In the Event Name column. those events won’t appear for a user from the HRadmin group. inheriting rights from the users’ parent folders. Complete the Description field. 2. To trigger a custom event Go to the Events management area of the CMC. 1.” Specifying event rights You can grant or deny users and groups access to events. 2. Select the event you want to grant access to. Note: Before you trigger this custom event. schedule an object that is dependent upon this event. Click Trigger this event. To grant access to an event Go to the Events management area of the CMC.Managing Events Specifying event rights 20 1. you may want certain events to be triggered only by management or IT. Click the Rights tab. By default. 6. 3. 3. To create a custom event Go to the Events management area of the CMC. A message appears: “This event has been triggered. For example. Type a name for the event in the Event Name field. Click New Event. For example. 2. Follow this procedure to change the rights for an event. you may have specific events that you want to be available only for certain employees or departments. select Custom. 1. select a custom event by clicking its link. this makes the event list easier for the HRadmin group to navigate. 5. events are based on current security settings. Depending how you organize your events. by granting only the ITadmin group access to IT-related events. In the Type list. Click OK.

select Add/Remove Groups. Note: For complete details on the predefined access levels and advanced rights. change the Access Level for each user or group. 9. 7. To choose specific rights. On the Rights tab. as required. then use the “Look for” field to search for a particular account. Click OK. The Add/Remove page appears. select the Add Users operation. 8. 516 BusinessObjects Enterprise Administrator’s Guide . If you have many users on your system. 5. In the Select Operation list. 10. choose Advanced. or Remove Users. 6.20 Managing Events Specifying event rights 4. Add Users. 11. Click Add/Remove to add users or groups that you want to give access to the event. see “Rights and Access Levels” on page 563. Select the user or group you want to grant access to the specified event. Click Update.

General Troubleshooting chapter .

open the report in Crystal Reports on the server machine and check that you can refresh the report against the database. including operating system versions. In general. see “Report viewing and processing issues” on page 521. included with your product distribution. For details. Verify that the problem is reproducible. • • 518 BusinessObjects Enterprise Administrator’s Guide . If the problem is isolated to one machine. and appropriate server software. patch levels.21 General Troubleshooting Troubleshooting overview Troubleshooting overview BusinessObjects Enterprise is designed to integrate with a multitude of different operating systems. • If the problem relates to connectivity or functionality over the Web. This chapter includes general troubleshooting steps along with solutions to some specific configuration issues. Thus. Look for solutions in the documentation included with your product. If the problem relates to report viewing or report processing. On Windows. Use Crystal Reports to verify that the report can be viewed properly. see “Documentation resources” on page 519. see BusinessObjects Enterprise Installation Guide and “Web accessibility issues” on page 519. see if it runs on another. check that BusinessObjects Enterprise is integrated properly with your web environment. web servers.txt file. consult the Platforms. consider the following key points when troubleshooting: • Ensure that client and server machines are running supported operating systems. If the Job or Page Servers are running on Windows. network and firewall configurations. For instance. verify your database connectivity and functionality from each of the affected machines. pay close attention to any configuration differences in the two machines. if a report fails to run on one processing server. database servers. database clients. and take note of the exact steps that cause the problem to recur. For details. use the sample reports and sample data included with the product to confirm whether or not the same problem exists. database servers. any troubleshooting that you may need to undertake will likely reflect the particularities of your deployment environment. For details. and reporting environments. • • Determine whether the problem is isolated to one machine or is occurring on multiple machines. and general network integration. For details.

Web accessibility issues Using an IIS web site other than the default On Windows. or from within the CMC or InfoView.txt file. Restart the web server once you have made these changes. Additional Compiled HTML Help (CHM) files are provided with the following client tools: • • • • • Central Configuration Manager Publishing Wizard Repository Migration Wizard Import Wizard Crystal Report Offline Viewer Press F1 or click Help to launch the online help from within these applications. you must copy the virtual directory configuration from the default web site to the web site you are using. Access the HTML versions from the BusinessObjects Enterprise Administrator Launchpad. BusinessObjects Enterprise also sets up several application mappings on the default site. CHM and PDF files are located in the doc directory of your product distribution. user forums. as is the Platforms. the BusinessObjects Enterprise installation creates virtual directories on the Internet Information Server (IIS) “Default Web Site. BusinessObjects Enterprise also includes a number of manuals. files and updates. These documents list supported third-party software along with any known issues or implementation-specific configuration details. BusinessObjects Enterprise Administrator’s Guide 519 . For more information. see BusinessObjects Enterprise Installation Guide.General Troubleshooting Documentation resources 21 • Check out the Business Objects Customer Support technical support web site for white papers. These can be viewed and copied from the default web site to the web site you are using.” If you are using a web site other than the default.com/ Documentation resources The BusinessObjects Enterprise Release Notes are provided in the root directory of your product distribution.businessobjects. and Knowledge Base articles: http://support.

It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS. If your account is in any domain other than "DOMAIN NAME" you must enter your user name as DomainName\UserName. In addition. If Windows NT Integrated security (NT Challenge/Response) is enabled in Internet Information Services (IIS) and in the Web Component Adapter (WCA). Please make sure your logon information is correct. the following error message appears: Unable to connect to CMS (<servername>) to retrieve cluster members. Use the CCM to start the CMS. The web server and all BusinessObjects Enterprise components must be running on Windows NT/2000 for Windows NT authentication to work.) Windows NT authentication cannot log you on When you attempt to log on to the Central Management Console (CMC) or to InfoView. (If the CMS was already started. the following error occurs: NT Authentication could not log you on. Logon can not continue. Netscape users must provide a valid Windows NT user name in the form of Domain\User. It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS. Investigate these common solutions: • Ensure that the specified authentication type corresponds to the user name and password provided on the log on page. users must log on to the client machine with a valid NT domain user account before logging on to BusinessObjects Enterprise. This error may occur for various reasons.21 General Troubleshooting Web accessibility issues Unable to connect to CMS when logging on to the CMC If you attempt to log on to the CMC while the Central Management Server (CMS) is not running. Microsoft Internet Explorer users must provide a valid Windows NT user name. use the CCM to restart it. • • • • 520 BusinessObjects Enterprise Administrator’s Guide . Users must log on to BusinessObjects Enterprise with a valid Windows NT user name. then users must use Microsoft Internet Explorer. verify that the authentication type is set to Windows NT Authentication and not Enterprise. To log on with a Windows NT user name.

If the problem is isolated to one machine. and RAS machines in order to speed up the troubleshooting of reports and database connectivity. In this way. start Crystal Reports on the Page Server. compare the ODBC driver versions. the DSN configurations. take note of the database client and version you are running. If the report database server is on a remote machine. Note: The exact steps and menu options may differ. Troubleshooting reports with Crystal Reports On Windows. or save the report. the database server version that you are connecting to. but runs successfully when scheduled. For instance. In particular. If you follow these steps and the problem persists. depending on your version of Crystal Reports. and the accounts under which the processing servers are running. change the Page Server or Job Server to use a valid domain account with enough rights to view or process the report. if a report fails to run on one processing server. the drivers and versions. contact Business Objects technical support. it is especially useful to determine whether the problem is isolated to one machine or is occurring on multiple machines. Page Server. and general network integration. and the driver name and version that you are using to connect. you can install Crystal Reports on all Job Server. including operating system versions. If the report fails when viewed on demand. If the reports are based off ODBC data sources. By locating the step where Crystal Reports is unable to open. refresh. and the versions of the MDAC layer. Check to see if the Page Server or Job Server is running under an account that has the appropriate access rights to the report database server. pay close attention to any configuration differences in the two machines.General Troubleshooting Report viewing and processing issues 21 Report viewing and processing issues When troubleshooting reports. you may be able to locate the source of the problem. check the database client configurations. 1. or when a report is viewed on demand over the Web. Before you call. BusinessObjects Enterprise Administrator’s Guide 521 . patch levels. you use Crystal Reports to simulate the steps that are performed by the BusinessObjects Enterprise processing servers when a scheduled report is processed. see if it runs on another. start Crystal Reports on the Job Server. To troubleshoot a report Start Crystal Reports on the appropriate machine: • • If the report runs successfully on demand. but fails when scheduled.

If the report’s parameters or record selection need to be modified by BusinessObjects Enterprise users when they schedule or view the report. 2. the report’s SQL statement is evaluated at this time. 6. Note any ODBC errors that are produced. If you cannot log on to the database server. click Open. 4. Crystal Reports will report any errors that it encounters within the report (such as formulas. data begins to return to Crystal Reports. click Verify Database. If not. the temporary files increase in size. As this happens. start Crystal Reports on the RAS. 8. and other objects). 7. Check the join information. verify network connectivity between the server you are working on. If the SQL statement is valid. 522 BusinessObjects Enterprise Administrator’s Guide . Go to the last page of the report. Open the report from the CMS. Verify that the tables used in the report match the tables in the database. If the database credentials are valid. On the Database menu. first complete these troubleshooting steps on one processing server. Verify resource allocation in case the machine is running out of memory or disk space. then verify whether or not the problem is resolved on all processing servers. On the File menu. check these possible causes: • • • If the report fails. the CMS. if current data is not returned from the database. change the parameter values or record selection formula accordingly. Refresh the report and. Crystal Reports will report an error. If the values are invalid. Test your database connection and authentication. If you cannot open the report. 3. click Log On/Off Server. check the configuration of the database client software and ensure that the report contains a valid database user name and password.21 General Troubleshooting Report viewing and processing issues • • If the report fails when viewed on demand with the Advanced DHTML viewer. repeat the steps on a different processing server. Click Enterprise Folders and log on to your CMS. subreports. If the report fails in all cases. On the File menu. On the Database menu. Correct any issues reported by Crystal Reports. Export the report to Crystal Reports format (or any other desired format). and the Input File Repository Server. ensure that the database credentials provide READ rights to all tables in the report. and then save the report. 5. clear the “Save Data with Report” check box.

because users cannot impersonate services. 2. BusinessObjects Enterprise servers require access to various local and/ or remote resources and to the database server. For details. test database connectivity by opening the report in Crystal Reports on the server. see “Troubleshooting reports with Crystal Reports” on page 521. 3. Change the server’s logon account. This section provides a series of troubleshooting steps that should resolve this problem and others that are specific to reports and database connectivity. 1. see “Configuring Windows processing servers for your data source” on page 132. or schedule the report for processing. Job Server. Troubleshooting reports and looping database logon prompts A common issue when viewing reports over the Web is a persistent database logon prompt that is displayed repeatedly by the user’s browser. Repeat the activity that caused the original report to fail: view the report on demand over the Web. RAS. If the report now refreshes successfully. 10. Close the report. Experience shows that running the Page Server. or RAS machine. Close Crystal Reports. the report will not display. Job Server. 9. 12. To troubleshoot reports and looping database logon prompts Verify the report with Crystal Reports. Tip: Running a background application under an Administrator account does not inadvertently grant administrative privileges to another user. If you have the Crystal Reports Designer installed on the Page Server. 11. and Web Component Adapter (WCA) under a Domain Administrator account allows them to access the components necessary to connect successfully to data sources. save it back to the CMS. Regardless of the credentials provided by the user. This problem is typically caused by the configuration of the Page Server or the Report Application Server (RAS). Verify the server’s access to ODBC Data Source Names (DSNs).General Troubleshooting Report viewing and processing issues 21 This step ensures that Crystal Reports is able to create temporary files that are required in order to complete the processing of a report. To change a server’s logon account. Use Crystal Reports to verify the report. BusinessObjects Enterprise Administrator’s Guide 523 .

As in step 2. and set up each System DSN identically on every Job Server. Check whether or not NT authentication is performed by the database. For details. On Windows. Determine the configuration of the database client software. the processing server must have permission to access the corresponding DSN configuration. If the report is based off an ODBC data source. the BusinessObjects Enterprise services cannot use the database client software to communicate with the database. Sybase. many database clients store their configuration in the registry below HKEY_LOCAL_MACHINE. see “Configuring NTFS Permissions” on page 569. 5. Page Server. 524 BusinessObjects Enterprise Administrator’s Guide . For the minimum set of NTFS permissions required by BusinessObjects Enterprise. If you report against a database that uses NT authentication for access control (Microsoft SQL Server. see “Configuring Windows processing servers for your data source” on page 132.) To retain the access control levels that are set up within the database. If your database client stores its configuration below HKEY_CURRENT_USER. and RAS require Full Control or Special Access to the ODBC registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC. the Job Server. changing each server’s logon account to that of a Domain Administrator account should resolve such problems. depending upon the database that you are reporting off of. each server’s logon account determines the level of access it is granted by the database. Page Server. and so on). BusinessObjects Enterprise does not pass endusers’ NT tokens through to the database server. and RAS must run under a Windows NT/2000 domain user account that has access to the appropriate database tables. Insufficient NTFS rights on the server may cause a number of problems to arise when you view reports over the Web. The Job Server. and RAS machine that will process the report. you can instead change each ODBC DSN so that it implements SQL Server Login instead of NT authentication. Page Server. (In this scenario. 4. This information is stored in the Windows registry.21 General Troubleshooting Report viewing and processing issues Base reports off System DSNs (and not File or User DSNs).INI Consult your Windows documentation for information about working with the registry. 6. If you are not using ODBC. Verify the NTFS permissions granted to the Job Server. and RAS. the database client software must be installed on each machine that will process reports. Page Server. Additional configuration may be required.

if you design a report off a PC database that resides on a network drive. ensure that the report references its data source with the appropriate UNC path. see “Ensuring that server resources are available on local drives” on page 526. see “Modifying Page Server performance settings” on page 115. Multi-threaded database drivers allow the processing servers to connect to the database without having to wait for the database to fulfill initial requests. Use multi-threaded database drivers. However. you may need to perform additional configuration. it is recommended that you create System Environment variables if they do not already exist. If a database connection is not closed quickly. If all database client licenses are in use. A list of these thread-safe drivers is available in the Crystal Reports Release Notes. For details. For example. Therefore. Crystal Reports now includes a number of thread-safe native and OLEDB drivers. 11. Check that database connections are closed in a timely fashion. Reference remote data sources with UNC paths. Check for problems with particular data sources. 10. the database may not service another request until the connection has been closed. ODBC connections are typically recommended because they provide multithreaded connections to the database. BusinessObjects Enterprise servers are generally most affected by the TMP and TEMP environment variables. On Windows. Environment variables are used by the operating system to govern and manage system files for particular users. Consult your Windows documentation for details. To decrease the “Minutes Before an Idle Job is Closed” setting. Ensure that servers have access to remote databases through UNC paths. If your report is based on a Lotus Notes database.General Troubleshooting Report viewing and processing issues 21 7. instead of through mapped drives. Ensure that you have enough database client licenses. they cannot access the User Environment variables that are created by default. Download the latest instructions from the Business Objects Customer Support Knowledge Base. BusinessObjects Enterprise Administrator’s Guide 525 . Because the servers are run as services. Check the available environment variables. 12. the BusinessObjects Enterprise servers are unable to retrieve data from the database. 8. 9.

or the directory from which the Job Servers load processing extensions. check the Knowledge Base for the latest information.21 General Troubleshooting Report viewing and processing issues IBM offers several client applications for connecting to DB2. many can be configured to use specific directories to store files. see “Configuring Windows processing servers for your data source” on page 132. the service must run under a domain user account with network permissions. For details. but. servers cannot access mapped resources when the machine is restarted. you can specify the root directory for each File Repository Server. do not configure the servers to access network resources in this manner. So. For example. the servers may retain access to the mapped drive for some time (Windows will release the drive mapping if no application maintains a persistent connection to the mapped resource). the server may appear to function correctly. See the Business Objects Customer Support Knowledge Base for discussions of this and other DB2 clients. because UNC paths can limit performance due to limitations in the underlying protocol. When you log off the local machine. If you encounter problems with any other specific data sources. and hence to the BusinessObjects Enterprise servers running on the local machine. the directory that you specify must be on a local drive (such as C:\InputFRS or C:\Cache). when you restart the local machine. Note: Changing a server’s log on account from the LocalSystem account to a Windows NT/2000 user account with network privileges will not resolve the problem. the mapped drive is accessible to the LocalSystem account. Tip: If your report runs against a PC database that resides on a network drive. In this case. However. because the servers do not actually log on to the network with that 526 BusinessObjects Enterprise Administrator’s Guide . the temporary directories for the Cache and Page Servers. it is available to the entire operating system. The recommended client is IBM DB2 Direct Connect. then the report itself must reference its data source through a UNC path. However. if you configure a server to use a mapped drive. when you log on and map a local or network drive. Although some BusinessObjects Enterprise servers can recognize and use UNC paths. the mapped drive is not restored until you log back on. Do not use Universal Naming Convention (UNC) paths or mapped drives. Use local drives instead. Ensuring that server resources are available on local drives When the BusinessObjects Enterprise servers are running on Windows. once a drive is mapped. In all cases. Similarly. whose ODBC drivers were written for actual programmatic interaction with products like BusinessObjects Enterprise. Drives are mapped according to your user profile when you log on to Windows NT/2000.

which is available as a Client Sample on the Crystal Enterprise User Launchpad. Instead. and that each user's InfoView preferences include the appropriate time-zone setting. use the Preferences Manager. A user can also select alternate destinations in InfoView by updating the Destination option. use the CCM to restart it. Instead. a report's destination that is set in the CMC will be the selected destination when a report is scheduled in InfoView. Please try to reconnect later. Use the CCM to start the Page Server and then enable it. see the BusinessObjects Enterprise SDK documentation. For more information about using specific time-zone properties in your custom web applications.) InfoView considerations Supporting users in multiple time zones Avoid granting Schedule access to the default Guest account if you deploy InfoView for users in different time zones. ensure that each user who is allowed to schedule reports has a dedicated account on the system. Dedicated accounts are recommended because the default Guest account does not allow users to modify account preferences that would affect other users.General Troubleshooting InfoView considerations 21 account. but not others (such as ODBC User Data Source Names and mapped drives). (If the Page Server was already started and enabled. when a user schedules another instance in InfoView. Page Server error when viewing a report When you attempt to run or preview a report.” This provides access to some profile-specific resources (such as printers and email profiles). If the user selects the Default destination setting in BusinessObjects Enterprise Administrator’s Guide 527 . [On Page Server : <servername>. Setting default report destinations By default. Note that the destination set in InfoView applies only to the scheduled instance. the destination that is set in the CMC will be selected. To view or modify the time-zone setting for any user account.Cacheserver] This error indicates that the Page Server is not started and enabled. unless the user changes the Destination option. Thus. the servers perform “account impersonation. the following error message appears: There are no Page Servers connected to the Cache Server or all the connected Page Servers are disabled.

21 General Troubleshooting InfoView considerations InfoView. reports are processed on the Job Server and sent to the File Repository Server. The Default destination setting in InfoView is equivalent to the Default destination setting in the CMC. 528 BusinessObjects Enterprise Administrator’s Guide .

Licensing Information chapter .

For example. For example. sessions. 530 BusinessObjects Enterprise Administrator’s Guide . Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. 500. Note: If you are upgrading from a trial version of the product. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. Processor licenses are based on the number of processors that are running BusinessObjects Enterprise. This type of licensing is very flexible because a small concurrent license can support a large user base. To determine the number of processor licenses you require. so users can create and modify reports over the Web in an ad hoc fashion. This provides named users with access to the system regardless of how many other people are connected. You may want to purchase named user licenses for people in your organization who require access to BusinessObjects Enterprise at all times. named. and processor licenses. and session handling see “BusinessObjects Enterprise Security Concepts” on page 227. BusinessObjects Enterprise Embedded or RAS Report Modification licenses enable the Report Application Server’s Software Development Kit (SDK) for report-creation. thereby providing you with tools for building your own webbased reporting and query tools. For more information about licenses. or 700 users depending on the frequency with which the system is accessed and the number and size of the reports. these licenses add standard report-creation and report-modification wizards to InfoView. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. a 100 user concurrent license could support 250. RAS Report Modification licenses are also available. In addition. you could purchase a named user license for each of the 25 managers and a concurrent license for 175 general users.22 Licensing Information Licensing overview Licensing overview BusinessObjects Enterprise is a scalable product that provides you with the ability to add license keys as the demand for report information increases in your organization. count the number of processors on any servers running any component of BusinessObjects Enterprise. You can purchase concurrent.

Select a license key. Go to the License Keys management area of the CMC. The details associated with the key appear in the Licensing Information area. To purchase additional license keys: • • Contact your Business Objects sales representative. Contact your regional office. 1.businessobjects. and processor licenses associated with each key.Licensing Information Accessing license information 22 Accessing license information The License Keys tab identifies the number of concurrent. 2. named. go to: http://www.com/company/contact_us/ BusinessObjects Enterprise Administrator’s Guide 531 . For details.

1. 532 BusinessObjects Enterprise Administrator’s Guide . 2. Type the key in the Add Key field. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. Note: Key codes are case-sensitive. This tab displays current license usage. along with additional job metrics.22 Licensing Information Adding a license key Adding a license key Note: If you are upgrading from a trial version of the product. Go to the License Keys management area of the CMC. 3. Click Add. The key is added to the list. 2. Go to the Settings management area of the CMC. Viewing current account activity 1. Click the Metrics tab.

Licensing Information Viewing current account activity 22 Feature Crystal Repository refresh Insert subreport Unicode support Setting locale of the Report Engine New viewer architecture Smart Tags Exporting page ranges New Excel export options OLAP integration Export drill down views Embed URL link to report in email Set database location Custom printer settings Java SDK .NET SDK RAS support for processing extensions Distributed servers Ability to define users/ personalization Concurrent users Third-party authentication support Events Object distribution (Destinations) BusinessObjects Enterprise Mobile Desktop Server group re-direction Express X X X X X X X X X X X X Professional X X X X X X X X X X X X X X X X X X X X X X X X X X X BusinessObjects Enterprise Administrator’s Guide 533 .

22 Licensing Information Viewing current account activity 534 BusinessObjects Enterprise Administrator’s Guide .

x to BusinessObjects XI appendix .BusinessObjects Enterprise Administrator’s Guide From BusinessObjects 6.

536 BusinessObjects Enterprise Administrator’s Guide .x suite.x In BusinessObjects XI • • • Designer Supervisor Supervisor over the Web • • • Designer Business View Manager Central Management Console Several applications allow you to add • Publishing Wizard objects to the repository. Several other applications allow you to add objects to the repository as well. InfoView • • • • • • • • • Web Intelligence Crystal Reports OLAP Intelligence OLAP Intelligence Designer Central Management Console (CMC) Developer Suite Performance Management (formerly Application Foundation) Data Integrator Import Wizard The Application Foundation suite and Data Integrator are available to complement the BusinessObjects 6. those in the BusinessObjects 6.x to BusinessObjects XI Product offering Product offering Here is a list of the applications in each version’s offering. Although the applications in each row belong to the same area of functionality. • • • • • • • • • • Administration Console Auditor InfoView BusinessObjects BusinessQuery WebIntelligence WebIntelligence for OLAP Data Sources Broadcast Agent Developer Suite • • • Central Configuration Manager Central Management Console Auditing is incorporated in the Central Management Console. but are not part of it.x column and those in the BusinessObjects XI column are not necessarily equivalent: In BusinessObjects 6.A From BusinessObjects 6.

x BusinessObjects 6. The database tier is made up of the databases containing the data used in documents and reports.From BusinessObjects 6. repository access.x is organized five logical layers: • • • • • The client tier contains products or features that run on the end-user’s computer (either as a standalone application or in the web browser). such as WISessionManager. The presentation layer contains the web and application servers. The application services layer provides the essential framework and services to the processing layer. WILoginServer. BusinessObjects Enterprise Administrator’s Guide 537 . as well as the additional components that implement business logic (portal workflows. The processing layer contains report engines. servlets.x to BusinessObjects XI Architecture A Architecture The overall architecture of the two systems is organized in a similar manner. portal pages. BusinessObjects 6.). etc. Dispatcher. and WIStorageManager. and HSAL). scheduling. as well as the Business Objects components hosted on them (server SDKs.

x processing layer.A From BusinessObjects 6. as well as the Business Objects components hosted on them.x context. managing audit information. rather than a provider of shared services such as WIQT.x system.x to BusinessObjects XI Architecture BusinessObjects XI BusinessObjects XI is organized into five tiers: • The client tier contains client applications. • The processing tier accesses the data and generates reports. In a BusinessObjects 6.x reports only. with each server processing requests for a specific type of object. There are no strict equivalents for these servers in the BusinessObjects 6. This layer contains fewer “servers.” or processes. routing requests to the appropriate processing layer services. maintaining security information. • The intelligence tier manages the BusinessObjects XI system. 538 BusinessObjects Enterprise Administrator’s Guide . Transactional workflows are therefore simplified. • The data tier is made up of the databases containing the data used in reports. than the BusinessObjects 6. and storing report instances for rapid report viewing. which plays a shared role in several types of processing workflows. this corresponds a dedicated role such as WIReportServer. • The application tier includes the web and application servers. which processes WebIntelligence 6.

). etc.x deployment.From BusinessObjects 6. It can also contain universe and document domains. they are made into folders in the CMS database. including users. groups. it also contains pointers to the physical objects. you can import its contents (user rights. security. The repository database actually contains the data associated with the security. In BusinessObjects XI The repository exists here as well. See “Migration” on page 542. Repository domains The repository must have a security domain.x suite uses a repository — a database that is stored in a relational database management system. as one of the databases maintained by the Central Management Server (CMS). universe and document domains.x Repository The BusinessObjects 6. Although the repository database stores specific information about the objects published to it. folders. categories and parameters. The repository is used to secure access to your data warehouse and to provide an infrastructure for distributing information to be shared by users. The CMS is the central service/daemon in the BusinessObjects Enterprise XI system (see its entry further along in this table). stored in storage associated with the File Repository Servers. universe UNV files and third-party documents. such as Web Intelligence WID files. When universe and document domains are imported from a BusinessObjects 6.x to BusinessObjects XI Basic terminology A Basic terminology Here are some of the main differences in terminology between the two releases: In BusinessObjects 6. it does not actually store physical copies of the objects. BusinessObjects Enterprise Administrator’s Guide 539 . servers. Although the security domain itself is not imported. Crystal Reports RPT files. Making sure the repository database has enough space is therefore critical.

the Business Objects server back end must be installed on the cluster’s primary node and all secondary nodes. the set of core processing modules enabled or disabled as a group). and as daemons under UNIX. In addition it maintains the repository and audit databases. The CMS serves as the central nervous system of the BusinessObjects Enterprise intelligence layer. Servers Processes in the BusinessObjects Enterprise XI system are called servers.x Business Objects servers At a minimum. They run as services under Windows. such as users/groups. Disabling the CMS is roughly equivalent to disabling the Session Stack (starting with version 6.1. This installs all the processing layer modules on the server machines. security levels. A few examples of modules are: Broadcast Agent Manager (which manages Schedulers) • WIStorageManager • • • • • A few examples of servers are: Job Server the File Repository Servers Web Intelligence Report Server WIReportServer 540 BusinessObjects Enterprise Administrator’s Guide . or server machines. not actual Business Objects servers. Modules Processes used in Business Objects transactions which can be configured through the Administration Console are called modules. The CMC’s ability to enable/disable and even group servers. and services. In BusinessObjects XI Central Management Servers (CMS) The CMS is a single service which provides framework services. for example. concerns processes.A From BusinessObjects 6. security management. administers scheduling tasks. and also is responsible for maintaining the database (CMS database) containing system information.x to BusinessObjects XI Basic terminology In BusinessObjects 6.

you central coordinator amongst all the nodes in the cluster. Both primary and secondary nodes are considered cluster nodes. are managed by the CMS. first installed CMS. which instructs the Job Server to process the job on a schedule managed by the CMS. BusinessObjects Enterprise Administrator’s Guide 541 . Other processes (servers) can be installed and run on other machines. on the other hand. When you add a new CMS to a deployment • The primary node serves as the containing a previously. it workload with any existing CMS machines.x Clusters A cluster is one or more Business Objects servers which provide the functional processing for a given BI portal. if CMS database and to share the processing the cluster contains only one node. Clusters can contain the following elements: The distinction between primary and secondary nodes does not apply. the new cluster is given the name of the is a primary node. The CMSs can be on the same machine or on different ones. By default. Schedule-based and custom events. prefaced by “@”. WebIntelligence Application servers Broadcast Agent Web Intelligence Web application servers Scheduling functions are handled by the CMS. Web Intelligence Report Server Public folder The Event Server manages file-based events. Each server hosts the entire set of Business Objects modules. it is called a distributed deployment. WIReportServer Corporate documents page File Watcher allows the processing of a scheduled task only when a specified file is present in a specified location.installed CMS. A CMS cluster is called an expanded deployment.x to BusinessObjects XI Basic terminology A In BusinessObjects 6. • Optional secondary nodes run the ORB components required to communicate with the primary node and start Business Objects processes on the secondary node(s). In BusinessObjects XI CMS clusters A Central Management Server cluster (CMS cluster) consists of two or more CMSs working together to maintain the system databases and repository.From BusinessObjects 6. This means that at a minimum only the CMS component must be installed and activated on the machine. There is one and instruct the new CMS to connect to the existing only one primary node in a cluster. the Session Stack must be activated in order for the server to contribute to cluster processing. When a cluster contains more than one server machine. as well as optional services.

x to BusinessObjects XI Migration Migration To import repository objects such as domains. Instructions are in the Report Migration Utility guide. • • • • Identification Strategy Logon Enable Real Time User Rights Update Enable Password Modification flag This maps to the User cannot change password property. which when True. users and groups. delivered with the BusinessObjects 6.A From BusinessObjects 6. documents. This property must be reset manually by the administrator at the global level. Password Validity settings 542 BusinessObjects Enterprise Administrator’s Guide .x.x to BusinessObjects Enterprise XI: Object User properties Specific migration information These properties are not mapped.5 suite. This Wizard and how to use it is described in the BusinessObjects Enterprise XI Installation Guide. universes. universe restriction sets. • WebIntelligence OLAP • • • • Custom applications and interfaces created using the SDK Broadcast Agent Scheduler or Publisher tasks BusinessObjects Auditor Timestamps Migration and mapping of specific objects Here is some important information about migrating specific objects from BusinessObjects 6. means what it says.rep documents to .wid format. you use the Import Wizard. you can use the Report Migration Utility. and reports from BusinessObjects 6. categories. Here is a summary of what the Import Wizard does and doesn’t import: The Import Wizard imports: The Import Wizard doesn’t import: • • • • • • Users and groups WebIntelligence reports Universes Connections Categories Security • BusinessObjects documents To migrate .

x domains. The Company group maps to the Everyone group. When you import corporate categories.x map to appropriately-named user groups. but instead simply granted the appropriate rights on all imported objects. Documents and universes cannot be imported unless their domain is imported as well.x user profiles map to default groups in the new system. where only the BusinessObjects administrator and their owners have access to them. After migration.x to BusinessObjects XI Migration A Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. Personal documents are imported to the user’s Favorites folder. For example. User profiles Groups External groups Inbox documents Personal documents Categories Domains BusinessObjects Enterprise Administrator’s Guide 543 . on the other hand.x continue to refer to them in BusinessObjects Enterprise XI. Dynamic groups are mapped with Enterprise authentication. Both personal and corporate categories are imported. General Supervisors become members of the Administrators groups. which manage all document instances that have been scheduled or published to the repository. Administrators need to create dynamic groups. object levels in BusinessObjects 6. they are also migrated to the File Repository Servers. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI. are not mapped to the Administrators group. Inbox documents are imported to the Inbox folder. Most BusinessObjects 6. Any personal or corporate categories that referred to these documents in BusinessObjects 6. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6. The Import Wizard maps static LDAP groups. Document and universe domains become folders with the same name. Supervisors. If Inbox already includes duplicate documents.From BusinessObjects 6.

x map to appropriately-named user groups. object levels in BusinessObjects 6. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6.A From BusinessObjects 6. When you import corporate categories. Most BusinessObjects 6. After migration. The Company group maps to the Everyone group. Document and universe domains become folders with the same name. are not mapped to the Administrators group. For example. Personal documents are imported to the user’s Favorites folder. Administrators need to create dynamic groups. but instead simply granted the appropriate rights on all imported objects. General Supervisors become members of the Administrators groups. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI.x to BusinessObjects XI Migration Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. on the other hand. they are also migrated to the File Repository Servers.x continue to refer to them in BusinessObjects Enterprise XI. Both personal and corporate categories are imported. Dynamic groups are mapped with Enterprise authentication. User profiles Groups External groups Inbox documents Personal documents Categories Domains 544 BusinessObjects Enterprise Administrator’s Guide . which manage all document instances that have been scheduled or published to the repository. where only the BusinessObjects administrator and their owners have access to them.x domains. Supervisors. Documents and universes cannot be imported unless their domain is imported as well. The Import Wizard maps static LDAP groups. Any personal or corporate categories that referred to these documents in BusinessObjects 6. If Inbox already includes duplicate documents. Inbox documents are imported to the Inbox folder. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels.x user profiles map to default groups in the new system.

Although this feature is mapped to the Delegated Administration feature in Business Objects Enterprise XI. Scope management Migration of user rights Key security features provided by BusinessObjects 6. BusinessObjects 6.g. events. It is recommended to verify effective rights on imported objects for “delegated administrators” after import and to set appropriate rights for access to objects that only exist in BusinessObjects Enterprise XI and not in BusinessObjects 6. General supervisors can limit other supervisors’ access by setting their scope management setting to Standard.). each of which defines a different level of access to user/group information and management. connection ID.x to BusinessObjects XI Migration A Object Universes Specific migration information Users can choose between importing all universes and connections.x (as applied to the integrated components) are available in BusinessObjects XI. the two features are not strictly equivalent. Import attempts to set rights in the destination deployment that are at least as restrictive as the effective rights in the source deployment.x (e. in particular. or only those associated with the WebIntelligence reports being imported. etc.From BusinessObjects 6. A delegated administrator may nonetheless be able to view imported objects (such as connections) that were previously hidden in the source deployment. WebIntelligence documents that used a BusinessObjects 6. imported “delegated administrators” will inherit the rights specified for the Everyone group for access to such objects.x universe use the same universe in BusinessObjects Enterprise XI.x universe IDs are updated to BusinessObjects Enterprise XI IDs and CUIDs: • For universes: Universe ID. BusinessObjects Enterprise Administrator’s Guide 545 . and Performance Manager applications. Delegated Administration does not support “modes”. By default. Secured or Extended mode. BusinessObjects XI provides the ability to specify global rights for Web Intelligence. Along with the ability to specify rights at the object level. This is true for all restrictions that limit modification and administration of objects. and core universe ID • For Web Intelligence reports: universe ID Scope management is a Supervisor option which allows you to control the extent of the access that all supervisors are granted to users and user groups. Dashboard Manager. calendars.

x to BusinessObjects XI Migration The following identifies the migration path for integrated rights: Right Type in BusinessObjects 6.x) Product Access (PA) Right Default Value in Version 6. then denied Denied Denied 546 BusinessObjects Enterprise Administrator’s Guide . then denied Domain Access Right Document/ Universe Access Right Granted Denied If granted (or unspecified) anywhere: granted If granted anywhere: granted If unspecified or denied anywhere.. then disabled Otherwise. domain folder. then denied Granted Denied (The Designer and Supervisor PA right is set to Denied on the root folder at install time.x Rules in Version XI If granted (or unspecified) anywhere: granted If unspecified or denied anywhere.A From BusinessObjects 6. then hidden If disabled anywhere. enabled • • Hidden in 6. then denied If unspecified or denied anywhere. or content object Right to view domain folder Right to view content object Different default and aggregate rules The fundamental default and aggregate rules governing rights change radically in BusinessObjects Enterprise XI. Product Access (PA) right Security Command right Domain Access right Document/Universe Access right Right to view application object Right to application object.x = denied in XI If unspecified or denied anywhere.x Migrated to BusinessObjects Enterprise XI as..) Enabled Denied Security Command Right • • • If hidden anywhere.x Default Value in Version XI Aggregation Rules Aggregation in Version 6. to maintain greater system security: Right Type (6.

5 supports heterogeneous clusters. or you can install on additional machines to distribute the load. BusinessObjects Enterprise Administrator’s Guide 547 . The CMS does not need to run on each machine. such as the Job Server. To add a cluster node. This installs the entire set of processes required for system processing on each machine. in which Business Objects servers are hosted on Windows and UNIX machines. The other “servers” in the intelligence layer. and deployment: In BusinessObjects 6.x to BusinessObjects XI Installation. At a minimum. In BusinessObjects XI The CMS “servers” in a BusinessObjects Enterprise XI cluster must all be running on machines running the same operating system and version. configuration.From BusinessObjects 6. This capability offers you the ability to scale your system vertically (more services on the same machine) or horizontally (more machines). and deployment A Installation. you must install Business Objects server on the node machine. and deployment Here is an overview of key differences in installation. configuration. Initial installation options • Desktop • • Server Custom • • • • • Client Server The Server option provides three installation options: New Expand Custom Distributed deployments To distribute processing.x Server operating systems BusinessObjects 6. you add additional cluster nodes to a cluster. can be hosted on machines running completely different (but supported) operating systems. however. configuration. the Session Stack must be activated on each cluster node to share the transaction load. You can distribute a single deployment’s transactional capabilities on the same machine by creating multiple instances of a “server”.

if you install a Central Management Server in a Windows environment. or by configuring the ORB manually. For information on deploying web For information on deploying web applications on application servers. In a New server installation. MySQL is installed.x Installation and the repository Repository creation is completely independent of the installation of Business Objects software. For example. see “Deploying web applications” on page 550 applications” on page 550 in this table. Not all applications require the WCA. When you perform this installation. which includes the repository. and to host the Central Management Console. the client and server components are installed. and you do not choose to connect the CMS to an existing database. Command-line installation Application servers Application servers communicate with the Business Objects cluster through the ORB. configuration. Silent installation You must install a Web Component Adapter (WCA) on any machine hosting an application server. in this table. you can select or create a new CMS database at any time using the Central Configuration Manager (CCM). see “Deploying web applications on application servers. is an integral part of BusinessObjects Enterprise installation. In BusinessObjects XI Setting up the CMS database. In similar circumstances in UNIX environments.A From BusinessObjects 6. You configure the ORB on the application server machine either by installing the Configuration Tool on that machine. and the sample reports are published to the system. and deployment In BusinessObjects 6. If the application server is hosted on a machine which is neither a primary nor secondary node. After installation. the servers are started as services on the local machine. you must configure the ORB on it in order to allow it to communicate with the cluster.x to BusinessObjects XI Installation. the default user and group accounts are created. 548 BusinessObjects Enterprise Administrator’s Guide . When the installation is complete. Installing BusinessObjects Enterprise XI on the same machine as the application server is called a server-side installation. the installation procedure automatically installs and configures Microsoft Data Engine (MSDE) as the CMS database. then using it to configure the server as a client node of the cluster. InfoView doesn’t need it unless users will be viewing OLAP Intelligence documents. The WCA allows your application server to run BusinessObjects Enterprise applications making Crystal Web Requests.

in this table. as well as add or delete them. You configure the cluster’s primary node and then its secondary nodes. OLAP Intelligence is installed separately. When you install the first Central Management Server (typically a New install). In BusinessObjects XI If you connect BusinessObjects Enterprise to a web server. see “Deploying web applications” on “Deploying web applications” on page 550 page 550 in this table. and deployment A In BusinessObjects 6.x Web servers To configure the web server to work with a cluster. see web servers. This creates a cluster of one and sets the cluster up for subsequent Expand installs. the web server must be able to communicate with the machine that runs your Web Component Adapter (WCA). For information on deploying web For information on deploying web applications on applications on web servers. using the CMC. You can view your deployment’s current license keys. you copy your license key to a directory to which all nodes or application client machines have access. you must install a third-party connector to the cluster’s application server. OLAP You install Web Intelligence for OLAP Data Sources using the standard installation process. you specify the name of the first CMS you installed.x to BusinessObjects XI Installation. you can define it as a cluster. At the installation of each additional CMS. During installation. configuration. you specify where these XML files are located.From BusinessObjects 6. This makes it part of the cluster. Configuring clusters and the ORB You create clusters and configure their ORB on their nodes using the Configuration Tool. BusinessObjects Enterprise Administrator’s Guide 549 . License key management Before installation. which add additional CMSs to the cluster. License keys are stored in the CMS database. The subsequent machines on which you install the CMS become part of a CMS cluster named <@Name of First CMS>.

Repository creation You create the repository after installation and configuration. you must copy the bomain. a command-line utility that you can run on all other supported application and/ or web servers. configuration. you define the connection to the initial CMS’s database. and deployment In BusinessObjects 6. This allows the server to connect to it.key file corresponding to the repository on each node in the cluster. • You can use the wdeploy tool. the Configuration Tool can deploy the applications automatically on web and application servers. unless you are deploying to an existing Java application server. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database. 550 BusinessObjects Enterprise Administrator’s Guide .x In BusinessObjects XI • • • • • Available web applications Administration Console InfoView Auditor Supervisor over the Web • • • • Central Management Console InfoView Performance Manager applications (formerly Application Foundation). If you do not have a supported database client on the machine. To use your own database server. J2EE only Custom web applications developed using the SDK Custom web applications developed using the SDK Although not part of the BusinessObjects 6. the Business Objects web applications are deployed automatically on the web and/or application server. Whenever you add a new CMS to a cluster in an Expand installation. Application Foundation applications can also be deployed. you must deploy web applications manually. using the Supervisor application. This database will be configured during the install. After repository creation.x to BusinessObjects XI Installation.x suite. If you choose a New installation and are using IIS or Apache/Tomcat. empty database on your database server prior to running the installation.A From BusinessObjects 6. Otherwise. Deploying web applications You can deploy web applications in three ways: • If you’re using IIS or Tomcat/Apache. • You can manually deploy the application on all other supported web and/or application servers. you must create a new.

The single exception is the Central Management Server.5 also supports multiple Business Objects servers on the same UNIX box. External then Repository.x applications use a very different security model than that provided with BusinessObjects Enterprise XI. which can All CMS databases must support the Unicode protocol. BusinessObjects. then its source.x to BusinessObjects XI Security A In BusinessObjects 6. when you create the user’s account. You use the Administration Console to set the number of instances in each process pool.exe (Windows)/bolight (UNIX). administrators of BusinessObjects 6. The use of Unicode databases. store information in different languages and centralize all the information in a company. which can be Repository. and WIReportServer. or on separate machines (for horizontal scaling). authentication is defined for an entire cluster and/or all desktop users. You can choose between Microsoft AD or an LDAP user management system for external authentication sources. You implement an authentication method for each user. Connection Server.1. which must run on the same operating system within a single cluster. security is much more granular. are designed to be multi-instance on cluster nodes. they specify their username and password. BusinessObjects Enterprise Administrator’s Guide 551 . but may enter their authentication method as well. or External. and as such. Security BusinessObjects 6. Unicode databases In BusinessObjects XI Multiple instances of the same service can run on the same machine (providing vertical scaling).x. Implementing an authentication method is broken down into selecting an authentication mode. BusinessObjects 6. in any mixture of supported operating systems. Through BusinessObjects 6.From BusinessObjects 6. certain modules such as WIQT.5.x Multiple service instances In BusinessObjects 6. In BusinessObjects XI. Unicode databases are not supported for repositories or BusinessObjects documents. is supported as a data source for Web Intelligence reports. When users log into the system.x systems are encouraged to read with attention the documentation shipped with BusinessObjects Enterprise XI.

x to BusinessObjects XI Security In BusinessObjects 6. you don’t need to create the settings for each user individually. or authentication modes. You configure authentication in the Authentication management area of the CMC. At login. using the CMC. Setting the authentication and authorization methods Up through version 6. you set authentication/authorization for the entire cluster using the Security Configuration Tool. So if you are not using complex scenarios in which users can log on with both NT and LDAP authentications. Windows NT or Active Directory. or create new aliases then assign them to exiting users in the system. 552 BusinessObjects Enterprise Administrator’s Guide .key file. Each CMS is configured either at installation or subsequently using the Central Management Console (CMC) to connect to a specific database. You select the authentication method for each user at the creation of the user’s account.key The bomain. users are automatically created. Configuring authentication and authorization You set authentication/authorization for the entire cluster using the Security Configuration Tool. the Central applications where to find the repository’s management Server (CMS) verifies the user security domain.1.5.A From BusinessObjects 6. You can even assign multiple aliases. to a single user.x In BusinessObjects XI bomain. If you import external users via LDAP. name and password against the security information stored in the CMS database.key tells Business Objects There is no bomain.

x) Windows NT authentication Single-Sign-On (SSO) To enable SSO. For example. You can apply user. but not create documents. such as SAP authentication. the restriction will apply regardless of the documents being used. categories. Because of the use of Access Control Lists (ACL). but is available for certain authentication modes. for example. group. that you could allow a group to refresh document A. you must use LDAP for external user management. and similar to Business Objects standard in version 6. if you grant a group the right to refresh. an industry standard method of controlling cascading security access. and role level security at the object level. to documents. and connections. This means. Single Sign-On is not a mode in itself. End-to-end single sign-on includes SSO to the database at the back end. you must use Netegrity SiteMinder. See below.x In BusinessObjects XI • • • • Available authentication modes Business Objects standard Windows-NTLM (similar to BusinessObjects XI Windows NT authentication) Single Sign-On • LDAP authentication Basic authentication (user Windows AD authentication authentication is delegated to the web server) Other authentication modes are available through add-in products. universes. BusinessObjects Enterprise Administrator’s Guide 553 . You cannot restrict access at the object level. Single Sign-On to BusinessObjects Enterprise can be provided through the use of third-party systems such as Windows AD or Netegrity SiteMinder.x to BusinessObjects XI Security A In BusinessObjects 6. the imposition of restrictions is much more granular. Note: If you use SiteMinder. • • • Enterprise authentication (automatically enabled when you install the system. but not refresh document B.From BusinessObjects 6. Authorization You can use security commands in Supervisor to restrict user and group access to functionalities in Business Objects products. folders.

At first. universes. users and groups. and more. organize. In addition. The CCM comes in two forms. It also allows you to publish. This tool allows you to start. SOCKS server connections. In a UNIX environment. on Windows the CCM allows you to add servers to.sh) allows you to manage servers from a command line. • The Central Configuration Manager The CCM is a server-management tool that allows you to view and configure each of your BusinessObjects Enterprise server components while Business Objects servers are offline.x to BusinessObjects XI Administration Administration The administrative model applied to BusinessObjects Enterprise XI is very different from the BusinessObjects 6. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. whenever the Central Management Server (CMS) is running. stop. You can then connect to servers on a remote machine. the CCM takes into account only the servers running locally. and disable Business Objects servers. the CCM shell script (ccm. or remove servers from your BusinessObjects Enterprise system. as well as view and configure advanced server settings. This section covers administrative tasks concerning the repository. the CMC enables you to manage servers and create server groups. enable. CMS database and clustering details. Additionally. 554 BusinessObjects Enterprise Administrator’s Guide . • The Central Management Console (CMC) The CMC allows you to perform user management tasks such as setting up authentication and adding users and groups. On Windows. and set security levels for all of your BusinessObjects Enterprise content. server and cluster management. these settings include default port numbers.A From BusinessObjects 6. and auditing. In a Windows environment.x model.

To use your own database server. BusinessObjects Enterprise Administrator’s Guide 555 . an additional group called Business Objects NT Users is also created.x Repository creation and management You create your cluster’s repository after Business Objects installation and configuration. You use the CMC. Whenever you add a new CMS to a cluster in an Expand installation.From BusinessObjects 6. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database. Two default groups are automatically created at installation: • Administrators • Using Designer You can use Designer in online or offline mode. User/group creation and management You use Supervisor or Supervisor over the Web. using the Supervisor application. you define the connection to the initial CMS’s database. you cannot work on a universe.x to BusinessObjects XI Administration A In BusinessObjects 6. This database will be configured during the install. You can use Designer in online mode only. you must create a new. repository. This means that unless you are logged into the repository. an initial Administrator and Guest account is is created when you create the created at installation. In BusinessObjects XI If you do not have a supported database client on the machine. A “company name” group is automatically created at repository creation. This allows the server to connect to it. empty database on your database server prior to running the installation. Everyone If you’re using Windows NT/2000. An initial General Supervisor account By default.

printers and file servers. you use the Central Configuration Manager (CCM) to disable a Central Management Server (CMS). Because the scheduler is incorporated into the CMS. and local time. 556 BusinessObjects Enterprise Administrator’s Guide .x Cluster start/stop Under Windows. but this refers to what BusinessObjects 6. you use the cms. Under UNIX. You can also use the CMC to view server metrics. Server settings management You use the Administration Console. including information about the machine that the server is running on—its name. Audit management You use the Audit facility in the Administration Console. and whether you are online or offline. not the actual cluster nodes. Setting up Broadcast Agent schedulers You create and manage schedulers using the Broadcast Agent Manager’s Properties page in the Administration Console. At installation. The CMC allows you to configure what information you want each server/service to audit. you start the cluster manually using the wstart command. operating system. regardless of the operating system. number of CPUs. free hard disk space. Caution: You can use the CMC to disable/enable and even group servers. you can also configure the server to start automatically at machine startup. total hard disk space.x users refer to as modules. total RAM. Cluster server enable/disable You use the Administration Console. You use the Central Management Console or the Central Configuration Manager. depending on the type of setting you want to define. You use the CMC.x to BusinessObjects XI Administration In BusinessObjects 6.A From BusinessObjects 6. you can use WINotify or the Start menu. Auditor is not part of this release. Note: You cannot use the Central Management Console (CMC) to stop a CMS. it comes automatically installed with BusinessObjects Enterprise XI and requires little or no additional configuration beyond setting up access to email servers. during installation. In Windows. In UNIX. You can also use the Auditor application for enhanced system monitoring and analysis. or use S99WebIntelligence to start it automatically on machine startup.sh script. Business Objects server to run automatically as a Windows service. you can also set the In BusinessObjects XI You use the CCM to stop a Central Management Server (CMS).

time in the CMC in the object’s History page. BusinessObjects Enterprise Administrator’s Guide 557 .x In BusinessObjects XI Viewing scheduled tasks You can view the full list of scheduled You cannot view a global list of scheduled jobs. You can modify the appearance and some functionality using the BusinessObjects Enterprise Applications management area in the CMC.x to BusinessObjects XI Administration A In BusinessObjects 6. as well as existing instances of the object (i. InfoView uses the locale specified on the web server. if they don’t. A sample application built using the Administration SDK and available from the BusinessObjects Enterprise User’s Launchpad also allows you to see all the jobs scheduled by any specific user. you can subsequently use the Site Properties tab in the Administration Console to modify it. you can also view a list of an object’s instances by looking at the object’s history. In InfoView. reports that have already been run and contain data). Users set the locale for their own interface in InfoView. documents and their status using the You can view the status of one scheduled object at a Broadcast Agent Console. InfoView appearance and functionality management You can use Supervisor security commands to prevent users from modifying the default settings in the InfoView Options page. Setting locale You set the cluster’s language at installation. You don’t specifically set the CMS locale. Users can set the language of their interface in InfoView. This list includes all scheduled jobs for the object.From BusinessObjects 6.e.

analysis.x to BusinessObjects XI Reporting. 558 BusinessObjects Enterprise Administrator’s Guide . InfoView InfoView is a web application that must be deployed after Business Objects installation using the Configuration Tool. wdeploy. distributing and scheduling corporate data: In BusinessObjects 6.x application. as well as XML and text files. analysis. information sharing This section includes information on available reporting tools. its interface is somewhat different from the BusinessObjects 6. The out-of-the-box portal in BusinessObjects Enterprise XI is also called InfoView. It can also use Business Views (the semantic layer from Crystal Enterprise) as a data source. or manual procedures. information sharing Reporting.A From BusinessObjects 6. It is available in JSP and ASP platforms. Available for both Java and . as well as enduser tasks such as accessing.x Reporting tools • BusinessObjects In BusinessObjects XI • • WebIntelligence WebIntelligence for OLAP Data Sources • • • • • Crystal Reports Web Intelligence OLAP Intelligence What reporting tools use universes? • BusinessObjects Crystal Reports Web Intelligence • WebIntelligence Crystal Reports can also connect directly to databases using a variety of methods including ODBC and native drivers.NET platforms.

You do this by enabling the security command Manage All Categories or Manage My Categories. These folders are organized within the CMC as User folders. BusinessObjects. while categories simply point to objects. You can set limits on folders. you can grant specific users or groups the right to create categories. As a general supervisor or supervisor. or InfoView (with reduced management capabilities) or Supervisor. and to rename and delete the categories they create. In the CMC you can restrict users’ and/or groups’ access to categories and folders.x categories. which automate regular clean-ups of old Business Objects content by eliminating excess instances of particular objects. Folders contain actual copies of objects. from BusinessObjects or WebIntelligence. • Categories are equivalent to BusinessObjects 6. In BusinessObjects XI BusinessObjects Enterprise XI uses both categories and folders to organize documents. Folders are created and managed from the CMC.x Categories Within InfoView. while categories are used more for the classifying information regardless of its storage location.x to BusinessObjects XI Reporting. you can use categories to organize documents on a particular document list page. There are two types of categories: • Corporate There are two kinds of categories: • Corporate • Personal • Personal Corporate categories can be created Corporate categories can be created either in from InfoView. called Personal Folders. You can use security commands to restrict access to corporate categories. these folders are called Favorites folders. BusinessObjects Enterprise Administrator’s Guide 559 . Within InfoView. Folders are used for the storage location of information. analysis. or object instances which have remained more than the specified number of days in the folder. information sharing A In BusinessObjects 6. • BusinessObjects Enterprise XI automatically creates a folder for each user in the system.From BusinessObjects 6. from the CMC (full management capabilities).

information sharing In BusinessObjects 6.x to BusinessObjects XI Reporting. 560 BusinessObjects Enterprise Administrator’s Guide . or from InfoView. analysis.A From BusinessObjects 6.x Scheduling You schedule for refresh documents and files either from 2-tier deployments of BusinessObjects. In BusinessObjects XI You schedule for refresh objects from the CMC or from InfoView.

x to BusinessObjects XI Reporting. information sharing A In BusinessObjects 6. Use the Central Management Console (CMC) when you are: • Publishing a single object. Java programs. Upload documents stored on your local computer when you’re using InfoView. Use Designer to export universes to the repository.and 3-tier deployments of BusinessObjects • Are adding multiple objects or an entire directory. BusinessObjects Enterprise Administrator’s Guide 561 . You can publish objects to BusinessObjects Enterprise in several ways. Use the Publishing Wizard when you: • Have access to the locally installed application.x In BusinessObjects XI • • • You can schedule: BusinessObjects documents WebIntelligence reports WebIntelligence OLAP reports • • You can schedule: Crystal reports Web Intelligence reports You can also schedule program objects. Publishing to the repository You add objects to the repository by: • Exporting universes from Designer or Supervisor • Adding users and groups and managing security settings from Supervisor and/or Supervisor over the Web • Saving documents to the repository from InfoView • Publishing documents from 2. • • • Taking care of other administrative tasks. Performing tasks remotely. such as executables. or scripts (Jscripts and VBscripts) to run at specified times.From BusinessObjects 6. • Using the OLAP Intelligence Application Designer. analysis.x or Crystal Enterprise 10. Save directly to your Enterprise folders when you are: Designing reports with Crystal Reports or Web Intelligence. • Creating other objects with BusinessObjects Enterprise plug-in components. Use the Import Wizard to migrate objects to a BusinessObjects Enterprise XI repository from BusinessObjects 6. The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add any supported document to BusinessObjects Enterprise.

COM 562 BusinessObjects Enterprise Administrator’s Guide .NET .x to BusinessObjects XI SDK SDK In BusinessObjects 6.A From BusinessObjects 6.x Development platforms • Java In BusinessObjects XI • WebServices • • • • Java WebServices .

Rights and Access Levels appendix .

B Rights and Access Levels Rights Rights This table lists the rights available within the Advanced Rights page of the Central Management Console (CMC). Other BusinessObjects Enterprise plug-in components may in future add their own. Description used in the CMC Respect current security by inheriting rights from parent groups Respect current security by inheriting rights from parent folders Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Define server groups to process jobs Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data View objects that the user owns Edit objects that the user owns Modify the rights users have to objects that the user owns Name used in the SDK AdvancedInheritGroups AdvancedInheritFolders ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightPickMachines ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerView ceRightOwnerEdit ceRightOwnerModifyRights 564 BusinessObjects Enterprise Administrator’s Guide . object-specific rights to this list. The table matches the descriptions used in the CMC with the programmatic name that developers use when assigning rights with the BusinessObjects Enterprise SDK.

rights are neither explicitly granted nor explicitly denied. see “Object rights for the Report Application Server” on page 568. the system denies the right by default. That is. When rights are unspecified. Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS). View Description used in the CMC View objects View document instances Name used in the SDK ceRightView ceRightViewInstance Schedule Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines BusinessObjects Enterprise Administrator’s Guide 565 .Rights and Access Levels Access levels B Description used in the CMC Delete objects that the user owns Delete instances that the user owns View document instances that the user owns Name used in the SDK ceRightOwnerDelete ceRightOwnerDeleteInstance ceRightOwnerViewInstance Pause and resume document instances ceRightOwnerPauseResume that the user owns Schedule Access levels This section lists the rights that constitute each of the predefined access levels that are available through the Advanced Rights page of the Central Management Console (CMC). For details. No Access This access level ensures that all rights remain unspecified.

B Rights and Access Levels Access levels Description used in the CMC Copy objects to another folder Schedule to destinations View document instances Print the report’s data Export the report’s data Edit objects that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerPauseResumeSchedule Delete instances that the user owns ceRightOwnerDeleteInstance View On Demand Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Copy objects to another folder Schedule to destinations View document instances Print the report’s data Refresh the report’s data Export the report’s data Edit objects that the user owns Delete instances that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerDeleteInstance ceRightOwnerPauseResumeSchedule 566 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide 567 .Rights and Access Levels Default rights on the top-level folder B Full Control Description used in the CMC Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data Name used in the SDK ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport Define server groups to process jobs ceRightPickMachines Default rights on the top-level folder The top-level BusinessObjects Enterprise folder serves as the root for all other folders and objects that you add to the system. The Administrators group is granted the Full Control access level. This folder provides the following rights by default: • • The Everyone group is granted the Schedule access level.

You must also grant users a minimum set of object rights. you must have RAS Report Modification licenses available on your system. but View On Demand is required to actually use the advanced search features. if users already have View On Demand rights to a report object. The extra Edit objects right is not required. 568 BusinessObjects Enterprise Administrator’s Guide . When you grant users these rights to a report object. scheduling. the View access level is sufficient to display the report. For instance. Tip: For more information about RAS Report Modification licenses.B Rights and Access Levels Object rights for the Report Application Server Object rights for the Report Application Server To allow users to create or modify reports over the Web through the Report Application Server (RAS). it’s recommended that you first assign the appropriate access level and update your changes. printing. and so on). To ensure that users retain the ability to perform additional reporting tasks (such as copying. they can select the report as a data source for a new report or modify the report directly: • • • • View objects (or “View document instances”. Then. you allow them to modify the report by changing the access level to Advanced and explicitly granting the additional Edit objects right. and add any of the required rights that are not already granted. change the access level to Advanced. see “Licensing overview” on page 530. as appropriate) Edit objects Refresh the report’s data Export the report’s data User must also have permission to add objects to at least one folder before they can save new reports back to BusinessObjects Enterprise. When users view reports through the Advanced DHTML viewer and the RAS.

Configuring NTFS Permissions appendix .

You may need to change the user account or change the NTFS access for particular files and folders. If a BusinessObjects Enterprise component is running on a user account that does not have the required NTFS permissions. NTFS provides security for file storage in Microsoft Windows. see “Changing the server user account” on page 146. For information on changing NTFS permissions. and make sure the user account has the required NTFS permissions. see the Microsoft Windows help. To troubleshoot NTFS permissions. For example.C Configuring NTFS Permissions Configuring NTFS permissions Configuring NTFS permissions When you view reports over the Web. Configuring NTFS permissions for BusinessObjects Enterprise components Each component requires a user account with certain NTFS access rights to specific files and folders. ensure that each BusinessObjects Enterprise component uses an account with the appropriate permissions. 570 BusinessObjects Enterprise Administrator’s Guide . a report may not appear in the viewer. Ensure that each component is running on the correct user account. even after you repeatedly enter the correct database logon information. For details on changing server user accounts. users may be unable to access reports over the Web. insufficient New Technology File System (NTFS) permissions on the server can cause a number of problems.

set its user account to a domain user account with local administrative access to all computers hosting BusinessObjects Enterprise components.Configuring NTFS Permissions Configuring NTFS permissions C Web Component Adapter (WCA) By default. the Central Management Server uses the LocalSystem account to access resources and BusinessObjects Enterprise components. If your BusinessObjects Enterprise deployment includes OLAP Intelligence. Ensure this user account has the appropriate NTFS permissions for specific folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • C:\Winnt\system32 C:\Program Files\BusinessObjects Enterprise\Web Content\enterprise C:\Program Files\BusinessObjects Enterprise\WCA\CRImages C:\Program Files\BusinessObjects Enterprise\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\BusinessObjects Enterprise\WCA\Logging • • • Write • Note: This table shows the default installation paths. the WCA user account also needs Read permission for the OLAP Intelligence FileStore\Input folder. For details on changing the user account. see “Changing the server user account” on page 146. File Repository Servers (FRS) The Input and Output File Repository Servers (Input and Output FRS) use the local System account by default. BusinessObjects Enterprise Administrator’s Guide 571 . However. these accounts provide sufficient access to files and folders on the local machine. if the Input or Output FRS needs access to directories on other machines.

Central Management Server (CMS) The CMS uses the local System account by default.C Configuring NTFS Permissions Configuring NTFS permissions Ensure that the user account for the Input FRS has the appropriate NTFS permissions for the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input For the Output FRS. the respective FRS creates it when the service starts. Ensure that the System account has the appropriate NTFS permissions for specific files and folders: NTFS rights Folders • • Read & Execute Write • • C:\Winnt\system32\drivers\etc\hosts C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\CITemp 572 BusinessObjects Enterprise Administrator’s Guide . If the Input folder or the Output folder does not exist. make sure the user account has access to the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Output C:\Program Files\Business Objects\ BusinessObjects Enterprise 11\FileStore\Output Note: • • The Input and Output File Repository Servers cannot share the same directories. This account does not need access to other machines.

If the Cache Server needs to access BusinessObjects Enterprise components on other machines. the Input FRS. see “Changing the server user account” on page 146. you must set its user account to a domain user account that has local administrative access to all computers hosting components. If the CMS. The Job Server must use a different user account if it needs to access BusinessObjects Enterprise components on other machines. Ensure that the Job Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore • Write BusinessObjects Enterprise Administrator’s Guide 573 .Configuring NTFS Permissions Configuring NTFS permissions C Cache Server The Cache Server uses the local System account by default. Ensure that the Cache Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • • Job Server Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\Business Objects\WCA The Job Server uses the local System account by default. set the Job Server’s user account to a domain user account that has local administrative access to all computers hosting these components. or the Output FRS is not located on the same machine as the Job Server. For details on changing the user account. For details on changing the user account. see “Changing the server user account” on page 146.

you must change the Page Server’s user account from the default local System account to a domain user account with local administrative access to the computer hosting the reporting database. see “Changing the server user account” on page 146. the reporting database is located on a separate machine. Ensure that the Page Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\WCA • Write • 574 BusinessObjects Enterprise Administrator’s Guide . If the Page Server is on a different machine from the database.C Configuring NT