BusinessObjects Enterprise™ XI Administrator’s Guide

BusinessObjects Enterprise XI

Patents

Business Objects owns the following U.S. patents, which may cover products that are offered and sold by Business Objects: 5,555,403, 6,247,008 B1, 6,578,027 B2, 6,490,593 and 6,289,352. Business Objects, the Business Objects logo, Crystal Reports, and Crystal Enterprise are trademarks or registered trademarks of Business Objects SA or its affiliated companies in the United States and other countries. All other names mentioned herein may be trademarks of their respective owners. Copyright © 2004 Business Objects. All rights reserved.

Trademarks

Copyright

Contents
Chapter 1 Introduction to BusinessObjects Enterprise XI Administrator’s Guide 21 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Who should use this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Business Objects information resources . . . . . . . . . . . . . . . . . . . . . . . 22 Chapter 2 What’s New in BusinessObjects Enterprise 25

Welcome to BusinessObjects Enterprise XI . . . . . . . . . . . . . . . . . . . . . . . . 26 About this version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Supported products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 End-user experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Report design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Developer flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 System administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 3 Administering BusinessObjects Enterprise 35

Administration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Central Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Logging on to the Central Management Console . . . . . . . . . . . . . . . . 37 Navigating within the Central Management Console . . . . . . . . . . . . . . 38 Setting console preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Setting the Query size threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Logging off of the Central Management Console . . . . . . . . . . . . . . . . 41 Using the Central Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Making initial security settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Setting the Administrator password . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

BusinessObjects Enterprise Administrator’s Guide

3

Contents

Modifying the default security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universe connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Managing InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Managing Web Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Managing Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Accessing the Discussions page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Searching for discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Sorting search results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Deleting discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Setting user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Chapter 4 BusinessObjects Enterprise Architecture 53

Architecture overview and diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Client tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Management Console (CMC) . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Configuration Manager (CCM) . . . . . . . . . . . . . . . . . . . . . . . . . 57 Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Application tier components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Web development platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Web application environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Central Management Server (CMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Cache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Report Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Program Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Web Intelligence Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

4

BusinessObjects Enterprise Administrator’s Guide

Contents

Web Intelligence Report Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Report Application Server (RAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Destination Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 List of Values Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Page Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Data tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Report viewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Information flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 What happens when you schedule an object? . . . . . . . . . . . . . . . . . . 70 What happens when you view a report? . . . . . . . . . . . . . . . . . . . . . . . 71 Choosing between live and saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Live data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter 5 Managing and Configuring Servers 77

Server management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Viewing current metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing current server metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing system metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Viewing and changing the status of servers . . . . . . . . . . . . . . . . . . . . . . . . 82 Starting, stopping, and restarting servers . . . . . . . . . . . . . . . . . . . . . . 82 Stopping a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . 84 Enabling and disabling servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Printing, copying, and refreshing server status . . . . . . . . . . . . . . . . . . 86 Configuring the application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Configuring the Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . 89 Configuring the intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Clustering Central Management Servers . . . . . . . . . . . . . . . . . . . . . . . 92 Copying data from one CMS database to another . . . . . . . . . . . . . . . . 98 Deleting and recreating the CMS database . . . . . . . . . . . . . . . . . . . . 108 Selecting a new or existing CMS database . . . . . . . . . . . . . . . . . . . . 109 Setting root directories and idle times of the File Repository Servers 110 Modifying Cache Server performance settings . . . . . . . . . . . . . . . . . 112

BusinessObjects Enterprise Administrator’s Guide

5

Contents

Modifying the polling time of the Event Server . . . . . . . . . . . . . . . . . . 114 Configuring the processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Modifying Page Server performance settings . . . . . . . . . . . . . . . . . . . 115 Modifying database settings for the RAS . . . . . . . . . . . . . . . . . . . . . . 118 Modifying performance settings for the RAS . . . . . . . . . . . . . . . . . . . . 120 Modifying performance settings for job servers . . . . . . . . . . . . . . . . . 121 Configuring the Web Intelligence Report Server . . . . . . . . . . . . . . . . . 122 Configuring the destinations for job servers . . . . . . . . . . . . . . . . . . . . 125 Configuring Windows processing servers for your data source . . . . . 132 Configuring UNIX processing servers for your data source . . . . . . . . 133 Logging server activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Advanced server configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Changing the default server port numbers . . . . . . . . . . . . . . . . . . . . . 140 Configuring a multihomed machine . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Adding and removing Windows server dependencies . . . . . . . . . . . . 144 Changing the server startup type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Changing the server user account . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Configuring servers for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Chapter 6 Managing Server Groups 151

Server group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Creating a server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Working with server subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Modifying the group membership of a server . . . . . . . . . . . . . . . . . . . . . . 155 Chapter 7 Scaling Your System 157

Scalability overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Common configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 One-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Three-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Six-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 General scalability considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Increasing overall system capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

6

BusinessObjects Enterprise Administrator’s Guide

Contents

Increasing scheduled reporting capacity . . . . . . . . . . . . . . . . . . . . . . 163 Increasing on-demand viewing capacity for Crystal reports . . . . . . . 164 Increasing prompting capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Delegating XSL transformation to Internet Explorer . . . . . . . . . . . . . 165 Enhancing custom web applications . . . . . . . . . . . . . . . . . . . . . . . . . 166 Improving web response speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Getting the most from existing resources . . . . . . . . . . . . . . . . . . . . . 167 Adding and deleting servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Adding a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Deleting a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Chapter 8 Managing BusinessObjects Enterprise Repository 173

BusinessObjects Enterprise Repository overview . . . . . . . . . . . . . . . . . . 174 Copying data from one repository database to another . . . . . . . . . . . . . . 174 Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Copying data from a Crystal Enterprise 9 repository database . . . . . 176 Copying data from a Crystal Reports 9 repository database . . . . . . . 177 Refreshing repository objects in published reports . . . . . . . . . . . . . . . . . 179 Chapter 9 Working with Firewalls 181

Firewalls overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 What is a firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Firewall types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Understanding firewall integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Communication between servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Firewall configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Typical firewall scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Configuring the system for firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Configuring for Network Address Translation . . . . . . . . . . . . . . . . . . 190 Configuring for packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring for SOCKS servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

BusinessObjects Enterprise Administrator’s Guide

7

Contents

Chapter 10

Managing Auditing

203

Auditing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 How does auditing work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Which actions can I audit? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Configuring the auditing database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Enabling auditing of user and system actions . . . . . . . . . . . . . . . . . . . . . . 210 Controlling synchronization of audit actions . . . . . . . . . . . . . . . . . . . . . . . 212 Optimizing system performance while auditing . . . . . . . . . . . . . . . . . . . . . 213 Using sample audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Creating custom audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Auditing database schema reference . . . . . . . . . . . . . . . . . . . . . . . . . 218 Chapter 11 BusinessObjects Enterprise Security Concepts 227

Security overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Authentication and authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Primary authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Secondary authentication and authorization . . . . . . . . . . . . . . . . . . . . 230 About single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Security management components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Security plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Processing extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Active trust relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Logon tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Ticket mechanism for distributed security . . . . . . . . . . . . . . . . . . . . . . 243 Sessions and session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 WCA session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 CMS session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Environment protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web browser to web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web server to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 246 Auditing web activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

8

BusinessObjects Enterprise Administrator’s Guide

Contents

Protection against malicious logon attempts . . . . . . . . . . . . . . . . . . . . . . 247 Password restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Logon restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 User restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Guest account restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Chapter 12 Managing User Accounts and Groups 249

What is account management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Available authentication types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Managing Enterprise and general accounts . . . . . . . . . . . . . . . . . . . . . . . 253 Creating an Enterprise user account . . . . . . . . . . . . . . . . . . . . . . . . . 254 Adding a user to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Modifying a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Deleting a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Changing password settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Creating a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Adding users to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Modifying a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Viewing group members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Deleting a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Granting access to users and groups . . . . . . . . . . . . . . . . . . . . . . . . 262 Managing LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Configuring LDAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Mapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Unmapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Viewing mapped LDAP users and groups . . . . . . . . . . . . . . . . . . . . . 272 Changing LDAP connection parameters and member groups . . . . . 272 Managing multiple LDAP hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Troubleshooting LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

BusinessObjects Enterprise Administrator’s Guide

9

Contents

Managing AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Mapping AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Unmapping AD groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Viewing mapped AD users and groups . . . . . . . . . . . . . . . . . . . . . . . . 280 Troubleshooting AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Setting up AD single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Managing NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Mapping NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Unmapping NT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Viewing mapped NT users and groups . . . . . . . . . . . . . . . . . . . . . . . . 289 Troubleshooting NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting up NT single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Managing aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating a user and a third-party alias . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating an alias for an existing user . . . . . . . . . . . . . . . . . . . . . . . . . 296 Assigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Reassigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Disabling an aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Configuring Kerberos single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Setting up a service account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Configuring the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Configuring the Windows AD plug-in for Kerberos authentication . . . 301 Configuring the cache expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring the IIS and browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring IIS for end-to-end single sign-on . . . . . . . . . . . . . . . . . . . 305 Configuring IIS for single sign-on to databases only . . . . . . . . . . . . . . 309 Configuring BusinessObjects Enterprise web applications . . . . . . . . . 312 Mapping AD accounts for Kerberos single sign-on . . . . . . . . . . . . . . . 313 Configuring the databases for single sign-on . . . . . . . . . . . . . . . . . . . 313

10 BusinessObjects Enterprise Administrator’s Guide

Contents

Chapter 13

Controlling User Access

315

Controlling user access overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Controlling users’ access to objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Setting object rights for users and groups . . . . . . . . . . . . . . . . . . . . . 317 Viewing object rights settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Setting common access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Setting advanced object rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 Using inheritance to your advantage . . . . . . . . . . . . . . . . . . . . . . . . . 325 Inheritance with advanced rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Customizing a ‘top-down’ inheritance model . . . . . . . . . . . . . . . . . . . 331 Controlling access to applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Controlling administrative access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Controlling access to users and groups . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to user inboxes . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to servers and server groups . . . . . . . . . . . . . . . . 353 Controlling access to universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Controlling access to universe connections . . . . . . . . . . . . . . . . . . . . 355 Chapter 14 Organizing Objects 357

Organizing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 About folders and categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Working with folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Creating and deleting folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Copying and moving folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Adding a report to a new folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Specifying folder rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Setting limits for folders, users, and groups . . . . . . . . . . . . . . . . . . . . 365 Managing User Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Working with categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Creating and deleting categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Moving categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Adding an object to a new category . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Removing or deleting objects from a category . . . . . . . . . . . . . . . . . . 370

BusinessObjects Enterprise Administrator’s Guide 11

Contents

Specifying category rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Managing personal categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Chapter 15 Publishing Objects to BusinessObjects Enterprise 373

Publishing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Publishing options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Publishing with the Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Logging on to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 376 Adding objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Creating and selecting a folder on the CMS . . . . . . . . . . . . . . . . . . . . 377 Moving objects between folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Duplicating the folder structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Adding objects to a category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Changing scheduling options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Refreshing repository fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Selecting a program type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Specifying program credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing default values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing object properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Entering database logon information . . . . . . . . . . . . . . . . . . . . . . . . . 382 Setting parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Setting the schedule output format . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Adding extra files for programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Specifying command line arguments . . . . . . . . . . . . . . . . . . . . . . . . . 384 Finalizing the objects to be added . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Publishing with the Central Management Console . . . . . . . . . . . . . . . . . . 385 Saving objects directly to the CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Chapter 16 Importing Objects to BusinessObjects Enterprise 389

Importing information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 Importing information from BusinessObjects Enterprise 6.x . . . . . . . . . . . 390 Before importing from BusinessObjects Enterprise 6.x . . . . . . . . . . . . 391 Importing objects from BusinessObjects Enterprise 6.x . . . . . . . . . . . 392

12 BusinessObjects Enterprise Administrator’s Guide

Contents

Importing information from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 396 Importing objects from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 397 Importing information from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing objects from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing with the Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Specifying the source and destination environments . . . . . . . . . . . . . 402 Selecting information to import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Importing objects with rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Choosing an import scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Importing specific objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Finalizing the import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Chapter 17 Managing Objects 415

Managing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 General object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Copying, moving, or creating a shortcut for an object . . . . . . . . . . . . 417 Deleting an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Searching for an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Sending an object or instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Changing properties of an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Assigning an object to categories . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Report object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 What are report objects and instances? . . . . . . . . . . . . . . . . . . . . . . 425 Setting report refresh options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Viewing the universes for a Web Intelligence document . . . . . . . . . . 427 Setting report processing options . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Applying processing extensions to reports . . . . . . . . . . . . . . . . . . . . 443 Working with hyperlinked reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 Program object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 What are program objects and instances? . . . . . . . . . . . . . . . . . . . . 451 Setting program processing options . . . . . . . . . . . . . . . . . . . . . . . . . 453 Object package management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 What are object packages, components, and instances? . . . . . . . . . 460

BusinessObjects Enterprise Administrator’s Guide 13

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Specifying alert notification . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Setting the scheduling options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Deleting calendars . 466 About the scheduling options and parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 Chapter 20 Managing Events 509 Managing events overview . . . . . . . . . . . . . . . . . . . 493 Scheduling an object for a user or group . . . . 462 Authentication and object packages . . . . . . . . . . . . . . . . 476 Setting notification for an object’s success or failure . 461 Configuring object packages and their objects . . . . . . . . 498 Chapter 19 Managing Calendars 501 Overview . . . . . . . . . . . . . . . . . . . . . 512 Custom events . . 493 Managing instances . . . . . . . . . . . . . . . . .Contents Creating an object package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Managing and viewing the history of instances . . . . . . . . . . . . . . . 510 File-based events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 Scheduling objects . . . . . 468 Scheduling objects using object packages . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 Adding objects to an object package . . . . . . . . . . . . . . . . . . . . . . . 479 Selecting a destination . . . . . . . . . . . . . . . . . . . . . . . . . 471 Scheduling an object with events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 Selecting cache options for Web Intelligence documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Specifying calendar rights . . . . . . . . . 502 Creating calendars . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Schedule-based events . . . . . . . . . . . . . . . . . . . . . . 481 Choosing a format . . . . . . . . 514 14 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Chapter 18 Scheduling Objects 465 Scheduling objects overview . . . . 502 Adding dates to a calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Setting instance limits for an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . 527 InfoView considerations . . . 542 Migration and mapping of specific objects . . . . . . . . . . . . . . . 531 Adding a license key . . . . . . . . . . . . . . . . . . . . . . 518 Documentation resources . . . . . . . . 542 Migration of user rights . . . . . . . . . . . . . . . . . 519 Using an IIS web site other than the default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Page Server error when viewing a report . . . . . . . . . . . . . . . . . . 527 Supporting users in multiple time zones . . . . . . . . . . . . . . 537 BusinessObjects 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Unable to connect to CMS when logging on to the CMC . . . . . . . . . . . . . . . . .Contents Specifying event rights . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Setting default report destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 BusinessObjects Enterprise Administrator’s Guide 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Web accessibility issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 Viewing current account activity . . . . . . . . . . . . . . 537 BusinessObjects XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538 Basic terminology . . . 515 Chapter 21 General Troubleshooting 517 Troubleshooting overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532 Appendix A From BusinessObjects 6. . . . . . . . . . 521 Troubleshooting reports with Crystal Reports . . . . . . . . . . . . . . . . . . . 523 Ensuring that server resources are available on local drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520 Windows NT authentication cannot log you on . . . . . . . . . . . . 521 Troubleshooting reports and looping database logon prompts . .x . . . . . . . . . . . . . . . . 527 Chapter 22 Licensing Information 529 Licensing overview . . . . . . . . . . . . 539 Migration . 520 Report viewing and processing issues . . 530 Accessing license information . . . . . . . . . . . . . . . . . . . . . . . .x to BusinessObjects XI 535 Product offering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . 578 List of key values . 565 View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 No Access . . . . . . . . . . . . . . . . . . . 562 Appendix B Rights and Access Levels 563 Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Reporting. . . . . . . . . . . . . . configuration. . . . .xml . . . . . . . . . . . 584 Standard options for all servers . . . . . . . . . . . 564 Access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577 Locating and modifying defaultconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558 SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xml file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 View On Demand . . . . . . . . . . . . . 570 Configuring NTFS permissions for BusinessObjects Enterprise components . . . . . .Contents Installation. . . . . . . . . . . . . . . . . . . . . . . . . 576 What you can do with the defaultconfig. . . . . . . . . . . . . . . . . . . . . . . . . 585 Central Management Server . . . . . . . . . . . 588 Job servers . . . . . . . . . . . . . information sharing . 567 Object rights for the Report Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Security . . . . . . . . . . . . . 566 Full Control . . . . . . . . . . . . . . . . . 570 Appendix D Customizing the appearance of Web Intelligence documents 575 Customizing the appearance of Web Intelligence documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 Default rights on the top-level folder . . . . . . 581 Appendix E Server Command Lines 583 Command lines overview . . . . . . . . . . . . . 551 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 Appendix C Configuring NTFS Permissions 569 Configuring NTFS permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580 Example: Modifying the default font in table cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 Page Server and Cache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 16 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . 601 serverconfig. . . . . .sh . . . . . . 598 Script utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . 605 silentinstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602 sockssetup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . 611 Providing a client tier for multiple languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 Deploying BusinessObjects Enterprise internationally . . . . . . 606 env. . . . . . . . . . . . . . . . . . . . . . . . . 604 startservers . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 ccm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 cmsdbsetup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613 BusinessObjects Enterprise Administrator’s Guide 17 . . . . . . . . . . . . 606 initlaunch. . . . . . . . . . . . 604 Script templates . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . 603 uninstallBOBJE. . . . . . . .sh . . 605 Scripts used by BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594 Event Server . . . . . 610 Planning an international BusinessObjects Enterprise deployment . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh .Contents Report Application Server . . . . . . . . . 607 setup. . . . . .sh . . . . . . . . . . . 591 Web Intelligence Report Server . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . 605 stopservers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 patchlevel. . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . 607 setupinit. . . . 606 env-locale. . . . . . . . . . 595 Appendix F UNIX Tools 597 UNIX tools overview . . . 607 Appendix G International Deployments 609 International deployments overview . . . . .sh . . . . . . . . . .sh . . . . . . . . 607 postinstall. . . . . . . . . . . . . . . . 593 Input and Output File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 configpatch. . . . . 606 bobjerestart. . . . . .

. . . . . . . . . . . . . . . . . . . .Contents Appendix H Creating Accessible Reports 615 About accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618 Improving report accessibility . . . . . . . 642 Where is the documentation? . . . . . . . . . 643 How can we support you? . . . . . . . . . . . . . . . . . . . . . 640 Appendix I Business Objects Information Resources 641 Documentation and information services . . . . . . . . . . . . . . . . 637 Accessibility and customization . . . . . . . . . . . . 631 Text objects and data table values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Customer support. . . . . . . . . . . . . . . . . . . . . . . . . . . . 630 Accessibility and subreports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627 Designing for flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Looking for the best deployment solution for your company? . . . . . . . . . . . . . . . . . . 642 Documentation . . . . . . 626 Parameter fields . . . . . . . . . . . . . . 644 Looking for training options? . . . . . . . 616 About the accessibility guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637 Setting accessible preferences for BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642 Send us your feedback . 642 What’s in the documentation set? . . . . . . . . . . . . . . . . . . 621 Color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631 Improving data table accessibility . . . . . . . . . . . . . . . . . . . 617 Accessibility and Business Objects products . . . . . . . consulting and training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632 Other data table design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Text . . . . . . . . . . 616 Benefits of accessible reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 18 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . 629 Accessibility and suppressing sections . . . . . . . . . . . . . . . . . 628 Accessibility and conditional formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Accessibility and BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Placing objects in reports . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . 644 Index 647 BusinessObjects Enterprise Administrator’s Guide 19 . . . . . .Contents Useful addresses at a glance . . . . . . . . . . . .

Contents 20 BusinessObjects Enterprise Administrator’s Guide .

Introduction to BusinessObjects Enterprise XI Administrator’s Guide chapter .

and information delivery. customer support. scalable. extranet. BusinessObjects Enterprise is a flexible. they are also accessible from the BusinessObjects Enterprise Launchpad. Whether it is used for distributing weekly sales reports. and reliable solution for delivering powerful. Once you install BusinessObjects Enterprise. see Appendix I: Business Objects Information Resources. in catering to all levels of administrative experience. Who should use this guide? This guide is intended for system administrators who are responsible for configuring. Familiarity with your operating system and your network environment is certainly beneficial. Procedures are provided for common tasks. For more information about the product. and maintaining a BusinessObjects Enterprise installation. or integrating critical information into corporate portals. with links to online resources. This appendix describes the Business Objects documentation. 22 BusinessObjects Enterprise Administrator’s Guide . managing. the BusinessObjects Enterprise Installation Guide. Business Objects information resources For more information and assistance. BusinessObjects Enterprise delivers tangible benefits that extend across and beyond the organization. As an integrated suite for reporting. Internet or corporate portal.Contents About this guide This guide provides you with information and procedures covering a wide range of administrative tasks. However. BusinessObjects Enterprise provides a solution for increasing enduser productivity and reducing administrative efforts. providing customers with personalized service offerings. Online versions of these guides are included in the doc directory of your product distribution. consult the BusinessObjects Enterprise Getting Started Guide. this guide aims to provide sufficient background and conceptual information to clarify all administrative tasks and features. Conceptual information and technical details are provided for all advanced topics. and consulting services. and the BusinessObjects Enterprise User’s Guide. interactive reports to end users via any web application— intranet. training. as is a general understanding of web server management and scripting technologies. analysis.

Contents BusinessObjects Enterprise Administrator’s Guide 23 .

Contents 24 BusinessObjects Enterprise Administrator’s Guide .

What’s New in BusinessObjects Enterprise chapter .

web. This version includes a variety of major enhancements spread across our data access methods. BusinessObjects Enterprise is designed to integrate seamlessly with existing data. and application investments without imposing a new set of standards and processes. administration capabilities. querying. This chapter provides an overview of the new features and enhancements available in this version of BusinessObjects Enterprise. and analysis. and security. delivery. proven architecture based largely on an enhanced version of the Crystal Enterprise architecture. BusinessObjects Enterprise provides full web-based administration and configuration of the entire system. BusinessObjects Enterprise XI brings together features from across the Business Objects product line to meet the diverse needs of users. security. supplemented by powerful query and analysis. This release extends the robust information infrastructure provided by earlier versions of BusinessObjects Enterprise and Crystal Enterprise. and report design options. It also provides platform-level support for semantic layers. Supported products All Business Objects products are now available under the same platform. About this version BusinessObjects Enterprise provides an industry-standard. and interaction for the following products and versions: • • • • Crystal Reports XI BusinessObjects Web Intelligence XI BusinessObjects OLAP Intelligence XI BusinessObjects Data Integrator XI 26 BusinessObjects Enterprise Administrator’s Guide . existing customers can leverage their current investments in Business Objects and Crystal technology. BusinessObjects Enterprise XI provides full support for the management. Thanks to the extensive upgrade and content migration support provided in BusinessObjects Enterprise XI. from presentation-quality reporting to in-depth data analysis. data integration. and data integration capabilities from the Business Objects product line.2 What’s New in BusinessObjects Enterprise Welcome to BusinessObjects Enterprise XI Welcome to BusinessObjects Enterprise XI BusinessObjects Enterprise XI is the business intelligence platform that supports the entire range of reporting.

consult the documentation provided with each component. and setting appropriate rights for them.5. you can import your existing categories with the Import Wizard. Users can classify documents by using categories created by themselves and by others. Folders and categories work together to provide strong navigation capabilities. Whether you have an existing BusinessObjects Enterprise system or a Crystal Enterprise system. you will notice a wide range of new features in BusinessObjects Enterprise XI. By taking advantage of the security and management features of BusinessObjects Enterprise. The categorization of documents enables users to locate information more easily regardless of where it is stored within the system. BusinessObjects Enterprise Administrator’s Guide 27 . you can organize documents according to multiple criteria and improve both security and navigation. Then you can share the resulting Office documents securely using BusinessObjects Enterprise. By creating a combination of folders and categories.What’s New in BusinessObjects Enterprise New features 2 For information about these products. Complimentary to folders. New features BusinessObjects Enterprise XI represents the full integration of traditional Business Objects and Crystal products. Categories If you are upgrading or migrating from an existing Crystal Enterprise deployment. Folders are used as a location to store documents. and PowerPoint presentations. Categories provide an effective way of classifying documents that makes it easier for users to organize documents. you can manage your Office documents the same way you manage your business intelligence documents. you will notice the addition of categories to BusinessObjects Enterprise XI. BusinessObjects Enterprise XI also supports the following add-in components: • BusinessObjects Enterprise Live Office XI Use Live Office to embed your business intelligence data into Word documents. If you’re migrating from BusinessObjects Enterprise 6. combining the best features of each product line. End-user experience BusinessObjects Enterprise XI provides a significantly enhanced user experience for all customers. categories are used for classifying documents in BusinessObjects Enterprise. Excel spreadsheets.

The delivery of both . You can grant other users access to the threaded discussions to allow new users to keep track of historical comments added to the documents. allowing users to add comments to documents in BusinessObjects Enterprise. users can view. if you currently organize your files into departmental folders. the new look and feel is designed for intuitive user interaction. a completely updated business intelligence portal.NET (ASPX) version or a J2EE version (JSP). In BusinessObjects Enterprise XI. 28 BusinessObjects Enterprise Administrator’s Guide . such as managers or VPs. InfoView has been designed to allow users to do most tasks within the BI environment without the need of IT intervention. you can add discussions to any document in the system either by selecting it from the document list or while the user is viewing the document. see the BusinessObjects Enterprise Installation Guide. create. the term publishing is related to sending a document to multiple users containing different information depending on the user rights. combined with comprehensive support for the entire product line. you can share knowledge about the information in the documents. traditionally provided by the Broadcast Agent Publisher and is now part of BusinessObjects Enterprise XI itself. For more information on migrating documents. and you can create subcategories within categories. Discussions Discussions provide threaded notes on all documents within BusinessObjects XI. and scheduling directly to email or printers. This functionality. Publishing In BusinessObjects Enterprise 6 systems. including scheduling to different formats. you could use categories to create an alternate filing system that divides content according to different roles in your organization. You can associate documents with multiple categories. New features allow users to be even more productive.NET and J2EE versions gives the customer the flexibility of deploying InfoView in their established environment. InfoView BusinessObjects Enterprise XI introduces a new InfoView. The important features provided by the Broadcast Agent Publisher are provided in BusinessObjects Enterprise XI. Users familiar with previous versions of InfoView or ePortfolio will see that old features have been fully updated and improved. From a single web environment. InfoView is available as a . Through extensive testing and design. and interact with information.2 What’s New in BusinessObjects Enterprise New features For example. By adding discussions to documents.

All universe objects and their associated connections are stored and secured in the repository of BusinessObjects Enterprise XI itself. and processing. BusinessObjects Enterprise Administrator’s Guide 29 . Crystal ReportsXI provides improved report design. Universes Universes are patented Business Objects technology. Report design BusinessObjects XI includes Crystal Reports.x deployment. note that the Broadcast Agent Scheduler is no longer required. while Universes are accessible by both Crystal Reports as well as Web Intelligence. to help make the report design process even simpler. If you’re migrating from an existing BusinessObjects Enterprise deployment. They act as a semantic layer between the user and a database. usability. You will also notice that scheduling is more integrated in Business Objects XI and includes new features such as business calendars. including significant enhancements to parameters to allow for the dynamic generation of lists of values. If you are migrating from an existing BusinessObjects Enterprise 6. Note: Business Views can be used only by Crystal Reports. the leading report design tool in the market. you can use Import Wizard to import your existing universes and their connection objects. Business Views Business Views is a flexible and reliable multi-tier system that enables companies to build detailed and specific Business Views objects that help report designers and end users access the information they require. BusinessObjects Enterprise XI also provides the ability to schedule documents on behalf of others. this solution is more manageable and can be applied to all documents designed from secured Universes or Business Views.What’s New in BusinessObjects Enterprise New features 2 Scheduling BusinessObjects Enterprise XI provides scheduling capabilities for both Crystal reports and Web Intelligence documents. Semantic Layer BusinessObjects Enterprise XI includes both Universes and Business Views. Unlike other techniques that require special programming efforts. This secure mechanism allows a single report to serve the needs of multiple users by delivering only the specific subsets of information to each user according to their security profile.

NET and Java SDKs. and a ReportEngine service (Crystal Reports and Web Intelligence document viewing including prompt and drill management). Web Services The integration pack Web Services have been updated to support the new BusinessObjects XI platform features: • • • The Web Intelligence documents are served by the BusinessObjects XI Web Intelligence report engine. Report designers no longer need to maintain static prompt lists in individual reports. a BICatalog service (InfoObject list. Developer flexibility BusinessObjects Enterprise development tools BusinessObjects Enterprise provides SDKs for enterprise application developers to build application and portal integration on top of the platform. Note: BusinessObjects Enterprise also continues to support existing development in COM. although we recommend migrating to . Recognizing the need for comprehensive support for different development environments. As in the integration pack. allowing prompt values to be populated from values in a database. The LDAP authentication is natively supported. and so on). 30 BusinessObjects Enterprise Administrator’s Guide .2 What’s New in BusinessObjects Enterprise New features Dynamic prompts and cascading lists of values Dynamic prompts and cascading lists are now available in Crystal Reports. Unified Web Services includes server components (the providers) and both . BusinessObjects Enterprise XI provides extensive . Prompts can be arranged in a cascade. category management. authentication. The consumers simplify application development. improving both runtime scalability and design time productivity.NET or Java. BusinessObjects Enterprise XI includes an enhanced version of the Unified Web Services provided with the BusinessObjects Crystal Integration Pack. and so on). Web Farm is support. A single prompt definition can be stored in the repository and shared among multiple reports. where one value in a prompt constrains values in subsequent picklists. the BusinessObjects XI Web Services deliver a Session service (Session management.NET and Java APIs that are used to write applications that consume the provided web services.

reliable. and extensibility. fault tolerance. it provides better flexibility. managing. BusinessObjects Enterprise Administrator’s Guide 31 . you will notice key differences in the architecture of BusinessObjects Enterprise XI. offering dynamic growth. widely recognized as a highly scalable. and powerful platform by customers and industry experts alike. System administration BusinessObjects Enterprise provides an efficient and scalable architecture for processing. As a services-oriented architecture. Architecture If you are upgrading from an existing BusinessObjects Enterprise 6. BusinessObjects Enterprise XI is built on a component.5 system. and delivering information to your users. Universes. Java and Web Farms support. and auditing.or services-based architecture. Categories. The service-oriented platform allows current Business Objects products such as Web Intelligence to plug directly into the framework without requiring extensive configuration. Support for Web Intelligence. Management The Central Management Console provides users with a centralized point for administering a variety of details including scheduling. This leads to an increase in efficiency and performance. The Page Server has the ability to grow and create sub processes as required. BusinessObjects Enterprise XI features built-in auditing features. security.What’s New in BusinessObjects Enterprise New features 2 BusinessObjects Enterprise SDK BusinessObjects Enterprise SDK has been enhanced to include: • • • • JavaServer Faces for BusinessObjects Enterprise XI. improved reliability. and the smart use of resources. BusinessObjects Enterprise XI inherits most of the new platform services from the proven Crystal Enterprise architecture. Inbox. Auditing Instead of using a separate auditing component. scalability. Improved query language. Enhanced Page Server One of the many improvements in BusinessObjects Enterprise XI is the enhanced Page Server.

and authentication. The system also provides full support for replication of all server components. Security BusinessObjects Enterprise XI provides all of the existing security features currently supported in Crystal Enterprise. In a multi-server environment. This means that the overall system. in order to enhance scalability and maintain efficient server performance. The enhanced fault tolerance ensures seamless reporting and query analysis for your users. For more information on auditing. as well as the individual services. The CMS collects and collates the auditing data from the system interactions and writes the information into the auditing database. It applies a mixture of active and passive approaches to maximize server availability and minimize response time for your users. while individual services with auditing functionality are considered the auditees. Load balancing Intelligent load balancing algorithms eliminate bottlenecks and maximize hardware efficiency. BusinessObjects Enterprise XI includes enhanced support for session-level failover. Fault tolerance BusinessObjects Enterprise provides fail-over at the system management level (for scheduling. an industry standard 32 BusinessObjects Enterprise Administrator’s Guide . The auditing functionality within BusinessObjects Enterprise has been implemented with the concept of a central auditor and individual server auditees. can be audited depending on the level of detail required.2 What’s New in BusinessObjects Enterprise New features The auditing functionality of BusinessObjects Enterprise XI focuses on enabling administrators to gain a better understanding of the users accessing the system and the documents they are interacting with. and object level security is controlled using Access Control Lists (ACL). There is no migration or integration of the BusinessObjects Auditor product. BusinessObjects Enterprise XI includes built-in load balancing across all system management and report processing functions. you need to balance the load across multiple machines. another service identifies the failure and continues the processing. You can then create reports based on this auditing data. group. If a processing service fails. security. User. Redundant components automatically take over the load if the system encounters a hardware failure or excessive wait times. The auditor role is fulfilled by the Central Management Server (CMS). see the auditing chapter of the BusinessObjects Enterprise Administrator’s Guide. for example).

and universe restriction sets. Business Objects XI has introduced single sign-on for LDAP authentication. By combining single sign-on and report viewing. universes. BusinessObjects Enterprise Administrator’s Guide 33 . please see the BusinessObjects Enterprise XI Installation Guide. Please see platforms. connections. When LDAP authentication is enabled.What’s New in BusinessObjects Enterprise New features 2 method for controlling cascading security access. These capabilities require the system to run all components on the Windows operating system and for the users to use Internet Explorer with Active Directory authentication. Business Objects XI now provides single sign-on with Active Directory authentication using the Kerberos protocol. The Central Management Console is a centralized management tool that can be used to administer security. Security can be applied at the object level to all documents. The Import Wizard maps most security rights from current systems directly to new users and groups in BusinessObjects Enterprise XI. you can provide end-to-end single sign-on. and import users and groups from existing BusinessObjects Enterprise and Crystal Enterprise deployments into BusinessObjects Enterprise XI using the Import Wizard. For details on how rights are mapped or for more information on the Import Wizard. which allows a user’s security context to be retrieved from the host operating system and be used to access BusinessObjects Enterprise and the underlying databases for the reports and documents in the system. Also. please see the BusinessObjects Enterprise XI Installation Guide. you can now configure your deployment to use the Secure Sockets Layer (SSL) protocol for all network communication between your BusinessObjects Enterprise XI servers. categories.txt for more information on supported platforms. For details on how rights are mapped. Migration An administrator will be able to create users and groups. the administrator has the option to use Siteminder as an external system for authentication providing single sign-on capabilities to BusinessObjects Enterprise.

2 What’s New in BusinessObjects Enterprise New features 34 BusinessObjects Enterprise Administrator’s Guide .

Administering BusinessObjects Enterprise chapter .

You will typically use the following applications to manage BusinessObjects Enterprise: • Central Management Console (CMC) This web application is the most powerful administrative tool provided for managing a BusinessObjects Enterprise system. For more information on publishing content to BusinessObjects Enterprise. content management. you can use it to publish reports to BusinessObjects Enterprise servers that are running on Windows or on UNIX. and server management. It also allows you to specify a number of options on each report that you publish. This chapter briefly introduces new BusinessObjects Enterprise administrators to some of the available management tools. the CCM shell script (ccm. In a Windows environment. such as setting the password for the system’s default Administrator account. and server management. It also shows you how to make initial security settings.3 Administering BusinessObjects Enterprise Administration overview Administration overview The regular administrative tasks associated with BusinessObjects Enterprise can be roughly divided into three major categories: user management. Although this application runs only on Windows. It offers you a single interface through which you can perform almost every task related to user management. see “Central Management Console” on page 37. For an introduction to the CCM.sh) allows you to manage servers from a command line. see “Using the Central Configuration Manager” on page 42. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. • Publishing Wizard This application allows you to publish your reporting content to BusinessObjects Enterprise quickly. For an introduction to the CMC. The remainder of this guide provides technical and procedural information corresponding to each of these management categories. • Central Configuration Manager (CCM) This server administration tool is provided in two forms. In a UNIX environment. content management. 36 BusinessObjects Enterprise Administrator’s Guide . see “Publishing overview” on page 374.

BusinessObjects Enterprise Administrator’s Guide 37 . 2. Tip: On Windows. the CMC enables you to manage servers and create server groups. Because the CMC is a webbased application.aspx Replace webserver with the name of the web server machine. see “Controlling User Access” on page 315. For details. organize. Any user with valid credentials to BusinessObjects Enterprise can log on to the CMC and set his or her preferences. For this example. Select Enterprise in the Authentication Type list. Logging on to the Central Management Console There are two ways to access the CMC: type the name of the machine you are accessing directly into your browser. you can click Start > Programs > BusinessObjects XI> BusinessObjects Enterprise > BusinessObjects Enterprise . Click Central Management Console. users who are not members of the Administrators group cannot perform any of the available management tasks unless they have been granted rights to do so. And it allows you to publish. type Administrator as the User Name. Type your User Name and Password. you may log on using an account that has been mapped to the BusinessObjects Enterprise Administrators group. see “Setting the Administrator password” on page 44. you can perform all of these administrative tasks remotely. Additionally. For complete details about object rights. To log on to the CMC Go to the following page: http://webserver/businessobjects/Enterprise11/WebTools/ adminlaunch/default.NET Administration Launchpad (or Java Administration Launchpad). This tool allows you to perform user management tasks such as setting up authentication and adding users and groups. 1. and set security levels for all of your BusinessObjects Enterprise content. If you’re using LDAP or Windows NT authentication. or select BusinessObjects Enterprise Administration Launchpad from the program group on the Windows Start menu. If you changed this default virtual directory on the web server.Administering BusinessObjects Enterprise Central Management Console 3 Central Management Console You will use the Central Management Console (CMC) extensively to manage your BusinessObjects Enterprise system. However. This default Enterprise account does not have a password until you create one. 4. 3. you will need to type your URL accordingly.

3. The CMC Home page appears. 38 BusinessObjects Enterprise Administrator’s Guide .3 Administering BusinessObjects Enterprise Central Management Console Windows AD. Home > Users > New User indicates that you’re on the New User page. 1. Setting console preferences The Preferences area of the CMC allows you to customize your administrative view of BusinessObjects Enterprise. Set the preference as required. To set the console preference Log on to the CMC and click the Preferences button in the upper-right corner of the CMC. Once you leave the Home page. In this example. you can navigate through its areas and pages in a number of ways: • • Click the links or icons on the Home page to go to specific “management areas. Navigating within the Central Management Console Because the CMC is a web-based application. Click Log On. your location within the CMC is indicated by a path that appears above the title of each page. You can click the hyperlinked portions of the path to jump quickly to different parts of the application. you must map your third-party user accounts and groups to BusinessObjects Enterprise before you can use these types of authentication. Click OK.” Select the same “management areas” from the drop-down list in the title area of the window. you could click Home or Users to go to the corresponding page. Windows NT and LDAP authentication also appear in the list. See “CMC preferences” on page 39. 2. however. 5. Click Go if your browser doesn’t take you directly to the new page. For example.

This setting determines the number of characters that are included in each hyperlink.Administering BusinessObjects Enterprise Central Management Console 3 CMC preferences Viewer This list sets the default report viewer that is loaded when you view a report in the CMC. see “Setting the Query size threshold” on page 40. see “Configuring the processing tier” on page 115. In this example. Maximum number of characters for each page index When a list of objects spans multiple pages. BusinessObjects Enterprise synchronizes scheduling patterns and events appropriately. Maximum number of objects per page This option limits the number of objects listed on any page or tab in the CMC. use this list to specify your time zone. the full list is sorted alphanumerically and indexed before being subdivided. Time zone If you are managing BusinessObjects Enterprise remotely. Measuring units for report page layout Specify inches or millimeters as the measuring units used by default when you customize a report’s page layout on the report object’s Print Setup tab. To set the available and default viewers for all users. hyperlinks are displayed as an index to each of the remaining pages. the maximum number of characters is set to 3. For instance. select the Unlimited check box. so threecharacter hyperlinks are used to index the report objects on each page. For details about limiting the number of objects displayed on a page or in a search. At the top of every page. if you select Eastern Time BusinessObjects Enterprise Administrator’s Guide 39 . Note: To specify an unlimited maximum number of characters. simply the number displayed per page. Note: This setting does not limit the number of objects displayed.

a list of objects in that management area is displayed. You can modify the number of objects displayed by setting the Query size threshold in the Business Objects Applications management area of the CMC.3 Administering BusinessObjects Enterprise Central Management Console (US & Canada). To set the Query size threshold Go to the BusinessObjects Enterprise Applications management area of the CMC. Modify this value to specify the maximum number of objects that displayed on the initial pages of the Objects. every day on a server that is located in San Francisco. see “Supporting users in multiple time zones” on page 527. Folders. then the server will run the report at 2:00 a. Click the BusinessObjects Enterprise Central Management Console link. and Users management areas of the CMC and when displaying search results in these management areas. Setting the Query size threshold By default. and you schedule a report to run at 5:00 a. or Users management areas of the CMC. My Password Click the Change Password link to change the password for the account under which you are currently logged on. 2.m.m. 1. if you have numerous objects this can heavily tax your system resources. 40 BusinessObjects Enterprise Administrator’s Guide . when you go to the Objects. Groups. Folders. By default the Query size threshold value is 500. Pacific Time. Because BusinessObjects Enterprise loads each of the objects in the list. This means that BusinessObjects Enterprise prompts users to use the search function of the CMC if the return size exceeds 500 objects. For more information about time zones. Groups.

Administering BusinessObjects Enterprise Central Management Console 3 The Query size threshold page appears. 4. Folders. The Logoff button is located in the upper-right corner of the console. Logging off of the Central Management Console When you have finished using the CMC. Groups. BusinessObjects Enterprise Administrator’s Guide 41 . and Users management areas. In the Prompt for search if the return size exceeds field. Specifying the URL here allows Crystal Reports to get this URL from the CMS in order to call pages in the CMC. In the CMC Access URL field. 3. Note: To modify the number of objects displayed on a page (rather than the total number of objects displayed). It needs to call these pages in order to support the previewing of reports and to enable administration tasks to be performed from Crystal Reports. type the URL for the CMC. end the session by logging off. type the maximum number of objects you want to be returned in searches and on the initial pages of the Objects. see “Setting console preferences” on page 38. 5. Click Update.

you might be prompted to enter a user name and password. Click Enable/Disable on the toolbar to log on and enable or disable servers. To start the CCM From the BusinessObjects Enterprise program group. SOCKS server connections. A yellow arrow indicates the server is starting. stop. type the name of the machine you want to connect to. you must have NT administrator rights on the local machine. enable. use the CCM to manage BusinessObjects Enterprise server components that are running locally or on a remote Windows machine. Depending on the configuration of your network. 1. To run the CCM. 42 BusinessObjects Enterprise Administrator’s Guide . For details. see: • “Accessing the CCM for Windows” on page 42 Accessing the CCM for Windows From a Windows machine. To access the CCM. If you are managing servers on a remote machine. Note: The status icons do not indicate whether servers are enabled or disabled. and disable servers. This tool allows you to start. then press Enter. A status icon is displayed for each server: • • • A green arrow indicates the server is running. click Central Configuration Manager. To connect to servers on a remote machine Once you have started the CCM.3 Administering BusinessObjects Enterprise Using the Central Configuration Manager Using the Central Configuration Manager The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. Servers must be enabled before they will respond to BusinessObjects Enterprise requests. It also allows you to view and to configure advanced server settings such as default port numbers. see “Enabling and disabling servers” on page 85. CMS database and clustering details. A red arrow indicates the server is not running. you can connect to a remote machine in several ways: • In the Computer Name field. The servers that are available on the local machine appear in the list. and more. you must also have NT administrator rights on the machine you are connecting to.

log on to the remote machine with an account holding administrative rights.sh -start all . To run the CCM.sh with command-line options to manage one or more servers. Note: You may need to type your user name as domain\username. the following set of commands starts the BusinessObjects Enterprise servers and enables each server on its default port: . you must have execute permissions on the ccm./ccm./ccm. 1. You can run the CCM remotely through a telnet session or locally through a terminal window. then click OK. In the Computer Name field.sh script also provides a detailed description of its command-line options.Administering BusinessObjects Enterprise Making initial security settings 3 • • 2. To see the command-line help./ccm.sh -enable all Note: The main options for the CCM are covered in more detail in “UNIX Tools” on page 597. you may want to configure the following security settings before you publish content or provide users with access to BusinessObjects Enterprise: • • “Setting the Administrator password” on page 44 “Disabling the Guest account” on page 44 BusinessObjects Enterprise Administrator’s Guide 43 . select a remote machine from the list. The CCM lists the servers associated with this machine. To view additional help on ccm. For instance. Select the appropriate computer. Accessing the CCM for UNIX Run the CCM on your UNIX server to manage BusinessObjects Enterprise server components that are running on that machine. To run the CCM Go to the Business Objects directory that was created by the BusinessObjects Enterprise installation: cd INSTALL_ROOT/bobje 2. issue the following command: .sh script and on its parent Business Objects directory. click Browse.sh The ccm. If prompted.sh -help | more Making initial security settings To ensure system security. Run ccm. On the toolbar.

1. Click Update. In the Account Name column. 5. clear the “User must change password at next logon” check box. 44 BusinessObjects Enterprise Administrator’s Guide . Click the link for the Administrator account. 3. click Guest. 2. you ensure that no one can log on to BusinessObjects Enterprise with this account. BusinessObjects Enterprise creates an Administrator account and a Guest account that do not have passwords. see “Disabling the Guest account” on page 44.3 Administering BusinessObjects Enterprise Making initial security settings • • • • “Modifying the default security levels” on page 45 Chapter 11: BusinessObjects Enterprise Security Concepts “Available authentication types” on page 252 “Controlling User Access” on page 315 For additional security information. Note: Do not create a password for the Guest account if you plan to use the anonymous single sign-on or the Sign Up features available in BusinessObjects Enterprise. select the Account is disabled check box. 3. On the Properties tab. To disable these features. Disabling the Guest account By disabling the Guest account. you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise. In the Enterprise Password Settings area. To disable the Guest account Go to the Users management area of the CMC. To change the Administrator password Go to the Users management area of the CMC. 1. you may also want to refer to: Setting the Administrator password As part of the installation. enter and confirm the new password. so users will be unable to access InfoView without providing a valid user name and password. In doing so. 4. If it is selected. 2. Log on to the Central Management Console (CMC) with the Administrator account and use the following procedure to create a secure password for the Administrator account.

BusinessObjects Enterprise Administrator’s Guide 45 . For a full description of object rights and inheritance patterns. Using CMC. see the Designer’s Guide. Managing universes Web Intelligence users connect to a universe. You create a universe by using the Designer. Initially. 5. 1. For more information about user accounts. For detailed information. 3. To view a universe Go to the Universes management area of the CMC. They can do data analysis and create reports using the objects in a universe. See “Controlling access to universes” on page 354. 5. Click the Rights tab. the Everyone group is granted Schedule access to the top-level folder. the underlying data structures in the database. Modifying the default security levels This procedure shows where you can modify the default object rights that users are granted to the top-level BusinessObjects Enterprise folder. you can view and delete universes. 2. see “Managing Enterprise and general accounts” on page 253.Administering BusinessObjects Enterprise Managing universes 3 4. and run queries against a database. and the Administrators group is granted Full Control. If you are prompted for confirmation. 4. 1. For complete information. To modify top-level security settings Go to the Settings management area of the CMC. You can also control who has access rights to a universe. or having to know anything about. As required. You can change these default security levels to suit your needs. change the entry in the Access Level list for each user or group that is displayed. without seeing. Click Add/Remove to grant different levels of security to additional users or groups. see “Controlling users’ access to objects” on page 317. Click Update. Click Update. click OK. see “Controlling users’ access to objects” on page 317.

3. Select the universe you want to delete. You must have a connection to access data. 2. The properties page for the connection appears. you can view and delete connections. Click the link for the connection you want to view.3 Administering BusinessObjects Enterprise Managing universe connections The Universes page appears. Click the link for the universe you want to view. Click Delete. see the Designer’s Guide. The Universe Connections page appears. To delete a universe connection Go to the Universe Connections management area of the CMC. 3. 1. To delete a universe Go to the Universes management area of the CMC. 1. Managing universe connections A connection is a named set of parameters that defines how a BusinessObjects application accesses data in a database file. Click Delete. You must select or create a connection when you create a universe. See “Controlling access to universe connections” on page 355. You can also control who has access rights to a connection. 1. For complete information. The Connections page appears. The properties page for the universe appears. To view connections Go to the Universe Connections management area of the CMC. Select the connection you want to delete. A connection links Web Intelligence to your middleware. 2. 2. 46 BusinessObjects Enterprise Administrator’s Guide . 2. Using CMC. The Universes page appears.

You can also configure settings that control which viewers are available to users. the report is processed by the Report Application Server. If you are using the Java version of InfoView and want users to be able to use the Active X or Java viewers.Administering BusinessObjects Enterprise Managing InfoView 3 Managing InfoView You can use the Business Objects Applications area of the Central Management Console to make minor changes to the appearance and functionality of InfoView. Consult the BusinessObjects Enterprise Installation Guide for more information. you must enter the context path of the Web Component Adapter. without doing any programming. BusinessObjects Enterprise Administrator’s Guide 47 . When users view a report using the Advanced DHTML viewer.

On the Properties tab. 1. 4.3 Administering BusinessObjects Enterprise Managing Web Intelligence 1. Managing Discussions BusinessObjects Enterprise administrators are responsible for maintaining the discussion threads and for granting the appropriate access rights to BusinessObjects Enterprise users. Managing Discussions includes the following tasks: • • • • • “Accessing the Discussions page” on page 49 “Searching for discussion threads” on page 49 “Sorting search results” on page 51 “Deleting discussion threads” on page 51 “Setting user rights” on page 51 48 BusinessObjects Enterprise Administrator’s Guide . On the Properties tab. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. 3. Click Update. 2. To manage settings for InfoView Go to the BusinessObjects Enterprise Applications management area of the CMC. make sure you grant access to the “Allows interactive HTML viewing (as per license)” option in order for users to be able use the Interactive view format and use the Query HTML panel. select the options that you want. 2. 4. To manage settings for Web Intelligence Go to the BusinessObjects Enterprise Applications management area of the CMC. 3. select the options that you want. Click InfoView. Managing Web Intelligence For the Web Intelligence application. Click Web Intelligence. Click Update.

Click Discussions. Only the root level threads are displayed. 2. To access the Discussions page Go to the BusinessObjects Enterprise Applications management area of the CMC. 2. The Discussions page appears. click Cancel. BusinessObjects Enterprise Administrator’s Guide 49 . 1. the Discussions page displays the titles of all discussion threads. To search for a discussion thread Go to the BusinessObjects Enterprise Applications management area of the CMC. You can search for a specific thread or group of threads. Branches from the root level thread are not displayed. Searching for discussion threads By default.Administering BusinessObjects Enterprise Managing Discussions 3 Accessing the Discussions page 1. Click Discussions. Use the Previous and Next buttons to page through the list of discussion threads. The Discussions page appears. Note: To cancel a search and reset the search values back to the default settings.

do not exactly match the text that you type into the third field. refine your search. If you selected a text-based search in the first two fields. Creation date. If you selected a date-based search. • • • 5. Use the third field to further refine your search. there are the following options. Click Search to display all the records that match your search criteria. Search by the author of a specific thread. before: The DMC searches for any discussion threads that were created or modified before the search date. Author. select which of the following criteria you want to search by: • • • • 4. type in the text string. Searches are not case sensitive. 50 BusinessObjects Enterprise Administrator’s Guide . Search based on the date a thread was last modified.3 Administering BusinessObjects Enterprise Managing Discussions 3. between: The DMC searches for any discussion threads that were created or modified between the two search dates. the second field provides you with the following options. contains: The DMC searches for any discussion threads that contain the search text string within any part of the thread title or the author’s name. is not: The DMC searches for any discussion threads where the thread title. Last modified date. 6. Thread title. enter the date or dates in the appropriate fields. does not contain: The DMC searches for any discussion threads that do not contain the text string within any part of the thread title. • • • • is: The DMC searches for any discussion threads where the thread title. or the author name. If you search by Creation date or Last modified date. From the second list. Search by the title of a thread. after: The DMC searches for any discussion threads that were created or modified after the search date. Search by the date the thread was created. or the author name. In the Field name list. exactly match the text that you type into the third field. If you search by Thread title or Author.

Deleting discussion threads You can delete any discussion thread. For example you can display them in ascending alphabetical order. see “Accessing the Discussions page” on page 49. 1. In the second list. BusinessObjects Enterprise Administrator’s Guide 51 . 4. Sort based on the date a thread was last modified. Click Delete. or add a note to a report. see Chapter 13: Controlling User Access.Administering BusinessObjects Enterprise Managing Discussions 3 Sorting search results You can select how you want your search results to display. For more information on setting user rights to reports and report objects. Sort by the date the thread was created. To sort your results In the Sort by list. Author. enter how many results you want to be displayed on each page. For details. Creation date. 2. and choose how many results to display per page. select which threads you want to delete in the results list. In the third category. select which of the following criteria you want to display: • • • • 2. Tip: You can use the Select All and Clear All buttons to select or clear all the threads displayed on the page. Sort by the author of a specific thread. 3. 1. Click Search. Thread title. Sort by the title of a thread. The selected threads are deleted. select whether you want the records to be displayed in ascending or descending order. Last modified date. To delete a discussion thread On the Discussions page. Setting user rights Users of the Discussions feature must have the right to view a report in order to create a discussion thread.

3 Administering BusinessObjects Enterprise Managing Discussions 52 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Architecture chapter .

plug in to the BusinessObjects Enterprise framework in various ways. and scalability the components that make up each of these tiers can be installed on one machine. Other Business Objects products. you can run the Central Management Server and the Event Server on one machine. its components. use this chapter to gain familiarity with the BusinessObjects Enterprise framework. even though these are called servers. the servers run as daemons.” If the Report Application Server is running on a multi-processor computer. or they can run on separate machines. These services can be “vertically scaled” to take full advantage of the hardware that they are running on. such as OLAP Intelligence and Report Application Server. and the general tasks that each component performs. This configuration is called “vertical scaling. then you may choose to run multiple Report Application Servers on it. If you are new to BusinessObjects Enterprise.4 BusinessObjects Enterprise Architecture Architecture overview and diagram Architecture overview and diagram BusinessObjects Enterprise is a multi-tier system. This means that the services can all run on the same machine. For example. In BusinessObjects Enterprise. The “servers” run as services on Windows machines. Note: BusinessObjects Enterprise Standard requires all of the components to be installed on one machine. 54 BusinessObjects Enterprise Administrator’s Guide . This chapter describes the framework itself. This configuration is called “horizontal scaling. they are actually services and daemons that do not need to run on separate computers. reliability. On UNIX.” The important thing to understand is that. they can be logically grouped based on the type of work they perform. the intelligence tier. The same service can also run in multiple instances on a single machine. To provide flexibility. The following diagram illustrates how each of the components fits within the multi-tier system. Although the components are responsible for different tasks. or spread across many. there are five tiers: the client tier. Consult each product’s installation or administration guides for details about how it integrates with the BusinessObjects Enterprise framework. and they can be “horizontally scaled” to take advantage of multiple computers over a network environment. and the data tier. while you run the Report Application Server on a separate machine. the application tier. the processing tier.

BusinessObjects Enterprise Administrator’s Guide 55 . and their primary responsibilities: • • • • “Client tier” on page 56 “Application tier” on page 58 “Processing tier” on page 64 “Data tier” on page 68 Tip: When you are familiar with the architecture and want to customize your system configuration. the key BusinessObjects Enterprise components. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. Once published to BusinessObjects Enterprise.BusinessObjects Enterprise Architecture Architecture overview and diagram 4 The remainder of this chapter describes each tier. and displayed in version XI format. reports are saved. processed. see Chapter 5: Managing and Configuring Servers and Chapter 7: Scaling Your System.

InfoView also demonstrates how you can use the BusinessObjects Enterprise . publish. and set security levels for all of your BusinessObjects Enterprise content. For more information.4 BusinessObjects Enterprise Architecture Client tier Client tier The client tier is the only part of the BusinessObjects Enterprise system that administrators and end users interact with directly. schedule. the CMC enables you to 56 BusinessObjects Enterprise Administrator’s Guide . organize. The client tier includes: • • • • • “InfoView” on page 56 “Central Management Console (CMC)” on page 56 “Central Configuration Manager (CCM)” on page 57 “Publishing Wizard” on page 57 “Import Wizard” on page 57 InfoView BusinessObjects Enterprise comes with InfoView. and view reports and other objects. In the case of . and keep track of published reports. This tier is made up of the applications that enable people to administer.NET Server Components. see the developer documentation available on your product CD. The web server forwards the user request directly to an application server where the request is processed by the WCA.NET. a web-based interface that end users access to view. Central Management Console (CMC) The Central Management Console (CMC) allows you to perform user management tasks such as setting up authentication and adding users and groups. InfoView also serves as a demonstration of the ways in which you can use the BusinessObjects Enterprise Software Development Kit (SDK) to create a custom web application for end users. Each BusinessObjects Enterprise request that a user makes is directed to the BusinessObjects Enterprise application tier. It also allows you to publish. Additionally.

these settings include default port numbers. For more information. and it allows you to view and to configure advanced server settings. By assigning object rights to BusinessObjects Enterprise folders. This tool allows you to start. you can perform all of these administrative tasks remotely. Crystal Enterprise. Central Configuration Manager (CCM) The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. The CMC also serves as a demonstration of the ways in which you can use the administrative objects and libraries in the BusinessObjects Enterprise SDK to create custom web applications for administering BusinessObjects Enterprise. see “Central Management Console (CMC)” on page 56. For more information. enable. on Windows the CCM allows you to add or remove servers from your BusinessObjects Enterprise system. and folders from an existing BusinessObjects Enterprise.BusinessObjects Enterprise Architecture Client tier 4 manage servers and create server groups. On Windows. The Publishing Wizard publishes reports from a Windows machine to BusinessObjects Enterprise servers running on Windows or on UNIX. and more. some of these functions are performed using other tools. see “Using the Central Configuration Manager” on page 42 and Chapter 5: Managing and Configuring Servers. see “Importing with the Import Wizard” on page 402. On UNIX. you control who can publish reports and where they can publish them to. stop. CMS database and clustering details. see the developer documentation available on your product CD. and disable servers. For more information. or Crystal Info implementation to BusinessObjects Enterprise. groups. For more information. Publishing Wizard The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add reports to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 57 . Because the CMC is a web-based application. In addition. see “Publishing overview” on page 374 and “Controlling users’ access to objects” on page 317. Import Wizard The Import Wizard is a locally installed Windows application that guides administrators through the process of importing users. reports. For more information. SOCKS server connections.

the communication between the web server and the application server was handled through the Web Connector. Application tier The application tier hosts the server-side components that process requests from the client tier as well as the components that communicate these requests to the appropriate server in the intelligence tier. The application tier includes support for report viewing and logic to understand and direct web requests to the appropriate BusinessObjects Enterprise server in the intelligence tier.NET platforms. The application tier includes: • • • “Application tier components” on page 58 “Web development platforms” on page 59 “Web application environments” on page 60 Application tier components For both the Java and . the web server communicates directly with the application server and the WCA handles the WCS functionality. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS).4 BusinessObjects Enterprise Architecture Application tier The Import Wizard runs on Windows. both on Windows and Unix platforms. In BusinessObjects Enterprise XI. 58 BusinessObjects Enterprise Administrator’s Guide . the application tier includes the following components: • • “Application server and BusinessObjects Enterprise SDK” on page 59 “Web Component Adapter (WCA)” on page 59 Note: In Crystal Enterprise 10 on Windows. but you can use it to import information into a new BusinessObjects Enterprise system running on Windows or on UNIX.

See the Platforms. both on Windows and Unix platforms.NET SDK run on a third party application server.txt file included with your product distribution for a complete list of tested application servers and version requirements. The application server is responsible for processing requests from your browser. The WCA has two primary roles: • • It processes ASP.NET platform” on page 60 BusinessObjects Enterprise Administrator’s Guide 59 .epf files) to HTML format when users view pages with a DHTML viewer. which then forwards the requests on to the WCA.NET (. The web server passes requests directly to the application server. the web server communicates directly with the application server and the WCA handles the WCS functionality.aspx) and Java Server Pages (. The application server acts as the gateway between the web server and the rest of the components in BusinessObjects Enterprise. In BusinessObjects Enterprise XI.jsp) files It also supports Business Objects applications such as the Central Management Console (CMC) and Crystal report viewers (that are implemented through viewrpt. It also supports InfoView and other Business Objects applications. the communication between the web server and the application server was handled through the Web Connector. The Web Component Adapter (WCA) runs within the application server and provides all services that are not directly supported by the BusinessObjects Enterprise SDK. Web Component Adapter (WCA) The web server communicates directly with the application server that hosts the BusinessObjects Enterprise SDK.BusinessObjects Enterprise Architecture Application tier 4 Application server and BusinessObjects Enterprise SDK BusinessObjects Enterprise systems that use the BusinessObjects Enterprise Java SDK or the BusinessObjects Enterprise . Web development platforms BusinessObjects Enterprise supports the following web development platforms: • • “Java platform” on page 60 “Windows .aspx requests). the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS). and uses the SDK to convert report pages (. Note: In Crystal Enterprise 10 on Windows.

jsp) and ASP. The use of a web server is optional as you may choose to have static content hosted by the application server. Windows . BusinessObjects Enterprise continues to l support Crystal Server Pages (. Note: In Crystal Enterprise 10 on Windows.4 BusinessObjects Enterprise Architecture Application tier Java platform All UNIX installations of BusinessObjects Enterprise include a Web Component Adapter (WCA).NET (. For more information.aspx) pages allow you to develop cross-platform J2EE and ASP. In BusinessObjects Enterprise XI.NET Framework include Primary Interop Assemblies (PIAs) that allow you to use the BusinessObjects Enterprise .aspx.NET. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS).NET applications that use the BusinessObjects Enterprise SDKs in conjunction with third party APIs. Web application environments BusinessObjects Enterprise supports Java Server Pages (.NET SDK with ASP. Note: For backward compatibility.asp).NET Server Components which simplify development of custom BusinessObjects Enterprise applications in ASP. It also includes a set of .NET. BusinessObjects Enterprise also includes Primary Interop Assemblies (PIAs) that enable you to use the BusinessObjects Enterprise SDK and Report Application Server SDK with ASP.NET. both on Windows and Unix platforms.NET Server Components that you can optionally use to simplify the development of custom applications. the communication between the web server and the application server was handled through the Web Connector. Java Server Pages (. 60 BusinessObjects Enterprise Administrator’s Guide .csp) and Active Server Pages (.jsp) and ASP.aspx) pages. a Java application server is required to host the WCA and the BusinessObjects Enterprise Java SDK. such as InfoView and the sample applications available via the BusinessObjects Enterprise Launchpad.NET applications.NET (.NET platform BusinessObjects Enterprise installations that use the . see the developer documentation available on your product CD. BusinessObjects Enterprise includes web applications developed in . the web server communicates directly with the application server and the WCA handles the WCS functionality. In this configuration. and a set of . This configuration requires the use of a Microsoft Internet Information Services (IIS) web server. You do not need a Web Component Adapter for custom ASP.

the CMS is able to ensure that scheduled jobs run at the appropriate times. BusinessObjects Enterprise Administrator’s Guide 61 . refer to the following sections: • • • • “Central Management Server (CMS)” on page 61 “Cache Server” on page 63 “File Repository Servers” on page 63 “Event Server” on page 64 Central Management Server (CMS) The CMS is responsible for maintaining a database of information about your BusinessObjects Enterprise system. which includes folders. BusinessObjects Enterprise content. which other components can access as required. This data allows the CMS to perform its four main tasks: • Maintaining security By maintaining a database of users and their associated object rights. It maintains all of the security information. the CMS enforces who has access to BusinessObjects Enterprise and the types of tasks they are able to perform. and a separate audit database of information about user actions. These tasks include enforcing and maintaining the licensing policy of your BusinessObjects Enterprise system. The data stored by the CMS includes information about users and groups. and inboxes. sends requests to the appropriate servers. For more information. manages audit information. security levels. The CMS also maintains the BusinessObjects Enterprise Repository. and servers. categories. and stores report instances. By communicating with the Job Servers and Program Job Servers.BusinessObjects Enterprise Architecture Intelligence tier 4 Intelligence tier The intelligence tier manages the BusinessObjects Enterprise system. • Managing objects The CMS keeps track of the location of objects and maintains the containment hierarchy.

If you already have the MSDE or SQL Server installed. see the developer documentation available on your product CD. and “Configuring the auditing database” on page 209. See the Platforms. and then writing these records to a central audit database. This audit information allows system administrators to better manage their BusinessObjects Enterprise deployment. see the BusinessObjects Enterprise Installation Guide. the Setup program can install and configure its own Microsoft Data Engine (MSDE) database if necessary. See “Creating custom audit reports” on page 217 for more information. 62 BusinessObjects Enterprise Administrator’s Guide . If you are unsure of the procedure. for instance. The backup procedure depends upon your database software. • Managing auditing By collecting information about user actions from each BusinessObjects Enterprise server.txt file included with your product distribution for a complete list of tested database software and version requirements. You can access the audit database directly to create custom audit reports. Note: • It is strongly recommended that you back up the CMS system database. For more information. System information should only be retrieved using the calls that are provided in the BusinessObjects Enterprise Software Development Kit (SDK).4 BusinessObjects Enterprise Architecture Intelligence tier • Managing servers By staying in frequent contact with each of the servers in the system. Note: In previous versions of Crystal Enterprise. Report viewers access this list. The CMS database should not be accessed directly. you provide the CMS with database connectivity and credentials when you install BusinessObjects Enterprise. and also as the Automated Process Scheduler (APS). MSDE is a client/server data engine that provides local data storage and is compatible with Microsoft SQL Server. the CMS is able to maintain a list of server status. so the CMS can create its own system database and BusinessObjects Enterprise Repository database using your organization’s preferred database server. and the audit database frequently. You can migrate your default CMS system database to a supported database server later. the Central Management Server (CMS) was known as the Crystal Management Server. Typically. consult with your database administrator. the installation program uses it to create the CMS system database. • • On Windows. For details about setting up CMS databases. to identify which Cache Server is free to use for a report viewing request. the CMS acts as the system auditor.

The Page Server runs the report and returns the results to the Cache Server. with data that has been refreshed from the database within the interval that you have specified as the default. The Output File Repository Server manages all of the report instances generated by the Report Job Server or the Web Intelligence Report Server.BusinessObjects Enterprise Architecture Intelligence tier 4 For details about configuring the CMS. BusinessObjects Enterprise Administrator’s Guide 63 . For more information. or a Business Objects designer component such as Crystal Reports or the Web Intelligence Java or HTML Report Panels). and CMS clusters. The File Repository Servers are responsible for listing files on the server. and removing files from the repository. If the Cache Server cannot fulfil the request with a cached report page. its system database. The Cache Server checks whether or not it can fulfill the request with a cached report page. the Central Management Console. The Input File Repository Server manages all of the report objects and program objects that have been published to the system by administrators or end users (using the Publishing Wizard. If the Cache Server finds a cached page that displays exactly the required data. the Cache Server returns that cached report page. Tip: If you use the BusinessObjects Enterprise SDK. querying for the size of the entire file repository. and returns the data to the viewer. see “Modifying Cache Server performance settings” on page 112. the Import Wizard. it passes the request along to the Page Server. By storing report pages in a cache. querying for the size of a file. see “Configuring the intelligence tier” on page 92. BusinessObjects Enterprise avoids accessing the database each and every time a report is requested. adding files to the repository. Cache Server The Cache Server is responsible for handling all report viewing requests. the Cache Server automatically balances the processing load across Page Servers. The Cache Server then caches the report page for future use. If you are running multiple Page Servers for a single Cache Server. For more information about Auditing. you can also publish reports from within your own code. File Repository Servers There is an Input and an Output File Repository Server in every BusinessObjects Enterprise implementation. see “Managing Auditing” on page 203. and the program instances generated by the Program Job Server.

such as text files. Microsoft Word files. Processing tier The processing tier accesses the data and generates the reports. In this case. the Event Server again triggers your file-based event. Likewise.4 BusinessObjects Enterprise Architecture Processing tier Note: • • The Input and Output File Repository Servers cannot share the same directories. This is because one of the File Repository Servers could then delete files and directories belonging to the other. The CMS then starts any jobs that are dependent upon your file-based event. Note: Schedule-based events. After notifying the CMS of the event. the Event Server triggers your file-based event: that is. the Event Server resets itself and again monitors the directory for the appropriate file. When the file is newly created in the monitored directory. the Event Server notifies the CMS that the file-based event has occurred. and custom events are managed by the Central Management Server. In larger deployments. Objects with files associated with them. all Output File Repository Servers must share a directory. When the appropriate file appears in the monitored directory. The processing tier includes: 64 BusinessObjects Enterprise Administrator’s Guide . • Event Server The Event Server manages file-based events. It is the only tier that interacts directly with the databases that contain the report data. all Input File Repository Servers must share the same directory. the Event Server monitors the directory that you specified. there may be multiple Input and Output File Repository Servers. or PDFs. for redundancy. are stored on the Input File Repository Server. When you set up a file-based event within BusinessObjects Enterprise.

and then runs the program. the Program Job Server first retrieves the files from storage on the Input File Repository Server. BusinessObjects Enterprise Administrator’s Guide 65 . The Report Job Server processes scheduled reports. Once it has generated the report instance. it becomes a Report Job Server. the Report Job Server obtains the report object from the Input FRS and communicates with the database to retrieve the current data. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system.NET programs that run against. it becomes a Program Job Server. To run a program. and generates report instances (instances are versions of a report object that contain saved data). including scripts. If you configure a Job Server to process program objects. Therefore the outcome of running a program will be dependent upon the particular program object that is run. BusinessObjects Enterprise. Program Job Server A Job Server processes scheduled actions on objects at the request of the CMS. it stores the instance on the Output FRS. The Program Job Server processes scheduled program objects. and schedule custom applications. Java programs or . publish. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system. Program objects allow you to write. By definition. as requested by the CMS.BusinessObjects Enterprise Architecture Processing tier 4 • • • • • • • • “Report Job Server” on page 65 “Program Job Server” on page 65 “Web Intelligence Job Server” on page 66 “Web Intelligence Report Server” on page 66 “Report Application Server (RAS)” on page 66 “Destination Job Server” on page 67 “List of Values Job Server” on page 67 “Page Server” on page 67 Report Job Server A Job Server processes scheduled actions on objects at the request of the CMS. as requested by the CMS. To generate a report instance. and perform maintenance work on. program objects are custom applications. If you configure a Job Server to process report objects.

Web Intelligence Report Server The Web Intelligence Report Server is used to create. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. However.4 BusinessObjects Enterprise Architecture Processing tier Unlike report instances. and analyze Web Intelligence documents. the Web Intelligence Report Server will use cached information. which can be viewed in their completed format. which it stores on the Output File Repository Server (FRS). The RAS is very similar to the Page Server: it too is primarily responsible for responding to page requests by processing reports and generating EPF pages. edit. Web Intelligence Job Server The Web Intelligence Job Server processes scheduling requests it receives from the CMS for Web Intelligence documents. This file appears when you click a program instance in the object History. Depending on the user’s access rights and the refresh options of the document. which will generate the instance of the Web Intelligence document. As with the Page Server. The Report Application Server also includes an SDK for reportcreation and modification. ASP. the RAS uses an internal caching mechanism that involves no interaction with the Cache Server.NET. The Web Intelligence Job Server does not actually generate object instances. and Java viewer SDKs. The RAS also provides the ad hoc reporting capabilities that allow users to create and modify reports over the Web. view. 66 BusinessObjects Enterprise Administrator’s Guide . It also processes scheduled Web Intelligence documents and generates new instances of the document. providing you with tools for building custom report interaction interfaces. It forwards these requests to the Web Intelligence Report Server. or it will refresh the data in the document and then cache the new information. program instances exist as records in the object history. the RAS supports COM. Report Application Server (RAS) The Report Application Server (RAS) processes reports that users view with the Advanced DHTML viewer.

The Destination Job Server can send objects and instances to destinations inside the BusinessObjects Enterprise system. a user’s inbox. Lists of values are use to implement dynamic prompts and cascading lists of values within Crystal Reports. or outside the system. It only handles objects and instances that already exist in the Input or Output File Repository Servers. for example. The Destination Job Server does not run the actual report or program objects. There is never more than one instance of a list-of-values object. On demand list of value objects are processed by the Report Application Server. A Destination Job Server processes requests that it receives from the CMS and sends the requested objects or instances to the specified destination: • • If the request is for an object. see the Business Views Administrator’s Guide. Page Server The Page Server is primarily responsible for responding to page requests by processing reports and generating Encapsulated Page Format (EPF) pages. it retrieves the instance from the Output File Repository Server. If the request is for a report or program instance. it retrieves the object from the Input File Repository Server. These are objects that contain the values of specific fields in a Business View. see “Sending an object or instance” on page 420. for example. When retrieving data from the database. the BusinessObjects Enterprise Administrator’s Guide 67 . or to send objects or instances to specified destinations. by sending a file to an email address. For more information. The EPF pages contain formatting information that defines the layout of the report. it become a Destination Job Server.BusinessObjects Enterprise Architecture Processing tier 4 Destination Job Server When you add a job server to your BusinessObjects Enterprise system. If you configure it to send objects or instances. you can configure it to process report objects or program objects. The Page Server retrieves data for the report from an instance or directly from the database (depending on the user’s request and the rights he or she has to the report object). For more information. List-of-value objects do not appear in CMC or InfoView. List of Values Job Server The List of Values Job Server processes scheduled list-of-value objects. The List of Values Job Server behaves similarly to the Report Job Server in that it retrieves the scheduled objects from the Input File Repository Server (FRS) and saves the instance it generates to the Output FRS.

BusinessObjects Enterprise takes advantage of this behavior by ensuring that the majority of report-viewing requests are made to the Cache Server and Page Server. ASP. Data tier The data tier is made up of the databases that contain the data used in the reports. Report viewers BusinessObjects Enterprise includes report viewers that support different platforms and different browsers in the client tier.) All of the viewers fall into two categories: • client-side viewers Client-side viewers are downloaded and installed in the users’ web browser. The Page Server and Cache Server also interact to ensure cached EPF pages are reused as frequently as possible. (For more information on the specific functionality or platform support provided by each report viewer.4 BusinessObjects Enterprise Architecture Data tier Page Server automatically disconnects from the database after it fulfills its initial request and reconnects if necessary to retrieve additional data. and new pages are generated as soon as they are required.NET. 68 BusinessObjects Enterprise Administrator’s Guide . see the BusinessObjects Enterprise User’s Guide or the Crystal Reports Developer’s Guide. Specifically. and Java viewer Software Development Kits (SDKs).) The Page Server also supports COM. See the Platforms. (However. the Page Server responds to page requests made by the Cache Server. and which have different report viewing functionality. (This behavior conserves database licenses. BusinessObjects Enterprise supports a wide range of corporate databases.) The Cache Server and Page Server work closely together. the report is processed by the Report Application Server. if a user’s default viewer is the Advanced DHTML viewer.txt file included with your product distribution for a complete list of tested database software and version requirements.

users are prompted to download and install the appropriate viewer software before the report is displayed in the browser. The application server then passes the . The user will be prompted to reinstall the ActiveX viewer only when a new version becomes available on the server. and present report pages that appear in the user’s browser.epf files and displays them directly in the browser. the application server processes the request. When a user requests a report. The viewer object then sends these pages through the web server to the user’s web browser. and retrieves the report pages in . and then retrieves the report pages in . This section covers two different scenarios: • • “What happens when you schedule an object?” on page 70 “What happens when you view a report?” on page 71 BusinessObjects Enterprise Administrator’s Guide 69 . The SDK creates a viewer object on the application server which processes the .BusinessObjects Enterprise Architecture Information flow 4 • zero client viewers The code to support zero client viewers resides in the application tier. the application server processes the request. When a user requests a report. Information flow This section describes the interaction of the server components in order to demonstrate how report-processing is performed.epf and creates DHTML pages that represent both the viewer controls and the report itself.epf format from the BusinessObjects Enterprise framework. Zero client viewers Zero client viewers reside on the application server. which processes the .epf format from the BusinessObjects Enterprise framework.epf file to the client-side viewer. client-side viewers Active X viewer Java viewer zero client viewers DHTML viewer Advanced DHTML viewer All report viewers help process requests for reports. and then remains installed on the user’s machine. Installing viewers If they haven’t already done so. Client-side viewers Client-side viewers are downloaded and installed in the user’s browser. The Active X viewer is downloaded the first time a user requests a report.

For details. it sends the job to the Report Job Server. If the object is Web Intelligence document. see “Managing events overview” on page 510. thereby creating an instance of the object. If the object is a report. the CMS passes the job to the appropriate job server. 6. the Web Intelligence Report Server notifies the Web Intelligence Job Server. For example. The CMS checks to see if the user has sufficient rights to schedule the object. the CMS schedules the object to be run at the specified time(s). and tells the CMS that it has completed the job successfully. it sends the job to the Web Intelligence Job Server. 3. InfoView sends the request to the web server. Note: 70 BusinessObjects Enterprise Administrator’s Guide . where it is evaluated by the BusinessObjects Enterprise SDK. 4. you instruct BusinessObjects Enterprise to process an object at a particular point in time. Tip: BusinessObjects Enterprise also allows you to schedule jobs that are dependent upon other events. which sends the request to the Web Intelligence Report Server. If the job was for a Web Intelligence document. the following happens: 1. If the object is program. it sends the job to the Program Job Server. When the time occurs. 8. the CMS will send the job to one of the following job servers: • • • 7. The Web Intelligence Job Server then notifies the CMS that the job was completed successfully. see “Supporting users in multiple time zones” on page 527. The SDK passes the request to the Central Management Server. 5. The job server retrieves the object from the Input File Repository Server and runs the object against the database. When a user schedules an object using InfoView.4 BusinessObjects Enterprise Architecture Information flow What happens when you schedule an object? When you schedule an object. 2. If the user has sufficient rights. Depending on the type of object. Tip: For details about multiple time zones. The job server then saves the instance to the Output File Repository Server. The web server passes the web request directly to the application server. or on a recurring schedule. if you have a report that is based on your web server logs. you can schedule the report to run every night on a recurring basis.

When evaluated by the application server. when evaluated by the application server. the request that begins at the web server must be forwarded to the application server. This ID is passed as a parameter to a server-side script that. When you view a report through BusinessObjects Enterprise. hosted by the WCA. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Report Application Server. This can be an important consideration when deciding how to configure BusinessObjects Enterprise. especially in large installations.aspx. • Users without schedule rights on an object will not see the schedule option in BusinessObjects Enterprise. The script then checks the user’s InfoView preferences and redirects the request to the viewing mechanism that corresponds to the user’s default viewer. BusinessObjects Enterprise Administrator’s Guide 71 . The processing flow for custom applications may differ. See “Scaling Your System” on page 157.aspx. What happens when you view a report? This section describes the viewing mechanisms that are implemented in InfoView. When evaluated by the application server. The actual request is constructed as a URL that includes the report’s unique ID. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Cache Server and Page Server. and the rights you have to the report. When you schedule program objects or object packages. • The zero-client Advanced DHTML viewer is implemented through report_view_advanced. verifies the user’s session and retrieves the logon token from the browser. however. the interaction between servers follows the same pattern as it does for reports. the type of report.aspx. the processing flow varies depending upon your default report viewer. Different report viewers require different viewing mechanisms: • The zero-client DHTML viewer is implemented through report_view_dhtml.BusinessObjects Enterprise Architecture Information flow 4 • The Cache Server and the Page Server do not participate in scheduling reports or in creating instances of scheduled reports. • The client-side report viewers (the ActiveX and Java viewers) are implemented through viewrpt. In all cases.

or Java viewer.epf pages and forwards them to the Cache Server.epf format from the Cache Server and Page Server. If the user is granted the right to view the report. d. the Cache Server checks to see if it has the requested pages cached. The application server sends the report to the user’s Web browser in one of two ways. The Cache Server then caches the . If they haven’t already done so. This process uses the Cache Server and the Page Server. The Page Server checks with the CMS to see if the user has rights to view the report. the user must have View On Demand rights to view the report successfully (because the Page Server needs to retrieve data from the database). The viewer code communicates with the framework in order to retrieve a report page in . The Cache Server checks with the CMS to see if the user has rights to view the report.epf file is available: a. Upon receiving a report-viewing request. Report viewing with the Cache Server and Page Server This section describes the process for viewing a Crystal report when using the zero-client DHTML. 1. depending on how the initial request was made: 72 BusinessObjects Enterprise Administrator’s Guide .epf file is unavailable: a. Cached pages are stored as Encapsulated Page Format (. 3. the Page Server will not retrieve the latest data from the database. ActiveX. the Page Server retrieves the report from the Input File Repository Server.epf) files. f. If the user is granted the right to view the report. b. g. and the user only has View rights. If a cached version of the . b. The Cache Server sends the .epf files. If the report is an object. e. 4.epf file to the application server. the Cache Server sends the . If the user has sufficient rights. If the report is an instance. That is. 2.epf files to the application server. The Cache Server requests new . users are prompted to download and install the appropriate viewer software. the Page Server will generate pages of the report instance using the data stored in the report instance. If a cached version of the .4 BusinessObjects Enterprise Architecture Information flow The Crystal Web Request is executed internally through viewer code on the application server. the Page Server generates the . c.epf files from the Page Server.

then the RAS will refresh the report against the database. If the user is granted View rights to the report object.epf pages and sends the . the RAS will not retrieve the latest data from the database. If the user is granted View On Demand rights to the report object.BusinessObjects Enterprise Architecture Information flow 4 • If the initial request was made through a DHTML viewer (report_view_dhtml.epf pages through the web server to the report viewer software in the user’s web browser. If a cached version of the . If the user is granted the right to view the report. The RAS checks with the CMS to see if the user has rights to view the report. (The RAS has its own caching mechanism. c. Upon receiving a report-viewing request. The RAS then processes the report object. the RAS retrieves the report object from the Input File Repository Server. caches the . obtains the data from the database. 1. The HTML pages are then returned through the web server to the user’s web browser. b.) If a cached version of the . then the RAS will only ever generate pages of the latest report instance. d.aspx).epf pages to the application server. BusinessObjects Enterprise Administrator’s Guide 73 .epf pages to the application server. • Report viewing with the Report Application Server (RAS) This section describes the process for viewing a Crystal report when using the Advanced DHTML viewer. If the initial request was made through an Active X or Java viewer (viewrpt. the RAS checks to see if it has the requested report data in cache. The RAS checks with the CMS to see if the user has rights to view the report. This process flow uses the Report Application Server (RAS).aspx). b.epf file is unavailable: a. 2. 3.epf pages. the RAS returns . the viewer SDK (residing on the application server) is used to generate HTML that represents both the DHTML viewer and the report itself. the application server forwards the . generates the . That is. which is separate from the Cache Server.epf file is available: a. If the user is granted the right to view the report. Note: The interactive search and filter features provided by the Advanced DHTML viewer are available only if the user has View On Demand rights (or greater) to the report object.

c. The web application server then sends the request to the Web Intelligence Report Server. 4. 5. 1. and they are stored on the Output FRS. Documents are stored on the Input FRS. and to check when the document was last updated. 3. When the application server receives the . the following happens: a. 74 BusinessObjects Enterprise Administrator’s Guide . which creates a new session with the Web Intelligence Report Server. If the user has the right to view the document. The Web Intelligence Report Server obtains the Web Intelligence document from either the Input or Output File Repository Server and loads the document file. b. If cached content is available. The Web Intelligence Report Server obtains the document information from the CMS and checks what rights the user has on the document. 5.4 BusinessObjects Enterprise Architecture Information flow 4. The Web Intelligence Report Server contacts the CMS to check whether the user has the right to view the document.epf pages from the RAS. If cached content is not available. The application server sends the HTML pages through the web server to the user’s web browser. Instances are generated when an object is run according to a schedule. The Web Intelligence Report Server checks if the user has rights to use the Web Intelligence application. The web application server sends the request to the application server. the Web Intelligence Report Server checks whether it has up-to-date cached content for the document. 6. the viewer SDK generates HTML that represents both the Advanced DHTML viewer and the report itself. If the document is set to “refresh on open” and the user has the View On Demand rights. 7. 2. the Web Intelligence Report Server refreshes the data in the document with data from the database. Note: Which FRS is used depends on whether the request was for a Web Intelligence document that was saved to BusinessObjects Enterprise or for an instance of the document. the Web Intelligence Report Server sends the cached document information to the SDK. InfoView sends the request to the web application server. Viewing Web Intelligence documents This section describes the process for viewing a Web Intelligence document.

In such cases.BusinessObjects Enterprise Architecture Choosing between live and saved data 4 Note: If the document is set to “refresh on open” but the user does not have View On Demand rights. The request is passed to the Web Intelligence Report Server. Live data On-demand reporting gives users real-time access to live data. however. BusinessObjects Enterprise displays the first page as quickly as possible. The Web Intelligence Report Server stores the document file and the new document information in cache. For instance. 10. straight from the database server. The viewer script returns the HTML to the browser. Use live data to keep users up-to-date on constantly changing data. The viewer script calls the SDK to get the requested page of the document. the choice to use live or saved data is one of the most important decisions you’ll make. you may prefer to schedule reports on a recurrent basis so that users can always view recent data (report instances) without hitting the database server. then all those requests to the database do little more than increase network traffic and consume server resources. Whichever choice you make. consider whether or not you want all of your users hitting the database server on a continual basis. if the managers of a large distribution center need to keep track of inventory shipped on a continual basis. it renders the page to XML using the current data for the document. Choosing between live and saved data When reporting over the Web. it returns the cached XML to the SDK. Before providing live data for all your reports. The Web Intelligence Report Server sends the document information to the SDK. e. so you can see your report while the rest of the data is being processed. an error message is displayed. 8. so they can access information that’s accurate to the second. The SDK applies an XSLT style sheet to the XML to transform it to HTML. 9. 11. BusinessObjects Enterprise Administrator’s Guide 75 . however. then live reporting is the way to give them the information they need. d. If the data isn’t rapidly or constantly changing. It then returns the XML to the SDK. If the Web Intelligence Report Server has cached content for the page. If the Web Intelligence Report Server does not have the cached content for the page.

For example. When users navigate through report instances. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. they access the saved data. When the report has been run. without triggering additional hits on the database. and drill down for details on columns or charts. Consequently. you can run the report on a similar schedule. Report instances are useful for dealing with data that isn’t continually updated. but they are not hitting the database every time they open a report. Saved data To reduce the amount of network traffic and the number of hits on your database servers. if your sales database is updated once a day. reports with saved data not only minimize data transfer over the network. Tip: Users require only View access to display report instances. 76 BusinessObjects Enterprise Administrator’s Guide . but also lighten the database server’s workload.5 and later). Tip: Users require View On Demand access to refresh reports against the database. Sales representatives then always have access to current sales data. they don’t access the database server directly. instead. users can view that report instance as needed. you can schedule reports to be run at specified times.4 BusinessObjects Enterprise Architecture Choosing between live and saved data For more information about optimizing the performance of reports that are viewed on demand.

Managing and Configuring Servers chapter .

economy. and to change the default server port numbers. to modify performance settings. For example. the CCM allows you to configure BusinessObjects Enterprise remotely over your corporate network You can accomplish some configuration tasks with both tools. you can also specify how long data will be shared between users.5 Managing and Configuring Servers Server management overview Server management overview This chapter provides information on a range of server tasks that allow you to customize the behavior of BusinessObjects Enterprise. When running reports on demand. and scalability of BusinessObjects Enterprise. enabling data sharing between reports markedly increases system performance when user loads are heavy. disabling data sharing means that every user can always assume that they will receive the latest data. With BusinessObjects Enterprise. you use the CCM to stop servers. and consistency of operation of a typical BusinessObjects Enterprise installation. Because the CMC is a web-based interface. you can configure your BusinessObjects Enterprise servers remotely over the Internet or through your corporate intranet. predictability. If you prefer to place more emphasis on the efficiency. To take advantage of this feature while ensuring that every user receives data that meets your criteria for timeliness. For example. or create server groups. data sharing between reports is disabled. It also includes information on the server settings that you can alter to accommodate the needs of your organization. 78 BusinessObjects Enterprise Administrator’s Guide . The default values for these settings have been chosen to maximize the reliability. For instance. you can tune server settings to set your own balance between system reliability and performance. while other tasks must be performed with a specific tool. by default. BusinessObjects Enterprise administrative tools BusinessObjects Enterprise includes two key administrative tools that allow you to view and to modify a variety of server settings: • Central Management Console (CMC) The CMC is the web-based administration tool that allows you to view and to modify server settings while BusinessObjects Enterprise is running. The default settings guarantee the highest degree of data accuracy and timeliness. change server settings. access server metrics. you use the CMC to change the status of a server. • Central Configuration Manager (CCM) The CCM is a program that allows you to view and to modify server settings while Business Objects servers are offline. For instance.

These metrics include general information about each machine. Tip: For an example of how to use server metrics in your own web applications. number of CPUs. For more information. and local time. 2. With the BusinessObjects Enterprise Software Development Kit (SDK). and your current system activity. total hard disk space. Viewing current metrics The CMC allows you to view server metrics over the Web. Viewing current server metrics The Servers management area of the CMC displays server metrics that provide statistics and information about each BusinessObjects Enterprise server. 3.Managing and Configuring Servers Viewing current metrics 5 Related topics: • • • For an overview of the multi-tier architecture and the BusinessObjects Enterprise server components. 1. you can now access and modify server metrics and settings from your own web applications. To view server metrics Go to the Servers management area of the CMC. The general information displayed for each server includes information about the machine that the server is running on—its name. along with details that are specific to the type of server. BusinessObjects Enterprise Administrator’s Guide 79 . For information about creating groups of servers. Click the Metrics tab. free hard disk space. see the “View Server Summary” sample on the BusinessObjects Enterprise Admin Launchpad. see “Managing Server Groups” on page 151. Click the link to the server whose metrics you want to view. operating system. see “BusinessObjects Enterprise Architecture” on page 53. The CMC also allows you to view system metrics. see the developer documentation available on your product CD. which include information about your product version. your CMS. total RAM. The general information also includes the time the server started and the version number of the server.

the number of bytes transferred. and the number of requests that are queued.crystald. server-specific information: Input and Output File Repository Servers The Metrics tab of each File Repository Server lists the root directory of the files that the server maintains. the cache hit rate. indicates the maximum idle time. the total threads running. Event Server The Metrics tab of the Event Server contains statistics on the files that the server is monitoring. the number of requests served. whether or not the database is accessed whenever a viewer’s file (object) is refreshed. and the number of writers for each active file. the number of readers. Each File Repository Server also has an Active Files tab. the location of the cache files. The Metrics tab also provides a table that lists the Page Servers that the Cache server has connections to.net. This tab includes a table showing the file name and the last time the event occurred. It also lists the total available hard disk space.5 Managing and Configuring Servers Viewing current metrics This example shows the metrics for an Event Server that is running on a machine called Crystal-E501888. the number of current connections. and displays the number of active files and active client connections. The Metrics tabs for the following servers include additional. the minutes between refreshes from the database. as well as the number of bytes sent and received. which lists the filename. the minutes before an idle job is closed. the maximum cache size. along with the number of connections made to each Page Server. 80 BusinessObjects Enterprise Administrator’s Guide . Cache Server The Metrics tab of the Cache Server displays the maximum number of processing threads.

and the total bytes transferred. and the number of reports that have been opened. the total number of failed job creations. the minutes before a report job is closed. It also lists the data source. Central Management Server The Metrics tab of the CMS lists only the general information about the machine it is running on. It also shows the number of open connections. The Properties tab. Click any user’s link to view the associated account details. the total number of requests served. the number of minutes before an idle connection is closed. The Cluster tab lists the name of the CMS you are connected to. 1. and Cluster tabs. Report Application Server The Metrics tab of the Report Application Server (RAS) shows the number of reports that are open. along with statistics about current and processed jobs. Viewing system metrics The Settings management area of the CMC displays system metrics that provide general information about your BusinessObjects Enterprise installation. the processing mode. and database user name of the CMS database. the current number of processing threads running. BusinessObjects Enterprise Administrator’s Guide 81 . however.Managing and Configuring Servers Viewing current metrics 5 Page Server The Metrics tab of the Page Server contains information on how the server is running. the total number of requests received. The Properties tab includes information about the product version and build. whether a viewer refresh always hits the database. and the location of its temporary files. database name. along with the number of open connections that have been created. 2. the name of the CMS cluster. Metrics. To view system metrics Go to the Settings management area of the CMC. and the setting for the Report Job Database Connection. the oldest processed data given to a client. Job servers and Web Intelligence servers The Metrics tabs of theses servers lists the current number of jobs that are being processed. the location of temporary files. View the contents of the Properties. and the names of other cluster members. the number of requests queued. the maximum number of database records shown when previewing or refreshing a report. It also shows the number of current connections. It lists the maximum number of simultaneous report jobs. shows a list of users who have active sessions on the system. The Metrics tab lists current account activity.

A server that is disabled is still running as a process. the changes typically do not take effect until your restart the server. or disabled. This section shows how to modify the status of servers with the CMC and the CCM. and refreshing server status” on page 86 Starting. a server must be started and enabled. Restarting a server Restarting a server is a shortcut to stopping a server completely and then starting it again. copying. see Clustering Central Management Servers. The remainder of this chapter tells you when a certain configuration change requires that you first stop or restart the server. To respond to BusinessObjects Enterprise requests. however. stopping. Viewing and changing the status of servers The status of a server is its current state of operation: a server can be started. If you have stopped a server to configure it. because these tasks appear frequently. see Licensing overview. Action Stopping a server Description You must stop BusinessObjects Enterprise servers before you can modify certain properties and settings. stopping. and restarting servers” on page 82 “Enabling and disabling servers” on page 85 “Printing. the concepts and differences are explained first. A server that is stopped is no longer running as a process. For information about CMS clusters. However. and the general procedures are provided for reference. enabled. you need Starting a server to start it to effect your changes and to have the server resume processing requests. stopping. and restarting servers are common actions that you perform when you configure servers or take them offline for other reasons. it is not accepting requests from the rest of BusinessObjects Enterprise. however. 82 BusinessObjects Enterprise Administrator’s Guide . You can change certain settings without stopping the server.5 Managing and Configuring Servers Viewing and changing the status of servers Related topics: • • For more information about licenses and account activity. It includes: • • • “Starting. stopped. and restarting servers Starting.

if you want to change the name of a CMS. We recommend that you disable Job Servers and Program Job Servers before stopping them so that they can finish processing any jobs they have in progress before stopping. or Restart. BusinessObjects Enterprise Administrator’s Guide 83 . Depending upon the action you need to perform. the Event Server is disabled. In this example. see “Enabling and disabling servers” on page 85. thereby stopping the server completely. The icon associated with each server identifies its status: • • • Running is indicated by a server with a green arrow. or restart servers with CMC Note: You cannot use CMC to stop the CMS. you terminate the server’s process. 1. you can also enable and disable servers. To start. the Page Server Server is stopped. you start the server again to effect your changes. 2. A list of servers appears. 4. and the remaining servers are running and enabled. If you want to prevent a server from receiving requests without actually stopping the server process. Select the check box for the server whose status you want to change. then you must first stop the server. Disabled is indicated by a server with a red circle.Managing and Configuring Servers Viewing and changing the status of servers 5 For example. Stop. Tip: When you stop (or restart) a server. Click Refresh to update the page. 3. Stopped is indicated by a server with a red arrow. You may be prompted for network credentials that allow you to start and stop services running on the remote machine. click Start. You must use the CCM instead. For details. Go to the Servers management area of the CMC. See “Stopping a Central Management Server” on page 84 for more information. Once you have made your changes. stop.

5

Managing and Configuring Servers Viewing and changing the status of servers

1. 2. 3.

To start, stop, or restart a Windows server with the CCM Start the CCM. Select the server that you want to start, stop, or restart. On the toolbar, click the appropriate button.

Toolbar Action Icon Start the selected server. Stop the selected server. Restart the selected server. You may be prompted for network credentials that allow you to start and stop services. Note: When you provide your network credentials, they are first checked against the machine hosting the CMS. If the server that you want to start, stop, or restart is located on another machine, the same credentials are used to access the other machine. If you supply credentials that are valid on the remote machine but not on the machine running the CMS, then you receive an error message. The CCM performs the action and refreshes the list of servers. To start, stop, or restart a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Stopping a Central Management Server
If your BusinessObjects Enterprise installation has a single Central Management Server (CMS), shutting it down will make BusinessObjects Enterprise unavailable to your users and will interrupt the processing of reports and programs. Before stopping your CMS, you may wish to disable your processing servers so that they can finish any jobs in progress before BusinessObjects Enterprise shuts down. See “Enabling and disabling servers” on page 85 for more information. If you have a CMS cluster consisting of more than one active CMS, you can shut down a single CMS without losing data or affecting system functionality. The other CMS in the cluster will assume the workload of the stopped server.

84

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

Using a CMS cluster enables you to perform maintenance on each of your Central Management Servers in turn without taking BusinessObjects Enterprise out of service. For more information on CMS clusters, see “Clustering Central Management Servers” on page 92.

Enabling and disabling servers
When you disable a BusinessObjects Enterprise server, you prevent it from receiving and responding to new BusinessObjects Enterprise requests, but you do not actually stop the server process. This is especially useful when you want to allow a server to finish processing all of its current requests before you stop it completely. For example, you may want to stop a Job Server before rebooting the machine it is running on. However, you want to allow the server to fulfill any outstanding report requests that are in its queue. First, you disable the Job Server so it cannot accept any additional requests. Next, go to the Central Management Console to monitor when the server completes the jobs it has in progress. (From the Servers management area, choose the server name and then the metrics tab). Then, once it has finished processing current requests, you can safely stop the server. Note: The CMS must be running in order for you to enable and/or disable other servers. 1. To enable and disable servers with CMC Go to the Servers management area of the CMC. The icon associated with each server identifies its status. In this example, the Event Server is disabled (but not stopped), and the remaining servers are running and enabled.

BusinessObjects Enterprise Administrator’s Guide

85

5

Managing and Configuring Servers Viewing and changing the status of servers

2. 3. 1. 2. 3. 4.

Select the check box for the server whose status you want to change. Depending upon the action you need to perform, click Enable or Disable. To enable or disable a Windows server with the CCM Start the CCM. On the toolbar, click Enable/Disable. When prompted, log on to your CMS with the credentials that provide you with administrative privileges to BusinessObjects Enterprise. Click Connect. The Enable/Disable Servers dialog box appears.

This dialog box lists all of the BusinessObjects Enterprise servers that are registered with your CMS, including servers running on remote machines. By default, servers running on remote machines are displayed as MACHINE.servertype. In this example, all of the listed servers are currently enabled. 5. 6. To disable a server, clear the check box in the Server Name column. Click OK to effect your changes and return to the CCM.

To enable or disable a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Printing, copying, and refreshing server status
When using the CCM on Windows, you can print and copy the properties of a server, and refresh the list of servers.

86

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

1. 2.

To print the status of a server Start the CCM. Select the server(s).

BusinessObjects Enterprise Administrator’s Guide

87

5

Managing and Configuring Servers Configuring the application tier

3. 4.

Click Print. The Print dialog box appears. Click OK. A brief listing of the server’s properties is printed, including the Display Name, Version, Command Line, Status, and so on.

To copy the status of a server To save the status of a server, you can copy the details from the CCM to a document or to an email message (if you want to send the status information to someone else). 1. 2. 3. 4. Start the CCM. Select the server(s). Click Copy. Paste the information into a document for future reference. To refresh the list of servers To ensure you are looking at the latest information, click Refresh.

Note: Disabled servers may not appear in this list. Click Enable/Disable to view a list of servers and ensure that each is enabled.

Configuring the application tier
This section includes technical information and procedures that show how you can modify settings for the application tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements.

88

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Note: This section does not show how to configure your Web application server to deploy BusinessObjects Enterprise applications. This task is typically performed when you install BusinessObjects Enterprise. For details, see the BusinessObjects Enterprise Installation Guide. For further troubleshooting, see “Working with Firewalls” on page 181.

Configuring the Web Component Adapter
The WCA provides support for the Central Management Console and CSP applications. The Web Component Adapter is a web application. It does not appear as a server in the Central Management Console or in the Central Configuration Manager. To configure the WCA, edit either of the following files, depending on whether you are running the system on a Java or .NET platform:

• •

On a Java platform edit the web.xml file associated with the WCA. See “Configuring the Java Web Component Adapter” on page 89. On a .NET platform edit the web.config file associated with the WCA. See “Configuring the .NET Web Component Adapter” on page 91.

Configuring the Java Web Component Adapter
To configure the Java WCA you edit the web.xml file associated with the WCA:

• •

Windows: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\java\applications directory UNIX: WEB-INF subdirectory of the webcompadapter.war archive file stored in the bobje_root/enterprise11/java/applications directory

For example, the context parameter that controls whether a group tree will be generated looks like this:
<context-param> <param-name>viewrpt.groupTreeGenerate</param-name> <param-value>true</param-value> <desctiption>”true” or “false” value determining whether a group tree will be generated.</description> </context-param>

To change the value of a context parameter, edit the value between the <param-value> </param-value> tags. To configure web.xml Note: Your Java Web Application Server may provide tools to allow you to edit web.xml directly from an administrative console.Otherwise use the following procedure to configure web.xml.

BusinessObjects Enterprise Administrator’s Guide

89

5

Managing and Configuring Servers Configuring the application tier

1. 2. 3. 4.

Stop your application server. Extract the web.xml file from the webcompadapter.war archive. Edit the file by using a text editor such as Notepad or vi. Reinsert the file into the WEB-INF directory in webcompadapter.war. Tip: To reinsert web.xml into WEB-INF using WinZip, right-click on the WEB-INF directory that contains your edited web.xml file and select “Add to Zip File...”. Adding the file in this way ensures that it is placed in the correct directory inside the archive.

5.

Restart your application server.

When you install more than one WCA, each webcomponentadapter.war file contains its own web.xml file containing configuration parameters for that WCA. However, you can only set the parameters listed in the following table individually for each WCA. The remaining parameters must be the same for all WCA in your system. Context Parameter display-name cspApplication.defaultPage Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the real path to the directory containing the CSP/WAS application(s) that you would like to host. This is a required field. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true. If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB.

cspApplication.dir

connection.cms

connection.listeningPort log.file

log.ext log.isRolling log.size

90

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Context Parameter log.level log.entryPattern

Description The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

Configuring the .NET Web Component Adapter
To configure the .NET WCA you edit the web.config file associated with the the WCA. This file is located in the following directory:
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\application

For example, the context parameter that controls whether a group tree will be generated looks like this: To configure web.config Note: Your .NET Web Application Server may provide tools to allow you to edit web.config directly from an administrative console. 1. 2. 3. Stop your application server. Edit the web.config file by using a text editor such as Notepad. Restart your application server. Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true.

Parameter display-name cspApplication.defaultPage

connection.cms

connection.listeningPort log.file

log.ext log.isRolling

BusinessObjects Enterprise Administrator’s Guide

91

5

Managing and Configuring Servers Configuring the intelligence tier

Parameter log.size

Description If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB. The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

log.level log.entryPattern

Configuring the intelligence tier
This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the intelligence tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements. Configuring the intelligence tier includes the following tasks:

• • • • • • •

“Clustering Central Management Servers” on page 92 “Copying data from one CMS database to another” on page 98 “Deleting and recreating the CMS database” on page 108 “Selecting a new or existing CMS database” on page 109 “Setting root directories and idle times of the File Repository Servers” on page 110 “Modifying Cache Server performance settings” on page 112 “Modifying the polling time of the Event Server” on page 114

Clustering Central Management Servers
If you have a large or mission-critical implementation of BusinessObjects Enterprise, you will probably want to run several CMS machines together in a CMS cluster. A CMS cluster consists of two or more CMS servers working together to maintain the system database. If a machine that is running one CMS fails, a machine with another CMS will continue to service

92

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

BusinessObjects Enterprise requests. This “failover” support helps to ensure that BusinessObjects Enterprise users can still access information when there is equipment failure. This section shows how to add a new CMS cluster member to a production system that is already up and running. When you add a new CMS to an existing cluster, you instruct the new CMS to connect to the existing CMS database and to share the processing workload with any existing CMS machines. For information about your current CMS and CMS cluster, go to the Settings management area of the CMC and click the Cluster tab. Before clustering CMS machines, you must make sure that each CMS is installed on a system that meets the detailed requirements (including version levels and patch levels) for operating system, database server, database access method, database driver, and database client outlined in the platforms.txt file included in your product distribution. In addition, you must meet the following clustering requirements:

For best performance, the database server that you choose to host the system database must be able to process small queries very quickly. The CMS communicates frequently with the system database and sends it many small queries. If the database server is unable to process these requests in a timely manner, BusinessObjects Enterprise performance will be greatly affected. For best performance, run each CMS cluster member on a machine that has the same amount of memory and the same type of CPU. Configure each machine similarly:

• •

• • • • • • •

Install the same operating system, including the same version of operating system service packs and patches. Install the same version of BusinessObjects Enterprise (including patches, if applicable). Ensure that each CMS connects to the CMS database in the same manner: whether you use native or ODBC drivers, ensure that the drivers are the same on each machine, and are a supported version. Ensure that each CMS uses the same database client to connect to its system database, and that it is a supported version. Check that each CMS uses the same database user account and password to connect to the CMS database. This account must have create, delete, and update rights on the system database. Run each CMS service/daemon under the same account. (On Windows, the default is the “LocalSystem” account.) Verify that the current date and time are set correctly on each CMS machine (including settings for daylight savings time).

BusinessObjects Enterprise Administrator’s Guide

93

5

Managing and Configuring Servers Configuring the intelligence tier

• •

Ensure that each and every CMS in a cluster is on the same Local Area Network. If you wish to enable auditing, each CMS must be configured to use the same auditing database and to connect to it in the same manner. The requirements for the auditing database are the same as those for the system database in terms of database servers, clients, access methods, drivers, and user IDs. See also Chapter 10: Managing Auditing.

Tip: By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. To modify the default name, see “Changing the name of a CMS cluster” on page 96. There are two ways to add a new CMS cluster member. Follow the appropriate procedure, depending upon whether or not you have already installed a second CMS:

• •

“Installing a new CMS and adding it to a cluster” on page 94 See this section if you have not already installed the new CMS on its own machine. “Adding an installed CMS to a cluster” on page 95 Follow this procedure if you have already installed a second, independent CMS on its own machine. While testing various server configurations, for instance, you might have set up an independent BusinessObjects Enterprise system with its own CMS. Follow this procedure when you want to incorporate this independent CMS into your production system.

Note: Back up your current CMS database before making any changes. If necessary, contact your database administrator.

Installing a new CMS and adding it to a cluster
When you install a new CMS, you can quickly cluster it with your existing CMS. Run the BusinessObjects Enterprise installation and setup program on the machine where you want to install the new CMS cluster member. The setup program allows you to perform an Expand installation. During the Expand installation, you specify the existing CMS whose system you want to expand, and you select the components that want to install on the local machine. In this case, specify the name of the CMS that is running your existing system, and choose to install a new CMS on the local machine. Then provide the Setup program with the information it needs to connect to your existing CMS database. When the Setup program installs the new CMS on the local machine, it automatically adds the server to your existing CMS cluster.

94

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

For complete requirements for CMS added to a cluster, see “Clustering Central Management Servers” on page 92. For complete information on running the Setup program and performing the Expand installation, see the BusinessObjects Enterprise Installation Guide.

Adding an installed CMS to a cluster
In these steps, the independent CMS refers to the one that you want to add to a cluster. You will add the independent CMS to your production CMS cluster. By adding an independent CMS to a cluster, you disconnect the independent CMS from its own database and instruct it to share the system database that belongs to your production CMS. Before starting this procedure, ensure that you have a database user account with Create, Delete, and Update rights to the database storing the BusinessObjects Enterprise tables. Ensure also that you can connect to the database from the machine that is running the independent CMS (through your database client software or through ODBC, according to your configuration). Also ensure that the CMS you are adding to the cluster meets the requirements outlined in “Clustering Central Management Servers” on page 92. Note: Back up your current CMS database before beginning this procedure. If necessary, contact your database administrator. 1. 2. To add an installed CMS to a cluster on Windows Use the CCM to stop the independent Central Management Server. With the CMS selected, click Specify CMS Data Source on the toolbar. The CMS Database Setup dialog box appears.

3.

Click Select a Data Source; then click OK.

BusinessObjects Enterprise Administrator’s Guide

95

5

Managing and Configuring Servers Configuring the intelligence tier

4.

In the Select Database Driver dialog box, specify whether you want to connect to the production CMS database through ODBC, or through one of the native drivers. Click OK. The remaining steps depend upon the connection type you selected:

5. 6.

If you selected ODBC, the Windows “Select Data Source” dialog box appears. Select the ODBC data source that corresponds to your production CMS database; then click OK. If prompted, provide your database credentials and click OK. The CCM connects to the database server and adds the new CMS to the cluster. If you selected a native driver, you are prompted for your database Server Name, your Login ID, and your Password. Once you provide this information, the CCM connects to the database server and adds the new CMS to the cluster.

The SvcMgr dialog box notifies you when the CMS database setup is complete. 7. 8. Click OK. Start the Central Management Server.

To add an installed CMS to a cluster on UNIX Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 601.

Changing the name of a CMS cluster
By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. This procedure allows you to change the name of a cluster that is already installed and running. To change the cluster name, you need only stop one of the CMS cluster members. The remaining CMS cluster members are dynamically notified of the change. For optimal performance, after changing the name of the CMS cluster reconfigure each Business Objects server so that it registers with the CMS cluster, rather than with an individual CMS. 1. 2. To change the cluster name on Windows Use the CCM to stop any Central Management Server that is a member of the cluster. With the CMS selected, click Properties on the toolbar.

96

BusinessObjects Enterprise Administrator’s Guide

In the CMS Name box. For reference. Select the server from the list.config file found in the root directory of your BusinessObjects Enterprise installation. and then use ccm. To change the cluster name on UNIX Use the cmsdbsetup.sh to stop each server. if the cluster name was changed to ENTERPRISE. BusinessObjects Enterprise Administrator’s Guide 97 . If necessary. type the name of the cluster. Use a text editor such as vi to open the ccm. and then click Properties.sh script. 6. 4. 1. Select the Change Cluster Name to check box. type @ENTERPRISE. and change the name of the CMS to the name of the CMS cluster. The name of the cluster begins with the @ symbol. 1. The CMS cluster name is now changed.sh” on page 601. 4. For example. Go to the Servers management area of the CMC and check that all of your servers remain enabled. Click the Configuration tab. 4. To registers servers with the CMS cluster on UNIX Use ccm.Managing and Configuring Servers Configuring the intelligence tier 5 3. 2. Find the -ns command in the launch string for each server.sh to restart the servers. 5. The name of the cluster begins with the @ symbol. 7. 3. Save the file. Do not include a port number with the cluster name. Repeat for each Business Objects server in your installation. 5. Click the Configuration tab. and then start the server. 2. Type the new name for the cluster. Click OK. if the cluster name was changed to ENTERPRISE. To register servers with the CMS cluster on Windows Use the CCM to stop a Business Objects server. enable any servers that have been disabled by your changes. 3. type @ENTERPRISE in the box. Click OK and then start the Central Management Server. All other CMS cluster members are dynamically notified of the new cluster name (although it may take several minutes for your changes to propagate across cluster members). For example. see “cmsdbsetup.

see “Importing with the Import Wizard” on page 402. Ensure also that you can connect to both databases—through your database client software or through ODBC. you can migrate the data from your current CMS database into a different data source. and back up the root directories used by all Input and Output File Repository Servers. take the source and the destination environments offline by disabling and subsequently stopping all servers. Throughout this section. according to your configuration—from the CMS machine whose database you are replacing.5 Managing and Configuring Servers Configuring the intelligence tier Copying data from one CMS database to another BusinessObjects Enterprise enables you to copy the contents of one CMS database into another database. If necessary. migrating a CMS database will include several of the following tasks: • • • • “Preparing to migrate a CMS database” on page 98 “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 “Completing a CMS database migration” on page 104 Preparing to migrate a CMS database Before migrating a CMS database. The destination database is initialized before the new data is copied in. without deleting the contents of the current CMS database. and reports from one system to another. the source CMS database refers to the database that holds the data you are copying. This procedure is also referred to as migrating a CMS database. Tip: If you want to import users. folders. Depending on the platform of your system and the version of your CMS database. this data is copied into the destination database. groups. Or. 98 BusinessObjects Enterprise Administrator’s Guide . and Update rights to the destination database. Delete. and a database user account that has Create. so any existing contents of the destination database are permanently deleted (all BusinessObjects Enterprise tables are destroyed permanently and then recreated). Once the data has been copied. the destination database is established as the current database for the CMS. Ensure that you have a database user account that has permission to read all data in the source database. and also as the Automated Process Scheduler (APS). contact your database or network administrator. Note: Prior to BusinessObjects Enterprise XI.5 through 10 of Crystal Enterprise and version XI of BusinessObjects Enterprise) into your current CMS database. Back up both CMS databases. You can migrate CMS data from a different CMS database (versions 8. the CMS was known as Crystal Management Server.

After you migrate the database.Managing and Configuring Servers Configuring the intelligence tier 5 Make a note of the license keys you purchased for the current version of BusinessObjects Enterprise. the database and database schema are upgraded to the format required by the current version of BusinessObjects Enterprise.5.0. make note of the current root directories used by the Input and Output File Repository Servers in the source environment. During migration. The database migration does not actually move report files from one directory location to another. Oracle. 8. Log on with an administrative account to the CMS machine whose database you want to replace. License keys from earlier versions of Crystal Enterprise are not copied. In this scenario. Complete the procedure that corresponds to the version of the source environment: • • “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 If you are copying a CMS database from its current location to a different database server. such as Microsoft SQL Server. License keys in the destination database are replaced with license keys from the source database when the source license keys are valid for the current version of BusinessObjects Enterprise. or Sybase. That is. or 10 of Crystal Enterprise or version XI of BusinessObjects Enterprise) into your current CMS database. your current CMS database is the destination database whose tables are deleted before they are replaced with the copied data. Informix. Its contents are copied to the destination database. Complete the following procedure: • • • • “Copying data from a CMS on Windows” on page 100 “Copying data from a CMS installed on UNIX” on page 103 When you migrate a CMS database from an earlier version of Crystal Enterprise. DB2. This is the procedure to follow if you want to move the default CMS database on Windows from the local Microsoft Data Engine (MSDE) to a dedicated database server. thus making the report files available for the new system to process. your current CMS database is the source environment. if your destination database does not contain the four BusinessObjects Note: BusinessObjects Enterprise Administrator’s Guide 99 . 9. you will connect your new Input and Output File Repository Servers to the old root directories. Log on with an administrative account to the machine that is running the CMS whose database you want to move. license keys that are present in the destination database are retained only if the source database contains no license keys that are valid for the current version of BusinessObjects Enterprise. When you copy data from one database to another. the destination database is initialized before the new data is copied in. If you are copying CMS data from a different CMS database (version 8. which is then established as the active database for the current CMS.

Click Copy data from another Data Source. Copying data from a CMS on Windows Use this procedure if your CMS is installed on Windows and you are copying data from versions 8. click Specify CMS Data Source on the toolbar. specify whether you want to connect to the source CMS database through ODBC. 100 BusinessObjects Enterprise Administrator’s Guide . 6.5. Click Specify. the tables will be permanently deleted.5 Managing and Configuring Servers Configuring the intelligence tier Enterprise XI system tables. 1. With the CMS selected. Informix. You must now specify the source CMS database whose contents you want to copy. 4. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. including previous versions of Crystal Enterprise system tables. 2. To copy data from a CMS on Windows Use the CCM to stop the Central Management Server. and data from the source database will be copied into the new tables. Click OK. 5. In the “Source contains data from version” list. or through one of the native drivers. these tables are created. click Autodetect (or explicitly select the version of the source CMS database). If the destination database does contain BusinessObjects Enterprise XI system tables. If you are copying data from version 8 of Crystal Enterprise. In the Select Database Driver dialog box. The Specify Data Source dialog box appears. are unaffected. 9. please see “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101. 3. then click OK. The next steps depend upon the connection type you selected: 7. 8. new system tables will be created. Other tables in the database.

11. The SvcMgr dialog box notifies you when the CMS database setup is complete. 13. If you selected a native driver. Click OK and. click Yes. or through one of the native drivers. Select the data source that corresponds to the source CMS database. Click OK. Click Browse. the Windows “Select Data Source” dialog box appears. 12. Copying data from a Crystal Enterprise 8 APS on Windows Note: Prior to BusinessObjects Enterprise XI. You must now specify the destination CMS database whose contents you want to replace with the copied data. Click OK. and your Password. If prompted. 15. 9. then click OK. the Windows “Select Data Source” dialog box appears. proceed to step 13. In the Select Database Driver dialog box. your Login ID. when prompted to confirm. Tip: If the correct destination database already appears in the “Copy to the following data source” field. provide your database credentials and click OK. If you selected a native driver. 10. The next steps depend upon the connection type you selected: • If you selected ODBC. and you are copying data from a Crystal Enterprise 8 APS system database. You are now ready to copy the CMS data. If prompted. BusinessObjects Enterprise Administrator’s Guide 101 . your Login ID.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected ODBC or Informix. • You are returned to the Specify Data Source dialog box. Proceed to “Completing a CMS database migration” on page 104. then click OK. then click OK. and your Password. provide your database Server Name. 14. • You are returned to the Specify Data Source dialog box. specify whether you want to connect to the destination CMS database through ODBC. then click OK. Use this procedure if your CMS is installed on Windows. and also as the Automated Process Scheduler (APS). provide your database Server Name. provide your database credentials and click OK. the CMS was known as Crystal Management Server. Select the ODBC data source that corresponds to the destination CMS database.

then click OK. proceed to step 11. In the Select Database Driver dialog box. Use the Windows “Select Data Source” dialog box to select (or create) an ODBC data source that provides the local machine with access to the Crystal Enterprise 8 CMS database. 102 BusinessObjects Enterprise Administrator’s Guide . 7. 6. You must now specify the source CMS database whose contents you want to copy. • CMS ODBC data source Click this option if you do not have administrative rights to the Crystal Enterprise 8 CMS machine. You are returned to the Specify Data Source dialog box. Click Specify. With the CMS selected. the Windows “Select Data Source” dialog box appears. To copy data from a Crystal Enterprise 8 APS on Windows Use the CCM to stop the Central Management Server. 9. 10. 8. The next steps depend upon the connection type you selected: • If you selected ODBC. Click OK and use the Browse for Computer dialog box to specify the CMS machine. Click Browse. provide your database credentials and click OK. You must now specify the destination CMS database whose contents you want to replace with the copied data. 3. or through one of the native drivers. 5. specify whether you want to connect to the destination CMS database through ODBC. Click Copy data from another Data Source. provide your database credentials and click OK. Tip: If the correct destination database already appears in the “Copy to the following data source” field. Your administrative rights allow the CCM to read the data source information from the Windows Registry on the CMS machine. 4.0. click Specify CMS Data Source on the toolbar. Select the ODBC data source that corresponds to the destination CMS database. click one of the following: • CMS machine name Click this option if you have administrative rights to the Crystal Enterprise 8 CMS machine. If prompted.5 Managing and Configuring Servers Configuring the intelligence tier 1. In the “Browse data” dialog box. click Crystal Enterprise 8. then click OK. 2. The Specify Data Source dialog box appears. If prompted. Click OK. In the “Source contains data from version” list.

Click OK.sh to stop the Central Management Server. and your Password. then click OK. see “ccm. enter the name of your CMS or press enter to select the default name. Run cmsdbsetup. and then press enter to proceed. Then proceed to “Completing a CMS database migration” on page 104.) If your CMS is installed on UNIX. If your source CMS database uses ODBC. provide your database Server Name. Use this procedure if your CMS is installed on UNIX and you are copying data from versions 8.sh” on page 598. 13. 2. The script prompts you to confirm that all data in the destination database will deleted. 4. Tip: For information on finding the name of your CMS. Click OK and. and also as the Automated Process Scheduler (APS). click Yes. (See “Copying data from a CMS on Windows” on page 100. when prompted to confirm. 9. 3. Copying data from a CMS installed on UNIX Note: Prior to BusinessObjects Enterprise XI. Type copy to begin the database migration. • 1. Note: • On UNIX you can not migrate directly from a source environment that uses an ODBC connection to the CMS database. your Login ID. you cannot migrate directly from a Crystal Enterprise version 8 APS. Proceed to “Completing a CMS database migration” on page 104. BusinessObjects Enterprise Administrator’s Guide 103 . you must first migrate that system to a supported native driver.sh.5. To copy data from a CMS installed on UNIX Use ccm. 11. The SvcMgr dialog box notifies you when the CMS database setup is complete. When prompted. 12. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. the CMS was known as Crystal Management Server. Type yes.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected a native driver.sh” on page 598. You are returned to the Specify Data Source dialog box. You are now ready to copy the CMS data. Note: Migration of a large source database could take several hours. See “ccm.

the script will begin the migration process. You may add the new servers to the imported groups as appropriate.5 Managing and Configuring Servers Configuring the intelligence tier 5. You can also select autodetect to have the version of the source detected automatically. 1. If you type yes. Now the script asks you if you want to use the current CMS database as your destination. If you type no. complete these steps before allowing users to access the system. you are prompted for information about the source CMS database. To complete a CMS database migration on Windows If errors occurred during migration. Proceed to “Completing a CMS database migration” on page 104. The default logging directory is: 104 BusinessObjects Enterprise Administrator’s Guide . Press Enter. Completing a CMS database migration When you finish copying data from the source database to the destination database. servers that existed in the source installation do not appear in the migrated install. a db_migration log file was created in the logging directory on the machine where you ran the CCM to carry out the migration. Reports that depend on a particular server group for scheduled processing will not execute until a job server is added to that group. After entering the source information. and are then prompted for information on the source database. Server groups from the old installation appear in the new system. 7. The CCM will notify you if you need to check the log file. 8. Reports that depend on a particular server group for processing are not available until servers are added to that group. 6. Next the script asks you for the version of your source Crystal Enterprise installation. 9. This occurs because there cannot be a mix of old and new servers in a BusinessObjects Enterprise installation. Note: Migration of a large source database could take several hours. the script gives you the location of a log file explaining the migration results. If errors occurred during the migration. The script notifies you when migration is complete. New servers are automatically detected and added to the servers list (outside of any group) in a disabled state. You must enable these servers before they can be used. When migrating from an older version of Crystal Enterprise. but they will be empty. you are first asked for information about the new destination database.

• • For more information.Managing and Configuring Servers Configuring the intelligence tier 5 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging\ 2. BusinessObjects Enterprise Administrator’s Guide 105 . start and enable the Input File Repository Server and the Output File Repository Server. Use the Central Configuration Manager (CCM) to start the CMS on the local machine. 8. keep in mind that you now need to provide the Administrator password that was valid in the older system. modify the -ns option in both servers’ command lines to have them register with your new CMS. 10. If you migrated CMS data from a different CMS database into your current CMS database. you can run the BusinessObjects Enterprise setup program to upgrade the servers directly. Log on to the Central Management Console with the default Administrator account. If the old Input and Output File Repository Servers are running on a dedicated machine. check that the Root Directory points to the correct location. See Appendix E: Server Command Lines for more information. Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. 7. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are both started and enabled. Then you need not move the input and output directories. Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. Return to the Central Configuration Manager. Click the link to each File Repository Server and. Instead. 9. 6. In the CCM. on the Properties tab. Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly. you need to make your old input and output directories available to the new Input and Output File Repository Servers. see “Setting root directories and idle times of the File Repository Servers” on page 110. using Enterprise authentication. Tip: If you just replaced your CMS database with data from an older system. 3. 5. 4. Make sure your web application server is running. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use.

a db_migration log file was created in the logging directory on the machine where you ran cmsdbsetup. Verify that BusinessObjects Enterprise requests are handled correctly. Because your Central Management Server was stopped when the migration occurred. you need to update the objects now. you need to make your old input and output directories available to the new Input and Output File Repository Servers. The script will notify you if you need to check the log file. 2. If you migrated CMS data from a different CMS database into your current CMS database. If objects in your source database require updating. 12. otherwise click Cancel. 14. Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. The Update Objects dialog box tells you how many objects require updating. If there are objects that require updating. 1. Start and enable the remaining BusinessObjects Enterprise servers. Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. 13. log on to your CMS with credentials that provide you with administrative privileges to BusinessObjects Enterprise. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use. or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. click Update. • 106 BusinessObjects Enterprise Administrator’s Guide . and check that you can view and schedule reports successfully.5 Managing and Configuring Servers Configuring the intelligence tier 11. Click Update Objects. the Update Objects button on the toolbar contains a flashing red exclamation mark. To complete a CMS database migration on UNIX If errors occurred during migration. When prompted. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise. The default logging directory is: BusinessObjects_root/logging where BusinessObjects_root is the absolute path to the root Business Objects directory of your BusinessObjects Enterprise installation.sh to carry out the migration. 15.

4. you can run the BusinessObjects Enterprise setup program to upgrade the servers directly. Run the ccm. Instead. Use the ccm. 10. 3.sh. check that the Root Directory points to the correct location.sh script to start the CMS on the local machine.sh to start and enable the remaining BusinessObjects Enterprise servers. Then you need not move the input and output directories. For more information. enter the following command: . If you migrated a source database from an earlier version of BusinessObjects Enterprise. Tip: If you just replaced your CMS database with data from an older system. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise.sh” on page 598 for more information. 11. see “Setting root directories and idle times of the File Repository Servers” on page 110. BusinessObjects Enterprise Administrator’s Guide 107 . See “ccm.sh script to start and enable the Input File Repository Server and the Output File Repository Server.sh script again. or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. 6. Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly. 7.Managing and Configuring Servers Configuring the intelligence tier 5 • If the old Input and Output File Repository Servers are running on a dedicated machine. 5. 9. Click the link to each File Repository Server and. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are started and enabled. on the Properties tab. Log on to the Central Management Console with the default Administrator account. 8. See Appendix E: Server Command Lines for more information.sh -updateobjects authentication info See Appendix F: UNIX Tools for information on the authentication information required by ccm./ccm. Use ccm. Use the ccm. keep in mind that you now need to provide the Administrator password that was valid in the older system. using Enterprise authentication. modify the -ns option in both servers’ command lines to have them register with your new CMS. Ensure that the Java web application server that hosts your Web Component Adapter is running.

6. You can re-initialize the CMS database in your development environment every time you need to clear the system of absolutely all its data. Deleting and recreating the CMS database This procedure shows how to recreate (re-initialize) the current CMS database. The SvcMgr dialog box notifies you when the CMS database setup is complete. To recreate the CMS database on Windows Use the CCM to stop the Central Management Server. To recreate the CMS database on UNIX Use the cmsdbsetup. the CMS writes required system data to the newly emptied data source. This procedure is useful. Start the Central Management Server. if you have installed BusinessObjects Enterprise in a development environment for designing and testing your own. and check that you can view and schedule reports successfully. Click OK. 4. Note: Remember that all data in your current CMS database will be destroyed if you follow this procedure. While it is starting. for instance. Click OK and. when prompted to confirm. see “cmsdbsetup. log on to the CMC with the default Administrator account (which will have been reset to have no password). you destroy all data that is already present in the database. 2. click Recreate the current Data Source. 1. Verify that BusinessObjects Enterprise requests are handled correctly. your existing license keys should be retained in the database.5 Managing and Configuring Servers Configuring the intelligence tier 12. However. contact your database administrator. For reference. In the CMS Database Setup dialog box. 5. custom web applications. Consider backing up your current CMS database before beginning. if you need to enter license keys again. click Yes. You are returned to the CCM. You may need to click the Refresh button in the CCM to see that the CMS has successfully started.sh script. Go to the Authorization management area and enter your information on the License Keys tab. 3.sh” on page 601. 108 BusinessObjects Enterprise Administrator’s Guide . click Specify CMS Data Source on the toolbar. With the CMS selected. If necessary. By performing this task. When you recreate the CMS database with the CCM.

Click OK. the Windows “Select Data Source” dialog box appears. BusinessObjects Enterprise Administrator’s Guide 109 . Click Select a Data Source. these steps allow you to select that new data source.Managing and Configuring Servers Configuring the intelligence tier 5 Selecting a new or existing CMS database Follow this procedure if you want to disconnect a CMS from its current database and connect it to an alternate database. 5. Select the ODBC data source that you want to use as the CMS database.) Note: These steps are essentially the same as adding a CMS to an existing cluster. then click OK. the current database. The CMS Database Setup dialog box appears. 2. for instance. then click OK. If you want to select and initialize an empty database for BusinessObjects Enterprise. To select a new or existing database for a CMS on Windows Use the CCM to stop the Central Management Server. the CMS uses that data when it starts. When you complete these steps. click Specify CMS Data Source on the toolbar. The remaining steps depend upon the connection type you selected: • If you selected ODBC.) When prompted. 1. For complete details about CMS clusters. however. If the alternate database already contains BusinessObjects Enterprise system data. With the CMS selected. and then reconnect to. (Click New to configure a new DSN. (This might occur. If the alternate database is empty. If you have restored a CMS database from backup (using your standard database administration tools and procedures) in a way that renders the original database connection invalid. see “Clustering Central Management Servers” on page 92. there are only a few times when you need to complete these steps: • • • If you have changed the password for the current CMS database. 6. 4. if you restored the original CMS database to a newly installed database server. these steps allow you to disconnect from. provide your database credentials and click OK. specify whether you want to connect to the new database through ODBC. you can provide the CMS with the new password. When prompted. you will need to reconnect the CMS to the restored database. in this case. there are no other CMS machines already maintaining the database. In the Select Database Driver dialog box. or through one of the native drivers. none of the data in the current database is copied into the alternate database. the CCM initializes it by writing system data that is required by BusinessObjects Enterprise. Generally. 3.

These root directories contain all of the report objects and instances on the system. You may change these settings if you want to use different directories after installing BusinessObjects Enterprise. To select a new or existing database for a CMS on UNIX Use the cmsdbsetup. For reference. and your Password. Click OK. 110 BusinessObjects Enterprise Administrator’s Guide .5 Managing and Configuring Servers Configuring the intelligence tier • If you selected a native driver. 8.sh script. In other words. 7. Start the Central Management Server. if the Input and Output File Repository Servers share the same root directory. then one server might damage files belonging to the other. you are prompted for your database Server Name. Provide this information and then click OK. because modifications to the files and subdirectories belonging to one server could have adverse effects on the other server.sh” on page 601 Setting root directories and idle times of the File Repository Servers The Properties tabs of the Input and Output File Repository Servers enable you to change the locations of the default root directories. or if you upgrade to a different drive (thus rendering the old directory paths invalid). The SvcMgr dialog box notifies you when the CMS database setup is complete. your Login ID. Note: • The Input and Output File Repository Servers must not share the same root directory. see “cmsdbsetup.

and all Output File Repository Servers must share the same root directory (otherwise there is a risk of having inconsistent instances). By default. Click the link to the File Repository Server you want to change. the File Repository Servers are named Input and Output.” as appropriate. You must restart the server for the changes to take effect. This setting limits the length of time that the server waits before it closes inactive connections. respectively. BusinessObjects Enterprise Administrator’s Guide 111 . If you run multiple instances of each server. 4. Click Update to save the changes.” and “Output. it is important to understand that setting a value too low can cause a user's request to be closed prematurely. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. 1. all Input File Repository Servers must share the same root directory. the Input File Repository Server is set to use D:\InputFRS\ as its root directory. The server will remain idle for a maximum of 15 minutes. Setting a value that is too high can result the uneasier consumption of system resources such as processing time and disk space. 3. To modify settings for a File Repository Server Go to the Servers management area of the CMC.Managing and Configuring Servers Configuring the intelligence tier 5 • If you run multiple File Repository Servers. their names should be prefixed with “Input. • • You can also set the maximum idle time of each File Repository Server. In this example. Make your changes on the Properties tab. The root directory should be on a drive that is local to the server. It is recommended that you replicate the root directories using a RAID array or an alternative hardware solution. Before you change this setting. 2.

but the “Maximum Simultaneous Processing Threads” is increased to 50. the Cache Server retains most of the default settings. In this example. the maximum number of simultaneous processing threads. the number of minutes before an idle job is closed. 2. 3. 112 BusinessObjects Enterprise Administrator’s Guide . and the number of minutes between refreshes from the database.5 Managing and Configuring Servers Configuring the intelligence tier Modifying Cache Server performance settings The Properties tab of the Cache Server allows you to set the location of the cache files. Click the link to the Cache Server whose settings you want to change. the maximum cache size. To modify Cache Server performance settings Go to the Servers management area of the CMC. Make your changes on the Properties tab. 1.

Before you change this setting. which is large enough to optimize performance for most installations. The default value is set to “Automatic”. Click Update to save the changes.Managing and Configuring Servers Configuring the intelligence tier 5 4. However. reporting scenarios. You must restart the server for the changes to take effect. With this setting. a larger cache size is needed. if not all. particularly in the kernel). you may wish to decrease the number of threads to improve performance. Thus. and resource utilization on the machine is high (that is. the Cache Server sets the maximum number of threads using the number of processors in your system as a guide.epf files) are stored. Maximum Simultaneous Processing Threads The “Maximum Simultaneous Processing Threads” setting limits the number of concurrent reporting requests that the Cache Server processes. Note: The cache directory must be on a drive that is local to the server. or reports that are especially complex. it is important to understand that setting a BusinessObjects Enterprise Administrator’s Guide 113 . either memory usage is high or CPU utilization is high. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. and your reporting requirements. your database software. Location of the Cache Files The “Location of the Cache Files” setting specifies the absolute path to the directory on the Cache Server machine where the cached report pages (. and is acceptable for most. When the Cache Server has to handle large numbers of reports. If the Cache Server is slow under high load but CPU utilization is low. The default value is 5000 Kbytes. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Cache Server waits for further requests from an idle connection. it is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. the ideal setting for your reporting environment is highly dependent upon your hardware configuration. Maximum Cache Size Allowed The “Maximum Cache Size Allowed” setting limits the amount of hard disk space (in KBytes) that is used to cache reports. If your Cache Server responds slowly under high load. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. increasing the number of threads may improve performance.

Then click the Configuration tab. The value that you type must be 1 or greater. Click the link to the Event Server whose settings you want to change. Return to the Servers management area of the CMC. To modify the polling time Go to the Servers management area of the CMC. Tip: On Windows. 3. the lower the value. you can also change this setting in the CCM. and for report objects that do not have on-demand subreports or parameters and that do not prompt for database logon information. the “Viewer Refresh Always Yields Current Data” setting ensures that. 4. and setting a value that is too high can cause requests to be queued while the server waits for idle jobs to be closed. and new data is retrieved directly from the database. Oldest On-Demand Data Given To a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes)” setting determines how long cached report pages are used before new data is requested from the database. 2. 1. This setting is respected for report instances with saved data. Stop the Event Server and view its Properties. 5. Modifying the polling time of the Event Server The Properties tab of the Event Server allows you to change the frequency with which the Event Server checks for file events. the optimal value is largely dependent upon your reporting requirements. the more resources the server requires. this setting prevents users from retrieving new data more frequently than is permitted by the time specified in the “Minutes Between Refreshes from Database” setting. when users explicitly refresh a report.5 Managing and Configuring Servers Configuring the intelligence tier value too low can cause a user’s request to be closed prematurely. 114 BusinessObjects Enterprise Administrator’s Guide . This “File Polling Interval in Seconds” setting determines the number of seconds that the server waits between polls. When disabled. Viewer Refresh Always Yields Current Data When enabled. all cached pages are ignored. Make your changes on the Properties tab. the default value of 15 minutes is acceptable: as with other performance settings. The minimum value is 1 (one). Click Update. It is important to note that. Generally.

the minutes before a processing job is closed. Page Servers. Consequently. the minutes before an idle connection is closed. the settings that you choose will depend largely upon your own requirements. and Web Intelligence Job Servers and Web Intelligence Report Servers. and network configurations. and when to disconnect from the report job database. the number of database records to read when previewing or refreshing a report. the maximum number of simultaneous report jobs. the oldest processed data to give a client. The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware. software. Configuring the processing tier includes: • • • • • • • • “Modifying Page Server performance settings” on page 115 “Modifying database settings for the RAS” on page 118 “Modifying performance settings for the RAS” on page 120 “Modifying performance settings for job servers” on page 121 “Configuring the Web Intelligence Report Server” on page 122 “Configuring the destinations for job servers” on page 125 “Configuring Windows processing servers for your data source” on page 132 “Configuring UNIX processing servers for your data source” on page 133 Modifying Page Server performance settings The Properties tab of the Page Server in the Central Management Console lets you set the location of temporary files. Report Application Servers.Managing and Configuring Servers Configuring the processing tier 5 Configuring the processing tier This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the processing tier. The processing tier includes different job servers. BusinessObjects Enterprise Administrator’s Guide 115 .

This directory must have plenty of free hard disk space. The default value of 75 is acceptable for most. If not enough disk space is available. Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that any single Page Server processes. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. Make your changes on the Properties tab. and your 116 BusinessObjects Enterprise Administrator’s Guide . however. 4. if not all. Location of Temp Files The “Location of Temp Files” setting specifies the absolute path to a directory on the Page Server machine. is highly dependent upon your hardware configuration. Click Update to save the changes. 3. You must restart the server for the changes to take effect. Click the link to the Page Server whose settings you want to change. reporting scenarios. The ideal setting for your reporting environment. your database software. job processing may be slower than usual.5 Managing and Configuring Servers Configuring the processing tier 1. To modify Page Server performance settings Go to the Servers management area of the CMC. or job processing may fail. 2.

and the time elapsed since that data was generated is less than the value set here.Managing and Configuring Servers Configuring the processing tier 5 reporting requirements. Before you change this setting. it is difficult to discuss the recommended or optimum settings in a general way. This setting is useful when you want to prevent users from running on-demand reports containing queries that return excessively large record sets. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Page Server waits for further requests from an idle connection. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely.) Database Records to Read When Previewing Or Refreshing a Report The “Database Records to Read When Previewing Or Refreshing a Report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. When setting the value of the “oldest processed data given to a client” consider how important it is that your users receive up-to-date data. Reusing data in this way significantly improves system performance when multiple users need the same information. BusinessObjects Enterprise Administrator’s Guide 117 . then the Page Server will reuse this data to meet the subsequent request. Oldest On-Demand Data Given to a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes):” setting controls how long the Page Server uses previously processed data to meet requests. (Note that this setting works in conjunction with the “Report Job Database Connection” setting. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. If the Page Server receives a request that can be met using data that was generated to meet a previous request. Thus. Before you change this setting. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Setting a value that is too high can cause system resources to be consumed for longer than necessary. both to make the reports available more quickly to users and to reduce the load on your database from these large queries. If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. You may prefer to schedule such reports. Minutes before an Idle Report Job is Closed The “Minutes before an Idle Report Job is Closed” setting alters the length of time that the Page Server keeps a report job active. Setting a value that is too high can cause system resources to be consumed for longer than necessary.

Make your changes on the Database tab.5 Managing and Configuring Servers Configuring the processing tier Viewer Refresh Always Yields Current Data When enabled. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. When disabled. and therefore limits the number of database licenses consumed by the Page Server. 3. 4. the “Viewer Refresh Always Yields Current Data” setting ensures that. (The latter option ensures that Page Server stays connected to the database server until the report job is closed. Note that you can set the “Minutes before a Report Job is Closed” above. Selecting this option limits the amount of time that Page Server stays connected to your database server. 2. However. the Page Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. 118 BusinessObjects Enterprise Administrator’s Guide . the setting ensures that the Page Server will treat requests generated by a viewer refresh in exactly the same way as it treats as new requests. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. if the Page Server needs to reconnect to the database to generate an on-demand sub-report or to process a group-by-on-server command for that report. Click the link to the RAS whose settings you want to change.) Modifying database settings for the RAS The Database tab of the Report Application Server (RAS) in the Central Management Console lets you modify the way the server runs reports against your databases. all previously processed data is ignored. and new data is retrieved directly from the database. You must restart the server for the changes to take effect. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. To modify database interaction settings for the RAS Go to the Servers management area of the CMC. If you select “Disconnect when all records have been retrieved or the job is closed”. Click Update to save the changes. when users explicitly refresh a report. 1.

The “Number of records per batch” setting allows you to determine the number of records that are contained in each batch. Oldest on-demand data given to a client (in minutes) The “Oldest on-demand data given to a client (in minutes)” setting controls how long the RAS uses previously processed data to meet requests. If the RAS receives a request that can be met using data that was generated to meet a previous request. Click the Parameters tab. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. and you want to prevent them from running queries that return excessively large record sets. If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. This setting is particularly useful if you provide users with ad hoc query and reporting tools. then the RAS will reuse this data to meet the subsequent request. When the RAS retrieves records from the database. you can also change these settings in the CCM. select Database.Managing and Configuring Servers Configuring the processing tier 5 Tip: On Windows. From the Option Type list. and the time elapsed since that data was generated is less than the value set here. it is retrieved from the database. Number of database records to read when previewing or refreshing a report The “Number of database records to read when previewing or refreshing a report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. BusinessObjects Enterprise Administrator’s Guide 119 . This is the default on the RAS. When setting the value of the “oldest on-demand data given to a client” consider how important it is that your users receive up-to-date data. The batch size cannot be equal to or less than zero. Reusing data in this way significantly improves system performance when multiple users need the same information. The data will be retrieved first from the client’s cache—if it is available—and then from the server’s cache. to support the data needs of users performing ad hoc reporting. If the data is not in either cache. Stop the RAS and view its Properties. Number of records to browse The “Number of records to browse” setting allows you to specify the number of distinct records that will be returned from the database when browsing through a particular field’s values. the query results are returned in batches.

Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the RAS waits for further requests from an idle connection. 3. You must restart the server for the changes to take effect.5 Managing and Configuring Servers Configuring the processing tier If you select “Disconnect when all records have been retrieved or the job is closed”. However. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. From the Option Type list. 4. Stop the RAS and view its Properties. select Server. the Report Application Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. Make your changes on the Server tab. see “Processing tier” on page 64. and the maximum number of simultaneous processing threads. To modify performance settings for the RAS Go to the Servers management area of the CMC.) Modifying performance settings for the RAS The Server tab of the Report Application Server (RAS) in the Central Management Console allows you to modify the number of minutes before an idle connection is closed. and setting a value 120 BusinessObjects Enterprise Administrator’s Guide . Click the Parameters tab. Selecting this option limits the amount of time that RAS stays connected to your database server. 2. if the RAS needs to reconnect to the database to generate an ondemand sub-report or to process a group-by-on-server command for that report. and therefore limits the number of database licenses consumed by the RAS. 1. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. (The latter option ensures that RAS stays connected to the database server until the report job is closed. you can also change these settings in the CCM. Before you change this setting. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. Click the link to the RAS whose settings you want to change. Note: The RAS server must have been installed and configured in order to use the List of Values Job Server. For more information. Tip: On Windows. Click Update to save the changes.

The ideal setting for your reporting environment. reporting scenarios.Managing and Configuring Servers Configuring the processing tier 5 that is too high can affect the server’s scalability (for instance. Click Update. List of Values Job Server. however. the job servers run jobs as independent processes rather than as threads. This method allows for more efficient processing of large. if the ReportClientDocument object is not closed explicitly. Destination Job Server. Return to the Servers management area of the CMC. 1. if not all. your database software. BusinessObjects Enterprise Administrator’s Guide 121 . Program Job Server. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. and the Web Intelligence Job Server. 5. The default value is acceptable for most. that is the Report Job Server. 4. complex reports. Thus. is highly dependent upon your hardware configuration. Maximum Jobs Allowed The “Maximum Jobs Allowed” setting limits the number of concurrent independent processes (child processes) that the server allows—that is. Use the following procedure to modify the performance settings for any of the job servers. 3. Make your changes on the Properties tab. and your reporting requirements. it limits the number of scheduled objects that the server will process at any one time. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Click the link to the job server whose settings you want to change. To modify performance settings for job servers Go to the Servers management area of the CMC. You can tailor the maximum number of jobs to suit your reporting environment. 2. the server will be waiting unnecessarily for an idle job to close). Modifying performance settings for job servers By default. it is difficult to discuss the recommended or optimum settings in a general way. Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that a RAS processes.

Thus. 1. To modify performance settings for the Web Intelligence report server Go to the Servers management area of the CMC. The ideal setting for your reporting environment. Make your changes on the Properties tab. Configuring the Web Intelligence Report Server Use the following procedure to configure the performance settings for the Web Intelligence Report Server. 122 BusinessObjects Enterprise Administrator’s Guide . 4. 2. your database software. it is difficult to discuss the recommended or optimum settings in a general way. is highly dependent upon your hardware configuration. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. and your reporting requirements. if not all. Return to the Servers management area of the CMC and restart the Job Server. however.5 Managing and Configuring Servers Configuring the processing tier The default “Maximum Jobs Allowed” setting is acceptable for most. 3. You must restart the server for the changes to take effect. Click the link to the Web Intelligence Report Server whose settings you want to change. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Click Apply to submit changes and restart the server so that the changes take effect immediately. Click Update to save the changes. Click either Apply or Update: • • 5. Temp Directory You can also change the default directory where the server stores its temporary files. reporting scenarios.

List of Values Batch Size The maximum number of values that can be returned per list of values batch.Managing and Configuring Servers Configuring the processing tier 5 Maximum Simultaneous Connections The maximum number of simultaneous connections that the server allows at one time. then the list of values will be returned to the user in several batches of this size or less. The default is for the feature to be on. Universe Cache Size The number of universes to be cached on the Web Intelligence Report Server. unless another server is available to handle the request. Although there is no limit on the maximum value. The minimum value that you can enter is 10. from sources such the Web Intelligence SDK or the Web Intelligence Job Server. List of Values Caching Enables or disables caching per user session of list of values in Web Intelligence Report Server. For example. Connection Time Out The number of minutes before an idle connection to the Web Intelligence Report Server will be closed. if the number of values in a list of values exceeds this size. Business Objects recommends that you limit it to 30000. the user will receive an error message. If this limit is reached. BusinessObjects Enterprise Administrator’s Guide 123 .

When this parameter is off both real-time caching of Web Intelligence documents and viewing of cached Web Intelligence documents is impossible. Document Cache Duration The amount of time (in minutes) that content is stored in cache. but enter a value for Maximum Number Of Downloaded Documents To Cache when this option deselected.” Then if the cache size is still exceeds the maximum storage size. set the Maximum Number Of Downloaded Documents To Cache to zero when this option is selected. the Web Intelligence Report Server will clean up the cache until the amount of cache percentage is reached. Document Cache Size The size (in kilobytes) of the document cache. Enable Real Time Caching When this parameter is on. real-time caching is possible for Web Intelligence documents when they are viewed. When the parameter is off. 124 BusinessObjects Enterprise Administrator’s Guide . the Web Intelligence Report Server does not cache the Web Intelligence documents when the documents are viewed. Maximum Number of Downloaded Documents To Cache The number of Web Intelligence documents that can be stored in cache.5 Managing and Configuring Servers Configuring the processing tier Enable Viewing Caching When this parameter is on. Note: To improve system performance. the system will delete documents with the oldest “last accessed time. This parameter is taken into account only when the Enable Viewing Caching is set to on. The server also caches the documents when they are run as a scheduled job. Nor does it cache the documents when they are run as a scheduled job. Amount of Cache To Keep When Document Cache is Full If the storage size is bigger than the allocated storage size. Real-time caching is done only if both this parameter and the Enable Real Time Caching parameters are on. Document Cache Scan Interval The number of minutes that the system waits before checking the document cache for cleanup. the Web Intelligence Report Server caches Web Intelligence documents when the documents are viewed. or when they are generated as a result of having been run as a scheduled job. provided the pre-cache was enabled in the document.

to be able to schedule a report object for output to an unmanaged disk. you can enable and configure additional destinations on the Destination Job Server. the system will store one output instance on the Output FRS. If you want. the destination must have been enabled and configured on the respective job server. For a job server to store output instances in a destination other than the default. the Inbox destination is enabled by default. Configuring the destinations for job servers By default. set this value to zero when Enable Real Time Caching is selected. See also “Configuring the destination properties for job servers” on page 126. You also specify a destination when you use the Send to feature. In order for the system to work with destinations other than the default. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. List of Values Job Server. and one at the specified destination. you have to enable and configure the other destinations on the job servers. Configuring destinations for job servers includes: • • • • “Enabling or disabling destinations for job servers” on page 125 “Configuring the destination properties for job servers” on page 126 “Selecting a destination” on page 481 “Sending an object or instance” on page 420 For information about selecting destinations for objects see: Enabling or disabling destinations for job servers This procedure applies to the Job Server. but enter a value when Enable Real Time Caching is deselected. you have to enable and configure the Unmanaged Disk destination on the Job Server. For example. Note: On the Destination Job Server. which sends an existing object to a specified destination. BusinessObjects Enterprise Administrator’s Guide 125 . Destination Job Server. when the system runs a scheduled report or a program object. To send a report instance by email.Managing and Configuring Servers Configuring the processing tier 5 Note: To improve system performance. If you do. However. Program Job Server. it stores the output instance it creates on the Output File Repository Server (FRS). and Web Intelligence Job Server. you have to configure the Email (SMTP) destination on the Destination Job Server. you can specify a different destination.

Select the check box for each destination you want to support. Click the link for the job server whose setting you want to change. you must also configure the destination. For information about the properties for each destination. To set the destination properties for a job server Go to the Servers management area of the CMC. 5. See “Enabling or disabling destinations for job servers” on page 125. 5. Click the link for the job server for which you want to enable or disable a destination. 3. Set the properties for the destination. See also “Enabling or disabling destinations for job servers” on page 125. see: • • • • 6. “Inbox destination properties” on page 127 “Unmanaged Disk destination properties” on page 131 “FTP destination properties” on page 130 “Email (SMTP) destination properties” on page 128 Click Update. Make sure the destination has been enabled. When a destination is disabled a red circle is shown beside the name.5 Managing and Configuring Servers Configuring the processing tier 1. 4. and Web Intelligence Job Server. Configuring the destination properties for job servers This procedure applies to the Job Server. For a job server to store output instances in a destination other than the default. To disable destinations. 4. you have to enable and configure the other destinations on the job servers. FTP. Program Job Server. 126 BusinessObjects Enterprise Administrator’s Guide . Click the link for the destination whose setting you want to set. Destination Job Server. If you enabled the destination. To enable or disable destinations for a job server Go to the Servers management area of the CMC. 3. click Disable. 1. 2. 7. See “Configuring the destination properties for job servers” on page 126. List of Values Job Server. Click the Destinations tab. Click Enable. 2. for example.

A user inbox is automatically created when you add a user. see “Configuring the destination properties for job servers” on page 126 and “Controlling access to user inboxes” on page 352.rpt file. for example.Managing and Configuring Servers Configuring the processing tier 5 Inbox destination properties The Inbox destination stores an object or instance in the user inboxes on the BusinessObjects Enterprise system. the Inbox destination is enabled by default. Note: On the Destination Job Server. Send List Specify which users or user groups you want to receive instances that have been generated or processed by the job server. For more information. BusinessObjects Enterprise Administrator’s Guide 127 . the . to the destination. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. If you want. Send document as Select the option you want: • • Shortcut—The systems sends a shortcut to the specified destination. Copy—The system sends a copy of the instance. you can enable and configure additional destinations on the Destination Job Server.

SMTP User Name Provide the Job Server with a user name that has permission to send email and attachments through the SMTP server.) Authentication Select Plain or Login if the job server must be authenticated using one of these methods in order to send email. (This standard SMTP port is 25. the SMTP server resides in the businessobjects. Server Name Enter the name of the SMTP server.5 Managing and Configuring Servers Configuring the processing tier Email (SMTP) destination properties In this example. Port Enter the port that the SMTP server is listening on. Plain text authentication is being used. See also “Configuring the destination properties for job servers” on page 126. Domain Name Enter the fully qualified domain of the SMTP server. and an account called BusinessObjectsJobAccount has been created on the SMTP server for use by the Job Server. 128 BusinessObjects Enterprise Administrator’s Guide .com domain. SMTP Password Provide the Job Server with the password for the SMTP server. Its name is EMAIL_SERV and it is listening on the standard SMTP port.

Specified File Name Select this option if you want to enter a file name.) Users can override this default when they schedule an object. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC. Add file extension Adds the . Subject.Managing and Configuring Servers Configuring the processing tier 5 From Provide the return email address. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. By adding an extension to the file name. Users can override this default when they schedule an object. and Message Set the default values for users who schedule reports to this SMTP destination. the email recipient must log on to BusinessObjects Enterprise to see the report. Users can override these defaults when they schedule an object. choose a placeholder for a variable property from the list and click Add.%EXT% extension to the specified filename. To add a variable. Users can override these defaults when they schedule an object. You can also add a variable to the file name. To. If you send a hyperlink. BusinessObjects Enterprise Administrator’s Guide 129 . Attach report instance to email message Clear this check box if you do not want to attach a copy of the report or program instance attached to the email. Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the report. This is similar to selecting File Extension from the list and clicking Add. Cc. Windows will know which program to use to open the file when users want to view the file.

Host Enter your FTP host information.5 Managing and Configuring Servers Configuring the processing tier FTP destination properties In this example. See also “Configuring the destination properties for job servers” on page 126. but it is rarely implemented. Account Enter the FTP account information.com site. if required. reports scheduled to this destination are randomly named and uploaded to the ftp. FTP Password Enter the user’s password.businessobjects. 130 BusinessObjects Enterprise Administrator’s Guide . FTP User Name Specify a user who has the necessary rights to upload a report to the FTP server. Account is part of the standard FTP protocol. Port Enter the FTP port number (the standard FTP port is 21). Provide the appropriate account only if your FTP server requires it.

See also “Configuring the destination properties for job servers” on page 126.Managing and Configuring Servers Configuring the processing tier 5 Destination Directory Enter the FTP directory that you want the object to be saved to. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. The directory can be on a local drive of the Job Server machine. A relative path is interpreted relative to the root directory on the FTP server. BusinessObjects Enterprise Administrator’s Guide 131 . To add a variable. or on any other machine that you can specify with a UNC path. choose a placeholder for a variable property from the list and click Add. Destination Directory Type the absolute path to the directory. Unmanaged Disk destination properties An unmanaged disk is disk on a system outside the BusinessObjects Enterprise system. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name.

For example. However. To add a variable. this account is irrelevant in relation to the server’s task of processing reports against your data source. Each file name will be randomly generated. or because the database client software is configured for a particular Windows user account. In the majority of cases. when you add the variable “Owner. 132 BusinessObjects Enterprise Administrator’s Guide . (The database logon credentials are stored with the report object. refer to the platform. Password Type the password for the user.txt file included with your installation. Configuring Windows processing servers for your data source When started on Windows. For a complete list of supported databases and drivers. because users cannot impersonate services. For details on changing the user accounts. see “Changing the server user account” on page 146.) Thus. the variable is replaced with the appropriate information. User Name Specify a user who has permission to write files to the destination directory. These cases arise either because the server needs additional network permissions to access the database. you can usually leave each server’s default logon account unchanged or. Tip: Running a service under an Administrator account does not inadvertently grant administrative privileges to another user. When each instance runs. the destination directory is on a network drive that is accessible to the Job Server machine through a UNC path. there are certain cases when you must change the logon account used by the processing servers. This account determines the permissions that each service is granted on the local machine.5 Managing and Configuring Servers Configuring the processing tier Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. the report processing servers by default log on to the local system as services with the Windows “LocalSystem” account. In this example. you can change it to a Windows user account with the appropriate permissions. choose a placeholder for a variable property from the list and click Add.” the file name of each object includes the object owner’s name. This account does not grant the service any network permissions. if you prefer. and a user name and password have been specified to grant the Job Server permission to write files to the remote directory. This table lists the various database/ driver combinations and shows when you must complete additional configuration.

Managing and Configuring Servers Configuring the processing tier 5 Configuring UNIX processing servers for your data source The Job Servers and Page Server support native and ODBC connections to a number of reporting databases. The server loads the client software at runtime in order to access the database that is specified in the report. and so on). Whether your reports use native or ODBC drivers.txt file included with your product distribution for a complete list of tested database software and version requirements. These include: • • Oracle The ORACLE_HOME environment variable must define the top-level directory of the Oracle client installation. software. Click the appropriate link to jump to that section: • • Native drivers “Native drivers” on page 133 “ODBC drivers” on page 134 If you design reports using native drivers. LIBPATH on IBM AIX. This section discusses the environment variables. The server locates the client software by searching the library path environment variable that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. Sybase The SYBASE environment variable must define the top-level directory of the Sybase client installation. Use the DB2 instance initialization script to ensure that the DB2 environment is correct. ensure that the reporting environment configured on the server accurately reflects the reporting environment configured on the Windows machine that you use when designing reports with Crystal Reports. Depending on your database. • DB2 The DB2INSTANCE environment variable must define the DB2 instance that is used for database access. See the Platforms. additional environment variables may be required for the Job Server and Page Server to use the client software. The SYBPLATFORM environment variable must define the platform architecture. you must install the appropriate database client software on each Job Server and/or Page Server machine that will process the reports. BusinessObjects Enterprise Administrator’s Guide 133 . and configuration files that must be available to the servers in order for them to process reports successfully. so this variable must be defined for the login environment of each Job Server and Page Server.

You installed BusinessObjects Enterprise under the crystal user account (as recommended in the BusinessObjects Enterprise Installation Guide). you must ensure that each server is set up properly for ODBC. If you report off DB2 using ODBC. suppose that you are running reports against both Sybase and Oracle. and sets up the required ODBC environment variables. In addition.bnd. you must set up the corresponding data sources on the Job Server and Page Server machines.7.1.1. along with the information that you need to edit. This is installed below the crystal/enterprise/platform/odbc directory. The bind packages are installed below the crystal/enterprise/platform/odbc/lib directory. If the crystal user’s default shell is a C shell. their filenames are iscsso. see the documentation included with your database client software.1.1. This section discusses the installed environment. As an example. • 134 BusinessObjects Enterprise Administrator’s Guide .export SYBASE SYBPLATFORM=sun_svr4.export SYBPLATFORM ODBC drivers If you design reports off ODBC data sources (on Windows). modify the syntax accordingly: LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8. and the Oracle client is installed in /opt/oracle/app/oracle/product/8.pdf).7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH. it is also located in the doc directory of your product distribution.1. your database administrator must first bind the UNIX version of the driver to every database that you report against (and not just each database server). creates configuration files and templates related to ODBC reporting. During the installation.7. Note: • Detailed documentation covering the various ODBC drivers is included in the Merant Connect ODBC Reference (odbcref. BusinessObjects Enterprise installs ODBC drivers for UNIX. add these commands to the crystal user’s login script: setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8.5 Managing and Configuring Servers Configuring the processing tier Note: For complete details regarding these and other required environment variables.bnd. The Sybase database client is installed in /opt/sybase.export ORACLE_HOME SYBASE=/opt/sybase. iscswhso.export LD_LIBRARY_PATH ORACLE_HOME=/opt/oracle/app/oracle/product/8.7 setenv SYBASE /opt/sybase setenv SYBPLATFORM sun_svr4 If the crystal user’s default shell is a Bourne shell.7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.

bobje/defaultodbc. The ODBCINI environment variable is defined as the path to the . LIBPATH on IBM AIX.csh script only if you have customized your configuration of ODBC. BusinessObjects Enterprise does not include the Informix client-dependent ODBC driver (CRinf16) that is installed on Windows. and ODBCINI.ini Tip: A template of the system information file is installed to INSTALL_ROOT/ BusinessObjects Enterprise Administrator’s Guide 135 . The ODBC_HOME environment variable is set to the INSTALL_ROOT/ bobje/enterprise11/platform/odbc directory of your installation. ensure also that the Windows version of the driver has been bound to each database. isrrwhso. • On UNIX. the environment for the Job Server and Page Server is set up automatically: • • • The INSTALL_ROOT/bobje/enterprise11/platform/odbc/lib directory of your installation is added to the library path environment variable. however.odbc.Managing and Configuring Servers Configuring the processing tier 5 isrrso. ODBC environment variables The environment variables related to ODBC reporting are: the library path that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. Because Crystal Reports runs on Windows. Thus. In this file. The UNIX version does. The BusinessObjects Enterprise installation completes most of the required information—such as the location of the ODBC directory and the name and location of each installed ODBC driver—and shows where you need to provide additional information.bnd. The main ODBC configuration file that you need to modify is the system information file. Working with the ODBC system information file The system information file (.bnd. The BusinessObjects Enterprise installation includes a file called env. you define each of the ODBC data sources (DSNs) that the Job Server and Page Server need in order to process your reports. Modify the environment variables in the env.bnd.odbc.ini file that was created by the BusinessObjects Enterprise installation. ODBC_HOME. isurso.ini) is created in the HOME directory of the user account under which you installed BusinessObjects Enterprise (typically the crystal user account). and isurwhso. include the clientless ODBC driver for Informix connectivity.csh that is sourced automatically every time you start the BusinessObjects Enterprise servers with the CCM. and so on).bnd.

and on UNIX you may need to specify this value with the LogonID option.pdf).out TraceDll=/opt/bobje/enterprise11/platform/odbc/lib/ odbctrac. the options for a particular ODBC driver on UNIX may not correspond by name to the options available for a Windows version of the same driver. These pairs essentially correspond to the Name=Data pairs that Windows stores for each System DSN in the registry: \\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc. For example. it is also located in the doc directory of your product distribution.so Description=MERANT 3. denoted by [ODBC Data Sources]. lists all the DSNs that are defined later in the file.so InstallDir=/opt/bobje/enterprise11/platform/odbc As shown in the example above.ini\dsn However. This DSN allows the Job Server and Page Server to process reports based on a System DSN (on Windows) called CRDB2: [ODBC Data Sources] CRDB2=MERANT 3. The PDF is installed below the crystal/enterprise/platform/odbc directory. • 136 BusinessObjects Enterprise Administrator’s Guide . The beginning of each definition is denoted by [dsn]. and there must be one entry for every DSN that is defined in the file. [CRDB2] marks the beginning of the single DSN that is defined in the file. In the example above. see the Merant Connect ODBC Reference (odbcref. The value of dsn must correspond exactly to the name of the System DSN (on Windows) that the report was based off. Each entry in this section is provided as dsn=driver. The second section sequentially defines each DSN that is listed in the first section. Each DSN is defined through a number of option=value pairs.5 Managing and Configuring Servers Configuring the processing tier The following example shows the contents of a system information file that defines a single ODBC DSN for servers running on UNIX.70 DB2 ODBC Driver [CRDB2] Driver=/opt/bobje/enterprise11/platform/odbc/lib/crdb216. The options that you must define depend upon the ODBC driver that you are using. the system information file is structured in three major sections: • The first section.70 DB2 ODBC Driver Database=myDB2server LogonID=username [ODBC] Trace=0 TraceFile=odbctrace. some Windows drivers store a UID value in the registry. Note: For detailed documentation on each ODBC driver.

70 Informix Dynamic Server ODBC Driver CROR8=MERANT 3.70 DB2 ODBC Driver CRINF_CL=MERANT 3.70 Informix Dynamic Server ODBC Driver ServerName= HostName= PortNumber= Database= LogonID= [CROR8] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816.so Description=MERANT 3. The standard options that are commonly required for each driver are included in the file (Database=.Managing and Configuring Servers Configuring the processing tier 5 • The final section of the file. LogonID=. [ODBC Data Sources] CRDB2=MERANT 3. includes ODBC tracing information. denoted by [ODBC]. Edit the file and provide the corresponding values that are specific to your reporting environment.so Description=MERANT 3.70 Oracle8 ODBC Driver CRSS=MERANT 3.so Description=MERANT 3.70 Sybase ASE ODBC Driver CRTXT=MERANT 3.70 SQL Server ODBC Driver Address= Database= QuotedId=Yes LogonID= BusinessObjects Enterprise Administrator’s Guide 137 . This example shows the entire contents of a system information file created when BusinessObjects Enterprise was installed to the /usr/local directory.70 SQL Server ODBC Driver CRSYB=MERANT 3.70 DB2 ODBC Driver Database= LogonID= [CRINF_CL] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crifcl16.70 Text ODBC Driver [CRDB2] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crdb216.70 Oracle8 ODBC Driver ServerName= ProcedureRetResults=1 LogonID= [CRSS] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crmsss16. You need not modify this section. and so on). it completes some fields and sets up a number of default DSNs—one for each of the installed ODBC drivers. When the installation creates the system information file.so Description=MERANT 3.

138 BusinessObjects Enterprise Administrator’s Guide . first append this line to the [ODBC Data Sources] section of the system information file: SalesDB=MERANT 3.odbc.70 Oracle8 ODBC Driver Then define the new DSN by adding the following lines just before the system information file’s [ODBC] section: [SalesDB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816. The report is based off a System DSN (on Windows) called SalesDB.ini) file.5 Managing and Configuring Servers Configuring the processing tier [CRSYB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crase16. suppose that you have a Crystal report that uses ODBC drivers to report off your Oracle8 database. For example. so they can process reports that are based off the SalesDB System DSN (on Windows).so Description=MERANT 3.out TraceDll=/usr/local/bobje/enterprise11/platform/odbc/lib/ odbctrac.so Description=MERANT 3. the new DSN is available to the Job Server and Page Server.70 Sybase ASE ODBC Driver NetworkAddress= Database= LogonID= [CRTXT] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crtxt16. first add the new DSN to the bottom of the [ODBC Data Sources] list.70 Oracle8 ODBC Driver ServerName=MyServer ProcedureRetResults=1 LogonID=MyUserName Once you have added this information. To create the corresponding DSN.so InstallDir=/usr/local/bobje/enterprise11/platform/odbc Adding a DSN to the default ODBC system information file When you need to add a new DSN to the installed system information file (.so Description=MERANT 3.70 Text ODBC Driver Database= [ODBC] Trace=0 TraceFile=odbctrace. Then add the corresponding [dsn] definition just before the [ODBC] section.

This example shows two messages logged to the syslog daemon on UNIX: • Each server also logs assert messages to the logging directory of your product installation. The location of these log files depends upon your operating system: • • On Windows. The programmatic information logged to these files is typically useful only to Business Objects support staff for advanced debugging purposes. • In addition. Each server prepends its name and PID to any messages that it logs. each of the BusinessObjects Enterprise servers is designed to log messages to your operating system’s standard system log.On Windows NT/2000. so there will never be more than approximately 1 MB of logged data per server. see “Configuring the Web Component Adapter” on page 89. the default logging directory INSTALL_ROOT/bobje/logging directory of your installation. The important point to note is that these log files are cleaned up automatically. BusinessObjects Enterprise logs to the Event Log service.Managing and Configuring Servers Logging server activity 5 Logging server activity BusinessObjects Enterprise allows you to log specific information about BusinessObjects Enterprise web activity. You can view the results with the Event Viewer (in the Application Log). BusinessObjects Enterprise logs to the syslog daemon as a User application. On UNIX. the default logging directory is C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging On UNIX. BusinessObjects Enterprise Administrator’s Guide 139 . For details on locating and customizing the web activity logs.

On Windows. On UNIX. which is installed in the crystal directory.5 Managing and Configuring Servers Advanced server configuration options Advanced server configuration options This section includes additional configuration tasks that you may want to perform.) The Web Component Adapter is not a server. If necessary. you can change the default CMS port. you view and modify server command lines with the CCM.xml. BusinessObjects Enterprise communication on these ports should not conflict with third-party applications that you have in place. If so. you can instruct each server component to listen on a specific port (rather than dynamically selecting any available port).config file. the CMS is set up to use default port numbers. 140 BusinessObjects Enterprise Administrator’s Guide . The Command field appears on each server’s Properties tab. registers with this port on the CMS. and then listens for BusinessObjects Enterprise requests. This ports fall within the range of ports reserved by Business Objects (6400 to 6410). It includes: • • • • • • “Changing the default server port numbers” on page 140 “Configuring a multihomed machine” on page 143 “Adding and removing Windows server dependencies” on page 144 “Changing the server startup type” on page 145 “Changing the server user account” on page 146 “Configuring servers for SSL” on page 146 Changing the default server port numbers During installation. (Although unlikely. See “Configuring the Web Component Adapter” on page 89. When started and enabled. you can configure its listening port by changing the connection. Thus. The default CMS port number is 6400.listeningPort context parameter in web. However. you view and modify server command lines (also referred to as launch strings) in the ccm. depending upon your reporting environment. it is possible that your custom applications use these ports. each of the other BusinessObjects Enterprise servers dynamically binds to an available port (higher than 1024).

Option -port CMS Specifies the primary BusinessObjects Enterprise port on which the CMS listens for requests from all other servers.cms context parameter in web. you must change the -ns option in every other server’s command line. see Appendix E: Server Command Lines. See “Configuring the Web Component Adapter” on page 89. -requestPort Specifies the secondary port Specifies the port on which that the CMS uses for identifying other servers and for registering with itself and/ or a cluster. The server registers this port with the CMS. In both cases. This displayed port corresponds to the -port option. the CCM displays default port numbers on each server’s Configuration tab. Selected dynamically if unspecified.” The CMS functions as the nameserver in BusinessObjects Enterprise. For details. to ensure that each server connects to the appropriate port of the CMS. Selected dynamically if unspecified. n/a -ns Before modifying any port numbers.) You must also set the name and port number of the CMS with the connection. • • BusinessObjects Enterprise Administrator’s Guide 141 . enabled. (The -ns option stands for “nameserver. (-port number has no meaning for these servers). consider the following: • CMS port number. because it maintains a list that includes the host name and port number of each server that is started. you may wish to specify -port interface:number for the CMS and -port interface for the other servers. and thus available to accept BusinessObjects Enterprise requests. the server listens for BusinessObjects Enterprise requests. see “Configuring a multihomed machine” on page 143 or “Configuring for Network Address Translation” on page 190.Managing and Configuring Servers Advanced server configuration options 5 This table summarizes the command-line options as they relate to port usage for specific server types. Specifies the CMS that the server will register with. this default port is not actually in use (each server registers its -requestPort number with the CMS instead). On Windows. The default is 6400. For servers other than the CMS. Other Servers Used only in multihomed environments or for certain NAT firewall environments.xml. specify -port interface only. For more information. If you are working with multihomed machines or in certain NAT firewall configurations.

By default. 142 BusinessObjects Enterprise Administrator’s Guide .xml. To change the port a server registers with the CMS Use the CCM (on Windows) or ccm. Set the name and port number of the CMS with the connection. Add (or modify) the following option in the command line of all of the remaining non-CMS BusinessObjects Enterprise servers: -ns hostname:number Replace hostname with the host name of the machine that is running the CMS. Having the servers register by name can be useful if a NAT firewall resides between the server and the CMS. For more information. The host name must resolve to a valid IP address within your network. rather than by name.cms context parameter in web. Start and enable all the BusinessObjects Enterprise servers. 3. The server binds to the new port specified by number. Replace number with the port that you want the server to listen on. To change the default CMS port for BusinessObjects Enterprise servers Use the CCM (on Windows) or ccm. (The default port is 6400. see “Configuring for Network Address Translation” on page 190. Add (or modify) the following option in the CMS command line: -port number Replace number with the port that you want the CMS to listen on. This typically provides the most reliable behavior.sh (on UNIX) to stop all the BusinessObjects Enterprise servers. It then registers with the CMS and begins listening for BusinessObjects Enterprise requests on the new port. 5. 4. If you need each server to register with the CMS by fully qualified domain name instead. See “Configuring the Web Component Adapter” on page 89.5 Managing and Configuring Servers Advanced server configuration options 1. and the non-CMS servers broadcast to that port when attempting to register with the CMS. 2. The CMS begins listening on the port specified by number. 2.sh (on UNIX) to stop the server. use the -requestPort option in conjunction with -port interface (where interface is the server’s fully qualified domain name). Add (or modify) the following option in the server’s command line: -requestPort number 1. Replace number with the port that the CMS is listening on. Start and enable the server. each server registers itself with the CMS by IP address.) 3.

If your interface card has multiple IP addresses. For details. or with a single network interface that has been assigned multiple IP addresses. Configuring the CMS to bind to a network address When you use the -port command-line option to configure the CMS to bind to a specific IP address. In this example. Add the following option to both of their command lines: -port interface:port If the machine has multiple network interfaces. For instance.Managing and Configuring Servers Advanced server configuration options 5 You may also need to specify -port interface when BusinessObjects Enterprise is running on a multihomed machine. you will need to make additional configuration changes.listeningPort context parameter in web. use interface:port when setting the connection. change the binding order so that the card at the top of the binding order is the one you want the BusinessObjects Enterprise servers to bind to.) • BusinessObjects Enterprise Administrator’s Guide 143 . each with one or more IP addresses. Configuring a multihomed machine A multihomed machine is one that has multiple network addresses. you might want to bind the File Repository Servers to a private address that is not routable from users’ machines. each with a single IP address. Note: • To retain the default port numbers. interface can be the fully qualified domain name or the IP address of the interface that you want the server to bind to.xml. Advanced configurations such as this require your DNS configuration to route communications effectively between all the BusinessObjects Enterprise server components. you must also include the port number these servers use (even if the server is using the default port). the DNS must route communications from the other BusinessObjects Enterprise servers to the private address of the File Repository Servers. replace port with 6400 for the CMS. see “Changing the default server port numbers” on page 140. Tip: This section shows how to restrict all servers to the same network address. To configure the WCA. (See “Configuring the Web Component Adapter” on page 89. but it is possible to bind individual servers to different addresses. interface must be the IP address that you want the server to bind to. If you change the default port numbers. If you have multiple interface cards. You may accomplish this with multiple network interfaces. use the -port command-line option to specify a IP address for the BusinessObjects Enterprise server. If the machine has a single network interface.

Adding and removing Windows server dependencies When installed on Windows. 1. NT LM Security Support Provider. so you need only add the following option to their command lines: -port interface Replace interface with the same value that you specified for the CMS. Ensure that each server’s -ns parameter points to the CMS. at least three services should be listed: Event Log. and that the DNS resolves the value to the appropriate network address. Click the Dependency tab. 4. If you are having problems with a server. 2. As shown here. click Properties on the toolbar. click Add. With the server selected. 144 BusinessObjects Enterprise Administrator’s Guide . To add and remove server dependencies Use the CCM to stop the server whose dependencies you want to modify. To add a dependency to the list.5 Managing and Configuring Servers Advanced server configuration options Configuring the remaining servers to bind to a network address The remaining BusinessObjects Enterprise servers select their ports dynamically by default. check to ensure that all three services appear on the server’s Dependency tab. and Remote Procedure Call (RPC). each server in BusinessObjects Enterprise is dependent on at least three services: the Event Log. NT LM Security Support Provider. and Remote Procedure Call (RPC) services. 3.

7. Click OK. and then click Add.Managing and Configuring Servers Advanced server configuration options 5 The Add Dependency dialog box provides you with a list of all available dependencies. Select the dependency or dependencies. Manual requires you to start the server before it will run. Changing the server startup type When installed on Windows. each server is configured to start automatically. there are three startup types: • • • Automatic starts the server each time the machine is started. as required. To remove a dependency from the list. select it and click Remove. BusinessObjects Enterprise Administrator’s Guide 145 . 5. Disabled requires you to change the startup type to automatic or manual before it can run. 6. As with other Windows services. Restart the server.

Tip: The Program Job Server must be configured to use the Local System account. In addition. Enter the Windows user name and password information. Start the server. Configuring servers for SSL You can use the Secure Sockets Layer (SSL) protocol for all network communication between clients and servers in your BusinessObjects Enterprise deployment. To change the server startup type on UNIX On UNIX. 6. To set up SSL for all server communication you need to perform the following steps: 146 BusinessObjects Enterprise Administrator’s Guide . Click Apply. or a user account that has the right “Act as part of the operating system”. 6. Disabled. 3. 1. 4. To change the server startup type on Windows Start the CCM. 5. 4. and then click OK. 5. click Properties on the toolbar. the server process will log on to the local machine with this user account. change it in the Central Configuration Manager (CCM). Click OK. Clear the System Account check box. With the server selected. or Manual. When started. 3. Stop the server whose startup type you want to modify. See “setupinit. all reports processed by this server will be formatted using the printer settings associated with the user account that you enter.5 Managing and Configuring Servers Advanced server configuration options 1. 2. To change a server’s user account Use the CCM to stop the server. Click Properties.sh” on page 607. Click the Startup Type list and select Automatic. Changing the server user account If the incorrect user account is running on a server on Windows. 2. this requires root privileges. Restart the server.

• Place the cakey.cnf file. Choose the number of days that suits your security needs.pem private_key = $dir/private/cakey. Creating key and certificate files To set up SSL protocol for your se. Configure the location of these files in the Central Configuration Manager (CCM) and your web application server.pem -req -signkey cakey. use the SSLC command line tool to create a key file and a certificate file for each machine in your deployment. Perform the following steps based on settings in the sslc. To create key and certificate files for a machine Run the SSLC. a Certificate Authority (CA) certificate request (cacert.pem files in the directories specified by sslc.cnf file's certificate and private_key options.cnf file are: certificate = $dir/cacert. 4.cnf file. The SSLC tool is installed with your BusinessObjects Enterprise software.Managing and Configuring Servers Advanced server configuration options 5 • • • Deploy BusinessObjects Enterprise with SSL enabled.pem BusinessObjects Enterprise Administrator’s Guide 147 . By default.pem -out cakey. cakey. 1.req This command creates two files. consult the SSLC documentation. 5. cacert.) 2. type the following command: sslc rsa -in privkey. (On Windows. 3.exe command line tool.req) and a private key (privkey. stored in the same folder as the SSLC command line tool. for example. To sign the CA certificate. type the following command: sslc x509 -in cacert.pem.req -out cacert.pem and cacert.rver communication. To decrypt the private key. it is installed by default in C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86. Open the sslc. Create key and certificate files for each machine in your deployment.pem This command creates the decrypted key. Type the following command: sslc req -config sslc. Note: For more information about using the SSLC command line tool.pem -days 365 This command creates a self-signed certificate. the settings in the sslc.cnf -new -out cacert.pem. that expires after 365 days.pem).

9. Note: To ensure that you can create and sign more certificates.cnf file's database setting. which contains the signed certificate.pem file. type the following command: sslc ca -config sslc. Create a text file for storing the plain text passphrase used for decrypting the generated private key. Note: By default.pem in servercert. Store the following key and certificate files in a secure location (under the same directory) that can be accessed by the machines in your BusinessObjects Enterprise deployment: • • • • the trusted certificate file (cacert.cnf file's new_certs_dir setting. The file can be empty. choose a large number.cnf -days 365 -out servercert.der -outform DER 10. Create the directory specified by the sslc. Make a copy of the private key copy privkey.) • 6.key To sign the certificate with the CA certificate. 8.cnf -new -out servercert.pem -out servercert.pem server.cnf file's serial setting.der -outform DER sslc x509 -in servercert. Use the following commands to convert the certificates to DER encoded certificates: sslc x509 -in cacert. such as 11111111111111111111111111111111. To create a certificate request and a private key. type the following command: sslc req -config sslc.key) the passphrase file 148 BusinessObjects Enterprise Administrator’s Guide . Create a file with the name specified by the sslc.5 Managing and Configuring Servers Advanced server configuration options • • Create a file with the name specified by the sslc. 11.der) the server key file (server.txt.req 7.req This command creates the servercert. this file is $dir/index.pem -out cacert.der) the generated server certificate file (servercert. Ensure that this file provides an octet-string serial number (in hexadecimal format).

Managing and Configuring Servers Advanced server configuration options 5 This location will be used to configure SSL for the CCM and your web application server. run the Java SDK with the following system properties set: -Dbusinessobjects. 1. 2. If you have an IIS web application server. 1. Note: Make sure you provide the directory for the machine that the server is running on. To configure the SSL protocol for the web application server If you have a J2EE web application server. BusinessObjects Enterprise Administrator’s Guide 149 .oci. and store them in a secure location.der -DsslKey=client. In the Properties dialog box.key -Dpassphrase=passphrase.protocol=ssl -DcertDir=d:\ssl -DtrustedCert=cacert. To configure the SSL protocol in the CCM In the CCM. 4. run the sslconfig tool from the command line and follow the configuration steps.txt 2. Repeat steps 1 to 3 for all servers. right-click a server and choose Properties.der -DsslCert=clientcert. 3. you need to provide the Central Configuration Manager (CCM) and your web application server with the secure location.orb. Provide the file path for the directory where you stored the key and certificate files. Configuring the SSL protocol After you create keys and certificates for each machine in your deployment. click the Protocol tab.

5 Managing and Configuring Servers Advanced server configuration options 150 BusinessObjects Enterprise Administrator’s Guide .

Managing Server Groups chapter .

You can change the status. 152 BusinessObjects Enterprise Administrator’s Guide . you might want to create a group of Page Servers that process reports only against the DB2 database server. That is. After creating server groups. For details. when you manage a group of servers. you can easily set up default processing settings. More importantly. you can configure objects to be processed by servers that have been optimized for those objects. obtain metrics. you need only view a subset of all the servers on your system. processing servers need to communicate frequently with the database containing data for published reports. if you had a number of reports that ran against a DB2 database. you need to specify the name and description of the group. and configure your servers in the organize Server Groups area—just as you would in the organize Servers area. If you group your servers by region. For example. Therefore. server groups prove especially useful when maintaining systems that span multiple locations and multiple time zones. If you group your servers by type. configure objects to use specific server groups for scheduling. and schedule destinations that are appropriate to users who work in a particular regional office. And you can associate scheduled objects with a particular server group to ensure that scheduled objects are sent to the correct printers. Creating a server group To create a server group. file servers. or for objects of different types. recurrent schedules. or for viewing and modifying reports. server groups are a powerful way of customizing BusinessObjects Enterprise to optimize your system for users in different locations. Thus. see “Specifying servers for scheduling” on page 430 or “Specifying servers for viewing and modification” on page 432. If you then configured the appropriate reports to always use this Page Server group for viewing.6 Managing Server Groups Server group overview Server group overview Server groups provide a way of organizing your BusinessObjects Enterprise servers to make them easier to manage. The only difference is that you see only the servers that you added to the server group. Placing processing servers close to the database server that they need to access improves system performance and minimizes network traffic. and so on. and then add servers to the group. so the object is always processed by the same servers. you would optimize system performance for viewing these reports. You can associate an object with a single server group.

2.Managing Server Groups Creating a server group 6 1. Click New Server Group. To create a server group Go to the Server Groups management area of the CMC. type a name for the new group of servers. 7. 4. 8. On the Servers tab. 5. Use the Description field to include additional information about the group. Select the servers that you want to add to this group. In the Server Group Name field. click Add/Remove Servers. Click OK. Tip: Use CTRL+click to select multiple servers. then click the > arrow. 3. The New Server Group Properties tab appears. 6. BusinessObjects Enterprise Administrator’s Guide 153 . Click OK.

3. and add each regional group to the corresponding country group.6 Managing Server Groups Working with server subgroups This example adds the servers to a server group called Northern Office Servers. which now lists all the servers that you added to the group. which now lists all the server groups that you added to the parent group. 154 BusinessObjects Enterprise Administrator’s Guide . Click the group that you want to add to another group. then each regional group becomes a subgroup of a country group. Working with server subgroups Subgroups of servers provide you with a way of further organizing your servers. Click OK. Then. first create a group for each region. In the Available server groups list. click the Member of button. 2. There are two ways to set up subgroups: you can modify the subgroups of a server group. create a group for each country. You are returned to the Servers tab. 2. The results are the same. select the server groups that you want to add as subgroups. 3. To organize servers in this way. To add subgroups to a server group Go to the Server Groups management area of the CMC. You are returned to the Subgroups tab. then click the > arrow. and change the properties of the servers in the group. This group is the parent group. 1. A subgroup is just a server group that is a member of another server group. 4. 1. For more information. For example. view server metrics. 5. On the Member of tab. To make one server group a member of another Go to the Server Groups management area of the CMC. You can now change the status. click Add/Remove Groups. see “Server management overview” on page 78. so use whichever method proves most convenient. or you can make one server group a member of another. 4. and add the appropriate servers to each regional group. if you group servers by region and by country. then click the > arrow. On the Subgroups tab. Click the group that you want to add subgroups to. select the server groups that should include your group as a member. In the Available server groups list.

4. 5. 6. In the Server Group column. Click the Member of button. Instead of having to add the CMS individually to each regional server group. You are returned to the “Member of” tab. click the server’s Member of link. To modify a server’s group membership Go to the Servers management area of the CMC. Modifying the group membership of a server You can modify a server’s group membership to quickly add the server to (or remove it from) any group or subgroup that you have already created on the system. You might want to use a single Central Management Server (CMS) for multiple regions. you can click the server’s “Member of” link to add it to all three regions at once. 5. 3. The “Member of” page lists any server groups that the server currently belongs to.Managing Server Groups Modifying the group membership of a server 6 This example makes the Job Servers group a member subgroup of the Northern Office Servers group. 2. which now lists all the server groups that the initial group is now a member of. The “Modify Member Of” page appears. BusinessObjects Enterprise Administrator’s Guide 155 . For example. Locate the server whose membership information you want to change. suppose that you created server groups for a number of regions. 1. Click OK. Click OK. Move server groups from one list to another to specify which groups the server is a member of.

6 Managing Server Groups Modifying the group membership of a server 156 BusinessObjects Enterprise Administrator’s Guide .

Scaling Your System chapter .

During the Expand installation.7 Scaling Your System Scalability overview Scalability overview The BusinessObjects Enterprise architecture is scalable in that it allows for a multitude of server configurations. your database software. and are recommended for the majority of deployments. The setup program allows you to perform an Expand installation. you specify the existing CMS whose system you want to expand. single-machine environments. your deployment may not be officially supported. that the optimal configuration for your deployment will vary depending upon your hardware configuration. This chapter details common scalability scenarios for administrators who want to expand beyond a stand-alone installation of BusinessObjects Enterprise. run the BusinessObjects Enterprise installation and setup program. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. however. Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on additional machines. It must be emphasized. Note: If you customize or expand your system beyond these common configurations without first contacting Business Objects Services. and you select the components that want to install on the local machine. This chapter also provides the related procedures for adding and deleting servers from your BusinessObjects Enterprise installation. and your reporting requirements. 158 BusinessObjects Enterprise Administrator’s Guide . Follow these steps when you need to add server components to a machine that is already running BusinessObjects Enterprise. see the BusinessObjects Enterprise Installation Guide. The flexibility offered by the product’s architecture allows you to set up a system that suits your current reporting requirements. For details. see “Common configurations” on page 159. A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. For details. ranging from stand-alone. These three scenarios have received the most testing. to large-scale deployments supporting global organizations. without limiting the possibilities for future growth and expansion.

see “Adding a server” on page 169.Scaling Your System Common configurations 7 Common configurations This section details the common ways in which you should begin to scale.txt file included with your product distribution for a list of supported database servers. however. your BusinessObjects Enterprise system. This section describes the following common configurations: • • • “One-machine setup” on page 159 “Three-machine setup” on page 160 “Six-machine setup” on page 160 One-machine setup This basic configuration separates the BusinessObjects Enterprise servers from the rest of your reporting environment and from your web server. this section does assume familiarity with the BusinessObjects Enterprise architecture. BusinessObjects Enterprise Administrator’s Guide 159 . you may also want to run one or more BusinessObjects Enterprise servers in multiple instances on that machine. The scenarios described are those that have been most thoroughly tested by Business Objects. install your BusinessObjects Enterprise servers on the same machine as your Java web application server and the Web Component Adapter. If you are still using the MSDE CMS database on Windows. This grants the BusinessObjects Enterprise servers their own set of processing resources. For details. Tip: If you are deploying multi-processor machines. see the BusinessObjects Enterprise Installation Guide. and installs all BusinessObjects Enterprise servers on a single machine. For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). installation. and server configuration. Run the CMS database on your database server. which they do not have to share with database and web server processes. this section assumes that you have not yet distributed the BusinessObjects Enterprise servers across multiple machines. As a baseline. dedicated machine. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install all of the BusinessObjects Enterprise servers on a single. migrate the CMS database to a supported database server. See the Platforms. For preliminary installation information. or expand.

• • Install the application server. which they do not have to share with database and web server processes. In this way. List of Values Job Server. You maintain the logical breakdown of processing based on the types of work performed by each server. the Web Component Adapter and the Cache Server on the second machine. Install the Page Server. based on the types of work performed by each server. Tip: Here.7 Scaling Your System Common configurations Three-machine setup This second configuration divides the BusinessObjects Enterprise processing load in a logical manner. you prevent the server components from having to compete with each other for the same hardware and processing resources. For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). Web Intelligence Job Server. Destination Job Server. the Event Server is installed on the same machine as the CMS. install the Java web application server and the Web Component Adapter on the same machine as your Cache Server. however. this scenario prepares your system for further expansion to provide redundancy. the Report Application Server (RAS). In general. you need not interrupt BusinessObjects Enterprise requests in order to service the system. or if you need to take one or two machines offline completely. Note: It is recommended that you use three multi-processor machines (dualCPU or better). These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • Install the CMS and the Event Server on one machine. with at least 2 GB RAM installed on each machine. the Event Server should be installed on the machine where your monitored. For instance. the Report Job Server. 160 BusinessObjects Enterprise Administrator’s Guide . In addition. Program Job Server. but you increase the number of available machines and servers for redundancy and fault-tolerance. This grants the BusinessObjects Enterprise servers their own set of processing resources. install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers. and the Input and Output File Repository Servers on the third machine. if a server stops responding. the Web Intelligence Report Server. Note: As with the one-machine setup. file-based events occur. Six-machine setup This third configuration mirrors the three-machine setup.

Report Job Server. Install and configure any required database client software similarly on each machine. install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers. BusinessObjects Enterprise Administrator’s Guide 161 . including the Web Intelligence Report Server. • Note: As with the one-machine setup. If you have further requirements or more advanced configuration needs. Ensure that the web. along with a pair of Input and Output File Repository Servers. Install a second Page Server. • Install a second application server and Web Component Adapter on the fifth machine. This grants the BusinessObjects Enterprise servers their own set of processing resources. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install the three-machine setup first. along with a second Cache Server. For details. see “Three-machine setup” on page 160.xml file is configured correctly for each WCA. the Event Server is installed on the same machine as the CMS. Ensure that each CMS accesses the CMS database in exactly the same manner (the same database client software. so they share the task of maintaining the CMS database. the Event Server should be installed on the machine where your monitored. file-based events occur. can access your reporting database in exactly the same manner. the same database user name and password. Consult your web application server documentation for information on load-balancing and clustering your application servers. and so on). Web Intelligence Job Server. This machine must have a fast network connection (minimum 10 Mbps) to the CMS that you have already installed. Destination Job Server. Install a second CMS/Event Server pair on the fourth machine. contact your Business Objects sales representative for additional assistance. Program Job Server. however. which they do not have to share with database and web server processes. with at least 2 GB RAM installed on each machine. Note: It is recommended that you use six multi-processor machines (dualCPU or better). Ensure that all Page Servers and job servers. Verify that BusinessObjects Enterprise is functioning correctly. In general. Web Intelligence Report Server. and RAS on the remaining machine. Cluster the two CMS services. along with any ODBC DSNs that are required for your reports. List of Values Job Server. Tip: Here.Scaling Your System Common configurations 7 This tested configuration is designed to meet the reporting requirements of 85% of all deployment scenarios.

General scalability considerations include the following: • • • • • • • “Increasing overall system capacity” on page 162 “Increasing scheduled reporting capacity” on page 163 “Increasing on-demand viewing capacity for Crystal reports” on page 164 “Increasing prompting capacity” on page 165 “Enhancing custom web applications” on page 166 “Improving web response speeds” on page 166 “Getting the most from existing resources” on page 167 Increasing overall system capacity As the number of report objects and users on your system increases. A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. For more information. Each subsection focuses on one aspect of your system’s capacity. you can increase the overall system capacity by clustering two (or more) Central Management Servers (CMS). at some point. When you cluster two CMS machines. CMS clusters can improve overall system performance because every BusinessObjects Enterprise request results. 162 BusinessObjects Enterprise Administrator’s Guide . it is strongly recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. in a server component querying the CMS for information that is stored in the CMS database. and provides a number of ways in which you might modify your configuration accordingly. you instruct the new CMS to share in the task of maintaining and querying the CMS database. However. see “Clustering Central Management Servers” on page 92. to provide server redundancy and faulttolerance. Before modifying these aspects of your system. you should ideally install each cluster member on its own machine.7 Scaling Your System General scalability considerations General scalability considerations This section provides information about system scalability and the BusinessObjects Enterprise servers that are responsible for particular aspects of your system. discusses the relevant components. You can install multiple CMS services/daemons on the same machine.

Scaling Your System General scalability considerations 7 Increasing scheduled reporting capacity Increasing Crystal reports processing capacity All Crystal reports that are scheduled are eventually processed by a Job Server. because there is less distance for data to travel over your corporate network. you might create two server groups. Use event-based scheduling to create dependencies between large or complex reports. For more information. you can specify that it be processed by a particular server group to ensure that especially large reports are distributed evenly across resources. nightly basis. Then. If the majority of your reports are scheduled to run on a regular basis. For instance. Verify the efficiency of your reports.5 and later). Increase the hardware resources that are available to a Job Server. When designing reports in Crystal Reports. you can use Schedule events to ensure that the reports are processed sequentially. consider distributing the processing load through the use of server groups. or by running multiple Report Job Servers on a single multi-processor machine. consider moving the Job • • • • BusinessObjects Enterprise Administrator’s Guide 163 . Ensure also that the File Repository Servers are readily accessible to all Job Server (so they can read report objects from the Input FRS and write report instances to the Output FRS quickly). This is a useful way of minimizing the processing load that your database server is subject to at any given point in time. using the database server’s resources to group data. these strategies may improve the processing speed of the Job Server. if you run several very complex reports on a regular. If some reports are much larger or more complex than others. and so on. incorporating parameter fields. Depending upon your network configuration. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. You can expand BusinessObjects Enterprise by running individual Report Job Servers on multiple machines. For instance. when you schedule recurrent reports. If the Job Server is currently running on a machine along with other BusinessObjects Enterprise components. there are several strategies you can adopt to maximize your system’s processing capacity: • Install the Job Server in close proximity to (but not on the same machine as) the database server against which the reports run. each containing one or more Job Servers. by modifying record selection formulas. there are a number of ways in which you can improve the performance of the report itself.

the Page Server retrieves the data and performs the report processing. you allow each user to view live report data by refreshing reports against your database server. However. Increasing on-demand viewing capacity for Crystal reports When you provide many users with View On Demand access to reports. If your reporting requirements demand that users have continual access to the latest data. incorporating parameter fields. if you are working with server groups. if users use the Advanced DHTML viewer. Verify the efficiency of your reports. the Cache Server and Page Server. If the new machine has multiple CPUs.5 and later). a Web Intelligence Job Server must exist in the same group as the Web Intelligence Report Servers. For most requests. and so on. there are a number of ways in which you can improve the performance of the report itself. the Report Job Server. When running multiple Web Intelligence Report Servers. see “Modifying Cache Server performance settings” on page 112. the Report Application Server (RAS) processes the request. When designing reports in Crystal Reports. by modifying record selection formulas. Increasing Web Intelligence document processing capacity All Web Intelligence documents that are scheduled are eventually processed by a Web Intelligence Job Server and Web Intelligence Report Server. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. you can increase capacity in the following ways: • • Increase the maximum allowed size of the cache. you can install multiple Job Servers on the same machine (typically no more than one service/daemon per CPU). or by running multiple Web Intelligence Report Servers on a single multi-processor machine. you don’t need to duplicate the Web Intelligence Job Server. keep in mind that Web Intelligence Report Server processes both scheduling and viewing requests. 164 BusinessObjects Enterprise Administrator’s Guide . whereas requests for Crystal reports are processed by three separate servers. and the Cache Server stores recently viewed report pages for possible reuse. Note: When deciding whether to increase the number Web Intelligence Report Servers. using the database server’s resources to group data. One Web Intelligence Job Server can be used to drive multiple Web Intelligence Report Servers.7 Scaling Your System General scalability considerations Server to a dedicated machine. For more information. You can expand BusinessObjects Enterprise by running individual Web Intelligence Report Servers on multiple machines. However. For details.

but also during display of the portal itself. In CMC you can then create a RAS server group and assign the dedicated RAS to the RAS server group. you can instruct the Web Intelligence Report Server to delegate the transformation of XML to XSL to the browser. For instance. To delegate XSL transformation to the browser for document display: On the application server. the RAS processes the list-of-values objects for the report when the report is being viewed. This substantially decreases the load on the server. You can do this by installing additional Page Servers on multiple machines. You can then specify individual reports that should always be processed by a particular server group. do not install more than one Page Server per machine. In Business View Manager. • Increasing prompting capacity When reports use a list of values. By default. and then distribute the processing load through the use of server groups. 1. each containing one or more Cache Server/Page Server pairs along with one or more Report Application Servers. you then assign the list-ofvalues objects to be processed by the RAS server group. primarily during document display. Delegating XSL transformation to Internet Explorer If your users access InfoView via the Internet Explorer 6. Cache Servers. To avoid contention with other applications that use the RAS. the XSL transformation delegation is not activated. Increase the number of Page Servers.properties. BusinessObjects Enterprise Administrator’s Guide 165 . Restart the application server.Scaling Your System General scalability considerations 7 • Increase the number of Page Servers that service requests on behalf of Cache Servers. set the CLIENT_XSLT variable in webiviewer. located in the WEB-INF\classes subfolder of the application server as follows: CLIENT_XSLT=Y 2. you can add a RAS server that will be dedicated to processing list-of-value objects. It does this regardless of whether the list-of-value object was scheduled or whether data needs to be retrieved from the data base. The Page Server has been re-designed to optimize the processing capability of a machine. However. It is therefore no longer recommended that you install multiple Page Servers on one machine.0 browser. you might create two server groups. and Report Application Servers on the system.

see “Increasing overall system capacity” on page 162. consider increasing the web server’s hardware. department. ensure that you have set up a CMS cluster. You can grant select users the ability to manage particular BusinessObjects Enterprise folders. you may need to investigate a number of areas to determine exactly where you can improve web response speeds. Take into account the number of users who regularly access your system.7 Scaling Your System General scalability considerations Enhancing custom web applications If you are developing your own custom desktops or administrative tools with the BusinessObjects Enterprise Software Development Kit (SDK). In addition. consider distributing administrative efforts by developing web applications for delegated content administration. be sure to check the developer documentation available on your BusinessObjects Enterprise product CD for performance tips and other scalability considerations. and groups on behalf of their team. If the web server is indeed limiting web response speeds. Improving web response speeds Because all user interaction with BusinessObjects Enterprise occurs over the Web. Use the administrative tools provided with your web server software (or with your operating system) to determine how well your web server performs. To improve the scalability of your system. The query optimization section in particular provides some preliminary steps to ensuring that custom applications make efficient use of the query language. incorporate complete security and scheduling options into your own web applications. be sure to review the libraries and APIs. for instance. see “Increasing scheduled reporting capacity” on page 163 and “Increasing on-demand viewing capacity for Crystal reports” on page 164. users. • • 166 BusinessObjects Enterprise Administrator’s Guide . You can also modify server settings from within your own code in order to further integrate BusinessObjects Enterprise with your existing intranet tools and overall reporting environment. You can now. If web response speeds are slowed only by report viewing activities. or regional office. These are some common aspects of your deployment that you should consider before deciding how to expand BusinessObjects Enterprise: • Assess your web server’s ability to serve the number of users who connect regularly to BusinessObjects Enterprise. For details. If you are running a large deployment. content.

Scaling Your System General scalability considerations 7 If you find that a single application server inadequately services the number of scripting requests made by users who access your system on a regular basis. you can install multiple application servers on the same machine (typically no more than one per CPU). Note: BusinessObjects Enterprise does not support the sessionreplication functionality provided by some Java web application servers. BusinessObjects Enterprise Administrator’s Guide 167 . consider moving the application server to a dedicated machine. Optimizing network speed and database efficiency When thinking about the overall performance and scalability of BusinessObjects Enterprise. If the new machine has multiple CPUs. or on a single machine with other BusinessObjects Enterprise components. Make sure that your network has the bandwidth and speed necessary to provide BusinessObjects Enterprise users with acceptable levels of performance. Consult the documentation for your web application server for information on loadbalancing. Consider setting up two (or more) application servers. and scalability. • • Getting the most from existing resources One of the most effective ways to improve the performance and scalability of your system is to ensure that you get the most from the resources that you allocate to BusinessObjects Enterprise. Consult your network administrator for more information. consider the following options: • Increase the hardware resources that are available to the application server. If the application server is currently running on the web server. set up two (or more) WCS machines to take advantage of the dynamic load balancing that is built into the Web Connector components. If you are using the default Windows installation of BusinessObjects Enterprise. BusinessObjects Enterprise uses your network for communication between servers and for communication between BusinessObjects Enterprise and client machines on your network. without bringing down the entire system. clustering. The Web Connector distributes the processing load evenly across WCS hosts: each new BusinessObjects Enterprise session is sent to the least used WCS. This also provides you with the benefits of being able to take one WCS machine offline for service. don’t forget that BusinessObjects Enterprise depends upon your existing IT infrastructure.

If the ability to modify reports is not needed at your site. For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system. 4. select Business Objects Applications. see “Setting report viewing options” on page 428. For details on data sharing options for reports. go to the Viewers area. Select Web Desktop. thereby reducing the time needed to provide report pages to subsequent users of the same report while greatly improving overall system performance under load. then the performance of BusinessObjects Enterprise may suffer. The Report Application Server is optimized for report modification. see the planning chapter in the BusinessObjects Enterprise Installation Guide. If your databases are not optimized for the reports you need to run. or the Java viewer. you can disable the Advanced DHTML viewer for all users of BusinessObjects Enterprise. Click Update. Optimizing BusinessObjects Enterprise for report viewing BusinessObjects Enterprise allows you to enable data sharing. to get full value from data sharing. For simple report viewing you can achieve better system performance if users select the DHTML viewer.7 Scaling Your System General scalability considerations BusinessObjects Enterprise processes reports against your database servers. Enabling data sharing reduces the number of database calls. 2. which permits different users accessing the same report object to use the same data when viewing a report on demand or when refreshing a report. 3. This means that some users may see “old” data when they view a report on demand. the Active X viewer. the report is processed by the Report Application Server rather than the Page Server and Cache Server. Disabling the Advanced DHTML Viewer In the Central Management Console. or refresh a report instance that they are viewing. 168 BusinessObjects Enterprise Administrator’s Guide . 1. Consult your database administrator for more information. However. These report viewers process reports against the Page Server. Clear the option labeled Allow users to use the Advanced DHTML Viewer. you must permit data to be reused for some period of time. Using the appropriate processing server When users view a report using the Advanced DHTML viewer. On the Properties tab.

2. On the toolbar. additional machines. you must log on as an Administrator of the local machine. see the BusinessObjects Enterprise Installation Guide. BusinessObjects Enterprise Administrator’s Guide 169 . Click Next. Start the CCM on the BusinessObjects Enterprise machine upon which you want to install a new server. 3. For details. To add a Windows server Note: To complete this procedure. you specify the existing CMS whose system you want to expand. run the BusinessObjects Enterprise installation and setup program from your product distribution. Adding a server These steps add a new instance of a server to the local machine. You can run multiple instances of the same BusinessObjects Enterprise server on the same machine. During the Expand installation. The Add Business Objects Server Wizard displays its Welcome dialog box. The setup program allows you to perform an Expand installation. and you select the components that you want to install on the local machine.Scaling Your System Adding and deleting servers 7 Adding and deleting servers This section shows how to add and delete servers from a machine that is already running BusinessObjects Enterprise components. 1. It includes the following sections: • • “Adding a server” on page 169 “Deleting a server” on page 171 Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on new. click Add Server.

The “Set Configuration for this server” dialog box appears. Click the Server Type list and select the kind of server you want to add. depending upon the type of server that you are installing. 6. If you subsequently modify the server’s name through its command line. When you add Input or Output File Repository Servers. So. 5. This Server Name is displayed when you manage servers over the Web in the Central Management Console (CMC). Click Next. 170 BusinessObjects Enterprise Administrator’s Guide . if you add an Input FRS with the name SERVER02. Each server on the system must have a unique name. Note: The display name for each server on the local machine must be unique.” or “Output.7 Scaling Your System Adding and deleting servers The “Server Type and Display Name Configuration” dialog box appears.” prefix is required by the system. 4.SERVER02.” prefix. the wizard always precedes the server name you type with an “Input. Change the default Display Name field if you want a different name to appear in the list of servers in the CCM. The default naming convention is HOSTNAME.servertype (a number is appended if there is more than one server of the same type on the same host machine). The contents of this dialog vary slightly. This “Input. the CCM actually names the server Input. do not remove the prefix. Change the default Server Name field if required. 7.

To delete a Windows server Start the CCM on the BusinessObjects Enterprise machine that you want to delete a server from. but it is neither started nor enabled automatically. see “Changing the default server port numbers” on page 140. then click Finish. For reference. the actions performed on the new server will not be audited. 3. Stop the server that you want to delete from the system. Click Next to accept any other default values. To add a UNIX server Use the serverconfig. click Yes. For reference. If you add a new server to your BusinessObjects Enterprise installation you must enable auditing of actions on each new server. do not modify them. Deleting a server 1. see “Viewing and changing the status of servers” on page 82.sh” on page 602. or modify them to suit your environment. Type the name of the CMS that you want the server to communicate with. Note: If port number options are displayed in this dialog box. as in CMSname:port# 9. 2.sh script. BusinessObjects Enterprise Administrator’s Guide 171 . see “serverconfig. include the appropriate port number. 11. If you do not. For details. Use the CCM (or the CMC) to start and then to enable the new server when you want it to begin responding to BusinessObjects Enterprise requests. With the server selected. click Delete Server on the toolbar. Tip: Auditing in BusinessObjects Enterprise is enabled on a per server basis. Instead. See “Enabling auditing of user and system actions” on page 210 for more information. If your CMS is not listening on the default port (6400). For details. When prompted for confirmation. To delete a UNIX server Use the serverconfig. 4. The new server appears in the list. change ports through each server’s command line. Confirm the summary information is correct.sh” on page 602. see “serverconfig. 10.sh script.Scaling Your System Adding and deleting servers 7 8.

7 Scaling Your System Adding and deleting servers 172 BusinessObjects Enterprise Administrator’s Guide .

Managing BusinessObjects Enterprise Repository chapter .

and custom SQL commands. you can refresh a report’s repository objects on demand over the Web. You can refresh a report’s repository objects with the latest version from your BusinessObjects Enterprise Repository when you publish reports to BusinessObjects Enterprise. it is also saved to the BusinessObjects Enterprise Repository. custom functions.8 Managing BusinessObjects Enterprise Repository BusinessObjects Enterprise Repository overview BusinessObjects Enterprise Repository overview The BusinessObjects Enterprise Repository is a database in which you manage shared report elements such as text objects. The BusinessObjects Enterprise Repository is now hosted by the Central Management Server (CMS) system database. Alternatively. See the rest of this chapter for details. you may have repository data on a test system that you want to move onto a production server. 174 BusinessObjects Enterprise Administrator’s Guide . Copying data from one repository database to another BusinessObjects Enterprise enables you to copy the contents of one repository database into another database. or you may want to import repository objects from one BusinessObjects Enterprise XI installation to another. Before publishing reports that reference repository objects. You can migrate repository data from a different repository database (from version 10 of Crystal Reports. For example. Throughout this section. Or. or version 10 of Crystal Enterprise) into your current CMS database. this data is copied into the destination database. bitmaps. This procedure is also referred to as migrating a BusinessObjects Enterprise Repository database. the source CMS database refers to the database that holds the data you are copying. When you save any Business View. you can migrate the repository data from your current CMS database into a different data source. Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS You may want to import repository objects from a Crystal Enterprise 10 installation. move your existing Crystal Repository to the Central Management Server database.

and the objects in such folders to be copied to these renamed folders. You have selected “Automatically rename top-level folders that match top-level folders on the destination system. Updating the destination repository When you update the contents of the destination repository using the source repository as a reference. Note: Top-level folders containing Business Views are not renamed. all repository objects from the source system with a unique title are copied to the destination repository. the object is imported to the destination repository if: • • The object is not a Business View. When an object is copied from the source CMS to the destination CMS. replicating the folder hierarchy of the source system on the destination. the folder or folders that contain the object are also copied. BusinessObjects Enterprise Administrator’s Guide 175 . you add all objects in the source CMS to the destination CMS.” The end result is a destination repository that contains all objects from the source repository that have unique titles. However. This is the safest import option. you add all repository objects from the source CMS into the destination CMS without overwriting objects in the destination. If an object in the source repository has the same unique identifier as an object in the destination.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 Use the Import Wizard to copy repository data from the source CMS. regardless of the options set. If an object from the source has the same title as an object in the destination. causing the Business View functionality to fail. the names of top-level folders must be unique. copies of all non-Business View objects from the source repository that have titles that match titles of objects in the destination. at a minimum. All of the objects in the destination repository are preserved. and all objects originally in the destination repository. You can choose to merge the contents of the source repository into the destination repository. the object in the destination is overwritten. Renaming these folders would change the unique identifier associated with the Business View. Also. or you can update the destination with the contents of the source CMS. Merging repositories When you merge the contents of the source repository with the destination repository. Selecting “Automatically rename top-level folders that match top-level folders on the destination system” allows these folders to be renamed on the destination repository.

if copying an object from the source CMS to the destination CMS would result in more than one object in a folder with the same title. From the Source list in the Select Source Repository dialog. Objects from the source repository will be added to the destination repository database. the Crystal Repository database was hosted on a separate database server that you could connect to through ODBC. servers. Changing the names of these objects would cause user management. user groups. server groups. 1. If the Wizard finds identical objects (that is. only the most recent version of each object is copied. To copy repository data from Crystal Enterprise 9 From the BusinessObjects Enterprise program group. See “Importing with the Import Wizard” on page 402 for full instructions on using the Import Wizard to copy objects from one BusinessObjects Enterprise XI repository to another. 2. Note: Reports configured to use the source repository will now refer to the destination data source. server management.” Note: System Objects (users.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another All object titles in a folder must be unique. begin by making a backup copy of the source repository database. You must run the wizard on the machine containing your source repository. regardless of the options set. Copying data from a Crystal Enterprise 9 repository database In Crystal Enterprise 9. objects with the same unique identifier) in the source and destination repositories. neither the source nor the destination database is overwritten. and event management for these objects to fail. and calendars). Then replace the repository by importing its contents into the CMS database using the Repository Migration Wizard. the source objects will not be copied. click Repository Migration Wizard. events. 176 BusinessObjects Enterprise Administrator’s Guide . When you copy repository objects into BusinessObjects Enterprise XI. select the check box “Automatically rename objects if an object with that title already exists in the destination folder. If you want these objects to be copied. By default. click the name of the repository that you want to import. the copy fails. When you use the Repository Migration Wizard. are not renamed when you import them from one CMS to another. In a BusinessObjects Enterprise environment.

Click Next. then click Next. 6. Copying data from a Crystal Reports 9 repository database The Crystal Repository shipped with Crystal Reports 9 was an Access database (Repository. type the name of the destination data source’s Central Management Server. 5. The Select Destination Data Source dialog appears. Click Next. BusinessObjects Enterprise exports the selected repository objects from your BusinessObjects Enterprise Repository. and then Finish to complete the transfer and close the Repository Migration Wizard.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 3. Type the User Name and Password of an Enterprise account that provides you with administrative rights to the CMS. Click Next. 7. From the “Source Repository Objects” list. By default. In the CMS field. reporting success or failure for each object. Type the UserID and Password of a user with administrative rights to the repository database. 4.0\bin\ BusinessObjects Enterprise Administrator’s Guide 177 . select the items that you want to copy to your BusinessObjects Enterprise repository database.mdb). it was located in the following directory of your Crystal Reports installation: C:\Program Files\Common Files\Crystal Decisions\2.

If you created security for your repository database. From the “Source Repository Objects” list. 1. only the most recent version of each object is copied. To copy repository data from Crystal Reports 9 From the BusinessObjects Enterprise program group. click Repository Migration Wizard. Then replace the default repository by importing its contents into the CMS database using the Repository Migration Wizard. Log on to the CMS using a user name with administrative rights to BusinessObjects Enterprise. When you copy repository objects into BusinessObjects Enterprise XI. 4. neither the source nor the destination database is overwritten. type a User id and Password valid for the repository database. click the name of the repository that you want to import. Click Next. Note: Reports configured to use the source repository will now refer to the destination data source. the source objects will not be copied. 2. From the Source list in the Select Source Repository dialog. 178 BusinessObjects Enterprise Administrator’s Guide . Click Next. select the items that you want to copy to your BusinessObjects Enterprise repository database. If the Wizard finds identical objects in the source and destination repositories. You must run the wizard on the machine containing your source repository. When you use the Repository Migration Wizard.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another Begin by making a backup copy of this default database. Objects from the source repository will be added to the destination repository database. 5. 3.

BusinessObjects Enterprise Administrator’s Guide 179 . and then Finish to complete the transfer and close the Repository Migration Wizard. Click Next. When you refresh a report in this way. BusinessObjects Enterprise exports the selected repository objects from your Crystal Reports repository. Click Next. and then type the name of the folder. Select the folder in your destination repository where objects from your source directory will be placed. • 7. the old repository objects stored in the report are replaced with the latest versions from the BusinessObjects Enterprise Repository. reporting success or failure for each object. you will want to update the published Crystal reports that reference those repository objects. and then click “Delete the item/folder”. • To add objects to a new folder. Refreshing repository objects in published reports As you update objects stored in your BusinessObjects Enterprise Repository. To delete an existing folder from your repository. select it. 8. select “Insert a new folder”.Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports 8 6.

you can update repository objects at that time. Verify that the Use Object Repository when refreshing report check box is selected.rpt files. You can also refresh repository objects when you publish reports. Click the link to the report you want to refresh. The Report Repository Helper is available from Administrative Tools area in the BusinessObjects Enterprise Admin Launchpad. Tip: If you use Crystal Reports to open reports directly from your BusinessObjects Enterprise folders. Click Refresh Report. you can refresh multiple reports simultaneously using the Report Repository Helper.8 Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports Note: Although refreshing with the repository is faster. For details. To refresh a published report’s repository objects Go to the Objects management area of the CMC. 3. On the Properties tab. see “Setting report refresh options” on page 426. 5. 2. 4. select it now and click Update. 1. Note: If the check box is cleared. see “Publishing Objects to BusinessObjects Enterprise” on page 373. you can also refresh reports by setting options that compare reports to their original source . For more information. 180 BusinessObjects Enterprise Administrator’s Guide . click the Refresh Options link. Tip: Once you have enabled repository refresh for each report.

Working with Firewalls chapter .

and be a focus for security decisions. This chapter provides general information about what a firewall is and types of firewalls: • • “What is a firewall?” on page 182 “Firewall types” on page 183 If you are already familiar with firewalls and the configuration used in your network. To help explain how firewalls work. A firewall also can’t set itself up correctly or protect against completely new threats. and HTTP). some basic networking terms are described here: • • “TCP/IP and packets” on page 182 “Ports” on page 183 If you are already familiar with these topics see “Understanding firewall integration” on page 186.9 Working with Firewalls Firewalls overview Firewalls overview BusinessObjects Enterprise works with firewall systems to provide reporting across intranets and the Internet without compromising network security. a firewall protects a company’s intranet from being improperly accessed through the Internet. A firewall restricts people to entering and leaving your network at a carefully controlled point. A firewall can’t protect against malicious insiders or connections that don’t go through it. TCP/IP and packets TCP/IP (Transmission Control Protocol/Internet Protocol) is the communications protocol used on the Internet. Packets are typically too small to contain all the data that is sent at any one time. The units of data transmitted through a TCP/IP network are called packets. telnet. It also prevents attackers from getting close to your other defenses. Typically. FTP. so multiple packets are required. proceed directly to “Understanding firewall integration” on page 186. A firewall can enforce a security policy. each containing a portion of the overall data. What is a firewall? A firewall is a security system that protects one or more computers from unauthorized network access. 182 BusinessObjects Enterprise Administrator’s Guide . the packets are constructed such that a layer for each protocol is wrapped around each packet. TCP/IP packets have the following layers: • Application layer (for example. Typically. When data is sent by TCP/IP. log Internet activity.

it binds to its designated port number. ports allow a client program to specify a particular server program on a computer in a network. When a service or daemon initially is started. For instance. Firewall types Firewalls primarily function using at least one of the following methods: • • • “Packet filtering” on page 184 “Network Address Translation” on page 184 “SOCKS proxy servers” on page 185 BusinessObjects Enterprise works with these firewall types. With TCP/IP. Ports Ports are logical connection points that a computer uses to send and receive packets. when you visit a typical HTTP site over the Web.Working with Firewalls Firewalls overview 9 • • • Transport layer (TCP or UDP). At the application layer. ethernet and ATM). If you are using SOCKS proxy servers now. but ports 0 to 1024 are reserved for use by certain privileged services. Note: Business Objects will be moving away from supporting SOCKS proxy servers. As the packet moves through the layers. each layer adds a header to the packet. which is the pre-assigned port for HTTP communication. Valid port numbers range from 0 to 65536. the packet consists simply of the data to be transferred. High-level applications that use TCP/IP have ports with pre-assigned numbers. Other application processes are given port numbers dynamically for each connection. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. we recommend you switch to a different firewall method. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. the process is reversed: the layers are sequentially removed until the transferred data is available to the destination application. you communicate with the web server on port 80. BusinessObjects Enterprise Administrator’s Guide 183 . When any client program wants to use that server. it must also request to bind to the designated port number. Internet layer (IP). These headers are used to determine the packet’s destination and to ensure that it arrives intact. When the packet reaches its destination. Network Access layer (for example. preserving the data from the previous level.

9 Working with Firewalls Firewalls overview Packet filtering Packet filtering rejects TCP/IP packets from unauthorized hosts and rejects connection attempts to unauthorized services. Firewalls that employ packet filtering will work with BusinessObjects Enterprise. Once the translation is complete. When an incoming response arrives at the firewall. NAT hides internal hosts by converting their IP addresses to an external address. Stateless packet filters do not retain information about connections in use. the firewall sends the data payload on to its original destination. NAT makes it appear that all traffic from your site comes from one (or more) external IP addresses. The address the data is going to. NAT can also be described as a simple proxy. they make determinations packet-by-packet based only on the information contained within the packet. Because this type of firewall essentially sends and receives data on behalf of internal hosts. NAT is also called IP masquerading. The filter then uses that information to discriminate valid return packets from invalid connection attempts. As outgoing packets are routed through the firewall. Stateful packet filters remember the state of connections at the network and session layers by recording the established session information that passes through the filter gateway. instead. The data contained within the packet. thus. The session and application ports being used to transfer the data. Typically there are two types of packet filtering: • Network Address Translation Network Address Translation (NAT) converts private IP addresses in a private network to globally unique. The main purpose of NAT is to hide internal hosts. The firewall maintains a translation table to keep track of the address conversions that it has performed. 184 BusinessObjects Enterprise Administrator’s Guide . public IP addresses for use external to that network. the firewall uses this translation table to determine which internal host should receive the response. Packet filtering can reject packets based on the following: • • • • • The address the data is coming from.

you can establish a static route through the firewall for that service. BusinessObjects Enterprise supports and works with SOCKS servers. These protocols will not work through a dynamically translated connection. or IP masquerade) shares a small group of external IP addresses amongst a large group of internal clients for the purpose of expanding the internal network address space. When an external request is made. and relays data between the internal and external networks. A SOCKS server redirects connection requests from computers on one side of it to computers on the other side of it. When the SOCKS server receives a response from the internal server. it returns that response to the original client as if it were the originating external server. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. SOCKS is a networking protocol that enables computers on one side of a SOCKS server to access computers on the other side of a SOCKS server without requiring a direct IP connection. hide mode. A SOCKS server typically authenticates and authorizes requests. • BusinessObjects Enterprise and static translation NAT can be configured so that they work together. BusinessObjects Enterprise Administrator’s Guide 185 . external computers have no way to address an internal host that is protected using a dynamically translated IP address. we recommend you switch to a different firewall method. This effectively hides the identity and the number of clients on the internal network from examination by anyone on the external network. the SOCKS server sends the requests to the internal network as if the SOCKS server itself was the originating client. SOCKS servers work by listening for service requests from internal clients. Because a translation entry does not exist until an internal client establishes a connection out through the firewall. establishes a proxy connection. Dynamic translation (automatic. For example. Note: Some protocols do not function correctly when the port is changed. if you run an email server inside a firewall. If you are using SOCKS proxy servers now. SOCKS proxy servers Note: Business Objects will be moving away from supporting SOCKS proxy servers.Working with Firewalls Firewalls overview 9 There are two basic types of NAT: • Static translation (port forwarding) grants a specific internal host a fixed translation that never changes.

such as the Report Application Server SDK or the Viewer SDK). BusinessObjects Enterprise connections include: • • “Communication between servers and the CMS directory listing service” on page 186 “Communication between the application tier and CMS” on page 187 Some examples also apply to communications between a BusinessObjects Enterprise server and the BusinessObjects Enterprise SDK (or other BusinessObjects Enterprise SDKs.9 Working with Firewalls Understanding firewall integration Understanding firewall integration This section gives a conceptual overview of internal communications between BusinessObjects Enterprise servers and the implications for firewall configuration. See “Architecture overview and diagram” on page 54 for a listing of these servers. It also reviews the most common firewall scenarios. Communication between servers and the CMS directory listing service The Central Management Server (CMS) manages a directory listing service for the application server and the servers in the Intelligence tier and the Processing tier. Communication between servers It is helpful to understand the basics of internal communications between BusinessObjects Enterprise servers before configuring your BusinessObjects Enterprise system to work with firewalls. 186 BusinessObjects Enterprise Administrator’s Guide . it contacts the directory listing service on the CMS to obtain the connection information. When a BusinessObjects Enterprise server first connects to the BusinessObjects Enterprise framework. see “Configuring the system for firewalls” on page 190. By default this port number is dynamically chosen. Where applicable. it registers its IP address and port number with the CMS. these examples are indicated in the descriptions. The first server then uses this information to communicate directly with the second server. It includes: • • “Communication between servers” on page 186 “Typical firewall scenarios” on page 188 For detailed step-by-step instructions on how to configure your system to work in a firewalled environment. When one BusinessObjects Enterprise server needs to communicate with another.

see “Changing the default server port numbers” on page 140 for additional configuration information. rather than one that is dynamically selected. Using the -port option. which by default is selected dynamically. 3. you can also customize the CMS to listen on a specific port for initial communications. rather than using the pre-defined default value (port 6400 for the CMS). This communication model is also used when a BusinessObjects Enterprise SDK or the WCA communicates directly with a server in the Intelligence tier or the Processing tier. 2. To do so: 1. BusinessObjects Enterprise Administrator’s Guide 187 . See “Communication between the application tier and CMS” on page 187. The CMS replies to the Job Server with the IP address and port number of the Input FRS. Note: • Before changing the default port numbers. All subsequent communications between the two servers continues using the same address and port. Using the -requestport command. The Job Server contacts the CMS and requests connection information for the Input FRS. The Job Server uses this information to connect directly to the Input FRS. You can use the -requestport command to configure the CMS to reply with a fixed port number for subsequent communications. the Job Server must communicate with the Input File Repository Server (FRS) to obtain the report object. Communications between the CMS and the BusinessObjects Enterprise SDK and WCA follow another model. Note: • • • Communication between the application tier and CMS Not all BusinessObjects Enterprise components use the directory listing service on the CMS to make their initial connections with other elements of BusinessObjects Enterprise. before running a scheduled report. rather than using one that is dynamically selected. The WSA contacts the CMS using a pre-defined address and port number.Working with Firewalls Understanding firewall integration 9 For example. The CMS replies with its address and a second port number. you can configure any BusinessObjects Enterprise server to register a fixed port number with the CMS. Subsequent communications continue using this address and second port number.

and how to configure both BusinessObjects Enterprise and your firewalls in order to provide this access. Typical firewall scenarios If all users of your BusinessObjects Enterprise system are on your internal network. so you need only configure each component to be aware of the location and type of the proxies that they communicate with. Note: When this section mentions firewalling different BusinessObjects Enterprise components. If the components reside on the same computer. if you need to provide access to BusinessObjects Enterprise to external users. you must: 1. Configure its components to use fixed addresses and ports. You must change this default when you place a stateful firewall that uses packet filtering or Network Address Translation (NAT) between BusinessObjects Enterprise components because these firewalls provide protection by permitting communications from outside the firewall with only specified addresses and ports inside the firewall. The process is similar when you configure your BusinessObjects Enterprise system to communicate across SOCKS proxy filters. Configure your firewall to allow communications to the services behind the firewall using these addresses and ports. there is no need to perform any special configuration of your firewalls or of BusinessObjects Enterprise. and no additional configuration is required. it assumes that the components reside on separate computers. To enable BusinessObjects Enterprise to communicate across such a firewall. 2. However. you must consider where to place each BusinessObjects Enterprise component. This section outlines the following common firewall scenarios: • • 188 “Application tier separated from the CMS by a firewall” on page 189 “Thick client separated from the CMS by a firewall” on page 189 BusinessObjects Enterprise Administrator’s Guide . their communication is uninterrupted by firewalls. Firewall configuration overview By default BusinessObjects Enterprise uses dynamically chosen port numbers for communications between components. Simply place all BusinessObjects Enterprise components on computers inside your firewall.9 Working with Firewalls Understanding firewall integration • You may also change the default port that the CMS uses to listen for initial communications from the Configuration tab of the Properties dialog in the Central Configuration Manager. But BusinessObjects Enterprise provides direct support for SOCKS proxy filters.

For more information. this operation fails. Note: Placing your application server in the DMZ is less secure than placing it on your internal network. A DMZ is a network area that is neither part of the internal network nor directly part of the Internet. For more information. see: • • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring for SOCKS servers” on page 199 Thick client separated from the CMS by a firewall You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. You must configure your CMS. and your firewall if you want to support this network configuration. For maximum security. BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls. while placing the CMS and all other BusinessObjects Enterprise servers on the internal network. you may prefer to place your BusinessObjects Enterprise application server on your internal network. the DMZ is set up between two firewalls: an outer firewall and an inner firewall. your File Repository Servers. or by using the Import Wizard or Publishing Wizard. the thick clients communicate directly with the CMS. Typically.Working with Firewalls Understanding firewall integration 9 These scenarios are general cases: once you understand the firewalling issues involved. you should be able to support BusinessObjects Enterprise in wide variety of contexts. Application tier separated from the CMS by a firewall In most cases. clients access protected information through a web server running in a Demilitarized Zone (DMZ). You may chose to place your application server in the DMZ. However. This means that if there is a firewall between the computer running one of these thick clients and the CMS. see: • • “Configuring NAT when thick client is separated from the CMS” on page 195 “Configuring packet filtering when thick client is separated from the CMS” on page 198 BusinessObjects Enterprise Administrator’s Guide 189 .

however. It includes: • • • “Configuring for Network Address Translation” on page 190 “Configuring for packet filtering” on page 195 “Configuring for SOCKS servers” on page 199 For a conceptual overview of communications between BusinessObjects Enterprise components and of supported firewall configurations. the overall procedure for configuring your system to work with firewalls will not change. Note: You can configure BusinessObjects Enterprise to communicate properly across NAT firewalls that use static IP translation. then no special configuration is required for BusinessObjects Enterprise to communicate properly. and then specify a firewall rule for the server. 190 BusinessObjects Enterprise Administrator’s Guide .9 Working with Firewalls Configuring the system for firewalls Configuring the system for firewalls This section gives practical step-by-step instructions for configuring your BusinessObjects Enterprise system to work in a firewalled environment. configuring for Network Address Translation can include one or both of the following tasks: • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring NAT when thick client is separated from the CMS” on page 195 Configuring NAT when application tier is separated from the CMS If the application server is separated from the CMS and other BusinessObjects Enterprise servers by NAT. it passes a fully qualified domain name (FQDN) that is routable by the firewall. Depending on your system configuring. Configuring for Network Address Translation If you use Network Address Translation (NAT) only on the outer firewall of the DMZ. you need to configure these components to communicate properly through the firewall. Note: If you have multiple BusinessObjects Enterprise servers of a given type. if you separate BusinessObjects Enterprise components using NAT. However. you must ensure that whenever a BusinessObjects Enterprise server passes an address across the firewall to the application server. see “Understanding firewall integration” on page 186. Configure each server as described in the section that describes your firewall environment. BusinessObjects Enterprise cannot communicate across a firewall whose IP translation is dynamic.

For the -requestport command. BusinessObjects Enterprise Administrator’s Guide 191 . add the following option: -port FQDN:6400 -requestport portnum For the -port command. 4. replace FQDN with the fully qualified domain name of the machine that is running the CMS. see “Changing the default server port numbers” on page 140. substitute your new port number for the default value of 6400. for example /export/home/ businessobjects.config file are installed in the Business Objects install directory. you must open a port on the firewall for each server. 1. In the Command box. 2. 5. The application server must be a Tomcat or IIS server. Click OK to return to the CCM. Start the Central Management Server. Stop the Central Management Server. 3. Tip: If you want to customize the CMS so that it listens on a port other than the default. By default the script and the ccm. substitute any valid free port number for portnum. On the toolbar. To configure the CMS on UNIX Run ccm. Before changing the port number. This machine must be routable from the application server. click Properties.sh. If you change the default port number of the CMS you must perform additional system configuration. Configuring BusinessObjects Enterprise for Network Address Translation when the application tier is separated from the CMS by a firewall includes: • • • • “Configuring the CMS” on page 191 “Configuring the BusinessObjects Enterprise servers” on page 192 “Configuring the hosts files” on page 193 “Specifying firewall rules for NAT” on page 194 Configuring the CMS 1. To configure the CMS on Windows Start the CCM. 6. Therefore.Working with Firewalls Configuring the system for firewalls 9 Ports The application server must be able to communicate with every BusinessObjects Enterprise server behind the firewall.

4. Repeat for each BusinessObjects Enterprise server. 5. replace FQDN with the fully qualified domain name of the machine that is running the server.9 Working with Firewalls Configuring the system for firewalls 2. substitute any valid free port number for portnum. 3. • • 1. each server on that machine must use a unique port number. Edit the ccm. 7. To configure BusinessObjects Enterprise servers on UNIX Run ccm. On the toolbar.config file are installed in the Business Objects install directory. Stop the server. By default the script and the ccm. For the -requestport command. substitute any valid free port number for portnum. 1.config file to insert the following command line: -port FQDN:6400 -requestport portnum For the -port command. for example /export/home/ businessobjects. If more than one server is installed on the same machine. Stop the Central Management Server.sh to start the Central Management Server. add the following option: -port FQDN -requestport portnum For the -port command. Start the server. 4. For the -requestport command. Use ccm. This machine must be routable from the application server. 6. This machine must be routable from the application server. 192 BusinessObjects Enterprise Administrator’s Guide . 3.sh. In the Command box. replace FQDN with the fully qualified domain name of the machine that is running the CMS. Click OK to return to the CCM. “To configure BusinessObjects Enterprise servers on Windows” on page 192 “To configure BusinessObjects Enterprise servers on UNIX” on page 192 To configure BusinessObjects Enterprise servers on Windows Start the CCM. Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. click Properties. 2.

replace FQDN with the fully qualified domain name of the machine that is running the server. Save the hosts file. To configure the hosts files on UNIX Note: Your UNIX operating system must be configured to first consult the hosts file to resolve domain names. “To configure the hosts files on Windows” on page 193 “To configure the hosts files on UNIX” on page 193 To configure the hosts files on Windows Open the hosts file using a text editor like Notepad. For the -requestport command. The procedure for configuring the hosts file is different for Windows and UNIX.config file to insert the following command line: -port FQDN -requestport portnum For the -port command. you must configure the hosts file so that the server can map the FQDN it receives from the Central Management Server (CMS) to an internally routable IP address. 2. Stop the server. 1. Open the hosts file using an editor like vi. Use ccm. each server on that machine must use a unique port number. Edit the ccm. Repeat for each BusinessObjects Enterprise server. Use the internally routable IP address of the machine and its externally routable fully qualified domain name. 3. Consult your UNIX systems documentation for details. The hosts file is located at \WINNT\system32\drivers\etc\hosts. Configuring the hosts files On each machine running a BusinessObjects Enterprise server. This machine must be routable from the application server. 4. before consulting DNS. The hosts file is located at \etc\hosts. substitute any valid free port number for portnum.sh to start the server. Follow the instructions in the hosts file to add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server or servers. 5. If more than one server is installed on the same machine.Working with Firewalls Configuring the system for firewalls 9 2. 3. This is necessary to enable communication between servers inside the firewall. BusinessObjects Enterprise Administrator’s Guide 193 . See: • • 1.

Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise Server 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be one inbound firewall rule for each BusinessObjects Enterprise server behind the firewall. consult your firewall documentation. Where translatedIPDaddress is the actual translated IP address. Specifying firewall rules for NAT When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule. 4. and “Configuring the BusinessObjects Enterprise servers” on page 192 for details. For details about the rules see: • • “Inbound Rules” on page 194 “Outbound Rules” on page 195 The fixed port numbers specified in the chart are the port numbers you specify for servers using -requestport. Whenever more than one server is installed on the same machine.9 Working with Firewalls Configuring the system for firewalls 2. See “Configuring the CMS” on page 191. each server on that machine must use a unique port number. Use the translated IP address of the machine and its fully qualified domain name. add a route from the translated IP address to the actual internal IP address: route add translatedIPaddress actualIPaddress 3. 194 BusinessObjects Enterprise Administrator’s Guide . Save the hosts file. Add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server. On the firewall machine. and actualIPaddress is the actual internal IP address for the a server. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers For details of how to specify these rules.

Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server. Configuring for packet filtering If you use packet filtering only on the outer firewall of the DMZ.Working with Firewalls Configuring the system for firewalls 9 Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. then no special configuration is required for BusinessObjects Enterprise to communicate properly. follow the detailed steps in “Configuring NAT when application tier is separated from the CMS” on page 190 but: • • Configure only the Central Management Server and the Input File Repository Server. or by using the Import or Publishing Wizards. For full instructions. Configuring NAT when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. This section includes: • • “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring packet filtering when thick client is separated from the CMS” on page 198. However. However. You do not need to establish an outbound firewall rule. These listeners may initiate communication with the application server. BusinessObjects Enterprise Administrator’s Guide 195 . if there is a firewall between the computer running one of these thick clients and the Central Management Server (CMS). this operation fails. Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses Network Address Translation (NAT) is very similar to configuring your system to support a NAT firewall between the application tier and the Central Management Server. if you separate BusinessObjects Enterprise components using packet filtering. you need to configure them to communicate properly through the firewall.

see “Changing the default server port numbers” on page 140. In the Command box.sh. “To configure BusinessObjects Enterprise servers on Windows” on page 196 “To configure BusinessObjects Enterprise servers on UNIX” on page 196 To configure BusinessObjects Enterprise servers on Windows Start the CCM. 1. 4. Click OK to return to the CCM. 7. for example /export/home/ businessobjects.9 Working with Firewalls Configuring the system for firewalls Configuring packet filtering when application tier is separated from CMS If your firewall performs packet filtering. Repeat for each BusinessObjects Enterprise server behind the firewall. also add -port cmsport to the command line. 3. Start the server.config file are installed in the BusinessObjects install directory. See: • • 1. each server on that machine must use a unique port number. If more than one server is installed on the same machine. 6. By default the script and the ccm. Tip: If you want to customize the CMS so that it listens on a port other than the default. For example: -port cmsport -requestport portnum If you change the default port number of the CMS you must perform additional system configuration. On the toolbar. 5. 2. Stop the first server. where cmsport is the new port number for the default value of 6400. add the following option: -requestport portnum For the -requestport command. you must configure the CMS and every BusinessObjects Enterprise server inside the inner firewall to respond to communications from the application server on a fixed port. To configure BusinessObjects Enterprise servers on UNIX Run ccm. 196 BusinessObjects Enterprise Administrator’s Guide . This includes: • • “Configuring the BusinessObjects Enterprise servers” on page 196 “Specifying firewall rules for packet filtering” on page 197 Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. Before changing the port number. click Properties. substitute any valid free port number for portnum.

For details of how to specify these rules. also add -port 6400 to the command line.Working with Firewalls Configuring the system for firewalls 9 2. 4.sh to start the server. If you change the default port number of the CMS you must perform additional system configuration. substitute any valid free port number for portnum. substituting your new port number for the default value of 6400.config file to insert the following command line: -requestport portnum For the -requestport command. Use ccm. Specifying firewall rules for packet filtering When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule. For details about the rules see: • • “Inbound Rules” on page 198 “Outbound Rules” on page 198 The fixed port numbers specified in the chart are the port numbers you specify for the CMS and other BusinessObjects Enterprise servers using -requestport. 5. see “Changing the default server port numbers” on page 140. consult your firewall documentation. Edit the ccm. 3. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers. Repeat for each BusinessObjects Enterprise server. Before changing the port number. Stop the server. If more than one server is installed on the same machine. Tip: If you want to customize the CMS so that it listens on a port other than the default. BusinessObjects Enterprise Administrator’s Guide 197 . each server on that machine must use a unique port number.

Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses packet filtering is very similar to configuring your system to support a packet filtering firewall between the application tier and the Central Management Server (CMS). Whenever more than one server is installed on the same machine. each server on that machine must use a unique port number. Configuring packet filtering when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. this operation fails. These listeners may initiate communication with the application server. For full instructions. follow the detailed steps in “Configuring packet filtering when application tier is separated from CMS” on page 196 but: • Configure only the Central Management Server and the Input File Repository Server to use fixed port numbers for communication. Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. 198 BusinessObjects Enterprise Administrator’s Guide . However. or by using the Import or Publishing Wizards. if there is a firewall between the computer running one of these thick clients and the CMS.9 Working with Firewalls Configuring the system for firewalls Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise servers 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be an inbound firewall rule for each BusinessObjects Enterprise server behind the firewall.

if the only means of traversing the firewall is using the SOCKs protocol. If you are using SOCKS proxy servers now. we recommend you switch to a different firewall method. There is limited support of SOCKS for the UNIX installation of BusinessObjects Enterprise. Therefore only perform the test cases that utilize socks when using IIS on a windows deployment This list describes when to use the procedures that are provided in the remainder of this section: • • Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the WCA from the CMS. Note: The EBUS layer of the Java SDK does not support communications using the SOCKs protocol. so you don’t need to configure them separately. The means that applications written using the Java SDK cannot be on the outside of a firewall from any components that must be accessed. BusinessObjects Enterprise Administrator’s Guide 199 . SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. but you cannot use JSP pages through a SOCKS firewall. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. or for a Windows installation that uses the BusinessObjects Enterprise Java SDK.NET SDK. BusinessObjects Enterprise provides direct support for SOCKS proxy server firewalls on Windows installations that use the BusinessObjects Enterprise . complete these steps regardless of the location of your SOCKS server(s). as required. You do not need to establish an outbound firewall rule. You can configure the Web Component Adapter to communicate through a SOCKS server. Configuring for SOCKS servers Note: Business Objects will be moving away from supporting SOCKS proxy servers. BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls. The remaining server components automatically obtain their SOCKS configuration from the CMS. but the Java SDK has no support for SOCKS. Therefore you may be able to configure your system to support a custom CSP application and SOCKS.Working with Firewalls Configuring the system for firewalls 9 • Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server. Configuring the WCA for SOCKS servers When configuring your WCA for SOCKS.

The remaining BusinessObjects Enterprise servers automatically obtain their SOCKS configuration from the CMS. Click OK. 9. 7. from the outermost to the innermost. 8. so you don’t need to configure them separately. click Add. These steps provide the WCA with the required information about each SOCKS server. On the Connection tab. as required. If you are using version 5 and you would like to secure access to the server. 6.9 Working with Firewalls Configuring the system for firewalls Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the application server from the CMS. type the Server Name or IP Address of your SOCKS server. 4. type the number of the port that the SOCKS server is listening on. 3. 200 BusinessObjects Enterprise Administrator’s Guide . 1. 5. To configure the CMS on UNIX The UNIX version of BusinessObjects Enterprise includes a utility that allows you to configure BusinessObjects Enterprise servers to work with SOCKS servers. repeat steps 4 to 8 for each additional server. If you have more than one SOCKS server. In the SOCKS Proxy dialog box. on the toolbar. For details. In the Server Port field. and then enter your user name and password. Click OK in all three dialog boxes to return to the CCM. see “For more information about each of these topics. Select the CMS and. see “Scalability overview” on page 158. To configure the CMS on Windows Start the CCM. Then click Up and Down to order the SOCKS servers from the outermost (closest to the application server or Web Component Server) to the innermost (closest to the CMS). 10. in order. Start the BusinessObjects Enterprise server components. Stop all of the Business Objects servers. click Properties. 2. select the authentication check box. Select the SOCKS version that you are running (Ver 4 or Ver 5). Configuring the WCA for SOCKS servers Complete these steps if one or more SOCKS servers separates the Web Component Adapter (WCA) from the Central Management Server (CMS). including the Central Management Server.” on page 602.

a. c. 3. To configure the WCA on Windows Add the SOCKS information to the WCA. Save the file. 1. The Properties dialog box appears. Repeat step 3 for all the BusinessObjects Enterprise server. Edit the file C:\Inetpub\wwwroot\Web. b.socksUri” value-“*”/> Add the following SOCKS server information: *Socks://Version. “To configure the WCA on UNIX” on page 201 “To configure the WCA on Windows” on page 201 To configure the WCA on UNIX Run the sockssetup.Working with Firewalls Configuring the system for firewalls 9 The outermost SOCKS server is the one closest to the web server.config.xml. See “Configuring the Web Component Adapter” on page 89 for details on editing web. f. Start the CCM.war to insert a SOCKS URI (universal resource identifier). see “sockssetup. Go to the line: <add key=”connection. The procedure for configuring the WCA is different for Windows and Unix.sh script to configure the BusinessObjects Enterprise servers and WCA to work with the SOCKS servers. a. e. g. Enter the SOCKS information. Start the server again. For details.sh” on page 603. d. This URI tells your WCA how to contact the CMS through your SOCKS server(s).User:Password@SOCKSserver:Port/ CMSmachine:Port c. Configure the BusinessObjects Enterprise server: BusinessObjects Enterprise Administrator’s Guide 201 . The innermost SOCKS server is the last SOCKS server that the WCA communicates with before the CMS. b. 2. Click Configuration tab. Edit the web. Double-click the CMS. See: • • 1. Stop the CMS.xml deployment descriptor file associated with the webcompadapter.

9 Working with Firewalls Configuring the system for firewalls 202 BusinessObjects Enterprise Administrator’s Guide .

Managing Auditing chapter .

you must first determine which server controls that action. Each server writes audit records to a log file local to the server. while helping you better evaluate the value that BusinessObjects Enterprise provides to your organization. Once the data is in the auditing database you can run pre-configured reports against the database or design custom reports to suit your own needs. The CMS also controls the synchronization of audit actions that occur on different machines. How does auditing work? The Central Management Server (CMS) acts as the system auditor. 204 BusinessObjects Enterprise Administrator’s Guide . Each auditee provides a time stamp for the audit actions that it records in its log file. As the auditee. they make a correction to the time stamp they record in their log files for subsequent audit actions. At regular intervals the CMS communicates with the auditee servers to request copies of records from the auditee’s local log files. Having information about who is using your system and which objects they are accessing allows you to answer system-level questions like “which groups within the company use our BusinessObjects Enterprise system the most?” or “how many concurrent user licenses are we using at any given time?” Auditing also allows you to better administer individual user accounts and reports by giving you more insight into what actions users are taking and which reports they are accessing. while each BusinessObjects Enterprise server that controls actions that you can monitor is an auditee. the CMS periodically broadcasts its system time to the auditees. As the auditor. If differences exist. the BusinessObjects Enterprise server will then begin to record these audit actions in a local log file. To ensure that the time stamps of actions on different servers are consistent. Then you must enable auditing of that action in the Servers management area of the Central Management Console. the CMS controls the overall audit process. The auditees then compare this time to their internal clocks. This information lets you be more proactive in managing the operation and deployment of your BusinessObjects Enterprise system.10 Managing Auditing Auditing overview Auditing overview Auditing allows you to monitor and record key facts about your BusinessObjects Enterprise system. When the CMS receives these records it writes data from the log files to the central auditing database. To audit an action in BusinessObjects Enterprise.

BusinessObjects Enterprise records the time of the action. and the data that is recorded for each audit action. to help you find the server where you enable auditing of these actions. Which actions can I audit? You can use auditing to track the actions of individual users of BusinessObjects Enterprise as they log in and out of the system. another CMS from the cluster will take over and begin acting as auditor. The CMS acts as both an auditor and as an auditee when you configure it to audit an action that the CMS itself controls. For more information about the actions that are audited. the name and user group of the user who initiated the action. BusinessObjects Enterprise Administrator’s Guide 205 . See “Using sample audit reports” on page 214 or “Creating custom audit reports” on page 217 for more information. see “Enabling auditing of user and system actions” on page 210. see “Reference list of auditable actions” on page 205). If the machine that is running this CMS fails. the server where it was performed.Managing Auditing Auditing overview 10 Note: • • • You must configure the auditing database on the CMS before you can begin to audit. In a CMS cluster. and a variety of other parameters more fully documented in “Auditing database schema reference” on page 218. For step by step instructions on how to enable audit actions. It is organized according to the types of actions that you can audit. or create file-based events. see the “Auditing database schema reference” on page 218. See “Configuring the auditing database” on page 209. or to answer more complex queries such as “how many concurrent licenses are we using at a given time?”. access data. Reference list of auditable actions This list contains a complete list of the audit actions you can enable in BusinessObjects Enterprise. the cluster will nominate one CMS to act as system auditor. you can use a custom or pre-configured report to view the raw data. For each action. (For a complete list of auditable actions. You can also monitor system actions like the success or failure of scheduled objects. Once you have collected this data.

a custom application that uses RAS SDK. Save document to repository. A report has been created successfully using: • a custom application that uses the RAS SDK. location. A user has selected a universe as they create a new Web Intelligence document. • • • A user has saved a Web Intelligence document within BusinessObjects Enterprise.10 Managing Auditing Auditing overview User Actions Actions Folders A folder is created. Selection of universe. A report fails to be created. RAS A report fails to open. or as they edit an existing Web Intelligence document. 206 BusinessObjects Enterprise Administrator’s Guide . • • A report is opened successfully using: the Advanced DHTML viewer. (The name. Get list of universes. A report fails to save using a custom application based on the RAS API.) A report has been viewed successfully. Cache Server A report could not be viewed. A report is saved successfully (using a custom application based on the RAS SDK). User opens an existing Web Intelligence document. BusinessObjects Enterprise Server CMS Crystal reports A folder is modified. A folder is deleted. Read Document. which triggers a request to the server for the list of available universes. or description of a folder is modified. Web Intelligence Web Report Server Intelligence • A user has begun creating a new Web Intelligence documents document.

• User drills past the scope of the data currently in memory. User logs off. User applies a formatting change to an existing Web Intelligence document in a query panel. and triggers a call to the database for more data.) A job has failed to run. A user’s password is changed. CMS Send an object to a destination Destination Job Server BusinessObjects Enterprise Administrator’s Guide 207 .Managing Auditing Auditing overview 10 Actions Refresh document. Generate SQL. Web Intelligence • User manually refreshes a Web Intelligence documents document. BusinessObjects Enterprise Server Web Intelligence Report Server • • User enters “Edit document” mode for an existing Web Intelligence document. A job has been run successfully. Edit document. • Server renders the pages of a Web Intelligence document in response to a user request to display all or part of a document. Drill out of scope. (A user has successfully sent an object to a destination. • Users A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document.) A job failed but will try to run again. Apply format. A concurrent user logon succeeds. A user logon fails. Get page. or the user opens a Web Intelligence document that is set to “refresh on open”. • Server generates an SQL query in response to a user action that requires data to be retrieved from a database. List of values. (An object has failed to be sent to a destination. A named user logon succeeds.

Event Server (Event is created. (Event is removed from system. Tip: To audit every failure of a scheduled Crystal report. or a scheduled List of Values. CMS File-based events Note: You do not need to enable this option to audit every failure of a scheduled Web Intelligence document. a scheduled Crystal report has failed to run because communication with the instance was lost.10 Managing Auditing Auditing overview Actions File-based events BusinessObjects Enterprise Server An event is registered. For example. An event is triggered. and the scheduled time for running the report expired. enable auditing of “A job has failed to run” on the Job Server. Communication with a running instance is lost.) System Actions Actions Scheduled objects BusinessObjects Enterprise Server A job has been run successfully. and “Communication with a running instance is lost. (The name.” on the Central Management Server. description. or filename of an event is modified. and registered with system) An event is updated. For example. a scheduled program. a scheduled Crystal report has run successfully. A job failed but will try to run again. Event Server 208 BusinessObjects Enterprise Administrator’s Guide . Job Servers For example. a scheduled Crystal report has failed to run. A job has failed to run.) An event is unregistered.

specify whether you want to connect to the new database through SQL Server (ODBC). or you can install these databases on separate servers. 5. (See “Installing a new CMS and adding it to a cluster” on page 94 for more information on CMS clusters. (Click New to configure a new DSN. 3. 6. In the Select Database Driver dialog box. or through one of the native drivers.) To configure the auditing database on Windows Start the Central Configuration Manager (CCM). which only recognizes System DSNs. By default. When prompted. you can use different database software for the CMS system database and the auditing database. using the same connection method and the same connection name. you must configure your Central Management Server to connect to an auditing database. 4. The remaining steps depend upon the connection type you selected: • 1. and not a User DSN or File DSN. Note: • The CMS system database and the auditing database are independent.txt file included with your product distribution for a complete list of tested database software and version requirements. Note that connection names are case sensitive. contact your database administrator for more information.) Use a System DSN. You can use any database server supported for the CMS system database for your auditing database. See the Platforms. BusinessObjects Enterprise Administrator’s Guide 209 . then click OK. 2. If you choose. If you have a CMS cluster. provide your database credentials and click OK.Managing Auditing Configuring the auditing database 10 Configuring the auditing database Before you audit actions within BusinessObjects Enterprise. Select the ODBC data source that you want to use as the auditing database. the Windows “Select Data Source” dialog box appears. It is recommended that you develop a back up strategy for your auditing database. If necessary. • If you selected ODBC. server services are configured to run under the System account. Stop the CMS. Click Specify Auditing Data Source. every CMS in the cluster must be connected to the same auditing database. Click OK.

7. it will create the auditing database. and then go to the Configuration tab. Then you must enable auditing on the server from the Servers management area of the Central Management Console (CMC). Use ccm. see “UNIX Tools” on page 597. 2. and enable auditing. When the CMS starts. and then supply the requested information about your database server.sh to start the CMS. To configure the auditing database on UNIX For more information on UNIX scripts. Start the CMS. 1. The SvcMgr dialog box notifies you when the auditing database setup is complete. and your Password. Provide this information and then click OK. Select “Write server audit information to specified data source”. 8. 3. you will only collect audit information about actions that occur on that server. 4. enable auditing of concurrent user logons on each of your Central Management Servers.sh to stop the CMS. you are prompted for your database Server Name. Doing so ensures that you collect information on all user or system actions in your BusinessObjects Enterprise system. your Login ID.sh. it will create the auditing database.sh. Select the CMS. if you are interested in the total number of concurrent user logons. Stop the CMS. Choose the “Modify a server” option. select Properties. If you enable auditing on only one Central Management Server. be sure to enable identical audit actions on every server. Note: You can also configure the auditing database using the Properties option for the CMS. Run serverconfig. 7. For example. Enter the port number of the CMS when prompted (the default value is 6400). Click OK. Run cmsdbsetup. If you have multiple BusinessObjects Enterprise servers of a given type. 5. When the CMS starts.10 Managing Auditing Enabling auditing of user and system actions • If you selected a native driver. Choose the selectaudit option. and then click Specify. 210 BusinessObjects Enterprise Administrator’s Guide . Enabling auditing of user and system actions To audit an action in BusinessObjects Enterprise you must first determine which BusinessObjects Enterprise server controls the action. 6. Use ccm.

To enable audit actions Go to the organize Servers area of the CMC. You only need to enable auditing on the Job Server where the reports are processed. Select the Auditing is enabled check box. Note: You must configure the auditing database before you can collect data on audit actions. See “Configuring the auditing database” on page 209 for instructions. For example. 2. 7. Click the Auditing tab.) Click Update. 6. Click the server that controls the action that you wish to audit. (See “Optimizing system performance while auditing” on page 213 for information on adjusting the size of log files. 5. if you are interested in the success or failure of only one kind of scheduled report and you have configured your system so that these reports are processed on one particular Job Server. Tip: BusinessObjects Enterprise Administrator’s Guide 211 . (See the “Reference list of auditable actions” on page 205 to find the correct server.) 3.Managing Auditing Enabling auditing of user and system actions 10 In some special cases you may wish to enable auditing on only one server of a given type. 1. Select the audit actions that you wish to record. 4. it is not necessary to enable auditing on every Job Server in your system. Ensure that your audit log file is located on a hard drive that has sufficient space to store the log files.

However. Only one CMS in the cluster acts as the auditor.10 Managing Auditing Controlling synchronization of audit actions • To audit every failure of a scheduled Crystal report. another CMS takes over auditing. This CMS will apply its own command-line options. enable identical audit actions on every server that supports those actions. a scheduled program. The CMS periodically broadcasts its system time to the auditees in UTC (Coordinated Universal Time). if you want to track the total number of concurrent logons to your BusinessObjects Enterprise system. The auditees compare this time to their internal clocks. audit behavior may not be what you expect. This correction affects only the time stamp that the auditee records in its audit log file. Auditing is enabled independently on each server. Otherwise your audit record will be incomplete. If you want to audit all actions of a given type. configure the auditee and auditor machines to use an NTP (Network Time Protocol) client. and then turn off internal synchronization by setting -AuditeeTimeSyncInterval 0 Tip: If you have a CMS cluster. If these options are different than those of the original auditor. You can change the interval using the command-line option -AuditeeTimeSyncInterval minutes You can turn off this option by setting minutes to zero. The auditee does not adjust the system time of the machine on which it is running. if this CMS fails. the CMS broadcasts its system time every 60 minutes. you must enable logging of concurrent logons on every Central Management Server in your system. and “Communication with a running instance is lost. For example. and then make the appropriate correction to the time stamp (in UTC) they record for subsequent audit actions. By default. • Controlling synchronization of audit actions The CMS controls the synchronization of audit actions that occur on different machines. see “Central Management Server” on page 586 in “Server Command Lines” on page 583. 212 BusinessObjects Enterprise Administrator’s Guide . enable auditing of “A job has failed to run” on the Job Server.” on the Central Management Server. or a scheduled List of Values. For more information. This built-in method of time synchronization will be accurate enough for most applications. apply the same command-line options to each server. For more accurate and robust time synchronization.

) The CMS requests this fixed number of records from each audited server. increasing the audit interval reduces frequency with which the CMS writes events to the auditing database. and to decrease the number of audit records in each batch. every time interval. (The default value is 5. the server opens a new log file. The maximum number of records that an audited server will store in a single audit log file. where minutes is between 1 and 15. if you frequently need up-to-date information about audited actions. these options can create a backlog of records stored in audit log files. Increasing the maximum number of audit events stored in each audit log file reduces the number of file open and close operations performed by audited servers. (The default value is 200.Managing Auditing Optimizing system performance while auditing 10 Optimizing system performance while auditing Enabling auditing should have minimal effect on the performance of BusinessObjects Enterprise. For example. Choosing these options minimizes the impact that auditing has on the performance of BusinessObjects Enterprise. In this case. You can use these options to optimize audit performance to meet your needs. -AuditBatchSize number.) The CMS requests audit records from each audited server every audit interval. For example. and you can always report accurately on the latest audit actions. However. thereby increasing the length of time that it takes these records to get transferred to the central auditing database. BusinessObjects Enterprise Administrator’s Guide 213 . Note: Log files remain on the audited server until all records have been requested by the CMS. Changing each of these options has a different impact on system performance. for example). you can choose a short audit interval and a large audit batch size. Alternatively. However. However. Decreasing the audit batch size decreases the rate at which records are moved from the audit log files on the audited servers to the auditing database. depending upon activity levels in your system. choosing these options may have an impact on the performance of BusinessObjects Enterprise. all audit records are quickly transferred to the auditing database. In this case you can choose to increase the audit interval. -auditMaxEventsPerFile number (number has a default value of 500 and must be greater than 0). where number is between 50 and 500. you can optimize system performance by fine-tuning these command-line options: • • • -AuditInterval minutes. When this maximum value is exceeded. you may only need to review audit results periodically (weekly.

first publish them to BusinessObjects Enterprise. and then click New Folder. Publish the sample audit reports to the “admin reports” folder within BusinessObjects Enterprise. 2. 3. You can now use the sample reports to view auditing data collected about user and system actions on your installation of BusinessObjects Enterprise. 1. or you can use a database server name and database name of your choice. go to the Folders management area of the Central Management Console (CMC). Click Report Samples. the sample audit reports may contain little or no data the first time you view them. the DSN was AuditData). To use sample audit reports Create a folder called “admin reports” inside the Report Samples folder to hold the sample auditing reports. You can create an auditing database that uses these names. To use these sample reports. ensure that the sample reports are configured to use database connection information valid for your auditing database. but means that at times your audit reports may not contain records of the most recent audit actions. Note: To create this folder. or over a weekend). The sample audit reports were created using a ODBC connection to a database server named AuditData (that is. See “Configuring the auditing database” on page 209 for instructions. They are available on your product CD. For more information on changing command-line options. Finally.10 Managing Auditing Using sample audit reports This backlog is cleared at times of low system activity (such as overnight. Using sample audit reports BusinessObjects Enterprise ships with several sample audit reports created using Crystal Reports. do so now. Next configure an auditing database. If you have not already configured your auditing database. (The sample audit reports are in Samples > Reports > AdminReports on your product CD. and a database called AuditData. Note: If you have recently enabled auditing. 214 BusinessObjects Enterprise Administrator’s Guide . and then enable auditing of the user and server actions needed to provide data for the sample reports.) For more information about publishing. see “Server Command Lines” on page 583. see “Publishing Objects to BusinessObjects Enterprise” on page 373.

See “Enabling auditing of user and system actions” on page 210 for instructions. 5. Go to the Folders management area of the CMC. From the Crystal Enterprise Admin Launchpad. Note: The description of the sample reports indicates which audit actions to enable for each report. BusinessObjects Enterprise Administrator’s Guide 215 . 7. 6. Enable auditing of the actions that are included in the sample audit report. BusinessObjects Enterprise will now begin to collect data on audit actions.Managing Auditing Using sample audit reports 10 4. select the Central Management Console (CMC). then admin reports to display the list of sample audit reports. Click Report Samples. Go to the Servers management area of the CMC.

from the Process tab. 9. Configure the report to use your auditing database. Click the name of a report that you want to use. If the server name. database name. or database logon information for your auditing database are different than the values originally specified for the sample report.10 Managing Auditing Using sample audit reports 8. then. click “Use custom database logon information specified here. click the Database link.” 216 BusinessObjects Enterprise Administrator’s Guide .

15. Click Specify a custom table prefix. and then type DatabaseName.dbo. Click Update. Type the Server name (DSN) and Database name that you specified for your auditing database.See your Crystal Reports User’s Guide for full instructions on creating reports. where DatabaseName is the name of the database that you specified above. The sample audit report is now configured to use your auditing database as its data source. 13. you may wish to use Designer to create a universe against the auditing database. Type a User name and Password for a user with administrative rights to the auditing database. 12. click the Parameters link. You may now view the report in BusinessObjects Enterprise. Alternatively. Make sure you select the same database driver that you used when configuring the auditing database.Managing Auditing Creating custom audit reports 10 10. 16. 11. or to indicate that the user should be prompted for a parameter value when the report is run. With this information. so that you can create your own Web Intelligence documents. Consult the Designer’s Guide and the Web Intelligence guides for details. in the box. Click the value of any parameter to specify a default value for that parameter. 14. Creating custom audit reports This section contains information to help you understand the auditing database and the information it records about audit actions. BusinessObjects Enterprise Administrator’s Guide 217 . you can use Crystal Reports to create custom audit reports of user and system actions. From the Process tab. Click Update.

The time stamp is created by the server recording the action in its log file. Field Server_CUID Description Server process ID. as shown in the following entityrelationship diagram. Time for start of action in UTC (Coordinated Universal Time) to the nearest millisecond. A unique ID generated by the server to identify the audit event. Combined with the Event_ID to form the primary key for the Audit_Event table. and includes any correction necessary to synchronize with CMS time.10 Managing Auditing Creating custom audit reports Auditing database schema reference The Audit database contains six tables. Audit_Event table This table stores one record per action that is audited. in seconds. Combined with Server_CUID to form the primary key for the Audit_Event table. Duration. Name of user who performed the action. You may want to correct this time to your local time zone when creating audit reports. of the action that is audited. Event_ID User_Name Start_Timestamp Duration 218 BusinessObjects Enterprise Administrator’s Guide .

if there are two details associated with a particular audit action. the first will have a Detail_ID of 1. This number uniquely identifies an object. For example. Info Object ID of object associated with the action. Foreign key for the Detail_Type table. For example. if the Detail_Type_Description were “universe name”. Event_ID Detail_ID Detail_Type_ID Detail_Text BusinessObjects Enterprise Administrator’s Guide 219 . the reasons for that failure are recorded as audit details. Information about the audit detail being recorded. the detail text would contain the name of that universe. and the second will have a Detail_ID of 2. Foreign key for the Event_Type table. Object_CUID Error_Code Audit_Detail table The Audit_Detail table records more information about each audit action recorded in the Audit_Event table. Number that uniquely identifies the type of detail about the audit action that the entry represents. Combined with Server_CUID and the Detail_ID to form the primary key for the Audit_Detail table. That is. Field reserved for error codes generated by the Web Intelligence Report Server. Combined with the Event_ID and the Detail_ID to form the primary key for the Audit_Detail table. Field Server_CUID Description Server process ID. when a user logon fails. There may be more than one record in this table for each audit action recorded in the Audit_Event table. The Detail_ID field is used to number the individual details associated with each audit action. A unique ID generated by the server to identify the audit event.Managing Auditing Creating custom audit reports 10 Field Event_Type_ID Description Number that uniquely identifies the type of action the entry represents.

servertype. the host name. That is. Server_Version Version of BusinessObjects Enterprise on server that produced the action.10 Managing Auditing Creating custom audit reports Server_Process table The Server_Process table contains information about the servers running within your BusinessObjects Enterprise system which can generate audit events. Event_Type table reference The following tables list the Event_Type_ID and Event_Type_Description of all events that can be audited in your system. The default friendly name is hostname. The server’s friendly name is the name displayed in the CMC. Machine name of the server that produced the action. Application_Type_ID A unique ID that identifies the type of application Server_FullName Friendly name of the server that produced the action. This table provides information roughly equivalent to that provided by AuditIDs and AuditStrings in Crystal Enterprise 10. Primary key for the Server_Process table. Event_Type_Description Description of the type of audit event. Foreign key to the Application_Type table. Field Server_CUID Server_Name Description Server process ID. that generated the audit action. Field Event_Type_ID Description Number that uniquely identifies the type of audit event that the entry represents. For your convenience. Event_Type table The Event_Type table contains a static list of the kinds of events that can be audited in your BusinessObjects Enterprise system. 220 BusinessObjects Enterprise Administrator’s Guide . these events are ordered according to the server that generates each type of event.

The user logged on successfully. Note: This action must be audited by the CMS as Job Servers are not aware of losing communications with a job. User password has been changed. or description of the folder was changed. A report could not be viewed. New folder created. Named user logon succeeded. User logon failed. Cache Server audit events Event_Type_ ID Event_Type_Description 196609 196610 Crystal report viewed successfully. and the scheduled time for running the job expired. 65543 Folder deleted. even though creating a user creates a user folder. BusinessObjects Enterprise Administrator’s Guide 221 . using a concurrent user license. location. Note that this audit string will be recorded when a user account (and therefore the user’s folder) is deleted. User attempted to view a Crystal report. User logged off. A new folder is created. using a named user license.Managing Auditing Creating custom audit reports 10 CMS audit events Event_Type_ ID Event_Type_Description Description 65537 65538 65540 65541 65539 65542 Concurrent user logon succeeded. Job failed. Description User successfully viewed a Crystal report that has saved or live data. The name. A folder is deleted. but was not successful. Logon failed because there was no valid license key available. A scheduled report or scheduled program failed to run because communication with the running instance was lost. or an existing folder is copied. 65544 65545 Folder modified. The user logged on successfully. Reason: Unresponsive Job Server Child process. Note that this audit string will not be recorded when a new user account is created.

For example. File-based event was initiated. or by the system.10 Managing Auditing Creating custom audit reports Job Server audit events For scheduled objects. The scheduled job did not complete successfully. the audit messages can tell you if a scheduled report ran successfully. User deletes a file-based event. as requested by a user. 327682 327683 Job failed. Events are updated when a user modifies the name or description of the file-based event. Job will be retried by the CMS. For the Destination Job Server. see “Scheduling objects” on page 466. The scheduled job did not complete successfully. The object ran as scheduled (or requested) and the job completed successfully. For more information on scheduling jobs. Job failed. 262146 262147 Event unregistered Event updated 262148 Event triggered 222 BusinessObjects Enterprise Administrator’s Guide . the audit messages give you information about the status of scheduled actions. Event object was modified by a user. the audit messages give you information on whether an object was sent to a destination. Event Server audit events Event_Type_ ID Event_Type_Description Description 262145 Event registered User creates a file-based event that can be used to schedule objects. Event_Type Event_Type_Description Description _ ID 327681 Job successful. The job will be retried by the CMS at a later time.

The machine running the RAS ran out of space in its temporary directory. Note: 458755 Report was created and saved to the CMS • This Event_Type_ID is generated when a custom application created using the RAS SDK saves a new report (using the Save As method). An existing report was saved. The report used Business Views and the user did not have permissions to refresh the underlying data connections. Consult your RAS SDK documentation for details. this Event_Type_ID may be generated when the report opens but cannot be viewed. Note: This Event_Type_ID is generated when a custom application created using the RAS SDK saves a report (using the Save method).Managing Auditing Creating custom audit reports 10 Report Application Server audit events The Report Application Server (RAS) is used to view reports opened with the Advanced DHTML viewer. or fails. 458756 Report could not be opened. Event_Type_ ID Event_Type_Description 458753 Description Report was opened for User opened a report for viewing or viewing and/or modification modification. and to create reports using custom applications developed with the RAS SDK. This may occur when: • • • • 458754 Report was saved to the CMS. BusinessObjects Enterprise Administrator’s Guide 223 . you may see this message when the database driver for the report is not present on the client machine A processing extension associated with the report aborts viewing. Note: In a few cases. The report could not be opened by the RAS. Consult your RAS SDK documentation for details. For example. There are problems with the database setup for the report. A new report was created and saved.

User opens an existing Web Intelligence document. Web Intelligence Report Server audit events Event_Type_ ID Event_Type_Description Description 6 9 11 13 Get list of universes Save document to repository Read document Selection of universe User accesses a list of universes as part of a document creation workflow. Description An existing report could not be saved by RAS.10 Managing Auditing Creating custom audit reports Event_Type_ ID Event_Type_Description 458757 Report could not be saved to the CMS. 19 Document refresh 21 List of values 22 28 40 Edit document Apply format Get page 224 BusinessObjects Enterprise Administrator’s Guide . Note: This Event_Type_ID is generated when a custom application created using the RAS SDK cannot save a new report (using the Save As method). or user opens a Web Intelligence document that has the “refresh on open” document property assigned. Consult your RAS SDK documentation for details. User applies a formatting change to a document. 458758 Report could not be created in the CMS. User saves a Web Intelligence document to BusinessObjects Enterprise. in a query panel. User selects a universe as part of a document creation workflow. A newly created report could not be saved by RAS. User action results in a request to server to generate the necessary data and layout to display all or part of a Web Intelligence document. User has moved into Edit document mode. User manually refreshes a Web Intelligence document. A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document. This event occurs when a user opens the query panel.

and triggers a call to the database for more data. Application_Type table The Application_Type table contains a static list of the applications that can produce audit events. In BusinessObjects Enterprise XI. the applications that can be audited are servers. User drills past the scope of the data currently in memory. Application_Type_Description Application_Type table reference Application_Type_ID Application_Type_Description 1 8 11 12 13 14 15 16 18 19 Unknown Application Web Intelligence Report Server Central Management Server (CMS) Cache Server Report Job Server Report Application Server (RAS) Event Server Program Job Server Destination Job Server Web Intelligence Job Server BusinessObjects Enterprise Administrator’s Guide 225 . Field Name Application_Type_ID Description A unique ID that identifies the type of application that generated the audit action. The description of the application generating the audit event.Managing Auditing Creating custom audit reports 10 Event_Type_ ID Event_Type_Description Description 41 42 Generate SQL Drill out of scope Appears when a user refreshes a document.

The description of the type of audit detail generated by the audit event. The information in the Detail_Type table is equivalent to the information that was recorded in variable AuditStrings in Crystal Enterprise 10. 226 BusinessObjects Enterprise Administrator’s Guide . For example. a user logon can fail for a number of different reasons. Field Detail_Type_ID Detail_Type_Description Description Number that uniquely identifies the type of audit detail that the entry represents.10 Managing Auditing Creating custom audit reports Detail_Type table The Detail_Type table contains a static list of the standard details that can be recorded about audited events. These reasons are listed as entries in the Detail_Type table.

BusinessObjects Enterprise Security Concepts chapter .

this chapter does not provide explicit procedural details. see “Managing User Accounts and Groups” on page 249. see “Making initial security settings” on page 43. Because BusinessObjects Enterprise provides the framework for an increasing number of components from the Enterprise family of Business Objects products. This section describes the authentication and authorization processes in order to provide a general idea of how system security works within BusinessObjects Enterprise. resource access security. Related topics: • • • For key procedures that show how to modify the default accounts. And. thus enabling you to detect potential security concerns. For procedures that show how to set up authentication. and Windows AD authentication in order to protect against unauthorized access. LDAP. and other security settings. see “Controlling User Access” on page 315.11 BusinessObjects Enterprise Security Concepts Security overview Security overview The BusinessObjects Enterprise architecture addresses the many security concerns that affect today’s businesses and organizations. Each of the components and key terms is discussed in greater detail later in this chapter. and third-party Windows NT. and groups. for monitoring and auditing purposes. Authentication and authorization Authentication is the process of verifying the identity of a user who attempts to access the system. single sign-on. BusinessObjects Enterprise allows you to log various web statistics. BusinessObjects Enterprise supports dynamically loaded processing extensions. For procedures that show how to set object rights for your BusinessObjects Enterprise content. passwords. As such. The current release supports features such as distributed security. To allow for further customization of security. 228 BusinessObjects Enterprise Administrator’s Guide . instead. users. granular object rights. and authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. this chapter details the security features and related functionality to show how the framework itself enforces and maintains security. it focuses on conceptual information and provides links to key procedures.

the appropriate security plug-in to authenticate the user against the user database. this session consumes one user license on the system. The Central Management Server (CMS) uses the BusinessObjects Enterprise security plug-in to verify the user name and password against the system database. ultimately. or Windows AD authentication. the CMS grants the user an active identity on the system and the system performs several actions: • • • The CMS stores the user’s information in memory in a CMS session variable. if the user specifies Windows NT. While active. which routes the information to the Web Component Adapter (WCA). if the user specifies Enterprise Authentication. this script communicates with the SDK and. LDAP. This section uses InfoView as a model and describes its default behavior. the authentication and authorization processes may vary from system to system. this session stores information that allows BusinessObjects Enterprise to respond to the user’s requests. BusinessObjects Enterprise Administrator’s Guide 229 . For instance. Alternatively. The WCA stores the user’s information in memory in a WCA session variable. LDAP. the SDK uses the corresponding security plug-in to authenticate the user. For complete details. the SDK ensures that the BusinessObjects Enterprise security plug-in performs the authentication. see “Available authentication types” on page 252. The user’s web browser sends the information by HTTP to your web server. Windows AD.BusinessObjects Enterprise Security Concepts Authentication and authorization 11 Because BusinessObjects Enterprise is fully customizable. If the security plug-in reports a successful match of credentials (including a match to an appropriate group membership for Windows NT. you can customize the system’s behavior to meet your needs. The CMS generates and encodes a logon token and sends it to the WCA. Windows NT. depending upon which type(s) you have enabled and set up in the Authorization management area of the Central Management Console (CMC). The authentication type may be Enterprise. Primary authentication Primary authentication occurs when a user first attempts to access the system. While active. For procedures that show how to set up the different authentication types. see the developer documentation available on your product CD. Internally. or LDAP authentication). If you are developing your own BusinessObjects Enterprise end-user or administrative applications using the BusinessObjects Enterprise Software Development Kit (SDK). The WCA passes the user’s information to logon. or Windows AD Authentication.aspx and runs the script. The user provides a user name and password and specifies an authentication type.

For details. 230 BusinessObjects Enterprise Administrator’s Guide . the WCA ensures that the user has a valid logon token: • • If there is a valid logon token. Each of these steps contributes to the distributed security of BusinessObjects Enterprise. the WCA performs a series of security-related steps. Until the logon token expires. schedule. 1. For more information about logon tokens. Note: • The third-party Windows NT. The session variable does not contain the user’s password. This is the model used in InfoView. you should note that the WCA here instantiates the InfoStore object and stores it in the WCA session variable. LDAP. • Secondary authentication and authorization Secondary authentication is the process of double-checking the identity of each user who attempts to view. When a user attempts to access an object on the system. because each step consists of storing information that is used for secondary identification and authorization purposes. the primary authentication process is repeated. if you are developing your own client application and you prefer not to store session state on the WCA.11 BusinessObjects Enterprise Security Concepts Authentication and authorization Note: • • • If you are familiar with the SDK. users are not prompted for their credentials. BusinessObjects Enterprise retrieves users’ credentials and group information directly from the Windows NT or Windows AD system. see “Logon tokens” on page 243. see “Available authentication types” on page 252. the WCA proceeds to its next task. its encoded information serves as the user’s valid ticket for the system. If there is no valid logon token. and the web browser caches the token in a cookie. Hence. Authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. and Windows AD security plug-ins work only once you have mapped groups from the external user database to BusinessObjects Enterprise. In a single sign-on situation. you can design your application such that it avoids using WCA session variables. The WCA sends the logon token to the user’s web browser. or otherwise act upon an object that is managed by BusinessObjects Enterprise. the web browser sends the request by HTTP to the WCA. Before fulfilling the user’s request. However. First. run.

the WCA checks internally for an active WCA session that matches the user’s logon token: • • If the corresponding WCA session variable remains in memory. This secondary authentication and authorization process begins similarly to initial identification. the WCA queries the CMS database for a list of the reports that the user is authorized to see. 3. For instance. Second. In this case. the WCA sends the request and the user’s logon token to the appropriate server component. thereby providing the most efficient response to the user’s initial request. BusinessObjects Enterprise does not have to prompt the user for credentials. Note: If the user does not have the right to perform the requested action. see “Calculating a user’s effective rights” on page 328. the WCA displays an appropriate message. The WCA then dynamically lists the reports in an HTML page. the user is logged back on with the logon token. the WCA ensures that the appropriate server component actually processes the user’s request: • If the WCA can process the request itself. • If a different server component must process the request. however. Third. The SDK authenticates the user against the appropriate user database. here. see “Controlling User Access” on page 315. For details about how the CMS calculates a user’s effective rights to an object.BusinessObjects Enterprise Security Concepts Authentication and authorization 11 2. the WCA proceeds to its next task. For instance. if the user attempts to refresh a report’s data. because the encoded logon token contains the required information. the WCA passes the request along to the Page Server. The Page Server passes the logon token to the CMS to ensure that the user is authorized to refresh the report. If the WCA session variable has timed out. the authentication algorithm followed by the WCA maintains system security in the fewest number of steps. That server component then queries the CMS database for the rights associated with the object that the user requested. if the user requests a list of reports in a specific folder. For details about setting object rights. it queries the CMS database for the rights associated with the object that the user requested. and the CMS and the WCA recreate the required session variables. BusinessObjects Enterprise Administrator’s Guide 231 . and sends the page to the user’s browser.

When the Guest user account is enabled. Single sign-on to BusinessObjects Enterprise can be provided by BusinessObjects Enterprise. or LDAP with SiteMinder. but it specifically refers to the single sign-on functionality for the Guest user account. Single sign-on to BusinessObjects Enterprise was already supported in previous versions of Crystal Enterprise and continues to exist in BusinessObjects Enterprise XI. or by different authentication tools such as Windows NT. For information on configuring single sign-on to BusinessObjects Enterprise. At its most basic level. a logon token is created. it refers to a situation where a user can access two or more applications or systems while providing their log-on credentials only once. see “Disabling the Guest account” on page 44. The system uses this token to authenticate the users and grant them access to BusinessObjects Enterprise and its components. Within the context of BusinessObjects Enterprise. anyone can log on to BusinessObjects Enterprise as Guest and will have single sign-on access to BusinessObjects Enterprise.11 BusinessObjects Enterprise Security Concepts Authentication and authorization About single sign-on The term single sign-on is used to describe different scenarios. thus making it easier for users to interact with the system. see: • • • • “Managing Enterprise and general accounts” on page 253 “Setting up NT single sign-on” on page 292 “Configuring LDAP authentication” on page 263 “Setting up AD single sign-on” on page 282 232 BusinessObjects Enterprise Administrator’s Guide . The term “anonymous single sign-on” also refers to single sign-on to BusinessObjects Enterprise. When they log on to the operating system. which it is by default. we distinguish the following levels of single sign-on: • • • “Single sign-on to BusinessObjects Enterprise” on page 232 “Single sign-on to database” on page 233 “End-to-end single sign-on” on page 233 Single sign-on to BusinessObjects Enterprise Single sign-on to BusinessObjects Enterprise means that once users have logged on to the operating system they can access BusinessObjects Enterprise without having to provide their logon credentials again. For more information. Windows AD.

You may want to use single sign-on to the database rather than end-to-end single sign-on. to have access to BusinessObjects Enterprise and to be able to perform actions that require database access. This section discusses the key components as they relate to system security. See “End-to-end single sign-on” on page 233. Security management components System security within BusinessObjects Enterprise is distributed across most components. In BusinessObjects Enterprise XI end-to-end single sign-on is supported through Windows AD and Kerberos. For more information see “Configuring Kerberos single sign-on” on page 299. single sign-on to the database enables them to perform actions that require database access. Single sign-on to the database can be combined with single sign-on to BusinessObjects Enterprise. see “Configuring Kerberos single sign-on” on page 299. and single sign-on access to the databases at the back-end. It includes: • • • “Web Component Adapter” on page 234 “Central Management Server” on page 234 “Security plug-ins” on page 235 BusinessObjects Enterprise Administrator’s Guide 233 . These components work together to authenticate and to authorize users who access BusinessObjects Enterprise. and its other objects. such as SiteMinder and Kerberos. the CMS. the security plug-ins.BusinessObjects Enterprise Security Concepts Security management components 11 Single sign-on to database Once users are logged on to BusinessObjects Enterprise. users need to provide their logon credentials only once. and third-party authentication tools. Thus. End-to-end single sign-on End-to-end single sign-on refers to a configuration where users have both single sign-on access to BusinessObjects Enterprise at the front-end. if you don’t want the LocalSystem account for the IIS to be trusted for delegation. its folders. in particular “Configuring IIS for single sign-on to databases only” on page 309. but it is managed primarily by the WCA. without having to provide their logon credentials again. and “Configuring web applications for single sign-on to the databases” on page 313. in particular. In BusinessObjects Enterprise XI single sign-on to the database is supported through Windows AD using Kerberos. For more information. when they log on to the operating system. to provide users with even easier access to the resources they need. viewing reports and Web Intelligence documents. such as viewing reports.

the Central Management Server (CMS) performs a number of important tasks. And. the CMS then grants the user a logon token and an active session on the system. When you first set up your system. or Windows AD credentials. the CMS authorizes the request only when it has verified that the user’s account or group membership provides sufficient privileges. If the logon token is missing. see “Sessions and session tracking” on page 244. The CMS also responds to authorization requests made by the rest of the system. an LDAP directory server. the CMS allows you to create user accounts and groups within BusinessObjects Enterprise. The WCA ensures that each user has a valid logon token for the system. The majority of these tasks rely upon the database that the CMS uses to keep track of BusinessObjects Enterprise system data. the CMS allows you to reuse existing user accounts and groups that are stored in a third-party system (a Windows NT user database. the WCA initiates the primary authentication process. and object rights that define user and group privileges. As such. group memberships. This session variable contains information that BusinessObjects Enterprise uses when fulfilling user’s requests. or a Windows AD server). the WCA receives all HTTP requests that are sent to BusinessObjects Enterprise from users’ web browsers. When users log on. or if it has expired. Web Component Adapter The WCA is the gateway between the web server and the remaining BusinessObjects Enterprise components. such as user accounts. This data includes security information. For details. see “Primary authentication” on page 229. with its thirdparty security plug-ins. so users can log on to BusinessObjects Enterprise with their current Windows NT. For details. The CMS supports third-party authentication. the CMS coordinates the authentication process with its security plug-ins. The WCA is also responsible for maintaining the user’s session state in the WCA session variable. LDAP. Central Management Server In relation to system security. 234 BusinessObjects Enterprise Administrator’s Guide . several of the components discussed in this section are described in additional detail in “BusinessObjects Enterprise Architecture” on page 53.11 BusinessObjects Enterprise Security Concepts Security management components • “Processing extensions” on page 241 Note: Because these components are responsible for additional tasks. When a user requests a list of reports in a particular folder.

Security plug-ins facilitate account creation and management by allowing you to map user accounts and groups from third-party systems into BusinessObjects Enterprise. custom groups within BusinessObjects Enterprise. once you map a Windows NT. the security plug-in dynamically creates an alias for that new user when he or she first logs on to BusinessObjects Enterprise with valid NT credentials. see “Central Management Server (CMS)” on page 61. because the mapped users and groups are treated as if they were Enterprise accounts. For example. For more information about the CMS and the CMS database. Security plug-ins Security plug-ins expand and customize the ways in which BusinessObjects Enterprise authenticates users. you make all of your settings in the CMC. BusinessObjects Enterprise currently ships with the system default BusinessObjects Enterprise security plug-in and with the Windows NT. and some from an LDAP directory server. When users log on to BusinessObjects Enterprise. and Windows AD security plug-ins. Each security plug-in offers several key benefits. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. or you can create new Enterprise user accounts or groups that corresponds to each mapped entry in the external system. The security plug-ins dynamically maintain third-party user and group listings. or if your system uses the BusinessObjects Enterprise Java SDK. or Windows AD. LDAP. security plug-ins enable you to assign rights to users and groups in a consistent manner. see “Calculating a user’s effective rights” on page 328. Windows NT. Each security plug-in acts as an authentication provider that verifies user credentials against the appropriate user database. all users who belong to that group can log on to BusinessObjects Enterprise. LDAP.BusinessObjects Enterprise Security Concepts Security management components 11 For details about the CMS and how it calculates a user’s effective rights to an object. BusinessObjects Enterprise Administrator’s Guide 235 . When you make subsequent changes to the third-party group membership. and then you add a new NT user to the NT group. they choose from the available authentication types that you have enabled and set up in the Authorization management area of the CMC: Enterprise (the system default). if you map a Windows NT group to BusinessObjects Enterprise. you need not update or refresh the listing in BusinessObjects Enterprise. LDAP. So. or Windows AD group into BusinessObjects Enterprise. For instance. Moreover. when you need to assign rights or create new. You can map third-party user accounts or groups to existing BusinessObjects Enterprise user accounts or groups. you might map some user accounts or groups from Windows NT. Then.

Default accounts When you first install BusinessObjects Enterprise. 236 BusinessObjects Enterprise Administrator’s Guide . when users connect to BusinessObjects Enterprise without specifying a user name and password. Windows NT security plug-in The Windows NT security plug-in (secWindowsNT.dll) is installed and enabled by default when you install BusinessObjects Enterprise. In this case.dll) allows you to map user accounts and groups from your Windows NT user database to BusinessObjects Enterprise. the system logs them on automatically under the Guest account. see “Managing Enterprise and general accounts” on page 253. If you assign a secure password to the Guest account. For details on setting up Enterprise users and groups. see “Disabling the Guest account” on page 44. and have their membership in a mapped NT group verified before the CMS grants them an active BusinessObjects Enterprise session. This plug-in allows you to create and maintain user accounts and groups within BusinessObjects Enterprise. Neither account has a default password. Single sign-on The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account. see “Making initial security settings” on page 43. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows NT Authentication. and users are allowed or disallowed access to the system based solely on that information. or if you disable the Guest account entirely. user names and passwords are authenticated against the BusinessObjects Enterprise user list. Thus. For details. Users are authenticated against the Windows NT user database. it also enables the system to verify all logon requests that specify Enterprise Authentication. you disable this default behavior. this plug-in sets up two default Enterprise accounts: Administrator and Guest.11 BusinessObjects Enterprise Security Concepts Security management components BusinessObjects Enterprise supports the following security plug-ins: • • • • “BusinessObjects Enterprise security plug-in” on page 236 “Windows NT security plug-in” on page 236 “LDAP security plug-in” on page 238 “Windows AD security plug-in” on page 240 BusinessObjects Enterprise security plug-in The BusinessObjects Enterprise security plug-in (secEnterprise. For details on setting these passwords.

except for the Import Wizard. and your NT user account is added to the group. see “Windows AD security plug-in” on page 240. and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped NT group: • To obtain NT single sign-on functionality from a thick-client application (such as the Publishing Wizard). Default account If you install BusinessObjects Enterprise on Windows as an Administrator of the local machine. You can also create your own applications that support NT authentication.BusinessObjects Enterprise Security Concepts Security management components 11 This plug-in is compatible with NT 4 and Windows 2000 Active Directory user databases (when Windows 2000 Active Directory is configured in non-native mode only). thereby allowing authenticated NT users to log on to BusinessObjects Enterprise without explicitly entering their credentials. The Business Objects NT Users group is then mapped to BusinessObjects Enterprise. the Windows NT security plug-in queries the operating system for the current user’s credentials when the client is launched. For information on the Windows AD security plug-in. the security plug-in obtains the security context for the user from the authentication provider. then this plug-in is enabled by default. In this scenario. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. or if your system uses the BusinessObjects Enterprise Java SDK. For more information. The result is that you can log on to BusinessObjects Enterprise with your usual NT user credentials. see “Managing NT accounts” on page 284. BusinessObjects Enterprise Administrator’s Guide 237 . A new NT group (called Business Objects NT Users) is created on the local machine. For information on mapping Windows NT users and groups to BusinessObjects Enterprise. In both scenarios. Single sign-on The Windows NT security plug-in supports single sign-on. all of the BusinessObjects Enterprise client tools support NT authentication. see the developer documentation available on your product CD. Once you have mapped your NT users and groups. the user must be running a Windows operating system. you must use the Windows AD security plug-in. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. If a Windows 2000 Active Directory user database is configured in native mode and contains universal groups that span several domains. or over the Web. and the application must use the BusinessObjects Enterprise SDK.

the user must be running Internet Explorer on a Windows operating system. and have their membership in a mapped LDAP group verified before the CMS grants them an active BusinessObjects Enterprise session. you can do the following: • • • Implement LDAP authentication when BusinessObjects Enterprise is running on Windows or on UNIX. For details on configuring IIS for single sign-on. For information on mapping your LDAP users and groups to BusinessObjects Enterprise. LDAP authentication for BusinessObjects Enterprise is similar to NT and AD authentication in that you can map groups and set up authentication. 238 BusinessObjects Enterprise Administrator’s Guide . Internet Explorer and IIS engage in Windows NT Challenge/Response authentication before IIS forwards the user’s credentials to BusinessObjects Enterprise. In this scenario. and the web server must be running Internet Information Server (IIS). For information on NT single sign-on. you can create new Enterprise accounts for existing LDAP users. User lists and group memberships are dynamically maintained by BusinessObjects Enterprise. as opposed to Windows NT authentication. Users are authenticated against the LDAP directory server. In addition.” which uses Enterprise authentication. see “Setting up NT single sign-on” on page 292. and can assign LDAP aliases to existing users if the user names match the Enterprise user names. Map users and groups from the LDAP directory service. Note: IIS performs the Challenge/Response authentication for every web page viewed. see “Setting up NT single sign-on” on page 292. it also enables the system to verify all logon requests that specify LDAP Authentication. Note: InfoView provides its own form of “anonymous single sign-on. the system must use Microsoft components only. This can result in severe performance degradation.dll) allows you to map user accounts and groups from your LDAP directory server to BusinessObjects Enterprise. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. and alias creation. Specifically. see “Managing LDAP accounts” on page 262.11 BusinessObjects Enterprise Security Concepts Security management components • To obtain single sign-on functionality over the Web. LDAP security plug-in The LDAP security plug-in (secLDAP. authorization. Specify multiple host names and their ports. Also as with NT or AD authentication. You can specify that BusinessObjects Enterprise use a Secure Sockets Layer (SSL) connection to communicate to the LDAP directory server for additional security.

Note: The LDAP security plug-in provided with BusinessObjects Enterprise can be configured to communicate with your LDAP server via SSL. NT. you can use LDAP authentication (along with Enterprise. As long as you have an LDAP server (or servers) running. LDAP is based on the X. any client with the proper authorization can access its directories. and the organization name (O). Each entry is identified by its corresponding distinguished name (DN) or common name (CN). both the LDAP server and BusinessObjects Enterprise have security certificates. Other common attributes include the organizational unit name (OU). the LDAP security plug-in provided with BusinessObjects Enterprise can communicate with your LDAP server using an SSL connection established using either server authentication or mutual authentication. With server authentication. and Windows AD authentication). except for the Import Wizard. a member group may be located in a directory tree as follows: cn=BusinessObjects Enterprise Users. Before deploying LDAP authentication in conjunction with BusinessObjects BusinessObjects Enterprise Administrator’s Guide 239 . With mutual authentication. a common. LDAP offers you the ability to set up users to log on to BusinessObjects Enterprise through LDAP authentication. which uses a directory access protocol (DAP) to communicate between a directory client and a directory server. o=Research. applicationindependent directory. Refer to your LDAP documentation for more information.500 standard. It also enables users to be authorized when attempting to access objects in BusinessObjects Enterprise. Based on an open standard. all of the BusinessObjects Enterprise client tools support LDAP authentication. LDAP provides a means for accessing and updating information in a directory. More about LDAP Lightweight Directory Access Protocol (LDAP). You can also create your own applications that support LDAP authentication. ou=Enterprise Users A.BusinessObjects Enterprise Security Concepts Security management components 11 Once you have mapped your LDAP users and groups. while the LDAP server allows connections from anonymous clients.500 operations and features. For example. and the LDAP server must also verify the client certificate before a connection can be established. LDAP is an alternative to DAP because it uses fewer resources and simplifies and omits some X. and use LDAP in your existing networked computer systems. The directory structure within LDAP has entries arranged in a specific schema. Because LDAP is application-independent. the LDAP server has a security certificate which BusinessObjects Enterprise uses to verify that it trusts the server. If desired. but always performs basic authentication when verifying users’ credentials. enables users to share information among various applications.

faqs. For information on mapping Windows AD users and groups to BusinessObjects Enterprise. and have their membership in a mapped AD group verified before the Central Management Server grants them an active BusinessObjects Enterprise session. the security plug-in obtains 240 BusinessObjects Enterprise Administrator’s Guide . AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. For information on mapping Windows AD users and groups to BusinessObjects Enterprise. See your Windows 2000 documentation for more information. Single sign-on The Windows AD security plug-in supports single sign-on. Users are authenticated against the Windows AD user database. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. In both scenarios. Note that in order to use the Windows AD security plug-in. ensure that you are familiar with the differences between these LDAP types. if the administrator changes his or her password or if the account becomes disabled). the CMS needs to run under a user account that has the “Act as Part of the Operating System” right. Note: • • • AD authentication only works for servers running on Windows systems. except for the Import Wizard. see the developer documentation available on your product CD.org/rfcs/rfc2251. see “Managing AD accounts” on page 275. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows AD Authentication. which is currently available at http:// www. see “Managing AD accounts” on page 275. thereby allowing authenticated AD users to log on to BusinessObjects Enterprise without explicitly entering their credentials. You can also create your own applications that support AD authentication. all of the BusinessObjects Enterprise client tools support AD authentication. For details.11 BusinessObjects Enterprise Security Concepts Security management components Enterprise. Once you have mapped your AD users and groups. or over the Web.html Windows AD security plug-in Windows AD security plug-in enables you to map user accounts and groups from your Windows 2000 Active Directory (AD) user database to BusinessObjects Enterprise. This plug-in is compatible with Windows 2000 Active Directory domains running in either native mode or mixed mode. see RFC2251. AD authentication and aggregation is not functional without a network connection. For more information.

Design your own web applications accordingly (or modify InfoView) if you want to use AD single sign-on. or Report Application Server). and the application must use the BusinessObjects Enterprise SDK. dynamically loaded libraries are referred to as dynamic-link libraries (. Processing extensions BusinessObjects Enterprise offers you the ability to further secure your reporting environment through the use of customized processing extensions. For information on AD single sign-on. the Windows AD security plug-in queries the operating system for the current user’s credentials when the client is launched. and the web server must be running Internet Information Server (IIS). Page Server. On UNIX systems.dll file extension). Through its support for processing extensions. • To obtain single sign-on functionality over the Web. the user must be running Internet Explorer on a Windows operating system. the BusinessObjects Enterprise administration SDK essentially exposes a “handle” that allows developers to intercept the request. The developer’s code first determines the user who owns the processing job. Note: BusinessObjects Enterprise provides its own form of “anonymous single sign-on. the user must be running a Windows operating system. This type of security restricts data access by row within one or more database tables. dynamically loaded libraries are often referred to as shared libraries (. BusinessObjects Enterprise Administrator’s Guide 241 . Specifically. Note: On Windows systems.” which uses Enterprise authentication. A typical example is a report-processing extension that enforces row-level security.BusinessObjects Enterprise Security Concepts Security management components 11 the security context for the user from the authentication provider.so file extension). see “Setting up AD single sign-on” on page 282. You must include the file extension when you name your processing extensions. and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped AD group: • To obtain AD single sign-on functionality from a thick-client application (such as the Publishing Wizard). A processing extension is a dynamically loaded library of code that applies business logic to particular BusinessObjects Enterprise view or schedule requests before they are processed by the system. Developers can then append selection formulas to the request before the report is processed. the system must use Microsoft components only. In this scenario. as opposed to Windows AD authentication. The developer writes a dynamically loaded library that intercepts view or schedule requests for a report (before the requests are processed by the Job Server.

The code then generates and appends a record selection formula to the report in order to limit the data returned from the database. 242 BusinessObjects Enterprise Administrator’s Guide . the trust relationship allows users to access resources in multiple domains without repeatedly having to provide their credentials. the active trust relationship provides the basis for BusinessObjects Enterprise’s distributed security. The CMC provides methods for registering your processing extensions with BusinessObjects Enterprise and for applying processing extensions to particular object. Note: In the current release. Tip: In BusinessObjects Enterprise XI. As such. the active trust relationship works similarly to provide each user with seamless access to resources across the system.11 BusinessObjects Enterprise Security Concepts Active trust relationship then it looks up the user’s data-access privileges in a third-party system. Active trust relationship In a networked environment. all other BusinessObjects Enterprise components can process the user’s requests and actions without prompting for credentials. see “Applying processing extensions to reports” on page 443. the processing extension serves as a way to incorporate customized row-level security into the BusinessObjects Enterprise environment. Included in the SDK is a fully documented API that developers can use to write processing extensions. For more information. you can also set and enforce rowlevel security through the use of Business Views. you configure the appropriate BusinessObjects Enterprise server components to dynamically load your processing extensions at runtime. By enabling processing extensions. For more information. While maintaining security. Once the user has been authenticated and granted an active session. the active trust relationship allows users to access their BusinessObjects Enterprise resources without ever having to explicitly provide credentials to BusinessObjects Enterprise. see the developer documentation available on your product CD. processing extensions can be applied only to Crystal report (. Tip: When combined with single sign-on functionality.rpt) objects. Within the BusinessObjects Enterprise environment. In this case. a trust relationship between two domains is generally a connection that allows one domain accurately to recognize users who have been authenticated by the other domain. For details. see the Business Views Administrator's Guide.

Ticket mechanism for distributed security Enterprise systems dedicated to serving a large number of users typically require some form of distributed security. This logon token is most commonly used over the Web. stateless environments. An enterprise system may require distributed security. In BusinessObjects Enterprise. BusinessObjects Enterprise addresses distributed security by implementing a ticket mechanism (one that is similar to the Kerberos ticket mechanism). The CMS grants tickets that authorize components to perform actions on behalf of a particular user. These attributes allow restrictions to be placed upon the logon token to reduce the chance of the logon token being used by malicious users. Both attributes hinder malicious users from gaining unauthorized access to BusinessObjects Enterprise with logon tokens retrieved from legitimate users. The logon token’s usage attributes are specified when the logon token is generated. Logon tokens A logon token is an encoded string that defines its own usage attributes and contains a user’s session information.BusinessObjects Enterprise Security Concepts Active trust relationship 11 When single sign-on functionality is combined third party ticket mechanisms. for instance. other BusinessObjects Enterprise components can read the logon token from the user’s web browser. BusinessObjects Enterprise Administrator’s Guide 243 . When a user is first authenticated by BusinessObjects Enterprise. The user’s web browser caches this logon token. the ticket is referred to as the logon token. he or she receives a logon token from the CMS. The current logon token usage attributes are: • • Number of minutes This attribute restricts the lifetime of the logon token. This use of the logon token provides the distributed security that is required for load balancing to be implemented in conjunction with effective fault-protection. or transfer of trust (the ability to allow another component to act on behalf of the user). the active trust relationship allows users to access BusinessObjects Enterprise and other network resources without ever having to explicitly provide credentials to the system. Number of logons This attribute restricts the number of times that the logon token can be used to log on to BusinessObjects Enterprise. to support features such as load balancing. When the user makes a new request. such as Kerberos or SiteMinder.

InfoView and the CMC are designed such that the request is redirected to the remaining WCA. If the WCA that is storing the user’s active session is taken offline. your web browser retains the state of each session in memory only for as long as any single Web page is displayed. The client application logs the user on with the valid logon token. the logon token enables the system’s load-balancing and fault-tolerance mechanisms to maintain a secure environment without affecting the user’s experience. the state of the first session is discarded and replaced with the state of the next session. As soon as you move from one web page to another. thus. security is maintained while providing optimal performance: the user’s identity is verified. in addition. 244 BusinessObjects Enterprise Administrator’s Guide . when the original WCA is brought back online. its configuration. A session’s state is a set of data that describes the session’s attributes. the user’s active identity is not immediately accessible by the other WCA. a session is a client-server connection that enables the exchange of information between the two computers. the nature of HTTP limits the duration of each session to a single page of information. The remaining WCA can then authorize and carry out the user’s request. Consequently. the logon token again serves a critical purpose. or its content. If one WCA ceases to respond to a user’s requests. but the system does not have to repeatedly prompt the user for his or her credentials. The BusinessObjects Enterprise logon token is an example of this method. By doing so. consequently. In this way. Web sites and Web applications must somehow store the state of one session if they need to reuse its information in another. BusinessObjects Enterprise uses two common methods to store session state: • Cookies—A cookie is a small text file that stores session state on the client side: the user’s web browser caches the cookie for later use. When you establish a client-server connection over the Web. the system automatically resumes its load balancing responsibilities by routing each subsequent request to the least used WCA. the user’s logon token is used to route all of the user’s requests to the WCA that is storing the user’s session. and the remaining WCA can authenticate the user and create a new. Sessions and session tracking In general. active session without prompting the user for his or her credentials. the user is prevented from unnecessarily consuming resources on both Web Component Adapters. For this reason.11 BusinessObjects Enterprise Security Concepts Sessions and session tracking The user’s active identity is stored as a session variable on the WCA that processed the request. In this scenario.

CMS session tracking The CMS implements a simple tracking algorithm. The server-side script pages (Crystal Server Pages) programmatically save variables to the WCA session.aspx pages to timeout earlier if the default of 20 minutes is not desired. By default. because the interaction between a web browser and a web server can be stateless. information such as the user’s authentication type is stored in a session variable. If the WCA session fails to communicate with the CMS for a ten-minute time period. the system should preserve the session variable while the user is active on the system. BusinessObjects Enterprise Administrator’s Guide 245 . he or she is granted a CMS session. Note: • • If you are familiar with the SDK. you should note that a CMS session is an instance of an EnterpriseSession object. BusinessObjects Enterprise implements session tracking. Ideally. it can be difficult to know when users leave the system. to ensure security and to minimize resource usage. The WCA session is designed to notify the CMS on a recurring basis that it is still active. Note: If you are familiar with the SDK. When BusinessObjects Enterprise grants a user an active identity on the system. the CMS destroys the CMS session. which the CMS preserves until the user logs off. WCA session tracking The WCA implements session tracking similarly to most web servers. you should note that a WCA session is an instance of an InfoStore object. the WCA retains the session until the user explicitly logs off. or until 20 minutes after the user’s last request (whichever occurs first). The WCA session timeout can be programmatically configured in the server-side . When a user logs on. However. so the CMS session is retained so long as the WCA session exists. or until the WCA session variable is released. To address this issue. the system neither has to prompt the user for the information a second time nor has to repeat any task that is necessary for the completion of the next request. the system should destroy the session variable as soon as the user has finished working on the system. if they do not log off explicitly. This handles scenarios where client-side components shut down irregularly. And. So long as the session is maintained.BusinessObjects Enterprise Security Concepts Sessions and session tracking 11 • Session variables—A session variable is a portion of memory that stores session state on the server side.

Windows NT Challenge/Response authentication. These tasks are typically handled by web servers through various security mechanisms. refer to your web server documentation. and it supports a multitude of configurations. BusinessObjects Enterprise supports firewalls that use IP filtering or static network address translation (NAT). or application servers. For details on securing client connections. or SOCKS proxy servers. 246 BusinessObjects Enterprise Administrator’s Guide . see “Working with Firewalls” on page 181. For complete details on BusinessObjects Enterprise and firewall interaction. Web server to BusinessObjects Enterprise Firewalls are commonly used to secure the area of communication between the web server and the rest of the corporate intranet (including BusinessObjects Enterprise).11 BusinessObjects Enterprise Security Concepts Environment protection Environment protection Environment protection refers to the security of the overall environment in which client and server components communicate. Although the Internet and web-based systems are increasingly popular due to their flexibility and range of functionality. some degree of security is usually required. Relevant security measures usually involve two general tasks: • • Ensuring that the communication of data is secure. web servers. Supported environments can involve multiple firewalls. including the Secure Sockets Layer (SSL) protocol. When you deploy BusinessObjects Enterprise. You must secure communication between the web browser and the web server independently of BusinessObjects Enterprise. they operate in an environment that can be difficult to secure. Ensuring that only valid users retrieve information from the web server. and other such mechanisms. environment protection is divided into two areas of communication: • • Web browser to web server Web server to BusinessObjects Enterprise Web browser to web server When sensitive data is transmitted between the web browser and the web server.

numbers. BusinessObjects Enterprise implements several techniques to reduce the probability of a malicious user achieving access to the system. so you can easily report off the data or import it into other applications. LDAP.BusinessObjects Enterprise Security Concepts Auditing web activity 11 Auditing web activity BusinessObjects Enterprise provides insight into your system by recording web activity and allowing you to inspect and to monitor the details. The various restrictions listed below apply only to Enterprise accounts—that is. You can enable the following options: • Enforce mixed-case passwords This option ensures that passwords contain at least two of the following character classes: upper case letters. because the process of simply guessing a valid user name and password remains a viable way to attempt to “crack” the system. lower case letters. Generally. The auditing data is logged to disk and stored in comma-delimited text files. Password restrictions Password restrictions ensure that Enterprise users create passwords that are relatively complex. The WCA allows you to select the web attributes—such as time. the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT. IP address. there is often at least one location that is vulnerable to attack: the location where users connect to the system. port number. or punctuation. It is nearly impossible to protect this location completely. BusinessObjects Enterprise Administrator’s Guide 247 . and so on—that you want to record. or Windows AD). date. Protection against malicious logon attempts No matter how secure a system is. • Must contain at least N characters By enforcing a minimum complexity for passwords. you decrease a malicious user’s chances of simply guessing a valid user’s password. your external system will enable you to place similar restrictions on the external accounts. however.

Additionally. To prevent dictionary attacks. or if you disable the Guest account entirely. any malicious user attempting a dictionary attack will have to recommence every time passwords change. With the speed of modern hardware. BusinessObjects Enterprise provides several customizable options that you can use to reduce the risk of a dictionary attack: • • • Disable accounts after N failed attempts to log on Reset failed logon count after N minute(s) Re-enable account after N minute(s) User restrictions User restrictions ensure that Enterprise users create new passwords on a regular basis. BusinessObjects Enterprise has an internal mechanism that enforces a time delay (0. 248 BusinessObjects Enterprise Administrator’s Guide . And. If you assign a secure password to the Guest account. they are valid only for a limited time. see “Disabling the Guest account” on page 44. In addition. malicious programs can guess millions of passwords per minute. even if a malicious user does guess or otherwise obtain another user’s credentials. You can enable the following options: • • • Must change password every N day(s) Cannot reuse the N most recent password(s) Must wait N minute(s) to change password These options are useful in a number of ways.5–1. Thus. because password changes are based on each user’s first logon time. the system logs them on automatically under the Guest account. when users connect to BusinessObjects Enterprise without specifying a user name and password. Firstly. Guest account restrictions The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account.11 BusinessObjects Enterprise Security Concepts Protection against malicious logon attempts Logon restrictions Logon restrictions serve primarily to prevent dictionary attacks (a method whereby a malicious user obtains a valid user name and attempts to learn the corresponding password by trying every word in a dictionary). you disable this default behavior. For details.0 second) between logon attempts. the malicious user cannot easily determine when any particular password will change.

Managing User Accounts and Groups chapter .

12

Managing User Accounts and Groups What is account management?

What is account management?
Account management can be thought of as all of the tasks related to creating, mapping, changing, and organizing user and group information. The Users and Groups management areas of the Central Management Console (CMC) provide you with a central place to perform all of these tasks. In the Users area, you can specify everything required for a user to access BusinessObjects Enterprise. To create user accounts, specify the following:

• • • • • • •

Account name (required) Full name Email Description Password settings Connection type Group membership

In the Groups area, you can create groups that give a number of people access to the report or folder. This enables you to make changes in one place instead of modifying each user account individually. To create groups, specify the following:

• • • • •

Group name (required) Description Users who belong to the group Subgroups that belong to the group Group membership

After the user accounts and groups have been created, you can add report objects and specify rights to them. When the users log on, they can view the reports using InfoView or their custom web application. For more information on objects and rights, see “Controlling users’ access to objects” on page 317.

Default users and groups
This section lists and describes the different types of default users and groups that are found within BusinessObjects Enterprise.

Default users
For procedures on managing users, see “Managing Enterprise and general accounts” on page 253.

250

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Default users and groups

12

Administrator
The Administrator user belongs to the Administrators and Everyone groups. This user can perform all tasks in all BusinessObjects Enterprise applications (for example, the Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator is not assigned a password. For security reasons, it is highly recommended that you create a password for the Administrator user as soon as possible. See “Setting the Administrator password” on page 44. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

Guest
The Guest user is a member of the Everyone group. This user can view reports that are found within the Report Samples folder. Generally, the Guest user accesses reports through InfoView. This account is enabled by default. To disable this default setting, see “Disabling the Guest account” on page 261. By default, the Guest user is not assigned a password. If you assign it a password, the single sign-on to InfoView will be broken. Note: If users in multiple time zones use the Guest account, see “Supporting users in multiple time zones” on page 527.

Default groups
In addition to organizing users and simplifying administration, groups enable you to determine the functionality a user has access to. In BusinessObjects Enterprise, the following default groups are created. For procedures on managing groups, see “Managing Enterprise and general accounts” on page 253.

Administrators
Users who belong to the Administrators group are able to perform all tasks in all of the BusinessObjects Enterprise applications (Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator group contains only the Administrator user. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

BusinessObjects Enterprise Administrator’s Guide

251

12

Managing User Accounts and Groups Available authentication types

BusinessObjects NT Users
When you install BusinessObjects Enterprise on Windows, BusinessObjects Enterprise creates a BusinessObjects NT Users group. This group is also added to Windows on the local machine and the user who installed BusinessObjects Enterprise is automatically added to this group. When NT authentication is enabled, BusinessObjects NT Users can use their NT accounts to log on to BusinessObjects Enterprise. By default, members of this group are able to view folders and reports.

Everyone
Each user is a member of the Everyone group. By default, the Everyone group allows access to all the reports that are found in the Report Samples folder.

Universe Designer Users
Users who belong to this group are granted access to the Universe Designer folder and the Connections folder. They can control who has access rights to the Designer application. You must add users to this group as needed. By default, no user belongs to this group.

Available authentication types
Before setting up user accounts and groups within BusinessObjects Enterprise, decide which type of authentication you want to use:

Enterprise authentication Use the system default Enterprise Authentication if you prefer to create distinct accounts and groups for use with BusinessObjects Enterprise, or if you have not already set up a hierarchy of users and groups in a Windows NT user database, an LDAP directory server, or a Windows AD server. See “Managing Enterprise and general accounts” on page 253.

Windows NT authentication If you are working in a Windows NT environment, you can use existing NT user accounts and groups in BusinessObjects Enterprise. When you map NT accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their NT user name and password. This can reduce the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing NT accounts” on page 284.

252

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

LDAP authentication If you set up an LDAP directory server, you can use existing LDAP user accounts and groups in BusinessObjects Enterprise. When you map LDAP accounts to BusinessObjects Enterprise, users are able to access BusinessObjects Enterprise applications with their LDAP user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing LDAP accounts” on page 262.

Windows AD authentication If you are working in a Windows 2000 environment, you can use existing AD user accounts and groups in BusinessObjects Enterprise. When you map AD accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their AD user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing AD accounts” on page 275.

Note: You can use Enterprise Authentication in conjunction with either NT, LDAP, or AD authentication, or with all of the three authentication plug-ins.

Managing Enterprise and general accounts
Since Enterprise authentication is the default authentication method for BusinessObjects Enterprise, it is automatically enabled when you first install the system. When you add and manage users and groups, BusinessObjects Enterprise maintains the user and group information within its database. This section focuses on the following account management tasks:

• • • • • • • • • •

“Creating an Enterprise user account” on page 254 “Modifying a user account” on page 256 “Deleting a user account” on page 256 “Changing password settings” on page 257 “Creating a group” on page 258 “Modifying a group” on page 260 “Viewing group members” on page 261 “Deleting a group” on page 261 “Disabling the Guest account” on page 261 “Granting access to users and groups” on page 262

BusinessObjects Enterprise Administrator’s Guide

253

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Note: In many cases, these procedures also apply to NT, LDAP, and AD account management. For specific information on NT authentication, see “Managing NT accounts” on page 284. For specific information on LDAP authentication, see “Managing LDAP accounts” on page 262. For specific information on AD authentication, see “Managing AD accounts” on page 275.

Creating an Enterprise user account
When you create a new user, you specify the user’s properties and select the group or groups for the user. For information on setting rights for the user, see “Granting access to users and groups” on page 262. 1. 2. 3. 4. To create a user account Go to the Users management area of the CMC. Click New User. Select the Enterprise authentication type. Type the account name, full name, email, and description information. Use the description area to include extra information about the user or account. 5. Specify the password information and settings. Options include:

• • •

Password Enter the password and confirm. This is the initial password that you assign to the user. The maximum password length is 64 characters. Password never expires Select the check box. User must change password at next logon This check box is selected by default. If you do not want to force users to change the password the first time they log on, clear the check box.


6.

User cannot change password Select the check box.

Select the connection type.

Concurrent User Choose Concurrent user if this user belongs to a license agreement that states the number of users allowed to be connected at one time.

254

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Named User Choose Named user if this user belongs to a license agreement that associates a specific user with a license. Named user licenses are useful for people who require access to BusinessObjects Enterprise regardless of the number of other people who are currently connected.

7.

Click OK. The user is added to the system and is automatically added to the Everyone group. You can now add the user to a group or specify rights for the user. See “Adding a user to groups” on page 255, Chapter 13: Controlling User Access. An inbox is also automatically created for the user. The user is also automatically assigned an Enterprise alias, for example, secEnterprise:bsmith. For more information, see “Managing aliases” on page 294.

Adding a user to groups
Use the following procedure to add a user to one or more groups directly from the user page. Note: You can also add users to a group from the group page. See “Adding users to a group” on page 259. 1. 2. 3. To add a user to a group Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Click the Member of tab to specify the group or groups the user should belong to. Note: All BusinessObjects Enterprise users of the system are part of the Everyone group. 4. 5. Click the Member of button to view the available groups. In the Available groups area, select the group(s) that the new user should be a member of. Use SHIFT+click or CTRL+click to select multiple groups. 6. 7. Click the > arrow to add the group(s); click the < arrow to remove the group(s). Click OK. The “Member of” tab appears and lists the groups in which the user is a member.

BusinessObjects Enterprise Administrator’s Guide

255

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Modifying a user account
Use this procedure to modify a user’s properties or group membership. Note: The user will be affected if he or she is logged on when you are making the change. 1. 2. 3. To modify a user account Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Make the required changes, as necessary, in the available fields. In addition to all of the options that were available when you initially created the account, you now can disable the account by selecting the “Account is disabled” check box. You can also assign aliases. For more information, see “Managing aliases” on page 294. 4. Click Update.

Deleting a user account
Use this procedure to delete a user’s account. The user might receive an error if they are logged on when their account is deleted. When you delete a user account, the Favorites folder, personal categories, and inbox for that user are deleted as well. If you think the user might require access to the account again in the future, select the “Account is disabled” check box in the Properties page of the selected user, instead of deleting the account. See “Modifying a user account” on page 256. Note: Deleting a user account won’t necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. If the user account also exists in a third-party system, and if the account belongs to a third-party group that is mapped to BusinessObjects Enterprise, the user may still be able to log on. For details, see “Deleting an alias” on page 297 and “Disabling an aliases” on page 298.

256

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

1. 2. 3. 4.

To delete a user account Go to the Users management area of the CMC. Select the check box associated with the user you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK. The user account is deleted.

Changing password settings
Within the Central Management Console, you can change the password settings for a specific user or for all users in the system. For information, see “Protection against malicious logon attempts” on page 247. The various restrictions listed below apply only to Enterprise accounts—that is, the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT, LDAP, or Windows AD). Generally, however, your external system will enable you to place similar restrictions on the external accounts. 1. 2. 3. To change user password settings Go to the Users management area of the CMC. Click the user whose password settings you want to change. The Properties tab appears. Select or clear the check box associated with the password setting you wish to change. The available options are:

• • •
4. 1. 2. 3.

Password never expires User must change password at next logon User cannot change password

Click Update. To change password settings Go to the Authentication management area of the CMC. Click the Enterprise tab. Select the check box and enter the value related to the password setting.

BusinessObjects Enterprise Administrator’s Guide

257

12

Managing User Accounts and Groups Managing Enterprise and general accounts

The table below identifies the minimum and maximum values for each of the settings you can configure: Recommended Maximum 100 days 100 passwords 100 minutes 100 failed 100 minutes 100 minutes

Password Setting Must contain at least N characters Must change password every N days Must wait N minutes to change password Disable account after N failed attempts to log on Reset failed logon count after N minutes Re-enable account after N minutes 4. Click Update.

Minimum 1 day 0 minutes 1 failed 1 minute 0 minutes

0 characters 64 characters

Cannot reuse the N most recent passwords 1 password

Creating a group
Groups are collections of users who share the same account privileges. For instance, you may create groups that are based on department, role, or location. Groups enable you to change the rights for users in one place (a group) instead of modifying the rights for each user account individually. Also, you can assign object rights to a group or groups. For information on object rights, see “Managing objects overview” on page 416. For information on granting users and groups administrative rights to other groups, see “Granting access to users and groups” on page 262. After creating a new group, you can add users, add subgroups, or specify group membership so that the new group is actually a subgroup. Because subgroups provide you with additional levels of organization, they are useful when you set object rights to control users’ access to your BusinessObjects Enterprise content. 1. 2. 3. 4. To create a new group Go to the Groups management area of the CMC. Click New Group. On the Properties tab, enter the group name and description. Click OK.

258

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Adding users to a group
Use the following procedure to add users to a group, directly from the group page. Note: You can also add a user to groups from the user page. See “Adding a user to groups” on page 255. 1. 2. 3. 4. To add users to a group In the Groups management area of the CMC, click the link for the group. Click the Users tab. Click Add Users. Select the users to add to the group; then click the > arrow. Tip:

• • •
5.

To select multiple users, use the SHIFT+click or CTRL+click combination. To search for a specific user, use the Look For field. If there are many users on your system, click the Previous and Next buttons to navigate through the list of users.

Click OK. The Users tab appears. It lists all of the users who belong to this group.

Adding subgroups
You can add an existing group as a subgroup to another group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. 5. To add subgroups In the Groups management area of the CMC, click the link for the group. Click the Subgroups tab. Click Add/Remove Subgroups. Select the groups that should be members of this new group; then click the > arrow. Click OK.

BusinessObjects Enterprise Administrator’s Guide

259

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Specifying group membership
You can make a group a member of another group. The group that becomes a member is referred to as a subgroup. The group that you add the subgroup to is the parent group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. To make a group a member of another group In the Groups management area of the CMC, click the link for the group. Click the Member of tab. Click the Member of button. Select the parent groups that this new group will be a member of; then click the > arrow. Any rights associated with the parent group will be inherited by the new group you have created. 5. Click OK.

Modifying a group
You can modify a group by making changes to any of the settings. Note: The users who belong to the group will be affected by the modification if they are logged on when you are making changes. 1. 2. 3. To modify a group In the Groups management area of the CMC, click the link for the group. Under the Group Name column, click the link to the group whose configuration you want to change. Make the necessary changes in one of the four tabs:

• • • •
4.

Properties Users Subgroups Member of

Depending on which tab you have selected, click OK or Update after you have made your changes.

260

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Viewing group members
You can use this procedure to view the users who belong to a specific group. 1. 2. 3. To view group members In the Groups management area of the CMC, click the link for the group. Click Users. Click Refresh. Note: It may take a few minutes for your list to refresh if you have a large number of users in the group or if your group is mapped to an NT user database, LDAP user directory, or AD user directory.

Deleting a group
You can delete a group when that group is no longer required. You cannot delete the default groups Administrator and Everyone. Note: The users who belong to the deleted group will be affected by the change if they are logged on when the group is deleted. To delete a third-party authentication groups, such as the BusinessObjects NT Users group, use the Authentication management area in CMC. See “Unmapping LDAP groups” on page 272, “Unmapping AD groups” on page 280, and “Mapping NT accounts” on page 284. 1. 2. 3. 4. To delete a group Go to the Groups management area of the CMC. Select the check box associated with the group you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK.

Disabling the Guest account
By disabling the Guest account, you ensure that no one can log on to BusinessObjects Enterprise with this account. By disabling the Guest account, you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise, so users will be unable to access InfoView without providing a valid user name and password.

BusinessObjects Enterprise Administrator’s Guide

261

12

Managing User Accounts and Groups Managing LDAP accounts

1. 2. 3. 4. 5.

To disable the Guest account Go to the Users management area of the CMC. In the Account Name column, click Guest. On the Properties tab, select the Account is disabled check box. Click Update. If you are prompted for confirmation, click OK.

Granting access to users and groups
You can grant users and groups administrative access to other users and groups. Administrative rights include: viewing, editing, and deleting objects; viewing and deleting object instances; and pausing object instances. For example, for troubleshooting and system maintenance, you may want to grant your IT department access to edit and delete objects. For more information about granting rights to users and groups, see “Controlling access to users and groups” on page 352.

Managing LDAP accounts
To use LDAP authentication, you need to first ensure that you have your respective LDAP directory set up. For more information about LDAP, refer to your LDAP documentation. For more information on the LDAP security plugin, see “LDAP security plug-in” on page 238. Note: When you install BusinessObjects Enterprise, the LDAP authentication plug-in is installed automatically, but not enabled by default. This section describes tasks related to LDAP accounts in BusinessObjects Enterprise. In particular, it includes information on:

• • • • • • •

“Configuring LDAP authentication” on page 263 “Mapping LDAP groups” on page 269 “Unmapping LDAP groups” on page 272 “Viewing mapped LDAP users and groups” on page 272 “Changing LDAP connection parameters and member groups” on page 272 “Managing multiple LDAP hosts” on page 273 “Troubleshooting LDAP accounts” on page 274

262

BusinessObjects Enterprise Administrator’s Guide

“myserver:123”). and then click “Start LDAP Configuration Wizard”. The first screen of the wizard asks for information about your LDAP host. Click Next. BusinessObjects Enterprise Administrator’s Guide 263 . The LDAP Configuration Wizard will lead you through the setup of LDAP authentication. Type your LDAP host and port information in the Add LDAP host (hostname:port) field (for example. Before users can use their LDAP user name and password to log on to BusinessObjects Enterprise. 4. you need to map their LDAP account to BusinessObjects Enterprise. “Configuring LDAP mapping options” on page 267. step by step. Select your server type from the LDAP Server Type list. Configuring the LDAP host 1. Click Show Attribute Mappings if you want to view or change any of the LDAP Server Attribute Mappings or the LDAP Default Search Attributes. 5. refer to your LDAP documentation. For more information on multiple hosts. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. When you map an LDAP account. “Configuring the Secure Socket Layer authentication for LDAP” on page 264. If you want to remove a host. Configuring LDAP authentication includes the following main steps: • • • • “Configuring the LDAP host” on page 263. highlight the host name and click Delete. each supported server type’s server attribute mappings and search attributes are already set. For more information. To configure the LDAP host Go to the Authentication management area of the CMC. By default. 2. 3. Repeat this step to add more than one LDAP host of the same server type if you want to add hosts that can act as failover servers. ensure that you have your LDAP directory set up. Before setting up and enabling LDAP authentication. refer to “Managing multiple LDAP hosts” on page 273. BusinessObjects Enterprise supports LDAP authentication for user and group accounts. Click the LDAP tab. then click Add.Managing User Accounts and Groups Managing LDAP accounts 12 Configuring LDAP authentication To simplify administration. “Configuring LDAP single sign-on with SiteMinder” on page 267.

A group from the host being referred to will be mapped to BusinessObjects Enterprise. 11. type the distinguished name (for example. Enter the credentials required by the LDAP hosts. In the Base LDAP Distinguished Name field.businessobjects. 9. Enter the number of referral hops in the Maximum Referral Hops field. Configuring the Secure Socket Layer authentication for LDAP Note: This section describes the CMC related information for configuring SSL for LDAP only. • In the “LDAP Server Administration Credentials” area. 12. 7. Click Next. only one set of referral credentials can be set. • Enter another distinguished name and password in the “LDAP Referral Credentials” area if all of the following apply: • • • The primary host has been configured to refer to another directory server that handles queries for entries under a specified base. 10. you must create a user account on each host that uses the same distinguished name and password. The host being referred to has been configured to not allow anonymous binding. no referrals will be followed.12 Managing User Accounts and Groups Managing LDAP accounts 6. o=SomeBase).techsupport. Therefore if you have multiple referral hosts. Click Next. For additional information or for information on configuring the LDAP host server. If your LDAP Server allows anonymous binding. If this field is set to zero. 8. Although groups can be mapped from multiple hosts. refer to http:// www. 264 BusinessObjects Enterprise Administrator’s Guide .com or your LDAP vendor documentation. type the distinguished name and password for a user account that is authorized to administer your LDAP server. Click Next. leave this area blank—BusinessObjects Enterprise servers and clients will bind to the primary host via anonymous logon. Proceed with configuring the Secure Socket Layer.

regardless of the setting you choose. it must receive and verify a security certificate sent to it by the LDAP host. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups).Managing User Accounts and Groups Managing LDAP accounts 12 1. it must receive and verify a security certificate sent to it by the LDAP host. BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database. Click Next. BusinessObjects Enterprise Administrator’s Guide 265 . BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database. • Always accept server certificate This is the lowest security option.rd.crystald. To configure the Secure Socket Layer authentication If necessary. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). Click the LDAP tab. skip to step 2. If you selected Server Authentication or Mutual Authentication. choose one of the following options: 2. and then click Start LDAP Configuration Wizard. using CN =ABALONE:389 in the certificate would not work. Select the type of SSL authentication (Basic (no SSL). 3. go to the Authentication management area of the CMC again. • Accept server certificate if it comes from a trusted Certificate Authority This is a medium security option. To verify the certificate. Otherwise. Click Next until the screen of the wizard asks for the Secure Socket Layer authentication information. it must receive a security certificate from the LDAP host. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). if you entered the LDAP host name as ABALONE.net:389. BusinessObjects Enterprise does not verify the certificate it receives. or Mutual Authentication) your LDAP hosts uses to establish a connection with BusinessObjects Enterprise. To verify the certificate. That is. Server Authentication. • Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server This is the highest security option. It must also be able to confirm that the CN attribute on the server certificate exactly matches the host name of the LDAP host as you typed it in the “Add LDAP host” field in the first step of the wizard. Tip: Java applications (such as the Java version of InfoView) always use this option.

To select settings for another host. Then type the appropriate values in the boxes on the right. 5.12 Managing User Accounts and Groups Managing LDAP accounts Tip: The host name on the server security certificate is the name of the primary LDAP host. you must next add the host name of each machine in your BusinessObjects Enterprise system that uses the BusinessObjects Enterprise SDK. select its name in the list on the left. The settings for the default host are used: • • • for any setting (for any host) where you leave the “Use default value” box checked. In the SSL host box.db if you selected mutual authentication. Then type your values for the path to the certificate and key database files. the password for the key database. for any machine whose name you do not explicitly add to the list of SSL hosts. • To select settings for the default host. Now configure the SSL settings for each SSL host in the list. Type a nickname for the client certificate in the cert7. Therefore if you select this option you cannot use a failover LDAP host.) Type the host name of each machine in the SSL Host box. 4. first clear the Use default value boxes. (This includes the machine running your Central Management Server and the machine running your WCA. and then click Add. starting with the default host. 266 BusinessObjects Enterprise Administrator’s Guide .

Proceed with configuring LDAP for single sign-on. Click Next. Otherwise. type the name of each Policy Server. To configure LDAP for single sign-on with SiteMinder If necessary. 4. 7. Click Next until the screen of the wizard asks you to map the LDAP users to BusinessObjects Enterprise users. BusinessObjects Enterprise Administrator’s Guide 267 . Click Next. skip to step 2. Click Next until the screen of the wizard asks for the LDAP single sign-on authentication. Authentication and Authorization port numbers. configure the SiteMinder hosts: 2. 1. Enter the name of the Web Agent and the Shared Secret. 2. 6. • • • 5. In order to use SiteMinder. specify the Accounting. Click the LDAP tab. Configuring LDAP mapping options 1. To configure LDAP mapping options If necessary. Enter the shared secret again. For each Policy Server Host. Click Next. The next screen of the wizard controls how BusinessObjects Enterprise maps LDAP users to BusinessObjects Enterprise users. Configuring LDAP single sign-on with SiteMinder SiteMinder is a third-party user access and authentication tool that you can use with the LDAP security plug-in to create single sign-on to BusinessObjects Enterprise. 3. Click the LDAP tab. Otherwise. If you selected SiteMinder. go to the Authentication management area of the CMC again. and then click Add. skip to step 2. Proceed with configuring the LDAP options.Managing User Accounts and Groups Managing LDAP accounts 12 6. refer to the SiteMinder documentation. Select the type of single sign-on authentication (Basic (no SSO) or SiteMinder). go to the Authentication management area of the CMC again. and then click Start LDAP Configuration Wizard. For more information about SiteMinder and how to install it. you need to configure the single sign-on authentication for the LDAP plug-in. and then click Start LDAP Configuration Wizard. In the Policy Server Host box.

LDAP aliases will be assigned to existing users (auto alias creation is turned on). Users who do not have an existing Enterprise account. or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user. or for all users if you selected the “Create a new account for every added LDAP alias” option. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. Instead. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users. it creates aliases (and accounts. but only a few of them will use BusinessObjects Enterprise. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. 268 BusinessObjects Enterprise Administrator’s Guide . New LDAP accounts are added for users without BusinessObjects Enterprise accounts. Update Options allow you to specify if LDAP aliases are automatically created for all new users. are added as new LDAP users. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users.12 Managing User Accounts and Groups Managing LDAP accounts New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts. that is. 3. if required) only for users who log on to BusinessObjects Enterprise. or who do not have the same name in their Enterprise and LDAP account.

This type of licensing is very flexible because a small concurrent license can support a large user base. Click the LDAP tab. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. If LDAP authorization is configured. a 100 user concurrent license could support 250. 5. BusinessObjects Enterprise Administrator’s Guide 269 . 500. In the “Mapped LDAP Member Groups” area. Mapping LDAP groups Once you have configured LDAP authentication using the LDAP configuration wizard. or 700 users.Managing User Accounts and Groups Managing LDAP accounts 12 4. the LDAP summary page appears. 1. 3. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. 2. To map LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. This provides named users with access to the system regardless of how many other people are connected. The LDAP Server Summary page appears. click Add. depending on how often and how long users access BusinessObjects Enterprise. See “Configuring LDAP authentication” on page 263. Select either: • New users are created as named users New user accounts are configured to use named user licenses. For example. You must have a named user license available for each user account created using this option. you can map LDAP groups to Enterprise groups. Click Finish to save your LDAP settings. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. specify your LDAP group (either by common name or distinguished name) in the Add LDAP group (by cn or dn) field.

LDAP aliases will be assigned to existing users (auto alias creation is turned on). or who do not have the same name in their Enterprise and LDAP account. New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts.12 Managing User Accounts and Groups Managing LDAP accounts You can add more than one LDAP group by repeating this step. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. 270 BusinessObjects Enterprise Administrator’s Guide . 4. To remove a group. highlight the LDAP group and click Delete. that is. are added as new LDAP users. Users who do not have an existing Enterprise account.

Managing User Accounts and Groups Managing LDAP accounts 12 or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user. 7. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users. 500. This type of licensing is very flexible because a small concurrent license can support a large user base. 5. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. or for all users if you selected the “Create a new account for every added LDAP alias” option. 6. You must have a named user license available for each user account created using this option. a 100 user concurrent license could support 250. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. or 700 users. New LDAP accounts are added for users without BusinessObjects Enterprise accounts. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. but only a few of them will use BusinessObjects Enterprise. if required) only for users who log on to BusinessObjects Enterprise. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. Update Options allow you to specify if LDAP aliases are automatically created for all new users. Select either: • New users are created as named users New user accounts are configured to use named user licenses. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. This provides named users with access to the system regardless of how many other people are connected. depending on how often and how long users access BusinessObjects Enterprise. Click Update. BusinessObjects Enterprise Administrator’s Guide 271 . For example. Instead. it creates aliases (and accounts.

1. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. it is possible to unmap groups using BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing LDAP accounts Unmapping LDAP groups Similar to mapping. the Mapped LDAP Member Groups area displays the LDAP groups that have been mapped to BusinessObjects Enterprise. 5. 2. 272 BusinessObjects Enterprise Administrator’s Guide . 3. If LDAP authorization is configured. see “Configuring LDAP authentication” on page 263. In the “Mapped LDAP Member Groups” area. Viewing mapped LDAP users and groups You can view your LDAP mapped groups in BusinessObjects Enterprise by clicking the LDAP tab (located in the Authentication management area). For more information. disable or delete the user’s Enterprise account. To change connection settings Go to the Authentication management area of the CMC. To unmap LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. 1. select the LDAP group you would like to remove. you can change LDAP connection parameters and member groups using the LDAP Server Configuration Summary Page. the LDAP summary page will appear. For information on configuring LDAP authentication using the LDAP configuration wizard. The users in this group will not be able to access BusinessObjects Enterprise. To restrict access. If LDAP authorization is configured. Tip: To deny LDAP Authentication for all groups. clear the “LDAP Authentication is enabled” check box and click Update. see “Managing Enterprise and general accounts” on page 253. Changing LDAP connection parameters and member groups After you have configured LDAP authentication using the LDAP configuration wizard. Click the LDAP tab. Click Delete. Click Update. 4.

10. The primary LDAP host and all failover hosts must be configured in exactly the same way. Click Update. 6. Managing multiple LDAP hosts Using LDAP and BusinessObjects Enterprise. If LDAP authorization is configured. BusinessObjects Enterprise Administrator’s Guide 273 . Click Update. 4. On this page you can change any of the connection parameter areas or fields. the LDAP Server Configuration Summary page appears. Change your connection settings. 7. To add multiple LDAP Hosts. 9. Click the LDAP tab. go to the Authentication management area of the Central Management Console and click the LDAP tab. Change your Alias and New User options. Note: • The order in which the hosts are communicated with matters. You can also modify the Mapped LDAP Member Groups area. followed by the remaining failover hosts. click the name of the LDAP host to open the page that enables you to add or delete hosts. BusinessObjects Enterprise uses the first host that you add as the primary LDAP host. Click Update. so ensure that you add the primary host first. Delete currently mapped groups that will no longer be accessible under the new connection settings. Map your new LDAP member groups. 8. Subsequent hosts are treated as failover hosts. you can add fault tolerance to your system by adding multiple LDAP hosts. Click Update. In the LDAP Server Configuration Summary area.) Or if you have already configured LDAP. 5. enter all hosts when you configure LDAP using the LDAP configuration wizard (see “Configuring LDAP authentication” on page 263 for details.Managing User Accounts and Groups Managing LDAP accounts 12 2. and each LDAP host must refer to all additional hosts from which you wish to map groups. see your LDAP documentation. 3. For more information about LDAP hosts and referrals.

see “Configuring LDAP authentication” on page 263. you cannot use the highest level of SSL security (that is. the user will not be able to log on to BusinessObjects Enterprise. For more information. add it to BusinessObjects Enterprise. see “Viewing mapped LDAP users and groups” on page 272. If you create a new LDAP group account. For more information. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. However. either map the group to BusinessObjects Enterprise. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. refresh the user list. see “Configuring LDAP authentication” on page 263.”) For more information. • Creating a new LDAP group account • If you create a new LDAP group account. For more information. or add the new LDAP user account to a group that is already mapped to BusinessObjects Enterprise. you cannot select “Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server.12 Managing User Accounts and Groups Managing LDAP accounts • If you use failover LDAP hosts. see “Viewing mapped LDAP users and groups” on page 272. if the user also has an account that uses Enterprise authentication. 274 BusinessObjects Enterprise Administrator’s Guide . and that LDAP user account is mapped to BusinessObjects Enterprise. see “Configuring LDAP authentication” on page 263. If you create a new LDAP user account. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. For more information. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise. refresh the group list. Troubleshooting LDAP accounts Creating a new LDAP user account • If you create a new LDAP user account. • Disabling an LDAP user account If you disable an LDAP user account. the user can still access BusinessObjects Enterprise using that account.

see “Windows AD security plug-in” on page 240. AD authentication and aggregation is not functional without a network connection. the user can still access BusinessObjects Enterprise using that account. and that LDAP group account is mapped to BusinessObjects Enterprise. However. see the developer documentation available on your product CD. For information on how AD authentication works in conjunction with BusinessObjects Enterprise. Once you have mapped your AD users and groups. the users who belong to that group will not be able to log on to BusinessObjects Enterprise. Users cannot log on to BusinessObjects Enterprise using AD authentication via the Java SDK.Managing User Accounts and Groups Managing AD accounts 12 Disabling an LDAP group account If you disable an LDAP group account. all of the BusinessObjects Enterprise client tools support AD authentication. You can also create your own applications that support AD authentication. Note: • • • • AD authentication only works for servers running on Windows systems. if the user also has an account that uses Enterprise authentication. except for the Import Wizard. For more information. if the administrator changes his or her password or if the account becomes disabled). AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. Managing AD accounts This section provides an overview of AD authentication and the tasks related to managing it. “Mapping AD accounts” on page 276 “Unmapping AD groups” on page 280 “Viewing mapped AD users and groups” on page 280 “Troubleshooting AD accounts” on page 281 “Setting up AD single sign-on” on page 282 Managing AD accounts includes the following tasks: • • • • • BusinessObjects Enterprise Administrator’s Guide 275 .

because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. you must have created a domain user account on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account.12 Managing User Accounts and Groups Managing AD accounts Mapping AD accounts To simplify administration. Click the Windows AD tab. select the Single Sign On is enabled check box. ensure that you have the appropriate AD domain and group information. Go to the Authentication management area of the CMC. before users can use their AD user name and password to log on to BusinessObjects Enterprise. Ensure that the Windows Active Directory Authentication is enabled check box is selected. To map AD users and groups Before starting this procedure. 4. When you map an AD account. 5. If you will be using single sign-on. However. 1. enter the name and password of the domain user account you’ve set up on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. Note: If you select this option. 2. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. 3. see “Setting up AD single sign-on” on page 282. their AD user account needs to be mapped to BusinessObjects Enterprise. you must also configure the IIS for single sign-on. As well. 276 BusinessObjects Enterprise Administrator’s Guide . In the “AD Administration Credentials” area. For details. BusinessObjects Enterprise supports AD authentication for user and group accounts.

Managing User Accounts and Groups Managing AD accounts 12 BusinessObjects Enterprise Administrator’s Guide 277 .

. map groups. 278 BusinessObjects Enterprise Administrator’s Guide .. Note: • • 7. Therefore they will not be able to access BusinessObjects Enterprise. dc=DomainName. In the “Mapped AD Member Groups” area.. This means that local users who belong to a mapped local group will not be mapped to BusinessObjects Enterprise. you can use only the NT name format (\\ServerName\GroupName). check rights. Groups can be mapped using one of the following formats: • • NT name (DomainName\GroupName) DN (cn=GroupName. Groups from the default domain can be mapped without specifying the domain name prefix. that is. The group is added to the list. Users who do not have an existing Enterprise account. dc=com) Note: If you want to map a local group. 8. . or who do not have the same name in their Enterprise and AD account. Select either: • Assign each added AD alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. users from the default domain do not have to specify the AD domain name when they log on to BusinessObjects Enterprise via AD authentication... New Alias Options allow you to specify how AD aliases are mapped to Enterprise accounts. Click Add. Windows AD does not support local users. AD aliases will be assigned to existing users (auto alias creation is turned on).12 Managing User Accounts and Groups Managing AD accounts Administration credentials can use one of the following formats: • • NT name (DomainName\UserName) UPN (user@DNS_domain_name) Administration credentials must be entered to enable AD authentication. Complete the Default AD Domain field. or • Create a new account for every added AD alias Use this option when you want to create a new account for each user. 6.. 9. and so on. By entering the Default AD Domain name. enter the AD domain\group in the Add AD Group (Domain\Group) field. are added as new AD users.

BusinessObjects Enterprise Administrator’s Guide 279 . BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. or 700 users. For details. You must have a named user license available for each user account created using this option. 11. For example.Managing User Accounts and Groups Managing AD accounts 12 10. Update Options allow you to specify if AD aliases are automatically created for all new users. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every AD user mapped to BusinessObjects Enterprise. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. depending on how often and how long users access BusinessObjects Enterprise. New AD accounts are added for users without BusinessObjects Enterprise accounts. if required) only for users who log on to BusinessObjects Enterprise. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. Select either: • New users are created as named users New user accounts are configured to use named user licenses. a 100 user concurrent license could support 250. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to AD accounts. Instead. or for all users if you selected the “Create a new account for every added AD alias” option. but only a few of them will use BusinessObjects Enterprise. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. see “Creating a user and a third-party alias” on page 294. or • No new aliases will be added and new users will not be created Use this option when the AD directory you are mapping contains many users. This type of licensing is very flexible because a small concurrent license can support a large user base. it creates aliases (and accounts. 500. Note: You can also add AD users individually by adding them as a new user in BusinessObjects Enterprise and selecting Windows AD authentication. This provides named users with access to the system regardless of how many other people are connected.

To unmap AD groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. 1. Click Update. 4. 2. 280 BusinessObjects Enterprise Administrator’s Guide . Click the Windows AD tab. 3. 5.12 Managing User Accounts and Groups Managing AD accounts 12. To restrict access. see “Managing Enterprise and general accounts” on page 253. Note: You can view the groups by clicking the Windows AD tab from the Authentication management area and then viewing the “Mapped AD Member Groups” area. 2. disable or delete the user’s Enterprise account. Note: The only exceptions to this occur when a user has an alias other than the one assigned for AD authentication. A message appears stating that it will take several seconds to update the member groups. Click Update. select the AD group you would like to remove. it is possible to unmap groups using BusinessObjects Enterprise. 3. The users in the deleted group will no longer be able to access BusinessObjects Enterprise. In the “Mapped AD Member Groups” area. Unmapping AD groups Similar to mapping. Click Delete. Click OK. clear the “Windows Active Directory Authentication is enabled” check box and click Update. Under Group Name. Viewing mapped AD users and groups 1. Tip: To deny AD authentication for all users. click the hyperlink to a Windows AD group Click the Users tab. For more information. Go to the Groups management area of the CMC. 13. users cannot be viewed from the Windows AD tab.

Note: The nested AD group will not get mapped to BusinessObjects Enterprise by this operation. the system will add the user to BusinessObjects Enterprise. You can add the new user to BusinessObjects Enterprise and select Windows AD authentication. see “Mapping AD accounts” on • • • BusinessObjects Enterprise Administrator’s Guide 281 . and the AD group to which the account belongs is already mapped to BusinessObjects Enterprise. you need to click Update in the Windows AD tab (found in the Authentication management area). and you would like the users of this nested group to get imported into BusinessObjects Enterprise. ensure that you update the user list by clicking Update in the Windows AD tab found in the Authentication management area. You can go to the Windows AD tab in the Authentication management area and select the option to add all new aliases and create all new users. In this case all AD users will be added to BusinessObjects Enterprise. • Adding an AD group account to a mapped AD group • When you add an AD group account to an AD group that was previously mapped to BusinessObjects Enterprise. For information on viewing AD users and groups. User accounts are automatically created for AD users who are added to an AD group when these users successfully log on to BusinessObjects Enterprise. Note that you must click Update to ensure that new users are imported properly. and then click Update. See “Creating a user and a third-party alias” on page 294. • When you have added a new account in AD. Choose the method that works best for your situation: When the new AD user logs on to BusinessObjects Enterprise and selects AD authentication.Managing User Accounts and Groups Managing AD accounts 12 Troubleshooting AD accounts Creating a new AD user account • If you create a new AD user account. see “Viewing mapped AD users and groups” on page 280. there are three ways you can get the new AD account into BusinessObjects Enterprise. The user is added and is automatically assigned a Windows AD alias. This is the simplest method and it doesn’t require any extra steps. For details. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. but the user won’t be added until he or she logs on to BusinessObjects Enterprise.

if the AD group contains many users who don’t require access to BusinessObjects Enterprise. By default.config file. Configuring IIS for AD single sign-on 1. for AD single sign-on to work.config file for AD single sign-on” on page 283. 3. AD single sign-on is not enabled.config file for AD single sign-on” on page 283 Note: For information on how to set up end-to-end single sign on with AD and Kerberos. see “Enabling AD single sign-on in CMC” on page 283. Setting up AD single sign-on to BusinessObjects Enterprise includes the following tasks: “Configuring IIS for AD single sign-on” on page 282 “Enabling AD single sign-on in CMC” on page 283 “Modifying the web. See “Modifying the web. Ensure that Integrated Windows authentication check box is selected. Restart your IIS server. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. see “Configuring Kerberos single sign-on” on page 299. Note: You must also enable AD single sign-on in the CMC. Modify the web. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282.12 Managing User Accounts and Groups Managing AD accounts page 276. To configure the IIS web server for AD single sign-on Using the documentation included with your IIS server. 282 BusinessObjects Enterprise Administrator’s Guide . you may want to add the user individually instead. However. Note: For AD single sign-on to function correctly. However. you have to configure the IIS Business Objects virtual directory. Note: • • • • • AD single sign-on is not supported on client machines running on Windows 98. For details. Setting up AD single sign-on Installation of the Active Directory plug-in for BusinessObjects Enterprise enables you to use AD single sign-on. 2.

config file for AD single sign-on Add the following lines to the <system.config file: • • 2.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. you must also configure the IIS for single sign-on. BusinessObjects Enterprise Administrator’s Guide 283 . see “Configuring IIS for AD single sign-on” on page 282. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. 1. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282.<remove name=“WindowsAuthentication”/> --> Note: For AD single sign-on to function correctly. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account.config file as shown: <!-. Click Update. 4. Click the Windows AD tab. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282. Note: If you select this option.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web.Managing User Accounts and Groups Managing AD accounts 12 Enabling AD single sign-on in CMC 1. To enable the Windows AD plug-in for single sign-on in CMC Go to the Authentication management area of the CMC.config file to make sure Windows authentication is enabled. <identity impersonate="true" /> <Authentication mode="Windows" /> Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. 3. To modify the web. For details.config file: • • 3. Modifying the web. 2.config file for AD single sign-on Make the following modifications to the web. Note: For AD single sign-on to function correctly. Select the Single sign-on is enabled check box.

click User Manager. If you install BusinessObjects Enterprise on a Windows NT. When you map an NT account. or 2003 accounts. or 2003 machine. 2000. BusinessObjects Enterprise supports user and group accounts that are created using Windows NT. “Mapping NT accounts” on page 284 “Unmapping NT groups” on page 288 “Viewing mapped NT users and groups” on page 289 “Troubleshooting NT accounts” on page 290 “Setting up NT single sign-on” on page 292 Managing NT accounts includes the following tasks: Mapping NT accounts To simplify administration. or through the CMC. their NT user account needs to be mapped to BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing NT accounts Managing NT accounts This section provides an overview of NT authentication and the tasks related to managing it. For information on how NT authentication works in conjunction with BusinessObjects Enterprise. see “Windows NT security plugin” on page 236. by using the User Manager in Windows NT or Computer Management in Windows 2000. 2000. Select the BusinessObjects NT Users group. NT accounts refer to Windows NT. Note: Ensure that you have selected the domain that contains the BusinessObjects NT Users group. To map NT users and groups using Windows NT From the Windows Administrative Tools program group. However. 1. Note: NT accounts refer to both Windows NT and 2000 accounts. before users can use their NT user name and password to log on to BusinessObjects Enterprise. NT authentication is installed and enabled by default. Note: • • • • • • • NT authentication only works for servers running on Windows systems. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. 2. 284 BusinessObjects Enterprise Administrator’s Guide . You can map NT accounts to BusinessObjects Enterprise through Windows.

Select the group(s) and/or user(s). click Properties. BusinessObjects Enterprise Administrator’s Guide 285 . Under System Tools. then click Add. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Click Add. 7. 6. From the User menu. 2. Click the Groups folder. Select the group(s) and/or user(s). select Properties. Click Add. Select the BusinessObjects NT Users and from the Action menu. 3. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Click OK to add the group(s) and/or user(s). then click Add. 3. 4. 5. 4. 1. To map NT users and groups using Windows 2000 From the Windows Administrative Tools program group. Go to the Authentication management area of the CMC. click Computer Management. Click OK to complete the process. 7. ensure you have the NT domain and group information. Click OK or Apply (and then Close) to complete the process. 6. 1. To map NT users and groups using BusinessObjects Enterprise Before starting this procedure. 8.Managing User Accounts and Groups Managing NT accounts 12 Note: The BusinessObjects NT Users group is created automatically in Windows NT when you install BusinessObjects Enterprise on Windows NT. select Local Users and Groups. 5. Click OK to add the group(s) and/or user(s).

Note: If you select this option. see “Setting up NT single sign-on” on page 292. Also. If you will be using single sign-on. For details. you must also configure the IIS for single sign-on. 3. 4. Complete the Default NT Domain field. Ensure that the NT Authentication is enabled check box is selected. Note: By typing the default NT Domain Name. Click the Windows NT tab. 286 BusinessObjects Enterprise Administrator’s Guide . select the Single Sign On is enabled check box. you don’t have to specify the NT domain name when you map groups. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group.12 Managing User Accounts and Groups Managing NT accounts 2. click the domain name. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. 5. To change the Default NT domain. users do not have to specify the NT Domain Name when they log on to BusinessObjects Enterprise via NT authentication.

it creates aliases (and accounts. Click Add.Managing User Accounts and Groups Managing NT accounts 12 6. BusinessObjects Enterprise Administrator’s Guide 287 . For example. The group is added to the list. New NT accounts are added for users without BusinessObjects Enterprise accounts. 7. enter the NT domain\group in the Add NT Group (NT Domain\Group) field. you must type \\NTmachinename\groupname. that is. the new user will be bsmith01. or for all users if you selected the “Create a new account for every added NT alias” option. are added as new NT users. or • Create a new account for every added NT alias Use this option when you want the system to create a new account for each user. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. 9. if required) only for users who log on to BusinessObjects Enterprise. The system ensures that the users are created with unique names. Select either: • Assign each added NT alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. Users who do not have an existing Enterprise account. New Alias Options allow you to specify how NT aliases are mapped to Enterprise accounts. NT aliases will be assigned to existing users (auto alias creation is turned on). if BusinessObjects Enterprise user bsmith already exists and an NT user with the same is added. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every NT user mapped to BusinessObjects Enterprise. but only a few of them will use BusinessObjects Enterprise. or • No new aliases will be added and new users will not be created Use this option when the NT directory you are mapping contains many users. In the Mapped NT Member Groups area. Note: If you want to map a local NT group. Update Options allow you to specify if NT aliases are automatically created for all new users. Instead. 8. or who do not have the same name in their Enterprise and NT account.

Unmapping NT groups Similar to mapping. Select BusinessObjects NT Users. 11. 4. 12. 2. click Properties. For more information. Select either: • New users are created as named users New user accounts are configured to use named user licenses. Click OK. From the User menu. 288 BusinessObjects Enterprise Administrator’s Guide . You must have a named user license available for each user account created using this option. To restrict access. or 700 users. Click Update. 1. A message appears stating that it will take several seconds to update the member groups. This type of licensing is very flexible because a small concurrent license can support a large user base. The user or group will no longer be able to access BusinessObjects Enterprise. see “Managing Enterprise and general accounts” on page 253. Click OK. This provides named users with access to the system regardless of how many other people are connected.12 Managing User Accounts and Groups Managing NT accounts 10. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to NT accounts. Select the user(s) or group(s). click User Manager. 500. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. a 100 user concurrent license could support 250. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. depending on how often and how long users access BusinessObjects Enterprise. 3. then click Remove. To unmap NT users and groups using Windows NT From the Administrative Tools program group. disable or delete the user’s Enterprise account. For example. or BusinessObjects Enterprise. it is possible to unmap groups using the administrative tool in Windows NT/2000. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. 5.

5. From the Action menu. disable or delete the user’s Enterprise account. 7. The user or group will no longer be able to access BusinessObjects Enterprise. Tip: To deny NT Authentication for all groups. 2. For more information. click Properties. 4. then click Remove. 2. see “Managing Enterprise and general accounts” on page 253. select the NT group you would like to remove. To unmap NT groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. The method you use depends on the way the groups and users have been mapped. 5. Click Update. The users in this group will not be able to access BusinessObjects Enterprise. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. Click the Groups folder. For more information. Select BusinessObjects NT Users. To restrict access. click Computer Management. In the Mapped NT Member Groups area. Click Delete. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. To unmap NT users and groups using Windows 2000 From the Administrative Tools program group. 3. select Local Users and Groups. 3. 1.Managing User Accounts and Groups Managing NT accounts 12 1. Under System Tools. disable or delete the user’s Enterprise account. clear the “NT Authentication is enabled” check box and click Update. Viewing mapped NT users and groups There are two methods to view mapped users and groups in BusinessObjects Enterprise. 6. Select the user(s) or group(s). see “Managing Enterprise and general accounts” on page 253. Click OK or Apply (and then Close) to complete the process. 4. Click the Windows NT tab. BusinessObjects Enterprise Administrator’s Guide 289 . To restrict access.

then click BusinessObjects NT Users. Go to the Groups management area of the CMC. refresh the user list. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. 4. see “Mapping NT accounts” on page 284. 6. If you added users and groups through the CMC. 2. 2. If you create a new NT user account. Click the Windows NT tab.12 Managing User Accounts and Groups Managing NT accounts To view users and groups that have been added using Windows NT/ 2000 or BusinessObjects Enterprise 1. Troubleshooting NT accounts Creating a new NT user account • If you create a new NT user account. 3. see “Viewing mapped NT users and groups” on page 289. To view users and groups that have been added using BusinessObjects Enterprise 1. Click Refresh. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. If you added users and groups through Windows NT/2000. Go to the Authentication management area of the CMC. then select the appropriate group. For more information. 5. add it to BusinessObjects Enterprise. Note: You can view the groups and users by selecting the appropriate group from the Groups management area and then clicking the Users tab. Click OK to the message which states that accessing the user list may take several seconds. For more information. The “Mapped NT Member Groups” area displays the groups that have been mapped to BusinessObjects Enterprise. Click the Users tab. • 290 BusinessObjects Enterprise Administrator’s Guide . Click OK.

You can add the new user to BusinessObjects Enterprise and select Windows NT authentication. refresh the group list. Choose the method that works best for your situation: • When the new NT user logs on to BusinessObjects Enterprise and selects NT authentication. if the user also has an account that uses Enterprise authentication. For details. In this case all NT users will be added to BusinessObjects Enterprise. For more information. This is the simplest method and it doesn’t require any extra steps. If you create a new NT group account. For more information. if the NT group contains many users who don’t require access to BusinessObjects Enterprise. The user is added and is automatically assigned a Windows NT alias. See “Creating a user and a third-party alias” on page 294. see “Viewing mapped NT users and groups” on page 289. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise.Managing User Accounts and Groups Managing NT accounts 12 Adding an NT account to a mapped NT group When you have added a new account in NT. the system will add the user to BusinessObjects Enterprise. • Disabling an NT user account • If you disable an NT user account (using Windows Administrative Tools). but the user won’t be added until he or she logs on to BusinessObjects Enterprise. see “Mapping NT accounts” on page 284. you may want to add the user individually instead. the user can still access BusinessObjects Enterprise using that account. and the NT group to which the account belongs is already mapped to BusinessObjects Enterprise. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. the user will not be able to log on to BusinessObjects Enterprise using the mapped NT account. • • Creating a new NT group account • If you create a new NT group account. However. BusinessObjects Enterprise Administrator’s Guide 291 . see “Mapping NT accounts” on page 284. there are three ways you can get the new NT account into BusinessObjects Enterprise. and then click Update. add it to BusinessObjects Enterprise. However. You can go to the Windows NT tab in the Authentication management area and select the option to add all new aliases and create all new users.

BusinessObjects Enterprise provides its own form of “anonymous single signon.12 Managing User Accounts and Groups Managing NT accounts Setting up NT single sign-on You can configure BusinessObjects Enterprise to allow users to use various BusinessObjects Enterprise applications without being prompted to log on. when you launch the CMC. Note: This feature is available if you are using a Microsoft Internet Information Server (IIS) web server and users are using Internet Explorer as their web browser.” which uses Enterprise authentication. You are not required to enter any additional information. even when you disable the Guest account. See the Platforms. BusinessObjects Enterprise is designed to display a logon page. For information on how to set up end-to-end single sign on with AD and Kerberos. refer to the tutorial for an example on creating a web application that uses single sign-on. see “Configuring Kerberos single sign-on” on page 299. With single sign-on enabled. as opposed to Windows NT authentication. Configuring IIS for NT single sign-on 1. 292 BusinessObjects Enterprise Administrator’s Guide . However. Ensure that the Integrated Windows authentication check box is selected. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. To configure the IIS web server for NT single sign-on Using the documentation included with your IIS server. You can disable this feature—for more information. he or she can log on using the Guest account (Enterprise authentication).config file for NT single sign-on” on page 293 Note: BusinessObjects Enterprise does not support the Kerberos protocol for Windows NT. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. In the developer documentation. the user can select Windows NT from the Authentication list and click Log On without entering his or her user name or password.txt file included with your product distribution for a complete list of version requirements. NT authentication occurs in the background. Users need only to enter their NT user name and password information once at the beginning of the NT session. Setting up NT single sign-on to BusinessObjects Enterprise includes the following tasks: • • • “Configuring IIS for NT single sign-on” on page 292 “Enabling NT single sign-on in CMC” on page 293 “Modifying the web. if you have set up NT single sign-on. When a user launches InfoView. For instance. see “Disabling the Guest account” on page 261.

To modify the web. because when users access one of the web applications they would automatically have the same access privileges as the IIS machine account. Click the Windows NT tab.config file for NT single sign-on Add the following lines to the <system.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. 3. 1. Modify the web. 3.config file. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. Restart your IIS server. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. Note: For NT single sign-on to function correctly. Select the Single Sign On is enabled check box. 4. Modifying the web.config file to make sure Windows authentication is enabled.config file for NT single sign-on” on page 293. For details. Note: If you select this option. Click Update. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. Note: For NT single sign-on to function correctly. Enabling NT single sign-on in CMC 1.config file: • • 2. you must also configure the IIS for single sign-on. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. See “Modifying the web.config file for NT single sign-on Make the following modifications to the web. see “Configuring IIS for NT single sign-on” on page 292.Managing User Accounts and Groups Managing NT accounts 12 2.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web. 2.config file: • • <identity impersonate="true" /> <Authentication mode="Windows" /> BusinessObjects Enterprise Administrator’s Guide 293 . To enable the Windows NT plug-in for single sign-on in CMC Go to the Authentication management area of the CMC.

an alias enables a user to log on via more than one authentication type. By assigning an alias to the user.config file as shown: <!-. the system creates the new user in BusinessObjects Enterprise and creates a third-party alias for the user. For example. the user can log on using either a third-party user name and password or an Enterprise user name and password. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. or NT aliases. Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web. In CMC. Thus. you can link the accounts using the assign alias feature. AD. A user can have any combination of BusinessObjects Enterprise. LDAP. This is useful when a user has a third-party account that is mapped to Enterprise and an Enterprise account. the alias information is displayed at the bottom of the properties page for a user. 294 BusinessObjects Enterprise Administrator’s Guide .<remove name=”WindowsAuthentication”/> --> Note: For NT single sign-on to function correctly. Managing aliases includes: • • • • • • “Creating a user and a third-party alias” on page 294 “Creating an alias for an existing user” on page 296 “Assigning an alias” on page 296 “Reassigning an alias” on page 297 “Deleting an alias” on page 297 “Disabling an aliases” on page 298 Creating a user and a third-party alias When you create a user and select an authentication type other than Enterprise. You can also reassign an alias in BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing aliases 3. after you map your third-party accounts to BusinessObjects Enterprise. Managing aliases If a user has multiple accounts in BusinessObjects Enterprise. you can use the Reassign Alias feature to reassign an alias to a different a user.

secWindowsNT:ENTERPRISE:bsmith. and reassign aliases to user. for example. The format of the account name must agree with the format required for the authentication type. 3. bsmith. 1. The New User Properties page appears. assign. The user account must exist in the third-party authentication tool. 6. If required. and it must belong to a group that is already mapped to BusinessObjects Enterprise. Click New User. To create a user and add a third-party alias Go to the Users management area of the CMC. for example. 5. you can add. Type in the third-party account name for the user. for example. The user is added to BusinessObjects Enterprise and is assigned an alias for the authentication type you selected. Windows NT. The New User Properties page appears. BusinessObjects Enterprise Administrator’s Guide 295 . 2. Click OK. Select the connection type for the user. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC. 4.Managing User Accounts and Groups Managing aliases 12 Note: For the system to create the third-party alias. Select the authentication type for the user.

and it must belong to a group that is mapped to BusinessObjects Enterprise. Note: If a user has only one alias and you assign that last alias to another user. 4. you move a third-party alias from another user to the user you are currently viewing. An alias is created for the user. Click New Alias. To create a new alias for a user Go to the Users management area of the CMC. 3.12 Managing User Accounts and Groups Managing aliases Creating an alias for an existing user You can create aliases for existing BusinessObjects Enterprise users. 2. at least two aliases are shown. The user account must exist in the third-party authentication tool. The Assign Alias page appears. Note: For the system to create the third-party alias. Click Assign Alias. The New Alias page appears. the one that was already assigned to the user and the one you just created. Click OK. You cannot assign or reassign Enterprise aliases. 6. To assign an alias from another user Go to the Users management area of the CMC. The alias can be an Enterprise alias. Select the authentication type for the user. or an alias for a third-party authentication tool. 296 BusinessObjects Enterprise Administrator’s Guide . and inbox for that account. 1. and the Favorites folder. personal categories. for example. Assigning an alias When you assign an alias to a user. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC. Type in the account name for the user. 3. The format of the account name must agree with the format required for the authentication type. 5. 2. When you view the user in CMC. Click the link for the user you want to assign an alias to. Windows NT. Click the link for the user that you want to add an alias to. 1. the system will delete the user account.

and the Favorites folder. Select the alias you want in the list of available aliases. The user bsmith can no longer use this alias. and inbox for that account. personal categories. the system will delete the user account. If a user has only one alias and you delete that alias. To reassign an alias to another user Go to the Users management area of the CMC. 3. the alias is removed from the system. use the Look For field. click the name of the user that you want to assign the alias to. The alias for bsmith has now been assigned to the user jbrown. Deleting an alias When you delete an alias. You cannot assign or reassign Enterprise aliases. the system automatically deletes the user account and the Favorites folder. and the Properties page for user jbrown is displayed. use the SHIFT+click or CTRL+click combination. 1. you move a third-party alias from the user that you are currently viewing to another user. for example. To search for a specific alias. BusinessObjects Enterprise Administrator’s Guide 297 . To select multiple aliases. Click OK. jbrown. and inbox for that account. Click the Reassign Alias button for the alias. Click the > arrow. 2. Reassigning an alias When you reassign an alias. for example. Click OK. Tip: • • 6. In the list. 5. The user jbrown can now log on using the third-party user account and authentication method. 4. Click the link for the user whose alias you want to reassign.Managing User Accounts and Groups Managing aliases 12 4. Note: If a user has only one alias and you reassign that alias to another user. 5. bsmith. personal categories. The Reassign Alias page appears.

and if the account belongs to a group that is mapped to BusinessObjects Enterprise. 2. it is best to disable the alias. Click the Delete Alias button for the alias. depends on which Update Options you have selected for the authentication tool in the Authentication management area of CMC. To ensure a user can no longer use one of his or her aliases to log on to BusinessObjects Enterprise. If the user account still exists in the third-party system. See also “Deleting an alias” on page 297. 1. Whether the system creates a new user or assigns the alias to an existing user. disable all aliases for that user. To delete an alias Go to the Users management area of the CMC. 298 BusinessObjects Enterprise Administrator’s Guide . clear the Enabled check box for the alias you want disable. Click Update. Disabling an aliases You can prevent a user from logging on to BusinessObjects Enterprise using a particular authentication method by disabling the user’s alias associated with that method. To disable an alias Go to the Users management area of the CMC. 2. The alias is deleted from the system. If the user account still exists in the third-party system. Repeat this step for each alias you want to disable. In the Alias area on the Properties page. and if the account belongs to a group that is mapped to BusinessObjects Enterprise. Click the name of the user whose alias you want to disable.12 Managing User Accounts and Groups Managing aliases 1. Note: Deleting a user’s alias does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. Note: Deleting a user from BusinessObjects Enterprise does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. then BusinessObjects Enterprise will still allow the user to log on. To prevent a user from accessing BusinessObjects Enterprise altogether. The user can no longer log on using the type of authentication that you just disabled. then BusinessObjects Enterprise will still allow the user to log on. Click the link for the user whose alias you want to delete. 3. 4. 3.

Note: Instead of a service account. This must be a domain account that has been trusted for delegation. 3. 2. “Configuring the servers” on page 300 “Configuring the Windows AD plug-in for Kerberos authentication” on page 301 “Configuring the IIS and browsers” on page 303 “Configuring IIS for end-to-end single sign-on” on page 305 “Configuring BusinessObjects Enterprise web applications” on page 312 “Configuring the databases for single sign-on” on page 313 Setting up a service account To configure BusinessObjects Enterprise for end-to-end single sign-on using Kerberos and Windows AD authentication. 4. 6.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring Kerberos single sign-on This section tells you how to set up end-to-end single sign-on to your BusinessObjects Enterprise system and its back-end databases by using Kerberos and Windows AD authentication. you require a service account.txt file included with your product distribution for a complete list of version requirements. For general information about the levels of single sign-on that are supported in BusinessObjects Enterprise. before you can proceed you must have set up the service account. You can either create a new domain account or use an existing domain account. It requires a Microsoft Internet Information Services (IIS) web server and users require Internet Explorer (IE) as their web browser. However. 5. Configuration process overview Configuring end-to-end single sign-on using Kerberos includes the following main steps: 1. you could use a user or computer domain account. The service account will be used to run the BusinessObjects Enterprise servers. BusinessObjects Enterprise Administrator’s Guide 299 . BusinessObjects Enterprise currently supports single sign-on to the database with Windows AD using Kerberos for the Windows platform only. However. see “About single sign-on” on page 232. See the Platforms. 7. it is recommended you use a service account. “Setting up a service account” on page 299 Note: The order in which you complete these steps is not important.

com. Double-click the service account. you must grant the service account the right to act as part of the operating system. For detailed instructions. refer to http://msdn. This must be done on each machine running the following servers: • • • • CMS Page Server Report Application Server Web Intelligence Report Server To configure the server machines Note: To complete this procedure. 3. 4. See “Setting up a service account” on page 299. 300 BusinessObjects Enterprise Administrator’s Guide . 5.microsoft. Double-click Act as part of the operating system. In Windows 2003. Click Add. set up the domain service account.12 Managing User Accounts and Groups Configuring Kerberos single sign-on To set up the service account On the domain controller. ensure that the following two options have been selected for the account: • • Trust this user for delegation to specified service only Use Kerberos only If you are using Windows 2003. ensure that the Account is trusted for delegation option has been selected for the account. and then click OK. then click User Rights Assignment. depending on whether you are using Windows 2000 or Windows 2003: • • In Windows 2000. 2. Note: The procedure for setting up a domain service account varies. Configuring the servers Configuring the BusinessObjects Enterprise servers includes: • • “Configuring the server machines” on page 300 “Configuring the servers to use the service account” on page 301 Configuring the server machines In order to support end-to-end single sign-on. Click Local Policies. you may have to first add a service principal name (SPN) for the domain account. you require a service account that has been trusted for delegation. Click Start > Administrative Tools > Local Security Policy. 1.

3. you require a service account that has been trusted for delegation. For detailed instructions. 2. The Properties dialog box is displayed. Click Apply. for example. 5. the CMS server. Stop the server you want to configure. In the Log On As area. This includes: • Ensuring Windows AD authentication is enabled. Configuring the servers to use the service account In order to support Kerberos single sign-on. Double-click the server you want to configure. and then click OK. Repeat steps 2 through 5 for each BusinessObjects server that has to be configured. deselect the System Account check box. c. b. BusinessObjects Enterprise Administrator’s Guide 301 . 4. Repeat the above steps on each machine running a BusinessObjects Enterprise server. On the Properties tab: a. Start the CCM. see “Controlling users’ access to objects” on page 317. you must use CCM and configure the following servers to log on as the service account: • • • • CMS server Page Server Report Application Server Web Intelligence Report Server To configure a server Note: To complete this procedure. Enter the user name and password for the service account. Configuring the Windows AD plug-in for Kerberos authentication In order to support Kerberos single sign-on. Ensure that the Local Policy Setting check box is selected. 7. Start the server again. you have to configure the Windows AD security plug-in in the CMC to use Kerberos authentication.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 6. 1. See “Setting up a service account” on page 299. and then click OK. 6.

Click AD Administrator Name. 2. • • • Select the Use Kerberos authentication check box. Ensure that the Windows Active Directory Authentication is enabled check box is selected. Note: This must be the same account that you use to run the BusinessObjects Enterprise servers. See “Mapping AD accounts” on page 276. b. enter the service principal name of the service account. Click Update. Select the Single sign-on is enabled check box. map the AD group for the AD users who require access to BusinessObjects Enterprise via AD authentication and single sign-on. 8. 302 BusinessObjects Enterprise Administrator’s Guide . 4. Click the Windows AD tab. Enabling Kerberos single sign-on and setting the service principal name (SPN) to use a service account. it does not require any other rights. Under Authentication Options select the following: 7. c.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • Setting up an AD Administrator account. In the “Mapped AD Member Group” area. it does not require any other rights. To configure the Windows AD security plug-in Go to the Authentication management area of the CMC. 3. In the Service Principal Name box. 6. see “Managing AD accounts” on page 275. 5. Select the Cache Security context (required for SSO to database) check box. Note: For related information about configuring the Windows AD plug-in. Set up the AD administrator account: a. This account requires read access to Active Directory only. Note: The AD Administrator account requires read access to Active Directory only. See “Setting up a service account” on page 299. Enter the name and password for the account and the default AD Domain. 1. Click Update.

Click the Single Sign-On tab. Type in a new cache expiry value. The system comes configured with default values for the server cache expiry. This includes: • • “Configuring the BusinessObjects Enterprise clients on the IIS” on page 304 “Configuring the Internet Explorer browser on a client machine” on page 304 BusinessObjects Enterprise Administrator’s Guide 303 . Note: If you are running multiple instances of a server. 1. Use the following procedure to change these settings when needed. the ticket will expire when the lowest expiry value is reached. the system renews the ticket until the CMS cache expiry is reached. Click the link for the server. This applies to the CMS. you can control the cache expiry for each instance individually. Report Application Server. The CMS uses the cache expiry as follows: • • • If the CMS cache expiry is greater than that of the ticket. Page Server. If the CMS cache expiry is zero. 3. whichever has the lowest value. 5. The other servers use either their cache expiry or the ticket expiry. you have to configure the BusinessObjects Enterprise clients. and Web Intelligence Report Server. Configuring the IIS and browsers In order to support Kerberos end-to-end single sign-on. the ticket will expire when the CMS cache expiry is reached. 2. Regardless of whether the cache expiry for the server is greater or less than that of the ticket. To configure the servers in CMC Go to the Servers management area of the CMC. the system will use the globally set ticket expiry. If the CMS cache expiry is less than that of the ticket. Click Update. 4. it uses the cache expiry for certain BusinessObjects Enterprise servers to determine whether a logon ticket is still valid.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring the cache expiry When the system is using AD and Kerberos single sign-on.

d. refer to you Windows documentation. open an Internet Explorer browser window. 1. Click the Advanced tab. Note: If configuring the IIS for single sign-on to the database only. 1. 2. See also “Configuring IIS for single sign-on to databases only” on page 309. you have to configure the Internet Explorer (IE) browser on the BusinessObjects Enterprise client machines. 7. Adding the IIS to the trusted sites. Turn off Anonymous Access. you do not need to configure the browser for single sign-on. b. Click the Enable integrated windows authentication option. Click Tools > Internet Options. expand the tree on the left and go to businessobjects under Default Web Site. To configure the IE browser on the client machines On the client machine. On the Directory Security tab. and then click OK again. Right-click businessobjects and select Properties. Configuring the Internet Explorer browser on a client machine To support Kerberos end-to-end single sign-on. and then click Apply. click Edit. This includes: • • Setting up the client machines for integrated Windows authentication.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring the BusinessObjects Enterprise clients on the IIS To support Kerberos single sign-on. Enable integrated windows authentication: a. Note: You can automate the following steps through a registry key. 3. 2. 304 BusinessObjects Enterprise Administrator’s Guide . 6. in the Internet Information Services window. Navigate to the Security settings. you have to configure the BusinessObjects clients on the IIS to use integrated Windows authentication. Repeat the above for crystalreportviewer. For details. To configure the clients for Windows authentication On the IIS. The Internet Options dialog box appears. c. Turn on Integrated Windows Authentication. 4. 5. Click OK.

exe worker process to run as a domain account that has been trusted for delegation. see: • • “Configuring IIS for single sign-on to databases only” on page 309 “Configuring web applications for single sign-on to the databases” on page 313. You may want to do this. Click the Security tab. f.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3. BusinessObjects Enterprise Administrator’s Guide 305 . Configuring IIS5 for Kerberos end-to-end single sign-on To support Kerberos end-to-end single sign-on. 4. if you don’t want to run the IIS worker processes under an account that has been trusted for delegation. Click Advanced. Repeat the above steps on each BusinessObjects Enterprise client machine. c. Click OK. e. Refer to either of the following procedures. You can enter the full domain name of the site: a. Type in the web site for the IIS. Click Sites. Configuring IIS for end-to-end single sign-on To support Kerberos end-to-end single sign-on. you have to set the IIS and the Aspnet_wp. for example. Click Tools > Internet Options. For more information. and then click Add. the worker processes of the IIS have to run under a domain account that is trusted for delegation. d. b. Close the Internet Explorer browser windows and then open them again for the changes to take effect. The Internet Options dialog box appears. Add the IIS to the Trusted sites. depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for Kerberos end-to-end single sign-on” on page 305 “Configuring IIS6 for Kerberos end-to-end single sign-on” on page 307 Note: Instead of configuring the IIS worker processes for end-to-end single sign-on you can configure them to use single sign-on to the database only. 5. and then click OK twice more to close the Internet Options dialog box.

domainname. 306 BusinessObjects Enterprise Administrator’s Guide . the password will be automatically generated and won’t expire. but the password could be exposed or modified.com serverhost For example.domainname. If you use a user domain account you have more control over the rights for the account. 2. version represents the software version. Changing this property can take several minutes to propagate.exe to run as a machine domain account. set the domain account of the IIS machine to be trusted for delegation. Each approach has advantages and disadvantages: • • If you use a machine domain account.12 Managing User Accounts and Groups Configuring Kerberos single sign-on You can run the IIS either under the machine domain account or under a user domain account. Set the Aspnet_wp. depending on whether you want to use a machine or user domain account: • • “To run the IIS5 worker process under the machine domain account” on page 306 “To run the IIS5 worker process under a user domain account” on page 307 To run the IIS5 worker process under the machine domain account On the domain controller. Note: For security reasons. and it may expire.NET\Framework\version\CONFIG\machine. Which approach you use. config file: 1.exe account to run as a machine domain account will cause all ASP. refer to the Microsoft web site: www. which would result in an error condition. if access is via www.com. To do this.NET web applications on the web server to run as privileged system accounts.com but the machine name is web. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. 3. nor can it be exposed or modified. make sure that the account which the IIS helper processes run under does not belong to a mapped group.microsoft. depends on how you want to manage your system security.domainname.com. • • userName="SYSTEM" Password="AutoGenerate" In the above path name. Note: Configuring the Aspnet_wp. For complete information about security risks associated with system or user domain accounts. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Refer to either of the following procedures. If the machine name for the web server is different from the name that is used to access it.

For complete information about security risks associated with system or user domain accounts. Each approach has advantages and disadvantages: • • If you use a machine domain account. Configuring IIS6 for Kerberos end-to-end single sign-on To support Kerberos for end-to-end single sign-on. which would result in an error condition.config file: • • userName="domainaccount" Password="password" Where domainaccount is a domain account that you have set to be trusted for delegation. If you use a user domain account you have more control over the rights for the account.exe worker process to run as an account that has been trusted for delegation.microsoft. Which approach you use. version represents the software version. refer to the Microsoft web site: www.domainname.exe to run as a user domain account that has been trusted for delegation. In the above path name. depends on how you want to manage your system security. To run the IIS5 worker process under a user domain account Set the Aspnet_wp. you have to set the IIS and w3wp. depending on whether you want to use a machine or user domain account: BusinessObjects Enterprise Administrator’s Guide 307 . If the machine name for the web server is different from the name that is used to access it. but the password could be exposed or modified.com. Note: For security reasons. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. make sure that the account which IIS helper processes run under does not belong to a mapped group. the password will be automatically generated and won’t expire.com but the machine name is web. and password is the password for the domain account. You can run the IIS either under the machine domain account or under user domain account.com serverhost For example. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. To do this.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1.com.domainname.domainname. 2. nor can it be exposed or modified.NET\Framework\ version\CONFIG\machine. and it may expire. if access is via www. Refer to either of the following procedures.

g. In the Internet Service Manager window. Type in a name for the application pool. Right-click the application pool you created. b. c. make sure that the account which the IIS worked processes run under does not belong to a mapped group. and then click Apply.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • “To run the IIS6 worker process under the machine domain account” on page 308 “To run the IIS6 worker process under a user domain account” on page 309 To run the IIS6 worker process under the machine domain account On the domain controller.domainname. Note: For security reasons. Right-click InfoView and select Properties. 308 BusinessObjects Enterprise Administrator’s Guide . If the machine name for the web server is different from the name that is used to access it.domainname.com but the machine name is web. See also “Configuring IIS for single sign-on to databases only” on page 309. and then click Apply. 1. Note: Configuring the w3wp. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Changing this property can take several minutes to propagate! If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database. d. On the Directory tab select the new application pool name from the list. and select Properties. On the Identity tab select LocalSystem from the list. right-click the machine name and select Application Pool > New. 2. Configure the account for the w3wp.exe worker process: a.exe account to run as a LocalSystem account will cause all ASP. 3. expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX.NET web applications on the web server to run as privileged system accounts. set account of the IIS machine to be trusted for delegation.com serverhost For example. In the tree panel on the left. e.domainname.com. skip step 1. if access is via www. f.

exe to run as a user domain account that has been trusted for delegation.com. Note: If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database. but the account does not have to be trusted for delegation. Configuring IIS for single sign-on to databases only When using Kerberos with Windows AD. To use single sign-on to the databases only Configure the IIS worker processes to run as a domain account in order for the network to recognize their accounts.com serverhost 3. version represents the software version. and password is the password for the domain account.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1. or whether you want users to provide their logon credentials when they log in to BusinessObjects Enterprise.Microsoft.domainname. the system generates a logon token to provide single sign-on access to the databases.config file: • • userName="domainaccount" Password="password" In the above path name. For security reasons. Where domainaccount is a domain account that you have set to be trusted for delegation. depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for single sign-on to database only” on page 310 “Configuring IIS6 for single sign-on to database only” on page 311 BusinessObjects Enterprise Administrator’s Guide 309 .com but the machine name is web. To do this. 2.com. and give it the relevant rights to access the needed files.domainname.NET\Framework\ version\CONFIG\machine. To run the IIS6 worker process under a user domain account Set the w3wp. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. For example. 1. skip step 1. see http://msdn. Refer to either of the following procedures.domainname. you can choose whether you want to provide end-to-end single sign-on. For more information. if access is via www. See also “Configuring IIS for single sign-on to databases only” on page 309. Add the domain account to the IIS_WPG local group. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. If the machine name for the web server is different from the name that is used to access it. make sure that the account which the IIS worker processes run under does not belong to a mapped group. When users log on to BusinessObjects Enterprise.

To do this. config file: • • userName="SYSTEM" Password:="AutoGenerate" In the above path name.exe to run as a machine domain account. version represents the software version.NET web applications on the web server to run as privileged system accounts. depends on how you want to manage your system security. change the following parameters to the <processModel> block in the \WINDOWS\Microsoft.com.12 Managing User Accounts and Groups Configuring Kerberos single sign-on 2. the password will be automatically generated and won’t expire. but the account does not have to be trusted for delegation. Configuring IIS5 for single sign-on to database only To support single sign-on to the database only.exe account to run as a machine domain account will cause all ASP. See “Configuring web applications for single sign-on to the databases” on page 313. See “Configuring the Internet Explorer browser on a client machine” on page 304. 3. you do not need to configure the browser for single sign-on. nor can it be exposed or modified.NET\Framework\version\CONFIG\machine.microsoft. Which approach you use. make sure that the account which IIS runs under does not belong to a mapped group. 1. Note: • • Configuring the Aspnet_wp. Clear the Single Sign On is enabled check box on the Windows AD page in the Authentication management area in CMC. Configure the web applications for single sign-on to the database instead of end-to-end single sign-on. 310 BusinessObjects Enterprise Administrator’s Guide . but the password could be exposed or modified. You can run the IIS worker process either under the machine domain account or under a user domain account. refer to the Microsoft web site: www. Note: If configuring the IIS for single sign-on to the database only.exe worker process to run as a domain account. and it may expire. you have to set the Aspnet_wp. For complete information about security risks associated with system or user domain accounts. To configure the IIS5 for single sign-on to databases only Make sure IIS is running as a domain account Set the Aspnet_wp. If you use a user domain account you have more control over the rights for the account. Each approach has advantages and disadvantages: • • If you use a machine domain account. 2. which would result in an error condition. For security reasons.

1.com serverhost For example. but the password could be exposed or modified. If you use a user domain account you have more control over the rights for the account. the password will be automatically generated and won’t expire. Right-click the application pool you created. right-click the machine name and select Application Pool > New.exe worker process to run as a machine or user domain account.com. and it may expire.microsoft.com. To configure the IIS6 for single sign-on to databases only Make sure IIS is running as a domain account. On the Identity tab select LocalSystem from the list. you have to set the w3wp.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3.domainname. e. depends on how you want to manage your system security. c. 2. f. If the machine name for the web server is different from the name that is used to access it. and then click Apply. On the Directory tab select the new application pool name from the list. Right-click InfoView and select Properties. nor can it be exposed or modified. refer to the Microsoft web site: www. Configuring IIS6 for single sign-on to database only To support single sign-on to the database only. d. and select Properties. if access is via www. b. Configuring the w3wp. You can run the IIS worker process either under the machine domain account or under a user domain account. Which approach you use.com but the machine name is web. expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Configure the account for the w3wp. In the Internet Service Manager window. Each approach has advantages and disadvantages: • • If you use a machine domain account.exe worker process: a.domainname. but the account does not have to be trusted for delegation.domainname. In the tree panel on the left. and then click Apply. which would result in an error condition.NET web applications on the web server to run as privileged system accounts. Note: • BusinessObjects Enterprise Administrator’s Guide 311 .exe account to run as a machine domain account will cause all ASP. g. Type in a name for the application pool. For complete information about security risks associated with system or user domain accounts.

config file: • • 3. For security reasons.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • 3.domainname. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. 1.<remove name=”WindowsAuthentication”/> --> 312 BusinessObjects Enterprise Administrator’s Guide .domainname. To do this. make sure that the account which IIS runs under does not belong to a mapped group.config files on the IIS as follows. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Configuring web applications for end-to-end single sign-on In order to use up end-to-end single sign-on. Note: If you want to use single sign-on to the databases instead of end-toend single sign-on.domainname. you have to set both the CMC and InfoView web applications to impersonate the user.config file: • • 2. See “Configuring web applications for single sign-on to the databases” on page 313. you have to set the BusinessObjects Enterprise web applications to not impersonate a user.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web.config as shown: <!-.com serverhost For example.com. you have to configure the BusinessObjects Enterprise web applications to impersonate the user. If the machine name for the web server is different from the name that is used to access it. edit the respective Web. To configure the web applications for full single sign-on Add the following lines to the <system. <identity impersonate="true" /> <Authentication mode="Windows" /> Enable Windows authentication by commenting out the following line in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web. Configuring BusinessObjects Enterprise web applications In order for the end-to-end single sign on to work.com but the machine name is web. if access is via www. See “Configuring web applications for end-to-end single sign-on” on page 312.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web.

config file: • • <identity impersonate="false" /> <Authentication mode="Windows" /> Note: Make sure you set identity impersonate to false. See “Mapping AD accounts” on page 276. See the Platforms. For general information and for information about single sign-on to other supported databases. refer to the database vendors support documentation.txt file included with your product distribution for a complete list of tested database software and version requirements. Users will now be able to log on to BusinessObjects Enterprise by providing their logon credentials in the InfoView or CMC logon dialog box and selecting Windows AD authentication. Note: If you want to use single sign-on to the database only. you have to set BusinessObjects Enterprise web applications to not impersonate the user. edit their Web. BusinessObjects Enterprise Administrator’s Guide 313 . Mapping AD accounts for Kerberos single sign-on In order for the Kerberos single sign-on to work. To do this. Configuring the databases for single sign-on This section provides information that is specific to setting up single sign-on to SQL Server databases. see also “Configuring IIS for single sign-on to databases only” on page 309. by adding the following lines to the <system.web> block in the Web Content\Enterprise 11\WebAdmin\Web. To configure the web applications for single sign-on to the databases Set the CMC to not impersonate the user by adding the following lines to the <system. Note: For security reasons.web> block in the Web Content\Enterprise 11\InfoView\Web. 1. <identity impersonate="false" /> <Authentication mode="Windows" /> Set InfoView to not impersonate the users.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring web applications for single sign-on to the databases If you want to use single sign-on to the databases instead of end-to-end single sign-on. ensure that the mapped groups do not contain the domain account that the IIS is running under.config files on the IIS as follows.config file: • • 2. Once they are logged on. the users will have single sign-on access to the databases associated with BusinessObjects Enterprise. you must map the groups containing the AD users that are to have access to BusinessObjects Enterprise to a BusinessObjects Enterprise group.

Set the machine running SQL Server as follows: • a. and serviceaccount is the name of the SQL Server service account. no additional configuration is required. and then click OK. ensure that the Account is trusted for delegation option has been selected for the account. the system automatically un-registers the SPNs for the LocalSystem account. Add an SPN for the service account of the SQL Server: setspn -A MSSQLSvc/host:port serviceaccount Where host:port is the name of the machine running SQL Server and the port that. Computer is trusted for delegation Click Apply. How to set up security delegation varies. c. the machines running SQL Server database must be trusted for delegation. SQL Server registers itself when it starts and the system registers the SPN. depending on whether SQL Server has been configured to run under the LocalSystem account or under a service account: • If SQL Server is running under the LocalSystem account. If SQL Server is running under a service account. 3. set up the SQL Server service account for security delegation: a. To run SQL Server under a service account In Active Directory. • • In Windows 2000. 2. If you are using Windows 2003. b. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. make sure the following options are selected: • 1. In Windows 2003. Right-click the domain account and select Properties.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring SQL Server for single sign-on In order for Kerberos single sign-on to work. When SQL Server shuts down. you may have to first add a service principal name (SPN) for the domain account. 314 BusinessObjects Enterprise Administrator’s Guide . ensure that the following two options have been selected for the account: Trust this user for delegation to specified service only and Use Kerberos only. you have to configure to be trusted for delegation. On the Accounts tab.

Controlling User Access chapter .

Most importantly. servers. users. Rights allow you to control access to your BusinessObjects Enterprise content. Using rights. 316 BusinessObjects Enterprise Administrator’s Guide . To set rights within the Central Management Console (CMC). you can also take advantage of the inheritance patterns recognized by BusinessObjects Enterprise: users can inherit rights as the result of group membership. the Advanced Rights pages allow you to choose from the complete set of available object rights. to delegate user and group management to different departments. schedule reports. When granted. and other features in BusinessObjects Enterprise. see “Object rights for the Report Application Server” on page 568. For details. the advanced object rights allow you to explicitly deny any user or group the right to perform a particular task. Users require specific licensing and rights to create or modify reports through the Report Application Server (RAS). Each access level grants a set of rights that combine to allow users to accomplish common tasks (such as view reports.13 Controlling User Access Controlling user access overview Controlling user access overview Rights are the base units for controlling users’ access to objects. or server and then you specify the rights for different users and groups. see “Setting common access levels” on page 320. Whether or not you use access levels.” the right is denied by default. or Inherited. and to provide your IT people with administrative access to servers and server groups. When you need to disable inheritance or to customize security levels for particular objects. if a right is left “not specified. or groups. This “denial based” design assists in ensuring that users and groups do not automatically acquire rights that are not explicitly granted. To facilitate administration and maintenance. BusinessObjects Enterprise includes a set of predefined access levels that allow you to set common security levels quickly. applications. The BusinessObjects Enterprise security model is designed such that. Additionally. and both users and groups can inherit rights from parent folders. if contradictory settings result in a right being both granted and denied to a user or group. and so on). Explicitly Denied. each right provides a user or group with permission to perform a particular action. subgroups can inherit rights from parent groups. you first locate the object. users. you can set security levels that affect individual users and groups. Each right can be Explicitly Granted. because they can greatly reduce the complexity of your object security model. user. It is recommended that you use the predefined access levels whenever possible. For more information. the right is denied by default.

you can control users’ access to specific content. BusinessObjects Enterprise Administrator’s Guide 317 . By setting object rights. For objects that can be scheduled. you can also set user and group rights at the folder level. For example. you can use rights to make sure that you are the only one who can access your reports. You control which folders. To facilitate administration. When you set rights at the folder level. program objects. You set security settings at the object level. see “Controlling users’ access to objects” on page 317. you can set rights for each object. report objects. You can set rights for folders. These include the following: • • • • • • • Inherited Rights No Access View Schedule View On Demand Full Control Advanced In addition to setting user and group rights for report objects from the Objects management area.Controlling User Access Controlling users’ access to objects 13 Controlling users’ access to objects To secure the content that you publish to BusinessObjects Enterprise. and other BusinessObjects Enterprise objects. see “Customizing a ‘top-down’ inheritance model” on page 331. and other objects users and groups can access using BusinessObjects Enterprise. the security settings are also reflected in the object instances object. BusinessObjects Enterprise includes a set of predefined rights (“access modes”) that allow you to set common security levels quickly. these limits will be in effect for all objects that inherit rights from the folder (including any objects found within the subfolders). reports. you can grant or deny access to users and groups in your system. For each object. You can ensure that confidential employee records can be accessed only by the human resources department. Setting object rights for users and groups Object rights enable you to set access levels for your users and groups. For detailed information on the different “access modes” for object rights and information on inherited rights. Tip: For detailed tutorials that walk you through sample implementations of object rights.

2. Select an option in the Select Operation list. Click the Rights tab. Click Add/Remove. Select the group(s) or user(s) you would like to add or remove. 5. To add groups or users to an object’s rights settings In the Objects management area of the CMC. 6. 1. 7. 318 BusinessObjects Enterprise Administrator’s Guide . The Rights tab appears. Click the Rights tab. select an object by clicking its link. click the < arrow to remove the group(s) or user(s). To change a group or user’s report rights In the Objects management area of the CMC. The Rights tab appears. Click OK.13 Controlling User Access Controlling users’ access to objects 1. select an object by clicking its link. 2. 4. Click the > arrow to add the group(s) or user(s). 3.

report. You can change the rights for either group by selecting a predefined access level (or by selecting Advanced) from the list in the Access Level column. both groups possess Inherited Rights. then click Update. users have not been specified individually. click Update to effect your changes. or go to the Objects management area in the CMC to view a list of all the objects on the system. If you select Advanced from the list. When you change an entry in the Access Level column. This section shows how to locate the rights for any object and briefly explains the information displayed on the Rights tab. That is. see “Setting advanced object rights” on page 322. instead. Click the link that corresponds to the folder or other object whose rights you want to see. In this example. Click Add/Remove to add or remove a user or group to this object. the Net Access column shows the effective rights that each user or group has to the object. The Object column shows whether the entry is a User or a Group. then click the object’s Rights tab. You can locate any given object in several ways. For more information. Go to the Folders management area in the CMC to browse your folder hierarchy for an object. you grant or deny granular rights from the Advanced Rights page. For more information.Controlling User Access Controlling users’ access to objects 13 3. The Access Level column shows how each user’s or group’s rights are determined. Viewing object rights settings Use the CMC to view the object rights that a user or group has to any folder. The Net Access column is BusinessObjects Enterprise Administrator’s Guide 319 . see “Setting common access levels” on page 320. or other BusinessObjects Enterprise object. In this case. The Name column lists all users and groups who have been given rights to the object. users have been divided into two groups—Everyone and Administrators—which have been granted rights to the folder object. The Net Access column displays the net effect of whatever is selected in the Access Level column. A page similar to the following appears: This example shows the rights for the Report Samples folder. Change the access level for a group or user by selecting a right from the appropriate list in the Access Level column.

when a user is a member of multiple groups. the Everyone group inherits rights from a parent folder—one that is not displayed on this screen. The Net Access column shows that the rights inherited from the parent folder are equivalent to the Schedule access level. Setting common access levels An access level is essentially a predefined set of object rights. Schedule. The Advanced Rights page displays the user’s full array of object rights that have been specified explicitly and/or inherited.” The system then denies the “not specified” rights by default. see “Access levels” on page 565. they do not explicitly deny any object rights. Tip: If you want to view the individual object rights that make up a user’s (or group’s) Net Access. Click Cancel to exit without making changes. each access level builds upon the rights granted by the previous level. you ensure that the user has only that level of access to the object. View On Demand. the best strategy is to set the appropriate rights for users and groups at the folder level first. Instead. In this example. each user in the group will have at least that level of access to the object. For example. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. In other words. he or she inherits the greatest possible rights. see “Customizing a ‘top-down’ inheritance model” on page 331. The available predefined access levels are No Access. see “Setting advanced object rights” on page 322. each access level grants some rights and leaves the other rights “not specified. Thus. For more information. • 320 BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise provides a set of access levels that allow you to set common object security levels quickly. then he or she inherits the combination of each group’s rights. For detailed tutorials that walk you through sample implementations of object rights. Tip: By default. This is important. Then publish objects to that folder. When you assign an access level directly to a user.13 Controlling User Access Controlling users’ access to objects particularly useful when you are working with inheritance. and Full Control. Although access levels grant predefined sets of object rights. Consequently. Access levels are based on a model of increasing rights: beginning with No Access and ending with Full Control. because it allows users to inherit the greatest rights when they belong to multiple groups: • When you assign an access level to a group. you prevent the user from inheriting rights that he or she may have otherwise acquired by virtue of group membership. If the user is a member of multiple groups. View. the Schedule access level includes and adds to the rights that are granted by the View access level. For a complete listing of the object rights that make up each access level. click the corresponding Access Level list and select Advanced.

the user gains the right to refresh data “on demand” against the data source. and remove content as required. and all generated instances of the object. They can also schedule to different formats and destinations. see “Setting advanced object rights” on page 322.Controlling User Access Controlling users’ access to objects 13 This list provides a brief description of each access level: • No Access The user or group is not able to access the object or folder. It is the only access level that allows users to delete objects (folders. set parameters and database logon information. Basically. and all generated instances of each object. For more information. and pause the scheduling of instances that they own. however. The user cannot. and the CMC enforce this right by ensuring that the object is not visible to the user. without being members of the actual Administrators group. • Advanced This access level does not include a predefined set of object rights. Full Control This access level grants all of the available advanced rights. and copy the object or folder. Instead. • Schedule The user or group is able to view the object or folder and its contents. • View If this access level is set at the folder level. InfoView. and to generate instances by scheduling the object to run against the specified data source once or on a recurring basis. If this access level is set at the object level. This access level also allows users to modify all of the object’s properties. the history of the object. BusinessObjects Enterprise Administrator’s Guide 321 . The user or group can view. the user or group is able to view the folder. • • View On Demand In addition to the rights provided by the Schedule access level. the user can view the object. it allows you to customize a user’s or group’s access to an object by selecting from the complete range of available object rights. add contents to the folder. this access level is designed to provide a user or group with administrative control over one or more folders or objects. Users can then log on to the CMC and add. objects. edit. delete. the objects contained within the folder. and instances). schedule the object or refresh it against its data source. including the object rights that are set on the folder or object. pick servers to process jobs. the Publishing Wizard.

the best strategy is to set the appropriate rights for users and groups at the folder level first. You are returned to the object’s Rights tab. Add the appropriate user or group and click OK. View. for instance. 5. 6. Note: In the developer documentation. in the future. Setting advanced object rights To provide you with full control over object security. Tip: For detailed tutorials that walk you through sample implementations of object rights. or if you want to customize the default inheritance patterns. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. see “Customizing a ‘top-down’ inheritance model” on page 331. see “Rights and Access Levels” on page 563.13 Controlling User Access Controlling users’ access to objects Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS). View On Demand. click Add/Remove. access levels are referred to as roles. 322 BusinessObjects Enterprise Administrator’s Guide . For a detailed listing of the object rights that make up each access level. Most importantly. These Advanced settings enable you to choose from a complete set of granular object rights. 1. Click the link to the object. In the Access Level column. Click Update. Then publish objects to that folder. To set an access level for a user or group Go to the Objects or Folders management area of the CMC. use advanced rights to explicitly deny a user or group any right that should not be permitted to change when. The result is an increased flexibility as you define security levels for objects that you have published to BusinessObjects Enterprise. Tip: By default. 2. Locate the object whose rights you want to modify. locate the user or group whose rights you want to specify. Schedule. the CMC allows you to make Advanced object rights settings for any user or group. or Full Control) that is appropriate for the user or group. select the access level (No Access. you make changes to group memberships or folder security levels. and then click its Rights tab. see “Object rights for the Report Application Server” on page 568. 4. If the user or group is not listed. if you need to customize a user’s or group’s rights to a particular object or set of objects. 3. For details. Consequently. Use advanced rights. In the Name column.

For complete details. 1. 4. click Add/Remove. If the user or group is not listed. In the Name column. click the Advanced link in the Net Access column. 3. locate the user or group whose rights you want to specify. This example shows advanced rights being applied to the Guest user for an Employee Profile report. you must disable inheritance entirely when you need to explicitly grant a right that has been denied elsewhere to the user or group. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. The available object rights are displayed in the Advanced Rights page. 2. You are returned to the object’s Rights tab. and then click its Rights tab. see “Priorities affecting advanced inheritance settings” on page 330. BusinessObjects Enterprise Administrator’s Guide 323 . To view or set advanced rights Go to the Objects or Folders management area of the CMC. Add the appropriate user or group and click OK. If the Access Level is already set to Advanced.Controlling User Access Controlling users’ access to objects 13 Note: Because of the relative priorities assigned by BusinessObjects Enterprise to granted and denied rights. 5. Locate the object whose rights you want to modify. Click the link to the object. click the list and select Advanced.

an explicitly denied right always prevents a user from performing the associated action. Again. Currently.” and so on). When you have made your changes on the Advanced Rights page. A user or group can be granted or denied a right by virtue of inheritance.13 Controlling User Access Controlling users’ access to objects The first two options specify which types of inheritance affect the Guest user’s rights to this object. even if its group membership is modified or changed completely. In this example. these rights are not specified. they are neither granted nor denied. 324 BusinessObjects Enterprise Administrator’s Guide . some rights may remain “not specified”—that is. you can explicitly grant or deny any given right. the rights will also change for this report object. it is recommended that you leave as many rights as possible inherited. the Guest user will retain these rights. The Explicitly Granted column shows which actions the Guest user is allowed to perform on this report. the Guest user has two inherited rights (the right to “View document instances that the user owns” and to “Pause and Resume document instances that the user owns”). click OK.” and so on). If an inherited right is labelled as “Not Specified”. Because group inheritance is disabled. if the Guest user’s rights should change on the report’s parent folder. this demonstrates how you can use explicit rights to override a group’s rights for a particular group member. the user or group will automatically inherit the right at this level. so the rights are denied by default. However. or you can specify that you want certain rights to be inherited.) In this example. BusinessObjects Enterprise treats it as having been denied. the Guest user may inherit any rights that he or she has been granted to this report’s parent folder. But. In addition. In this example. The Guest user is currently granted eleven rights to this report (the right to “View objects. because the system automatically updates those rights as you modify and update your security settings throughout the folder and group hierarchies. (And if the right is later granted for a parent group or object. The Inherited column serves as an indicator to show how inherited rights affect the Guest user’s effective rights to this report object. Regardless of any future changes to the user’s group membership. This demonstrates how you can use explicit rights to override a group’s rights for a particular group member.” “Schedule the document to run. The Explicitly Denied column works similarly to the Explicitly Granted column. The remainder of the Advanced Rights page lists all available object rights and shows how each right applies to the Guest user. This demonstrates how inheritance can facilitate future changes to the overall security model. the Guest user has been explicitly denied eleven rights (the right to “Add objects to the folder. To customize the overall security levels.” “Edit objects. Tip: For scalability and manageability. the Guest user cannot inherit rights by virtue of group membership.

Controlling User Access Controlling users’ access to objects 13 Tip: For detailed tutorials that walk you through sample implementations of object rights. the object-specific right “Refresh the report’s data” appears in the Report folder because it only applies to report objects. Base rights and available rights The BusinessObjects Enterprise system defines a set of base rights that apply to all objects in the system. you can reduce the amount of time it takes to secure the content that you have published to BusinessObjects Enterprise. Text. BusinessObjects Enterprise recognizes two types of inheritance: group inheritance and folder inheritance. the “View objects” right is a base right: it applies equally well to folders. Using inheritance to your advantage In regards to object rights. the “Refresh the report’s data” right applies only to report objects. you will find that all of the available rights are displayed for every object on the system. see “Group and folder inheritance” on page 326. such as Crystal report objects. For example. these groups make it easier to see where the rights will be applied. the “Refresh the report’s data” right is displayed for the folder object so that you can grant a user the right to refresh the data in all reports for which the user inherits rights from this folder. The list of available rights includes the base rights and all other object-specific rights that have been provided by particular object types. Additionally. Available rights are displayed for every object on the system for purposes of inheritance. For example. see “Customizing a ‘top-down’ inheritance model” on page 331. For example. In addition to these base rights. each type of object provides an additional set of rights that apply only to that object type. Report. The four groups are General. The Central Management Server (CMS) is the component that keeps track of available rights. For more information. Although certain object-specific rights do not strictly apply to the folder object itself. to reports. These rights are grouped based on what type of file they apply to. and Web Intelligence Document. however. so that you can set object security at the folder level (rather than repeating the same settings for every object in the folder). In other words. On the Advanced Rights pages. you can set up BusinessObjects Enterprise such that you can integrate new users and new content quickly and easily. When you are setting rights for folders. Note: This is only one type of object inheritance. By taking advantage of the ways in which object rights are inherited. BusinessObjects Enterprise Administrator’s Guide 325 . these rights may apply to objects that inherit rights from the folder. and to other BusinessObjects Enterprise objects.

13 Controlling User Access Controlling users’ access to objects To facilitate administration. and you need only set the object rights once. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. Note: If you need to disable or modify inheritance patterns for a particular folder or object within your folder hierarchy. When group inheritance is enabled for a user who belongs to more than one group. By default. Folder inheritance proves especially powerful when you organize BusinessObjects Enterprise content into a folder hierarchy that reflects your organization’s current security conventions. suppose that you create a folder called Sales Reports. Then publish objects to that folder. and you provide your Sales group with View On Demand access to this folder. For detailed tutorials that walk you through sample implementations of object rights. For example. it is recommended that you make your initial settings at the top-level BusinessObjects Enterprise folder and disable inheritance only when necessary. Tip: By default. then Sample User will automatically inherit the appropriate rights for each of the reports and folders that the Sales group has been added to. Consequently. at the folder level. thus. you can do so with access levels or with advanced rights. Consequently. the best strategy is to set the appropriate rights for users and groups at the folder level first. Additionally. 326 BusinessObjects Enterprise Administrator’s Guide . if you create a user called Sample User. every user that has rights to the Sales Reports folder will inherit the same rights to the reports that you subsequently publish to this folder. the user is granted only those rights that are granted in one or more groups (explicitly or through access levels) and never explicitly denied. and the user is denied any right that remains completely “not specified”. Group inheritance proves especially powerful when you organize all of your users into groups that coincide with your organization’s current security conventions. the Sales group will have View On Demand access to all of the reports. and add it to an existing group called Sales. Group and folder inheritance Group inheritance allows users to inherit rights as the result of group membership. The user is denied any right that is explicitly denied in any group. the rights of both groups are considered when the system checks credentials. see “Customizing a ‘top-down’ inheritance model” on page 331. For example. it is recommended that you enable and disable inheritance with access levels whenever possible (instead of with advanced rights). Folder inheritance allows users to inherit any rights that they have been granted on an object’s parent folder.

ensure that both types of inheritance are enabled in the parent folder’s advanced rights settings. The Net Access column now displays the effective rights that the user has to the object. To enable inheritance with an access level Go to the Objects or Folders management area of the CMC. 6. and then click its Rights tab. locate the user or group whose rights you want to specify. or Full Control) that is appropriate for the user. You are returned to the object’s Rights tab. In the Access Level column. 2. In the Name column. Schedule. see “Inheritance with advanced rights” on page 328. locate the user whose rights you want to specify. You can alternatively enable one or both types of inheritance with Advanced rights settings. Because you have disabled all inheritance. you can enable or disable group inheritance. select the access level (No Access. The Net Access column now displays the effective rights that the user or group has inherited for this object. Click Update. 3. In the Access Level column. or both. 5. and then click its Rights tab. Click Update. Locate the object whose rights you want to modify. View. If the user or group is not listed. For details. When applied to a group. the Net Access entry equals the Access Level entry. select Inherited Rights for the user or group. folder inheritance.Controlling User Access Controlling users’ access to objects 13 Enabling and disabling inheritance with access levels With access levels. 5. this procedure does not prevent group members from inheriting rights by virtue of membership in other groups. Locate the object whose rights you want to modify. Go to the Objects or Folders management area of the CMC. 6. Click the link to the object. 4. click Add/Remove. To disable inheritance with an access level Note: This procedure disables group and folder inheritance for a user account. click Add/Remove. 2. see “Setting advanced object rights” on page 322. For details. 1. 3. If the user is not listed. Add the appropriate user or group and click OK. 1. 4. Note: If the entry displayed in the Net Access column is Advanced. View On Demand. BusinessObjects Enterprise Administrator’s Guide 327 . In the Name column. Add the appropriate user and click OK. You are returned to the object’s Rights tab. Click the link to the object.

2. Note: You see the “Username will inherit rights from its parent groups” option if you are setting rights for a user. The CMS immediately denies any right that is explicitly denied. If the user possesses sufficient rights. you can enable or disable group and folder inheritance together or individually. see “Group and folder inheritance” on page 326. As the result. the CMS follows a complex algorithm. To take full advantage of inheritance patterns and Advanced rights settings. Calculating a user’s effective rights When a user attempts to perform an action on a BusinessObjects Enterprise object. the CMS permits the user to perform the requested action. On the Advanced Rights pages. then group inheritance is enabled by default. it is useful to understand not only the types of inheritance that are available. Although the calculations performed by the CMS can become quite complex. the settings for inheriting rights from parent folders or groups serve as powerful tools that allow you to customize inheritance patterns in many ways. For complete details on setting up a system that makes sense for your BusinessObjects Enterprise system. This sequence of steps. The CMS determines 328 BusinessObjects Enterprise Administrator’s Guide . is provided for administrators and/or system architects who prefer to know exactly how the CMS calculates the rights a user has to any object. but also the ways in which a user’s effective rights are calculated by the CMS. and easy to maintain. the CMS determines the rights that the user has to the object’s parent folder. For more information on the two types of inheritance. consistent. or by explicitly applying an Advanced setting in which both types of inheritance are disabled. The CMS checks the rights that have been directly granted or denied to the user’s account. To calculate the user’s effective rights. there are several ways to keep your object security model clear. Tip: If an individual user’s account has not been assigned any rights to the object. and its various possible outcomes. Tip: When modifying inheritance patterns with Advanced rights settings. the CMS determines the user’s rights to that object. If folder inheritance is enabled for the user. you can make all your object rights settings at the group level to save administrative effort. either by explicitly applying a predefined access level. this option does not appear if you are setting rights for a group.13 Controlling User Access Controlling users’ access to objects Inheritance with advanced rights When you apply an Advanced set of object rights to a user or group for a particular object. The algorithm is described here and then illustrated in a different way using pseudocode: 1. keep in mind that you can always assign a user a specific set of rights. see “Customizing a ‘topdown’ inheritance model” on page 331.

you reduce this algorithm to three different steps (1.” 4. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied. In both cases. then the CMS determines the rights that the group has to the parent folder. 3. The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). When you disable folder inheritance for a user. 5. the CMS grants the user only those rights that he or she has been explicitly granted. when both types of inheritance are enabled. If group inheritance is enabled for the user. these rights by ascending the inheritance tree to the level at which the inherited rights begin to take effect. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied. and 5). you reduce this algorithm to three steps (1. and folder inheritance is enabled for a group that the user belongs to. The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). This pseudocode is provided as another way to illustrate and describe the algorithm that the CMS follows in order to determine whether a user is authorized to perform an action on a particular object: IF { (User granted right to object = True) OR [ (Inherit Parent Folder Rights = True) AND (User granted right to parent folder = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to object = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to parent folder = True) ] } BusinessObjects Enterprise Administrator’s Guide 329 .Controlling User Access Controlling users’ access to objects 13 3. When you disable group inheritance for a user. The CMS denies any right that is explicitly denied (even if the right had already been explicitly granted). If group inheritance is enabled for the user. This provides you with the least complicated way of ensuring that a user has only those rights that you have explicitly granted to him or her for a particular object. the CMS determines the rights specified on the object for each of the groups that the user belongs to. As the result. and 5). The CMS completes the algorithm by denying any rights that remain “Not Specified. Thus. When you disable both types of inheritance for a user. you reduce this algorithm to two steps (1 and 5). 2.

For the same folder. To remedy this situation. Because denied rights take precedence. 330 BusinessObjects Enterprise Administrator’s Guide . the Manager user is effectively denied the ability to see the folder. or you could remove the Manager user from the Sales group. In this scenario. Denied rights take precedence over granted rights. you could clear the “Respect current security by inheriting rights from parent groups” check box on the Advanced Rights page for the Manager user. This can cause seemingly contradictory results when inheritance is enabled. The Manager user is a member of the Sales group. there are several important considerations to keep in mind. They have been summarized here for reference. so long as the user account inherits rights from its parent group (Sales). the Manager user is both granted and denied the “See object” right to the folder.13 Controlling User Access Controlling users’ access to objects AND { (User denied right to object = False) AND [ (Inherit Parent Folder Rights = False) OR ((Inherit Parent Folder Rights = True) AND (User denied right to parent folder = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to object = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to parent folder = False)) ] } THEN { User action authorized = True } ELSE { User action authorized = False } Priorities affecting advanced inheritance settings When you modify inheritance patterns with advanced rights. Suppose that the “View objects” right is explicitly denied to a Sales group for a particular folder of reports. these considerations appear elsewhere in this chapter. the “View objects” right has been explicitly granted to a Manager user. and the “Respect current security by inheriting rights from parent groups” check box is selected. Where relevant.

In each tutorial. you decrease the rights of users and groups. Customizing a ‘top-down’ inheritance model With the flexibility offered by object rights. you will specify the object rights that particular groups have to certain folders on the system. As you add folders and subfolders to the system. each user will inherit the appropriate rights for every folder and object on the system. If you do so. On the Advanced Rights page for any object. you reduce the administrative efforts now and later. After finishing each tutorial.Controlling User Access Controlling users’ access to objects 13 Rights that are not specified are denied by default. For details on setting up these groups and subgroups. However. in order to grant access to particular BusinessObjects Enterprise content. as the complexity of any security system increases. the Inherited Rights column may label certain rights as “Not Specified. see “Creating groups for the tutorials” on page 332. You can use your own Enterprise. users and groups cannot access any objects on the system. this section provides two tutorials that shows how to set up object security from the top-level folder (the root folder) down: • “Setting up an open system of decreasing rights” on page 334 This detailed tutorial creates an open security model. By default. To prevent possible security breaches. in order to secure particular BusinessObjects Enterprise content. as required. you can customize your object-level security environment in many ways. This section recommends two general ways of setting up object security such that you achieve the desired security levels without complicating future administrative tasks. As you add folders and subfolders to the system. or LDAP groups when following along with these tutorials. BusinessObjects Enterprise automatically denies rights that are not specified. so too can that system become more difficult and time-consuming to maintain. and advanced rights. By making all of your security settings at the group and folder levels. inheritance. or you can create new groups that correspond to those used in the tutorial. By default. NT. you increase the rights of users and groups. • “Setting up a closed system of increasing rights” on page 346 This shorter tutorial creates the basis for closed security model.” This entry denotes rights that are neither granted nor denied by inheritance. all users and groups are first granted rights to all objects on the system. BusinessObjects Enterprise Administrator’s Guide 331 . as required. you may decide to add users to each group and to publish objects to each folder. To this purpose.

6. Sales Japan. you need only create the Sales group and its Sales USA. 3. Repeat steps 1 to 5 to create another group called Sales. 2. In the Group Name field. The Marketing group is added to the system and the page is refreshed. Sales Managers. 5. The four primary groups are named Administrators. Use this description for the group: This group contains all users who work in Sales (worldwide). and Sales Report Designers. Tip: Click the Users tab if you want to add your own users to this group. type Marketing. and Sales Managers subgroups. In the Description field.13 Controlling User Access Controlling users’ access to objects Creating groups for the tutorials The object security tutorials make use of eight Enterprise groups. The Administrators and Everyone groups are created by default when you install BusinessObjects Enterprise. and Marketing. 332 BusinessObjects Enterprise Administrator’s Guide . Everyone. To create the Sales and Marketing groups Go to the Groups management area of the CMC. Sales. The new group’s Properties tab appears. so these two procedures show only how to create the remaining groups for the tutorials. Sales Japan. The Sales group has four additional subgroups: Sales USA. 4. 1. type This group contains all users who work in Marketing. Note: For the shorter tutorial entitled “Setting up a closed system of increasing rights” on page 346. Click New Group. Click OK.

The Sales USA group is added to the system and the page is refreshed. Click New Group. select Sales. The Sales group is added to the “Sales USA is a member of” list. In the Group Name field. Click OK. To create the Sales subgroups Go to the Groups management area of the CMC. 2. 7. 5. type Sales USA In the Description field. then click the Member of button. Click the Member of tab. In the Available groups list. 3. Tip: Click the Users tab if you want to add your own users to this group. then click the > arrow. 6. as displayed here: BusinessObjects Enterprise Administrator’s Guide 333 . 4. type This group contains all users who work in Sales in the USA. The Modify Member of page appears.Controlling User Access Controlling users’ access to objects 13 1.

Setting up an open system of decreasing rights This tutorial shows how to create an open security model. If you now return to the Groups management area of the CMC. You are returned to the “Member of” tab. Click OK. you decrease the rights of users and groups. The Sales USA group is now a member (or subgroup) of the Sales group. “Setting up a closed system of increasing rights” on page 346. wherein groups of users are first granted rights to all objects on the system by default. 9. 334 BusinessObjects Enterprise Administrator’s Guide . as required.13 Controlling User Access Controlling users’ access to objects 8. all of the new groups are displayed as follows: You are now ready to proceed to either of the object security tutorials: • • “Setting up an open system of decreasing rights” on page 334. Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials. As you add folders and subfolders to the system. Sales Managers This group contains all users who manage a Sales team. Use the following values for the Group Name and Description fields: Group Name Sales Japan Description This group contains all users who work in Sales in Japan. in order to secure particular BusinessObjects Enterprise content. Sales Report Designers This group contains all users who design and publish reports for the Sales teams.

Sales Report Designers require custom administrative privileges to all Sales folders. and management reports: • • • • All Sales staff can view worldwide reports. Administrators require Full Control access to all folders and objects on the system. The Marketing group needs Full Control access to its own set of folders that no other user can access (other than Administrators). The Sales groups need a hierarchy of folders containing worldwide reports. see “Setting up a closed system of increasing rights” on page 346. So. Because some groups plan to add their own reports later. you are creating folders for several groups within your organization.Controlling User Access Controlling users’ access to objects 13 In this scenario. Sales staff can also view reports for their own regions. With this procedure. Changing default rights on the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder. Each subfolder. you minimize the need to repeatedly customize object rights throughout your folder hierarchy. Sales Managers are allowed to refresh most reports against the database to view the most recent data. For a shorter. You have some reports that you want to add to the system immediately. by setting rights here first. If the staff member is also a Manager. This folder serves as the root for all other folders and objects that you add to the system. regional reports. you also need to give some users the ability to add subfolders and to publish reports. report. These are your security requirements for each folder: • • • • • Everyone must be able to view the majority of your reports. he or she can view and refresh reports from all regions. Sales Managers require Full Control access to the management reports. Administrators require Full Control access to all folders and objects on the system. Sales Managers are allowed to refresh most reports against the database to view the most recent data. or other object that you add to this top-level folder will by default inherit rights from this folder. less detailed tutorial. BusinessObjects Enterprise Administrator’s Guide 335 . you set security on the top-level folder in order to meet your first three security requirements: • • • Everyone must be able to view the majority of your reports.

3. To change the rights on the top-level folder Go to the Settings management area of the CMC. Now you will customize the top-level rights for the Sales Managers group. change the Access Level list and click Update. You now need to reduce the rights of the Everyone group and to increase the rights of the Sales Managers. customer list reports. To accomplish this. The Add/Remove page appears. then click OK. Now that you have created an open basis for your object security model. Click Update.13 Controlling User Access Controlling users’ access to objects 1. purchasing order reports. 2. click Add/Remove Groups. 5. Click the Access Level list that corresponds to the Everyone group. you will proceed to restricting access to certain folders within the system. create folders for all of your generally accessible inventory reports. for instance. Administrators. In the Select Operation list. 7. and Sales Managers groups will initially inherit these rights for any folders. your system meets your first three security requirements. Ensure that you grant the Sales Managers group View On Demand access. 336 BusinessObjects Enterprise Administrator’s Guide . 6. By default. and so on. Click Add/Remove. The Everyone. This provides the Sales Managers group with sufficient rights to refresh reports. select Sales Managers. and select View. the Everyone and the Administrators groups are granted access to this folder. The rights for the Everyone group are reduced and the View access level is now displayed in the Net Access column. If necessary. Click the > arrow. You are returned to the Rights tab on the Settings page. Click the Rights tab. 4. you will create a private folder called Marketing Only and ensure that only the appropriate group of users has access to its contents. Decreasing rights to a private folder Another security requirement for this tutorial is that the Marketing group needs Full Control access to their own set of folders that no other user can access. In the Available groups list. subfolders. or reports that you subsequently publish to BusinessObjects Enterprise. You might. 8. Now.

Click the Access Level list that corresponds to the Marketing group. select Marketing. and select Full Control. On the Properties tab. folders. and subfolders. Click the > arrow. To complete this tutorial. 3. To decrease rights to a private folder Go to the Folders management area of the CMC. Next. in the Folder Name field. you will see how to create multiple folders quickly when you publish a set of reports to BusinessObjects Enterprise. 4. The Net Access column shows that you have granted the Marketing group Full Control access to this folder. type This folder is accessible only to Marketing. Click Add/Remove. Click the Rights tab. 12. They can add and delete reports. Before setting the rights for each group. 7. Members of this group now have the ability to perform all tasks in this folder. You are returned to the Rights tab. 2. you will grant the Marketing group Full Control access to this folder. select the following rights for each group: • • • 8. 9. Click New Folder. In the Access Level column. click Add/Remove Groups. The Marketing group is granted access to the folder. Administrators: (Inherited Rights) Everyone: No Access Sales Managers: No Access Click Update. 10. Click Update. You need to change the default setting to grant them Full Control access. Click OK. 11. In the Available groups list. 14. and they can view. then click OK. 5. The Add/Remove page appears. type Marketing Only In the Description field. you need to customize the rights that various Sales groups have to a hierarchical set of Sales folders. 6. The Net Access column shows that you have secured this folder from all users other than Administrators. BusinessObjects Enterprise Administrator’s Guide 337 . In the Select Operation list. and export reports to all available destinations and formats. schedule. 13.Controlling User Access Controlling users’ access to objects 13 1.

Because this tutorial sets up a system of decreasing rights. However. the Sales folders are named and arranged hierarchically as follows: 2.13 Controlling User Access Controlling users’ access to objects Publishing a set of folders and reports The final security requirements for this tutorial are related to the Sales group and its subgroups. you will first create a set of folders that places the most general content at the top of the directory tree. Note: To complete this procedure. depending upon your version of BusinessObjects Enterprise). regional reports. 1. for example. and management reports. If you do not have any of your own reports. if you already have a set of reports. you must place at least one report file in each of the folders that you have created on your local hard drive. The sample reports are typically installed to C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Samples\language \Reports (replace language with. The regional reports will go in subfolders that are accessible only to users who belong to the appropriate regional Sales group. the Publishing Wizard provides the quickest way to add content and create folders at the same time.rpt files) in the new folders on your local hard drive. Arrange your reports (. de. To create a set of folders while publishing reports On your local hard drive. use some of the sample reports included with BusinessObjects Enterprise. Otherwise. You could create this set of folders using the CMC. all Sales staff can view the worldwide reports. In this case. as in the earlier sections of this tutorial. create a set of folders that correspond to the folders you want to add to BusinessObjects Enterprise. They require a hierarchy of folders containing worldwide reports. The management reports will be located in subfolders of each of the regional folders. the Publishing Wizard will not create the appropriate directories on the BusinessObjects Enterprise system. 338 BusinessObjects Enterprise Administrator’s Guide . For this tutorial. en. fr. so the folder for those reports requires the lowest level of security. or jp.

Controlling User Access Controlling users’ access to objects 13 3. In the User Name and Password fields. In the System field. and then click OK. 8. type the name of the CMS to which you want to add objects. start the Publishing Wizard and. From the Authentication list. BusinessObjects Enterprise Administrator’s Guide 339 . click Next. when it appears. 4. 5. 7. Click Add Folders. type your BusinessObjects Enterprise credentials. 6. select the appropriate authentication type. Click Next. Select the top level Worldwide Sales folder that you created on your local hard drive. Select the Include subfolders check box. 9. From the BusinessObjects Enterprise XI Programs group. The Select A File dialog box appears. 10.

Name the folder Worldwide Sales and ensure that it is located at the top of the directory tree. 12. 13. 11. Click Next. All of the reports are added to the list. In the Specify Location dialog box. click New Folder. as shown here: 340 BusinessObjects Enterprise Administrator’s Guide .13 Controlling User Access Controlling users’ access to objects You are returned to the Select A File dialog box. The Specify Location dialog box appears.

see “Publishing with the Publishing Wizard” on page 376. 17. The Specify Folder Hierarchy dialog box appears. Click Next.Controlling User Access Controlling users’ access to objects 13 14. Tip: If you are publishing sample reports for the purpose of this tutorial. The Confirm Location dialog box appears. For more information on the rest of the Publishing Wizard. it displays a summary: 18. When the Publishing Wizard has added the reports and folders to the system. Proceed through the rest of the Publishing Wizard and make any desired changes to your reports. 16. Click Next. 15. The actual report files are arranged in the appropriate folders. Select Duplicate the folder hierarchy to duplicate the local folder hierarchy on the BusinessObjects Enterprise system. and the Managers Only folders will be created as additional subfolders. You can see here that the Regional Sales folders will be created below the Worldwide Sales folder. then click Next. click Next to accept all the default values. BusinessObjects Enterprise Administrator’s Guide 341 . Click Finish to close the Publishing Wizard.

5. In the Select Operation list. you are ready to set the object rights for each level of reporting content. 4. 6. The security requirements are as follows: • • • • All Sales staff can view worldwide reports. click Add/Remove.13 Controlling User Access Controlling users’ access to objects You are now ready to set each Sales group’s object rights for the new set of Sales folders. If the staff member is also a Manager. Click the > arrow. In the Available groups list. On the folder’s Rights tab. You are returned to the Rights tab. Sales Managers require Full Control access to the management reports. click Add/Remove Groups. Tip: Use CTRL+click to select multiple groups. then click OK. 342 BusinessObjects Enterprise Administrator’s Guide . 2. Sales Report Designers require custom administrative privileges to all Sales folders. select Sales and Sales Report Designers. Sales staff can also view reports for their own regions. 3. To set the base rights on the Worldwide Sales folder Go to the Folders management area of the CMC. Click the link to the Worldwide Sales folder. he or she can view and refresh reports from all regions. Setting the base rights on the Sales folders Now that you have used the Publishing Wizard to add reports and create the appropriate folders and subfolders. 1.

You now need to grant the Sales Report Designers group a set of advanced rights. leave the Access Level list with the default settings. 3. uses advanced rights to grant the Sales Report Designers group a particular set of administrative privileges to all Sales folders. 2. clear the “Worldwide Sales” will inherit rights from its parent folders check box. so group members can administer all the Sales folders. • • Modify the rights users have to objects Delete objects BusinessObjects Enterprise Administrator’s Guide 343 . In general. 1. select the following rights: 4. the advanced rights that you specify will be the only rights that group members have to the folder. The Net Access column is updated to show your new security settings.Controlling User Access Controlling users’ access to objects 13 7. Now that you have disabled all rights inheritance. You will use advanced rights to make these changes in the next procedure. To ensure that you completely break all inheritance patterns. In the Access Level list for the Sales Report Designers group. select Advanced. you can accomplish this with the Full Control access level. You will use this page to grant group members a high level of control over the folder and its contents. 8. 5. In the Access Level column. The Advanced Rights page appears. you will not let any group member delete objects that have been added to a Sales folder. Click Apply. however. However. In the Explicitly Denied column. To create a group of Sales folder administrators If you are not already there. Click Update. Creating a group of folder administrators This section of the tutorial shows how to provide a particular group of users with a customized level of administrative control over a set of folders. select the following rights for each group: • • • • • Administrators: Inherited Rights Everyone: No Access Sales: View Sales Managers: Inherited Rights Sales Report Designers: This group requires additional rights to publish content to this folder. go to the Rights tab of the Worldwide Sales folder. For now. This example.

you will proceed to decrease rights as you descend the folder hierarchy. In the Access Level column. select all remaining rights. Click the > arrow. You are returned to the Rights tab for the Worldwide Sales folder. 4. The Net Access column now shows that the Sales Report Designers group has Advanced rights to this folder.JP folder. 7. 3. In the Select Operation list. In the Available groups list. Click OK. For instance. You will use the various Sales groups to decrease rights appropriately for each Regional Sales folder. 6. you could deny the “Define server groups to process jobs” right. Click Add/Remove. In the Explicitly Granted column. select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: No Access 344 BusinessObjects Enterprise Administrator’s Guide . Or. 6. You are returned to the Rights tab of the Regional Sales . Tip: Click the Advanced link in the Net Access column when you need to review or modify a set of advanced rights that have already been applied to a user or group. 5. 1. select Sales Japan. to prevent these folder administrators from copying confidential reports to public folders. If the staff member is also a Manager.JP folder and click its Rights tab.13 Controlling User Access Controlling users’ access to objects Tip: You may choose to explicitly deny additional rights to suit your needs. Decreasing rights to the Sales subfolders Recall that the security requirements for the regional sales reports are as follows: • • Sales staff can view reports for their own region and can refresh these reports against the database to view the most recent data. if you prefer to retain all administrative control over report-processing servers. 2. he or she can view and refresh reports from all regions. Now that you have set object rights on the uppermost Sales folder. you could deny the “Copy objects to another folder” right. then click OK. To decrease rights to the regional Sales folders Go to the Regional Sales . click Add/Remove Groups.

Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights Sales Japan: No Access Sales Managers: Full Control Sales Report Designers: Inherited Rights Click Update.JP folder and click its Subfolders tab. but grant View On Demand access to the Sales USA group (instead of to the Sales Japan group). 8. Click the link to the Managers Only folder and click its Rights tab. Repeat steps 1 to 6 for the Regional Sales .USA folder. The Sales Report Designers retain their advanced rights. The Net Access column shows your new security settings. In the Access Level column. 3. Members who do not belong to one of these groups are completely restricted from the folder. 7. and Sales Report Designers groups all have Full Control access to the folder. 2. Click the link to the Managers Only folder and click its Rights tab.USA folder and click its Subfolders tab. Sales Japan: View On Demand Sales Managers: Inherited Rights Sales Report Designers: Inherited Rights Click Update. The Rights tab of this Managers Only folder now shows that the Administrators. 6. select the following rights for each group: • • • • • • 4. 5. You are now ready to complete the tutorial by customizing security for the final level of Sales folders—the Managers Only folders. which allows them to refresh reports against the database to view the latest data. select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights BusinessObjects Enterprise Administrator’s Guide 345 . In the Access Level column. 1. the Sales Japan and the Sales Managers groups have View On Demand access. To decrease rights to the Managers Only folders Go to the Regional Sales . Go to the Regional Sales . and all other users are prevented from accessing the folder (except for Administrators). Sales Managers. As required.Controlling User Access Controlling users’ access to objects 13 • • • 7.

if users cannot access a top-level folder.13 Controlling User Access Controlling users’ access to objects • • • 8. In this scenario. wherein groups of users are first denied rights to all objects on the system by default. Sales staff can only view reports for their own region. Setting up a closed system of increasing rights This tutorial shows how to set up the basis for a closed security model. These are your security requirements for each folder: • • • The majority of your reports should be inaccessible to most users. you increase the rights of users and groups. adheres to a hierarchical view of the system’s folder structure. The closed security model works best when you deploy a web desktop or other application that provides users with a list of all reports and/or folders to which they have access. Members who do not belong to one of these groups are completely restricted from the folder. they have no way of browsing its subfolders (even if they have Full Control over those subfolders 346 BusinessObjects Enterprise Administrator’s Guide . by contrast. Sales Managers: Full Control Sales Report Designers: Inherited Rights Sales USA: No Access Click Update. The Sales groups need a hierarchy of folders containing management reports and regional reports: • • Only the Sales Managers can view the management reports and all regional reports. you are creating folders for several groups within your organization. The Rights tab of this Managers Only folder shows again that the Administrators. as required. You can access these applications from the Client Samples area of the Crystal Enterprise Launchpad. Administrators require Full Control access to all folders and objects on the system. the results are essentially incompatible with the design of InfoView. You have now reached the end of this tutorial. The sample Report Thumbnail Client and the Inframe Client applications provide examples that are compatible with a closed security model. Thus. Sales Managers. so they can access their BusinessObjects Enterprise content. Because this scenario first completely restricts access to the top-level folders. As you add folders and subfolders to the system. InfoView. and Sales Report Designers groups all have Full Control access to the folder. and then gradually increases access to subfolders further down the folder hierarchy.

This is how you set the basis for a closed security model. more detailed tutorial. For a lengthier. Click the Access Level list that corresponds to the Everyone group. or other object that you add to this top-level folder will inherit rights from this folder by default. Users will. be able to search for reports by name or description. by setting rights here first. however. you have to break all inheritance patterns in order to grant the same right further down the folder hierarchy. This folder serves as the root for all other folders and objects that you add to the system. 3. because once a right has been explicitly denied. and select No Access. Administrators require Full Control access to all folders and objects on the system. So. BusinessObjects Enterprise Administrator’s Guide 347 . they will be unable to browse subfolders once you make this initial security setting. see “Setting up an open system of decreasing rights” on page 334. you set security on the top-level folder in order to meet your first two security requirements: • • The majority of your reports should be inaccessible to most users. This procedure gives the Everyone group No Access to all published content. 1. Each subfolder. Click the Rights tab. Note: If users access reports through BusinessObjects Enterprise. If you implement this closed security model in conjunction with InfoView. Click Update. users will need to search for specific reports by name or description. you minimize the need to repeatedly customize object rights throughout your folder hierarchy. With this procedure. The rights for the Everyone group are reduced and No Access is displayed in the Net Access column. Do not use advanced rights to explicitly deny rights to the Everyone group (or any other group) at the top-level folder of your BusinessObjects Enterprise system. 2. 4.Controlling User Access Controlling users’ access to objects 13 and their contents). report. You need only reduce the rights of the Everyone group. To change the rights on the top-level folder Go to the Settings management area of the CMC. Restricting access from the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder.

To provide minimal access to the management reports Go to the Folders management area of the CMC. 4. select Sales Managers. The Rights tab now shows that the Sales Managers group has View access to this folder and to any objects that you subsequently publish to it. Increasing access by descending the folder hierarchy The remaining security requirements for this tutorial are related to the Sales group and its subgroups. Click New Folder. the Everyone and Administrators groups have inherited the rights that you set on the top-level BusinessObjects Enterprise folder. you create the folder hierarchy and set access levels in order to meet the remaining security requirements: • • 1. On the Rights tab. 2. 6. then click OK. In the Select Operation list. in the Folder Name field. As required. 7. 8. Click the > arrow. Because this tutorial sets up a system of increasing rights. 3. You are returned to the Rights tab of the Management Reports folder. 9. you will increase access to certain folders within the system. and select View. 5. click Add/Remove. Click Update. The Everyone group is prevented from seeing all subsequently published content.13 Controlling User Access Controlling users’ access to objects Now. your system meets your first two security requirements. With these procedures. click Add/Remove Groups. Only the Sales Managers can view the management reports and all regional reports. 10. In the Available Groups list. Click the Access Level list for the Sales Managers group. the most secure content will be stored at the top of the directory tree. Sales staff can only view reports for their own region. type Management Reports Click OK. They require a hierarchy of folders containing management reports and regional reports. The new folder is created and the page is refreshed. 348 BusinessObjects Enterprise Administrator’s Guide . Now that you have created a closed basis for your object security model. On the Properties tab. and the Administrators group retains Full Control in order to maintain the system.

For InfoView. You can grant or deny users access to the Central Management Console. 1. On the Properties tab. 7. The Administrators.JP Click OK. In the Access Level list for the Sales Japan group. you can grant users or groups the ability to: • • • change their preferences organize folders search BusinessObjects Enterprise Administrator’s Guide 349 . 5. in the Folder Name field. In the Available Groups list. click New Folder. Click the > arrow. click Add/Remove Groups. When you finish. 10. Controlling access to applications You can use rights to control users’ access to certain features in BusinessObjects Enterprise applications. The Rights tab now shows that the Sales Japan group has View access to this folder and to any objects that you subsequently publish to it. On the Subfolders tab.USA folder shows that you have set the rights as required for this tutorial. You have now reached the end of this tutorial. 3. Repeat this procedure to create a subfolder called Regional Reports USA and to provide the Sales USA group with View access to the folder. 4. type Regional Reports . select Sales Japan. Click Update. go to the Management Reports folder. To provide selective access to the regional reports If you are not already there. The new folder is created and the page is refreshed.Controlling User Access Controlling access to applications 13 Now you need only create folders for the regional reports and grant access to the appropriate regional Sales groups. 9. Everyone. On the Rights tab. 2. You are returned to the Rights tab of the Management Reports folder. and Sales Managers groups automatically inherit the appropriate rights for this folder. 11. then click OK. 8. click Add/Remove. In the Select Operation list. the Rights tab of the Regional Reports . select View. 6.

if you have already created your users’ folders using a standard naming convention. 7. On the Rights tab. 3. you may want to deny your users the ability to organize their own folders. 4. in the Select Operation list. Click OK. 2. Click the Rights tab. Tip: If you have many users on your system. Click the link for the application whose access rights you want to change. 1. On the Add/Remove page. or Remove Users. 6. select the Add Users operation. Select the user or group you want to grant access to the features. click Advanced. select Add/ Remove Groups.13 Controlling User Access Controlling access to applications • • filter object listings by object type view the Favorites folder For example. 350 BusinessObjects Enterprise Administrator’s Guide . all users have access to these features. 8. then use the “Look for” field to search for a particular account. 5. To grant access to a Business Objects application’s features Go to the BusinessObjects Enterprise Applications management area of the CMC. Note: By default. Click Add/Remove to add users or groups you want to give access to the features. Add Users.

Controlling User Access Controlling administrative access 13 9. Note: For the Web Intelligence application. but you want all server management to be handled by people in your IT department. Explicitly Granted. it can be very helpful to delegate responsibility to other managers and groups. choose Inherited. and server groups. make sure you grant access to the Allows interactive HTML viewing option in order for users to be able use the Interactive view format and use the Query HTML panel. 10. Controlling administrative access In addition to controlling access to objects and settings. For each feature. groups. or Explicitly Denied for the user or group. For example. BusinessObjects Enterprise Administrator’s Guide 351 . Or you may have one administrator who handles high-level management of BusinessObjects Enterprise. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. This section describes how to grant rights for managing users. you may want people from different departments to manage their own BusinessObjects Enterprise users and groups. servers. you can use rights to divide administrative tasks between functional groups within your organization. Click OK. With all of the tasks facing a BusinessObjects Enterprise administrator.

Controlling access to user inboxes When you add a user. the system automatically creates an inbox for that user. see “Rights and Access Levels” on page 563. 9. Select the user or group you want to grant access to the specified user or group. see “Selecting a destination” on page 481. select the Add Users operation. 10. Tip: If you have many users on your system. In the Select Operation list. 2. select Add/Remove Groups. 352 BusinessObjects Enterprise Administrator’s Guide . To choose specific rights. 6. The inbox has the same name as the user. Select the user or group you want to grant access to. 7. change the Access Level for each user or group. You can also send existing report objects or instances to a user’s inbox by using the “Send to” feature. Click Update. then use the “Look for” field to search for a particular account. 1. By default. Add Users. Click the Rights tab. When scheduling a report. Note: For complete details on the predefined access levels and advanced rights. choose Advanced. 3. 5. 8. On the Rights tab. To grant access to a user or group Go to the Users or Groups management area of the CMC. The Add/Remove page appears. as required. Click Add/Remove to add users or groups that you want to give access to the selected user or group. For more information. and “Sending an object or instance” on page 420. User inboxes can serve as destinations for scheduled reports. only the user and the administrator have the right to access a user’s inbox. 4. or Remove Users. Use the following procedure to change the access rights to a user’s inbox as needed.13 Controlling User Access Controlling administrative access Controlling access to users and groups You can delegate user and group administration to the appropriate people in your organization by granting specific access rights. you can specify that you want the system to store the report instances in the inbox of one or more users. Click OK.

3. Controlling access to servers and server groups You can use rights to grant people access to servers and server groups. Click OK. Depending on your system configuration and security concerns. If your server team needs to perform regular server maintenance tasks that require them to shut down and start up servers. 7. To grant a user access to another user’s inbox Go to the Inbox management area of the CMC. change the Access Level for each user or group. Many organizations have a group of IT professionals dedicated to server management. Click the Rights tab. see “Rights and Access Levels” on page 563. Add Users. you may want to limit server management to the BusinessObjects Enterprise administrator. you need to grant them rights to the servers. Click Add/Remove to add users or groups that you want to give access to the selected user or group. Select the user or group you want to grant access to the specified inbox. To choose specific rights. To grant access to a server or server group Go to the Servers or Server Groups management area of the CMC. 3. 1. Click the Rights tab. The Add/Remove page appears. In the Select Operation list. On the Rights tab. However. as required.Controlling User Access Controlling administrative access 13 1. Select the inbox you want to grant access to. 6. or Remove Users. 9. choose Advanced. Or you may want different groups within your organization to have control over their own server management. select Add/Remove Groups. 5. you may need to provide access to other people using those servers. 4. Select the server or server group you want to grant access to. You may also want to delegate BusinessObjects Enterprise server administration tasks to other people. BusinessObjects Enterprise Administrator’s Guide 353 . 10. Click Update. 8. allowing them to perform tasks such as starting and stopping servers. Note: For complete details on the predefined access levels and advanced rights. 2. 2.

see “Rights and Access Levels” on page 563. Click Update. 4. 7. then use the “Look for” field to search for a particular account. as required. click the list and select Advanced. 9. To choose specific rights. Select the user or group you want to grant access to the specified server or server group. Tip: If you have many users on your system. select Add/Remove Groups. locate the user or group whose rights you want to specify. To control who has access to a universe Go to the Universes management area of the CMC. click Add/Remove. Click the Rights tab. Add the appropriate user or group and click OK. 8. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. select the Add Users operation. 5. Click Add/Remove to add users or groups that you want to give access to the selected server or server group. Click OK. 354 BusinessObjects Enterprise Administrator’s Guide . change the Access Level for each user or group. If the Access Level is already set to Advanced. Note: For complete details on the predefined access levels and advanced rights. You are returned to the object’s Rights tab. allowing them to create and view Web Intelligence documents that use universes and connections. Add Users. 1. or Remove Users.13 Controlling User Access Controlling administrative access 4. 3. The Add/Remove page appears. If the user or group is not listed. click the Advanced link in the Net Access column. In the Select Operation list. On the Rights tab. Click the link for the universe. 2. 5. choose Advanced. In the Name column. 6. Controlling access to universes You can use rights to grant people access to universes.

If the user or group is not listed. locate the user or group whose rights you want to specify. 5. click Add/Remove. 3. click the list and select Advanced. To view or set who has access to a specific universe connection Go to the Connections management area of the CMC. To view or set the access levels for all universe connections Go to the Universe Connections management area of the CMC. locate the user or group whose rights you want to specify. click Add/Remove. Add the appropriate user or group and click OK. You are returned to the object’s Rights tab. If the user or group is not listed. In the Name column. In the Name column. 1. allowing them to create and view Web Intelligence documents that use universes and universe connections. click the list and select Advanced. 4. You are returned to the object’s Rights tab. If the Access Level is already set to Advanced. click the Advanced link in the Net Access column. Click the Rights tab. If the Access Level is already set to Advanced.Controlling User Access Controlling administrative access 13 Controlling access to universe connections You can use rights to grant people access to universe connections. Add the appropriate user or group and click OK. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. Click the link for the connection. 2. Click the Rights button. 4. 1. click the Advanced link in the Net Access column. 2. 3. You can either set the rights to all universes by using the Rights button on the Universe Connections page. BusinessObjects Enterprise Administrator’s Guide 355 . or you can set the rights to individual universe connections.

13 Controlling User Access Controlling administrative access 356 BusinessObjects Enterprise Administrator’s Guide .

Organizing Objects chapter .

In the Central Management Console (CMC). such as managers or VPs. 358 BusinessObjects Enterprise Administrator’s Guide . It’s good practice to set up folders that represent a structure that already exists in your organization. For example. and setting appropriate rights for them. BusinessObjects Enterprise provides two methods for organizing content: folders and categories. This organizational model allows you set security on groups of documents based on department or job role.14 Organizing Objects Organizing objects overview Organizing objects overview Creating an intuitive and logical organizational structure is the key to ensuring that your users can find the information they need quickly and easily. By default. new objects that you add to a folder or category inherit the object rights that are specified for the folder or category. Working with folders Folders are objects used to organize documents. you can organize data according to multiple criteria and improve both security and navigation. you can use folders as a tool for controlling access to information. Because you can set security at the folder level. rather than setting them for each report or object. They are useful when there are a number of reports that a department or area requires frequent access to. you could organize your content into departmental folders. or even your database table structure. regions. About folders and categories Folders and categories provide you with the ability to organize and facilitate content administration. because you can set object rights and limits once at the folder or category level. By combining folders and categories. Creating and deleting folders There are several ways to create new folders in BusinessObjects Enterprise. You can use folders to separate content into logical groups. go to the Folders management area to create new folders and to add subfolders to the existing hierarchy of folder objects. such as departments. Then use categories to set up an alternate system of organization. and then use categories to create an alternate filing system that divides content according to different roles in your organization.

Subfolders. This method provides you with an efficient way of creating multiple folders and subfolders at the same time. description. This example creates a new Marketing folder: 4. 2. For details. Go to the Folders management area of the CMC. Creating a new folder This procedure shows how to create a new folder at the top of your folder hierarchy. Limits. The new folder is added to the system. On the Properties tab. see “Publishing with the Publishing Wizard” on page 376. 3.Organizing Objects Working with folders 14 Tip: When you publish local directories and subdirectories of reports with the Publishing Wizard. you can duplicate your local directory structure on the BusinessObjects Enterprise system. 1. BusinessObjects Enterprise Administrator’s Guide 359 . subfolders of the top-level (or root) BusinessObjects Enterprise folder. and its Properties tab is refreshed. You can now use the Objects. Click OK. Folders created in this way are. in effect. Click New Folder. type the name. and keywords of the new folder. and Rights tabs to add objects and to change settings for this folder.

Click New Folder.14 Organizing Objects Working with folders Creating a new subfolder at any level 1. 5. and Rights tabs to add objects and to change settings for this folder. and its Properties tab is refreshed. Subfolders. go to its Subfolders tab. The Subfolders tab appears. type the name and description of the new folder. On the Properties tab. 360 BusinessObjects Enterprise Administrator’s Guide . 4. The initial level of folders is displayed. Limits. You can now use the Objects. Tip: You can browse through existing subfolders to add a new folder elsewhere in the folder hierarchy. The new folder is added to the system. click the link to the folder where you want to add a subfolder. 2. Click the Subfolders tab. Go to the Folders management area of the CMC. In the Title column. 6. When you have found the right parent folder. Click OK. 3.

1. 2. the copy inherits the object rights that are set on its new parent folder. To delete folders Go to the Folders management area of the CMC. For instance. Tip: Select multiple check boxes to copy or move several folders from their parent folder to a different folder. For instance. 2. Tip: Select multiple check boxes to delete several folders from their parent folder. all subfolders. locate its parent folder. and other objects contained within it are removed entirely from the system. depending upon whether you copy or move the folder: • When you copy a folder. the Sales folder will remain inaccessible to most users. To copy or move a folder Go to the Folders management area of the CMC. Click Delete. if you move a private Sales folder into a publicly accessible folder. When you move a folder. Instead. reports. all of the folder’s object rights are retained. 3. locate its parent folder. the newly created folder does not retain the object rights of the original. BusinessObjects Enterprise Administrator’s Guide 361 .Organizing Objects Working with folders 14 Deleting folders When you delete a folder. Copying and moving folders When you copy or move a folder. the objects contained within it are also copied or moved. • 1. If the folder you want to copy or move is not at the top level. the contents of the new Sales folder will be accessible to all users who have rights to the Public folder. Select the check box associated with the folder you want to delete. Then make your selection on the parent folder’s Subfolders tab. BusinessObjects Enterprise treats the folder’s object rights differently. If the folder you want to delete is not at the top level. and click OK to confirm. if you copy a private Sales folder into a Public folder. Select the check box associated with the folder that you want to copy or move. Then make your selection on the parent folder’s Subfolders tab.

4. Tip: If there are many folders on your system.14 Organizing Objects Working with folders 3. see “Publishing overview” on page 374. Next. The folder you selected is copied or moved. Click Copy/Move. Adding a report to a new folder You can add objects individually to any folder in a number of ways. 6. The Copy/Move Folder page appears. to the new destination. or click Previous. as requested. Copy to: Makes a copy of the folder. Move to: Moves the folder. Select the action to perform: • • 5. Click OK. Select the Destination folder from the list. use the “Look for” field to search. For complete information on publishing reports and other objects. Follow this procedure to add a report to a new folder that you have just created. and Show Subfolders to browse the folder hierarchy. 362 BusinessObjects Enterprise Administrator’s Guide .

Click New Object. 4. open the report in Crystal Reports and click Summary Info on the File menu. Preview the first page of the report and save your changes. 3. clear the Generate thumbnail for the report check box. If you do not know the path. Select the “Save preview picture” check box and click OK. To add a report to a new folder Once you’ve created the new folder. type the full path to the report. in the File name field. On the Report tab. The New Object page appears.Organizing Objects Working with folders 14 1. BusinessObjects Enterprise Administrator’s Guide 363 . Tip: To display thumbnails for a report. click its Objects tab. 2. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. click Browse to perform a search.

6. To specify rights for a new folder Once you’ve created the new folder. For details about setting up the BusinessObjects Enterprise Repository. or click Previous. For complete information on object rights. select the Use Object Repository when refreshing report check box to update these objects now. Tip: If there are many folders on your system. click its Rights tab. and Show Subfolders to browse the folder hierarchy. 7. see “BusinessObjects Enterprise Repository overview” on page 174. If the report references objects in your BusinessObjects Enterprise Repository. Specifying folder rights Follow this procedure to change the object rights for a new folder that you have just created. Click OK. Click Add/Remove to add groups or users to this folder. The report is published to BusinessObjects Enterprise. The Add/Remove page appears. Next. Ensure that the correct folder name appears in the Destination field.14 Organizing Objects Working with folders 5. 364 BusinessObjects Enterprise Administrator’s Guide . By default. 1. 2. use the “Look for” field to search. see “Controlling users’ access to objects” on page 317. new objects that you add to a folder inherit the object rights that are specified for the folder.

Organizing Objects Working with folders 14 3. Click Update. Limits that you set on a folder affect all objects that are contained within the folder. Follow this procedure to enforce default limits on a folder that you have just created. see “Controlling users’ access to objects” on page 317. Setting limits for folders. then use the “Look for” field to search for a particular account. 5. you can also limit the number of days that an instance remains on the system for a user or group. At the folder level. In the Select Operation list. select Add/Remove Groups. Add Users. You are returned to the Rights tab. 4. and groups Limits allow you to delete report instances on a regular basis. For more information on limits. 6. see “Setting instance limits for an object” on page 498. The example above shows the options that are available when you are working with groups. BusinessObjects Enterprise Administrator’s Guide 365 . select the Add Users operation. The page is refreshed and displays options that depend upon whether you are working with users or with groups. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the folder. as required. or Remove Users. users. Note: For complete details on the predefined access levels and advanced rights. Click OK. you can limit the number of instances that remain on the system for each object or for each user or group. Tip: If you have many users on your system. 7. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. Change the Access Level for each user or group.

click Add/Remove in this area.14 Organizing Objects Working with folders 1. and click Update after each change. Then type the maximum number of instances that you want to remain on the system.) • Delete instances after N days for the following users/groups To limit the age of instances per user or group. The available settings are: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object. click its Limits tab. 2. To limit instances at the folder level Once you’ve created the new folder. (The default value is 100. (The default value is 100. (The default value is 100. Modify the available settings according to the types of instance limits that you want to implement. select this check box.) 366 BusinessObjects Enterprise Administrator’s Guide .) • Delete excess instances for the following users/groups To limit the number of instances per user or group. Select from the available users and groups and click OK. click Add/Remove in this area. Then type the maximum number of instances in the Instance Limit column. Select from the available users and groups and click OK. Then type the maximum age of instances in the Maximum Days column.

two settings have been combined to keep a maximum of 50 instances of any object in the folder.) 1. 2. These folders are organized within the CMC as User Folders. click the Subfolders tab. Unless you have View access (or greater) to a subfolder. When you log on to the CMC and view the list of User Folders. By default. he or she is redirected immediately to his or her Favorites folder. it will not appear in the list. A list of subfolders appears. To view the User Folders Go to the Folders management area of the CMC. there are User Folders for the Administrator and Guest accounts. (Users can change this default behavior my modifying their Preferences. Click the User Folders link. When a user logs on to BusinessObjects Enterprise. and to keep a maximum of 25 instances that belong to any member of the Administrators group. Within InfoView. If it is not already displayed. you will see only those folders to which you have View access (or greater). BusinessObjects Enterprise Administrator’s Guide 367 . Managing User Folders BusinessObjects Enterprise creates a folder for each user on the system. 3. Each subfolder corresponds to a user account on the system. these folders are referred to as the Favorites folders.Organizing Objects Working with folders 14 In this example.

3. Subcategories. Creating a new subcategory at any level 1.x” on page 390. Creating a new category 1. BusinessObjects Enterprise provides two types of categories: • • Administrative (or corporate) categories are created by the administrator. Go to the Categories management area of the CMC. you can create administrative categories. categories are objects used to organize documents. 2. If you have the appropriate rights. 4. You can associate documents with multiple categories. and its Properties tab is refreshed. Note: For information about importing existing categories. go to the Categories management area to create new categories and to add subcategories to the existing hierarchy of category objects. Creating and deleting categories There are several ways to create new categories in BusinessObjects Enterprise. Click New Category. Go to the Categories management area of the CMC. click the link for the category where you want to add a subcategory. The new category is added to the system. On the Properties tab. In the Central Management Console (CMC). 368 BusinessObjects Enterprise Administrator’s Guide .14 Organizing Objects Working with categories Working with categories Like folders. Click Update. and you can create subcategories within categories. type the name and description of the new category. You can now use the Documents. and Rights tabs to add objects and to change settings for this category. or other users who have been granted access to these categories. 2. In the Title column. The initial level of categories is displayed. Personal categories can be created by each user to organize their own personal documents. see “Importing information from BusinessObjects Enterprise 6.

If the category you want to delete is not at the top level. 4. Then make your selection on the parent category’s Subcategories tab. Deleting categories When you delete a category. locate its parent category.Organizing Objects Working with categories 14 3. 1. To move a category Go to the Categories management area of the CMC. Moving categories When you move a category. go to its Subcategories tab. type the name and description of the new folder. On the Properties tab. 3. Select the check box associated with the category you want to delete. Then make your selection on the parent category’s Subcategories tab. Unlike folder deletion. 2. When you have found the right parent category. All of the category’s object rights are retained. and click OK to confirm. 2. To delete categories Go to the Categories management area of the CMC. the reports and other objects contained within the category are not deleted from the system. and its Properties tab is refreshed. the Sales category will remain inaccessible to most users. Tip: You can browse through existing subcategories to add a new category elsewhere in the hierarchy. The new category is added to the system. 1. Tip: Select multiple check boxes to delete several categories from their parent category. BusinessObjects Enterprise Administrator’s Guide 369 . You can now use the Documents. and Rights tabs to add objects and to change settings for this category. Click the Subcategories tab. 5. For instance. Click Update. Click Delete. any object assigned to the category maintains its association with it. Subcategories. If the category you want to move is not at the top level. locate its parent category. Click New Category. all subcategories within it are remove entirely from the system. Select the check box associated with the category that you want move. if you move a private Sales category into a publicly accessible category. 6.

The category you selected is moved to the new destination. The Move page appears. For complete information on publishing reports and other objects. click its Documents tab. 1. 3. Click the Objects tab. see “Publishing overview” on page 374. Select the Destination category from the list. To add a report to a new category Once you’ve created the category. 5. 2.14 Organizing Objects Working with categories Tip: Select multiple check boxes to copy or move several categories from their parent category to a different category. Tip: If there are many categories on your system. you remove it from the category and also delete it from the system. 4. 1. Click New Document. 370 BusinessObjects Enterprise Administrator’s Guide . When you remove an object. 3. Click the link for the category from which you want to remove or delete an object. Adding an object to a new category You can add objects individually to any category in a number of ways. Select the check box for the object or objects you want to remove or delete. When you delete an object. use the “Look for” field to search. or click Previous. Follow this procedure to add a report to a new category that you have just created. and Show Subcategories to browse the category hierarchy. you remove it from the category only. The New Document page appears. To remove or delete objects from a category Go to the Categories or Personal Categories management area of the CMC. Click Move. 4. Click OK. Next. Removing or deleting objects from a category You can either remove or delete objects from a category. 2.

the object continues to exist in the system. By default. 6. select Add/Remove Groups. For complete information on object rights. To specify rights for a new category Once you’ve created the category. 3. You are returned to the Rights tab.Organizing Objects Working with categories 14 5. 5. 4. Click OK. click its Rights tab. new objects that you add to a category inherit the object rights that are specified for the category. In the Select Operation list. Click Delete to remove the object from the category and at the same time delete it from the system. Note: For complete details on the predefined access levels and advanced rights. Click Update. Add Users. The Add/Remove page appears. as required. Click Add/Remove to add groups or users to this category. The example above shows the options that are available when you are working with groups. or Remove Users. Tip: If you have many users on your system. select the Add Users operation. BusinessObjects Enterprise Administrator’s Guide 371 . Change the Access Level for each user or group. Specifying category rights Follow this procedure to change the object rights for a new category that you have just created. In this case. 2. then use the “Look for” field to search for a particular account. see “Controlling users’ access to objects” on page 317. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the category. 1. Click either of the following buttons. see “Controlling users’ access to objects” on page 317. depending on what you want to do: • • Click Remove to remove the object from the category only. The page is refreshed and displays options that depend upon whether you are working with users or with groups. 7.

A list of the user’s personal categories appears. 2. see “Managing User Accounts and Groups” on page 249. 372 BusinessObjects Enterprise Administrator’s Guide . edit. Click the user account whose personal categories you want to view. you can view. 1.14 Organizing Objects Working with categories Managing personal categories If you are granted the appropriate rights. and delete users’ personal categories. To view the Personal Categories Go to the Personal Categories management area of the CMC. For more information.

Publishing Objects to BusinessObjects Enterprise chapter .

When you publish an object to BusinessObjects Enterprise. see “Publishing with the Central Management Console” on page 385. which consist of report and/or program objects. Microsoft Word files. an entry is made in the Central Management Server (CMS) database. Taking care of other administrative tasks. You can publish objects to BusinessObjects Enterprise in three ways: • Use the Publishing Wizard when you: • • • Have access to the locally installed application. When a user schedules an instance of any object. Creating other objects with BusinessObjects Enterprise plug-in components. Use the Central Management Console (CMC) when you are: • • • • Publishing a single object. The Input File Repository Server stores the new object below the \Enterprise\FileStore\Input\ data\ directory. Thus. For details. For details. 374 BusinessObjects Enterprise Administrator’s Guide . Using the OLAP Intelligence Application Designer. OLAP Intelligence. Performing tasks remotely. BusinessObjects Enterprise queries the CMS for the location of the object file. rich text format files. Save directly to your Enterprise folders when you are: • • • Designing reports with Crystal Reports.15 Publishing Objects to BusinessObjects Enterprise Publishing overview Publishing overview Publishing is the process of adding objects such as reports to the BusinessObjects Enterprise environment and making them available to authorized users. Adobe Acrobat PDFs. see “Saving objects directly to the CMS” on page 387. For details. programs. only these three types of objects have instances. the appropriate server component then retrieves and processes the object file from the Input File Repository. The processed instance is stored by the Output File Repository Server below the \Enterprise\FileStore\Output\data\ directory. see “Publishing with the Publishing Wizard” on page 376. Microsoft PowerPoint files. text files. Are adding multiple objects or an entire directory. as well as object packages. Note: Only reports. Microsoft Excel files. and hyperlinks. and object packages can be scheduled. programs. There are several types of objects that you can publish to BusinessObjects Enterprise: reports (from Crystal Reports. and Web Intelligence).

this affects when data is refreshed and what data users see. each of them being generated by hitting the Page Server and database. Each unique report page is cached separately. Once published to BusinessObjects Enterprise. Multiple users generating reports at the same time increases the load on the system and the number of times the database is hit. The report instance is static (contains saved data) and is stored on the Cache Server. or have frequent data changes. Benefits • • Users view the same instance of the report. The report instance the users see is based on the selection criteria (parameters and record selection formulas) and schedule set by the administrator. It’s possible that the Cache Server can contain many copies of the cached report. (You cannot schedule OLAP Intelligence reports (CAR files). You can choose to set a schedule (recurring). processed. and displayed in version XI format. Publishing options During the publishing process. or you can choose to let users set the schedule themselves (on demand). require separate database logon credentials. Benefits • • • Users are able to determine the frequency in which the data in the report is updated. Drawbacks • • Allowing users to update the data in the report (on demand) This option is recommended for smaller reports that use parameters and selection formulas.Publishing Objects to BusinessObjects Enterprise Publishing overview 15 Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. For RPT report files. reducing the number of times the database is hit (and thus system resources are used more effectively).) Each publishing option has potential benefits and drawbacks: • Specifying the data that users see (recurring) This option is recommended for objects that are accessed by a large number of people and that do not require separate database logon credentials. you specify how often an object is run. reports are saved. allowing multiple users to access the report at the same time. Drawbacks BusinessObjects Enterprise Administrator’s Guide 375 .

Adding objects 1. depending on the type of object you are adding. The wizard is made up of a series of screens. click either Add Files or Add Folders.rpt). This section of the guide features a series of procedures to help you through the Publishing Wizard. For example. 4. Navigate to and select the object you want to add. In the System field. 2. In the Select Files dialog box. Only the screens applicable to the objects or folders you are publishing appear. Logging on to BusinessObjects Enterprise 1. If you are adding a folder. In the User Name and Password fields. 5. Click Next. Click Next. 6. The Select Files dialog box appears. Click Next. 3. From the Authentication list. Once the object has been published. the settings for parameters and schedule format do not appear when you publish OLAP Intelligence applications. type your BusinessObjects Enterprise credentials. Repeat steps 1 and 2 for each of the objects you want to add. From the BusinessObjects Enterprise XI program group. click Publishing Wizard. 3. 376 BusinessObjects Enterprise Administrator’s Guide . Tip: Ensure the appropriate file type is listed in the Files of type field. you may not be able to publish objects using the Publishing Wizard. select the appropriate authentication type. you can choose to also add its subfolders by selecting the Include Subfolders check box. it will appear in the folder you specified in InfoView (or other web desktop) and in the Objects management area of the CMC. 4. by default this value is set to Report (*. type the name of the CMS to which you want to add objects. Note: Depending on the rights assigned by your BusinessObjects Enterprise administrator.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Publishing with the Publishing Wizard The Publishing Wizard is a locally installed. 32-bit Windows application. 2.

existing folders are yellow. Only the folders that you have full control access to will appear. select the item and click the Delete button. BusinessObjects Enterprise Administrator’s Guide 377 . The new object package appears and can be renamed.) If you are adding multiple objects and want to place them in separate directories. Creating and selecting a folder on the CMS To add the selected objects. (New folders are green. click the folder you want to add the objects to. The new folder appears and can be renamed. see “Duplicating the folder structure” on page 378. The Specify Location dialog box appears. Click Next. choose a file type for each unrecognized object. you can delete only new folders and object packages. To add a new folder to the CMS. you must create or select a folder on the host CMS. then click Next. Click + to the left of the folder to view the subfolders. Note: From the wizard. select a parent folder and then click the New Object Package button. 2. In the Specify Location dialog box. To add a new object package to the CMS. 1. The Confirm Location dialog box appears. select a parent folder and then click the New Folder button. To delete a folder or object package.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 Note: If the Specify Object Type dialog box appears.

Duplicating the folder structure If you are adding multiple objects from a directory and its subdirectories. you are asked if you want to duplicate the existing folder hierarchy on the CMS. Click Next when you are finished. And you can right-click objects to rename them. 2. You can drag-and-drop objects to place them where you want. You can display the objects’ local file names by clicking the “Show file names” button. To place all of the objects in a single folder. choose a folder hierarchy option. 378 BusinessObjects Enterprise Administrator’s Guide . move objects to the desired folders by selecting each object and then clicking Move Up or Move Down. select Put the files in the same location. By default. objects are displayed using their titles. 1. In the Specify Folder Hierarchy dialog box.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Moving objects between folders 1. The Specify Categories dialog box appears. In the Confirm Location dialog box. To delete a folder or object packages. select it and click the Delete button. You can also add folders and object packages by selecting a parent folder and clicking the New Folder or New Object Package button.

Click Next. 1. 2. The Confirm Location dialog box appears. Note: This dialog box appears only for objects that can be scheduled. BusinessObjects Enterprise Administrator’s Guide 379 . Click Next. 2. In the File list. choose the object that you want to add to the category.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 To recreate all of the folders and subfolders on the CMS as they appear on your hard drive. and/or object package that you are publishing to run at specific intervals. select the object you want to schedule.) 3. existing categories are blue. To add a new category to the CMS. then click the Insert File button. program. In the Specify Schedule dialog box. 1. Choose the topmost folder that you want to include in the folder hierarchy. Select one of three intervals: • Run once only Selecting the “Run once only” option provides two more sets of options: • when finished this wizard This option runs the object once when you’ve finished publishing it. Note: From the wizard. Changing scheduling options The Specify Schedule dialog box allows you to schedule each report. select the item and click the Delete button. you can create or select a category on the host CMS. In the Specify Categories dialog box. you can delete only new categories. The new category appears and can be renamed. To delete a category or to remove an object from a category. Click + to the left of the folder to view the subfolders. The object is not run again until you reschedule it. Adding objects to a category If you want to add the selected objects to a category. 2. click the category you want to add the objects to. select Duplicate the folder hierarchy. select a parent category and then click the New Category button. The Specify Schedule dialog box appears. (New categories are green.

and custom SQL commands. The “Pick a recurrence schedule” dialog box appears. To complete this task. click the Set Recurrence button to set the scheduling options. Click Next after you have set the schedule for each object you are publishing. Refreshing repository fields The BusinessObjects Enterprise Repository is a central location which stores shared elements such as text objects. 1. Select the appropriate options and click the OK button. The options in this dialog box allow you to choose when and how often the object runs. and then select the Use Object Repository when refreshing report check box if you want to refresh it against the repository. Instead. bitmaps.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard • • • at the specified date and time This option runs the object once at a date and time you specify. You can choose to refresh an object’s repository fields if the object references the repository. Click Next when you are finished. see “BusinessObjects Enterprise Repository overview” on page 174. Tip: Click the Enable All button if you want to refresh all objects that reference the repository. Note: The Specify Repository Refresh dialog box appears only when you publish report objects. For details about program objects and program object types. Run on a recurring schedule Once you have selected this option. For details. select a report. 380 BusinessObjects Enterprise Administrator’s Guide . it leaves the task of scheduling up to the user. 3. Let users update the object This option does not schedule the object. click the Disable All button if you want to refresh none of the objects. the Publishing Wizard needs to connect to your BusinessObjects Enterprise Repository database from the local machine. The object is not run again until you reschedule it. see “What are report objects and instances?” on page 425. In the Specify Repository Refresh dialog box. custom functions. universes. 2. Selecting a program type The Program Type dialog box appears only when you publish program objects.

Once you have specified the user credentials for each program to run as. Specifying program credentials 1. .jar file extension. 3. • • 3. Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. The Program Credentials dialog box appears. select a program. They generally have file extensions such as: . You can publish any executable program that can be run from the command line on the machine where the Program Job Server is running.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 1.com. To publish objects without making modifications Select Publish without modifying properties. The rights of the program are limited to those of the account that it runs as. Changing default values You can publish objects without changing any of the default properties. .bat. Click Next through the wizard’s remaining dialog boxes. or you can go through the remaining screens and make changes. Specify one of three program types: • Binary/Batch Binary/Batch programs are executables such as binary files.exe.sh. your object may not schedule properly if the database logon information is not correct. They generally have a . click Next. BusinessObjects Enterprise Administrator’s Guide 381 . In the Program Credentials dialog box. Once you have specified the type of each program you are adding. select a program. In the Program Type dialog box. batch files. 2. or shell scripts. The Change Default Values dialog box appears. 2. Note: If you use the default values. specify the user credentials for the account for the program to run as. or if the parameter values are invalid. 2. . 1. In the User Name and Password fields. click Next. Script Script program objects are JScript and VBScript scripts.

The Specify Database Credentials dialog box appears if it is needed. or click + to the left of the object to expose the database. select the object you want to modify. 2. 4. Tip: The “Generate thumbnail image” check box is available only if the object is an RPT file and was saved appropriately. In the Review Object Properties dialog box. double-click the object. 1. To review or modify objects before publishing Select Review or modify properties. In the Specify Database Credentials dialog box.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 1. Select the Generate thumbnail image check box if you want users to see a thumbnail of a report object before they open it. 382 BusinessObjects Enterprise Administrator’s Guide . 3. Select the “Save preview picture” check box and click OK. To display thumbnails for a report. Preview the first page of the report and save your changes. Click Next. Entering database logon information Some objects use data sources that require logon information. Changing object properties 1. Enter a new title or description. follow these steps. The Review Object Properties dialog box appears. open the report in Crystal Reports and click Summary Info on the File menu. 2. Click Next. If objects you are adding are of this type.

different dialog boxes appear. In the Set Report Parameters dialog box. For example. Microsoft Excel. 3. Click Next. The object’s prompts and default values appear in a list on the right-hand side of the screen. 1. Note: Enter user name and password information carefully. 3. BusinessObjects Enterprise Administrator’s Guide 383 . then click Set Prompts to NULL. Where applicable. 4. you can customize the schedule format options. Setting parameters Some objects contain parameters for data selection. select the object whose prompts you want to change. In the Specify Format dialog box. Microsoft Word. Click Edit Prompt to change the value of a prompt. Setting the schedule output format You can choose an output format for each scheduled report that you publish. Select a format from the list (Crystal Report. the object cannot retrieve data from the database. Before such an object can be scheduled. 3. and so on). Depending on the type of parameter you have chosen. select the object whose schedule format you want to change. For some of the formats. click Next.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 2. Once you have completed the logon information for each object using a different database. Adobe Acrobat. 2. customize the schedule format options. 1. you must set the parameters in order to determine the default prompts. If the database does not require a user name or password. 2. Select the database and change the logon information in the appropriate fields. The Set Report Parameters dialog box appears if it is needed. Click Next after you have finished editing the prompts for each object. If you want to set the prompts to contain a null value (where possible). enter the number of lines per page. If it is entered incorrectly. if you select Paginated Text. leave the fields blank. The Specify Format dialog box appears.

15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Adding extra files for programs Some programs require access to other files in order to run. 2. To view the details for an object. Specifying command line arguments For each program. 1. 2. 2. 1. Select a program. select it from the list. The Command line for Program dialog box appears. without parsing. Once you have added all necessary extra files for each program. you can specify any command-line arguments supported by your program’s command-line interface. Finalizing the objects to be added After you have provided all of required information for the objects. Once you have specified all necessary command-line arguments for each program. After ensuring all the objects you want to publish have been added to the list. click Next. and run as specified. Click Finish to close the wizard. 3. Click Add to navigate to and select the necessary file. 1. scheduled. The objects are added to the CMS. click Next. They are passed directly to the command-line interface. In the Command line area. the Publishing Wizard displays a final list of the objects that it is going to publish. 3. Select a program. When the processing is done. using the same format you would use at the command line itself. click Next. type the command-line arguments for your program. 384 BusinessObjects Enterprise Administrator’s Guide . you are returned to the final screen of the Publishing Wizard. 3.

1. 2. 4. The New Object page appears. with the Report properties displayed. To add an object with the CMC Go to the Objects management area of the CMC.Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console 15 Publishing with the Central Management Console If you have administrative rights to BusinessObjects Enterprise. Click New Object. BusinessObjects Enterprise Administrator’s Guide 385 . you can publish objects over the Web from within the CMC. On the left side of the page. click the type of object you want to add. Enter the object’s properties. 3.

Microsoft PowerPoint. Java. Run JScript and VBScript programs as Script program objects. Hyperlink Object Package. Type the URL address of the page you want the hyperlink object to link to. Text. Use Object Report Repository when refreshing report Program Type Program Select this option to automatically refresh an object's repository fields against the repository each time the report runs. Title Description Generate thumbnail for the report Type the name of the object. Select the “Save preview picture” check box and click OK. Microsoft Word. 386 BusinessObjects Enterprise Administrator’s Guide . or Script.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console The properties that appear vary according to the type of object you are adding: Property File name Object Types Report. Preview the first page of the report and save your changes. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. Program. Hyperlink Report Description Type the full path to the object. Tip: • • • URL Hyperlink Run Java programs as Java program objects. clear the “Generate thumbnail for the report” check box. Select Executable. open the report in Crystal Reports and click Summary Info on the File menu. or click Browse to perform a search. Microsoft Excel. Run all other programs as Executable program objects. Adobe Acrobat. Tip: To display thumbnails for a report. Type a description of the object. Rich Text Object Package.

and so on. log on to the Central Management Server (CMS). If you want to place the object in a category. Ensure that the correct folder or object package name appears in the Destination field. select it and click Show Subfolders. use the Look For field. the CMC displays the Properties screen. user rights. When the object has been added to the system. BusinessObjects Enterprise Administrator’s Guide 387 . the database logon information. when prompted. you can now modify the object’s properties. after designing a report in OLAP Intelligence. then. In the Save As dialog box. you can use the Save As command to add objects to BusinessObjects Enterprise from within the designer itself. If necessary. Note: Only report and program objects can be published to object packages. For instance. such as Crystal Reports or OLAP Intelligence.Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 15 5. select the category from the list. 7. click Save As on the File menu. 6. To search for a specific folder or object package. Click OK. Tip: • • To expand a folder. Specify the folder where you want to save the report and click Save. click Enterprise Folders. scheduling information. Saving objects directly to the CMS If you have installed one of the Business Objects designer components. such as its title and description.

15 Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 388 BusinessObjects Enterprise Administrator’s Guide .

Importing Objects to BusinessObjects Enterprise chapter .

But a user-level “must change password at next log on” restriction is imported with the user account. Web Intelligence documents. For procedural details. In general. but you can use it to import information from a source environment that is running on Windows or UNIX to a new BusinessObjects Enterprise system that is running on Windows or on UNIX.x” on page 390 “Importing information from Crystal Enterprise” on page 396 “Importing information from Crystal Info” on page 400.16 Importing Objects to BusinessObjects Enterprise Importing information Importing information The Import Wizard is a locally installed Windows application that allows you to import existing user accounts. folders. For details. see “Importing with the Import Wizard” on page 402. see the section for the product from which you are importing information: • • • “Importing information from BusinessObjects Enterprise 6.x If you have upgraded from BusinessObjects Enterprise 6. depending upon the product from which you are importing information. the Import Wizard imports settings that are specific to each object. You can import information from any of these products: • • • • • • • BusinessObjects Enterprise XI BusinessObjects Enterprise 6. rather than global system settings.x Crystal Enterprise 10 Crystal Enterprise 9 Crystal Enterprise 8. use the Import Wizard to import existing user accounts. and reports to your new BusinessObjects Enterprise system. categories.x. universe restriction sets. groups. connection objects. universes. The Import Wizard runs only on Windows. a global “minimum number of characters” password restriction is not imported. For instance. groups.5 Crystal Enterprise 8 Crystal Info 7. Importing information from BusinessObjects Enterprise 6. 390 BusinessObjects Enterprise Administrator’s Guide . and third-party documents to BusinessObjects Enterprise XI.5 The functionality provided by the Import Wizard varies.

x installation directory).x 16 Before importing from BusinessObjects Enterprise 6. Back up all repositories in the source deployment.x repositories to make them consistent with version 6. you will need to restore them from your backup copies. Start the following servers in the BusinessObjects Enterprise XI deployment: • • Central Management Server Input File Repository Server and Output File Repository Server BusinessObjects Enterprise Administrator’s Guide 391 . installdir/nodes/<name of node>/mycluster/mail Map this folder if you are importing the content of users’ Inbox folders. The name and configuration details for the data sources must match the data sources in the source deployment. map drives to the following folders (where installdir represents the BusinessObjects Enterprise 6.key files. • • • • • installdir/nodes/<name of node>/mycluster/locdata Map this folder for access to the .5 format before importing data into BusinessObjects Enterprise XI. • • Stop all servers in the source deployment. Use the Custom installation if you want to install only the Import Wizard on a machine. If you need to access the repositories from a 6. On the machine that is running the Import Wizard. create data sources on the destination machine for every domain that is part of the source deployment.x source environment. you need to perform the following steps: • • Make sure the Import Wizard is deployed on a Windows machine. installdir/nodes/<name of node>/mycluster/user Map this folder if you are importing personal documents and categories. Note: The Import Wizard modifies BusinessObjects Enterprise 6.x deployment.x Before you use the Import Wizard to import data into the new BusinessObjects Enterprise XI system. If you are importing from a BusinessObjects Enterprise 6.Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6.

connections. ensure that the Import Wizard can access the database the same way that the BusinessObjects Enterprise 6. and associated objects. and objects that are associated with the documents you are importing. You cannot select individual universes or connections to import. this option imports only the objects used by the Web Intelligence documents that you are importing.x universe domain.x. You can select additional universes for import. You can also use this option if you want to import a subset of selected universes and their dependencies. When you import BusinessObjects Enterprise 6. They are converted into connection objects. Generally. Import only universes. • • 392 BusinessObjects Enterprise Administrator’s Guide .16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. connections.x universes. By default.x into BusinessObjects Enterprise XI. When you select a Web Intelligence document to import. it is placed in the corresponding domain folder. There are two ways to import the universes: • • Import all universes. Known as document dependency. an imported object will not overwrite an object with the same name that is already stored in the BusinessObjects Enterprise XI CMS database. the Import Wizard imports the object if it is an object type that is supported by BusinessObjects Enterprise XI.x accesses it. Each universe folder will be named after the corresponding Business Objects 6. When you import a universe from a domain. the Import Wizard automatically selects the associated universe for import. It also imports universe restriction sets associated with the universe (if the restriction sets are associated with users or groups that are being imported).x Importing objects from BusinessObjects Enterprise 6. Universes You can import universes into the BusinessObjects Enterprise repository. You must import all the universes in one batch.x The following sections describe what happens to objects that have been imported from BusinessObjects Enterprise 6. the associated connections are imported automatically. Note: • Universe domains are converted into folders under the Universe folder. When you import connection objects from BusinessObjects Enterprise 6. the Import Wizard also imports connection objects associated with the universe. When you import a universe. This may involve installing database drivers or configuring connection settings on the machine.

When restriction sets are migrated.x are mapped to default groups in BusinessObjects Enterprise XI as follows: BusinessObjects Enterprise 6. If no principal users or groups are selected for import. Because of the differences between restriction sets in BusinessObjects Enterprise 6.x and BusinessObjects Enterprise XI (and how they handle rights aggregation). BusinessObjects Enterprise XI creates a user folder. a personal category. they are converted into objects.x user profile BusinessObjects Enterprise XI default group Added to the Everyone group. • • If a selected universe is a derived universe. User profiles from BusinessObjects Enterprise 6. then all relevant core universes and their connections will also be imported.Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. • • All user profiles General Supervisor BusinessObjects Enterprise Administrator’s Guide 393 . the Import Wizard may create additional restriction sets on the destination deployment in order to preserve the restriction sets for all imported users. You must use the exact same name and settings as the connection used on the source machine when you created the domain key. no restriction sets are imported. Added to the Administrators group.x source environment. Universe restriction sets The Import Wizard automatically migrates all universe restriction sets that are associated with the imported universes for any of the selected users and groups being imported. Users and groups All existing BusinessObjects Enterprise 6. and an Inbox folder. For each BusinessObjects Enterprise 6.x user. Users are imported into the BusinessObjects Enterprise repository.x users and groups can be migrated to BusinessObjects Enterprise XI. if you import SQL Server connection objects from a BusinessObjects Enterprise 6. For more information about importing universes. see “Selecting information to import” on page 405. They remain connected to the universes that they were connected to on your existing installation. Universe restriction sets are migrated using both object names and object IDs to identify universe components.x 16 For example. you must configure the connections on the destination machine via the Control Panel before you import the connection objects.

• • • • Supervisor Designer Supervisor-Designer User/Versatile If you want to preserve security settings that are assigned to an imported object. the right will not be granted to the user. For each imported user. The “Enforce rights fidelity” option ensures that the effective rights match between the source and destination environments.16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. Objects corresponding to the universes and documents contained in these domains are imported to these folders. By default. Added to the Universe Designer Users group. BusinessObjects Enterprise 6. Added to the Universe Designer Users group. If a BusinessObjects Enterprise 6. for example). and categories Universe and document domains are converted to folders named after the respective domains. the Import Wizard sets the effective rights as determined by aggregation rules in the source deployment for the principal user or group on the object in the destination deployment.x user profile BusinessObjects Enterprise XI default group Granted appropriate rights on all imported objects. Added to the Everyone group. 394 BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise XI creates folders for Categories and Personal Categories and preserves the hierarchy of subcategories. see the BusinessObjects Enterprise Installation Guide. Note: • • The Import Wizard migrates external users and groups (LDAP or Windows AD users and groups. If effective rights in the source and destination environments do not match for a principal on an object. Corporate (or administrative) categories are imported as categories under the Categories folder.x security settings are preserved in BusinessObjects Enterprise XI. Whenever possible. selected personal categories are imported to a new subfolder (named after the user) under the Personal Categories folder.x BusinessObjects Enterprise 6. select all users and groups that are principals on the selected object and ensure that you select the “Enforce rights fidelity” option in the Import Wizard. For more information about the migration of security settings. domains.x right does not map exactly to a BusinessObjects Enterprise XI right. Folders. but not added to the Administrators group.

also known as “full-client” documents. Note: If you import a large number of Web Intelligence documents from your existing BusinessObjects Enterprise 6.rep) documents BusinessObjects (. delivered with the BusinessObjects 6. Inbox documents Version 6. BusinessObjects Enterprise Administrator’s Guide 395 .Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6.x 16 Personal categories can be imported only as part of a batch import. You can select individual corporate categories and import Web Intelligence documents grouped by corporate category.x Inbox documents are migrated to the user’s Inbox folder in BusinessObjects Enterprise. it may require significant processing time.rep documents to Web Intelligence (. When you select a document. and the user must be a member of the group to which the document is assigned. you can use the Report Migration Utility.x Personal documents to BusinessObjects Enterprise.x deployment. You can select which domains or documents you want to import into BusinessObjects Enterprise.x suite.wid format. Documents (and universes) cannot be imported without importing the domain. the document's domain is also imported. Documents To have access to a Web Intelligence document from the Import Wizard.rep documents to . are not supported in BusinessObjects Enterprise XI. Therefore. Inbox rights • • • Everyone [Add Document] Administrators [Full Control] Owner [Full Control] Personal Documents You can import BusinessObjects Enterprise 6.rep) documents. To migrate . Instructions are in the Report Migration Utility guide. you must migrate your . These documents are added to the user’s Favorites folder. the user must be granted access to the document in BusinessObjects Enterprise 6. BusinessObjects (.x.wid) format—in a separate procedure—before migrating the system.

In the case of objects brought across without their owners. if any of an object’s dependencies are not imported. For example.txt documents. report objects. but the user is not imported. folders. the dependency is removed). the object becomes owned by the Administrator: User A loses Full Control rights. if a user has Full Control rights on an object. repository objects. If User D runs the Import Wizard and brings the object across along with User C. RTF. groups. Microsoft PowerPoint. the Full Control right for that user is discarded when the object is imported. Note: Always import users if you want to bring across the associated rights for an object. When doing so. all rights information for that user is discarded. and server groups. The Import Wizard migrates these documents into BusinessObjects Enterprise XI if the format is supported. Events and server groups can also be imported from a version 8. more involved example. you have the additional option of importing calendars. and report instances to BusinessObjects Enterprise XI. Importing information from Crystal Enterprise If you have upgraded from Crystal Enterprise. the Administrator becomes the new owner of the objects.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise Third-party documents BusinessObjects Enterprise 6. even if the user already exists in the destination system. but User C still has View rights on the object.x supports third-party (agnostic) documents.5 or 9 installation. If the user is not brought across. but not User A. use the Import Wizard to import existing user accounts. If the user already exists.x to BusinessObjects Enterprise XI. Supported formats are: Adobe Acrobat PDF. 396 BusinessObjects Enterprise Administrator’s Guide . events. the wizard makes appropriate modifications to the object (in most cases. and Excel. When using the Import Wizard. As another. User A owns an object and has Full Control rights while User C has View rights on the same object. Word. You can also use the Import Wizard to import information from an existing version XI installation to a new version XI installation. the Import Wizard maps all rights for the user on the source system to the existing user on the destination system. Timestamps Timestamps are not migrated from BusinessObjects Enterprise 6. and *.

BusinessObjects Enterprise Administrator’s Guide 397 . Users and groups The Import Wizard imports users and groups and their hierarchical relationships. If the source environment uses Concurrent licensing. ensure that the administrative credentials are the same on both the source and destination systems. However. If there are enough Named User licenses in the destination environment. the wizard imports all users as Named Users. Generally. the destination user keeps all aliases. if the source environment uses Named User licensing.x system. see “Licensing overview” on page 530. if your Crystal Enterprise source environment includes users that belong to the New Sign-Up group. the wizard imports all users as Concurrent Users. Note: BusinessObjects Enterprise XI does not include a New Sign-Up feature. if the object will not overwrite an object that is already in the BusinessObjects Enterprise system. However. Windows AD When importing users that employ Windows Active Directory authentication. A user or group is imported only if it does not exist already by name. Active Directory authentication must also be enabled on the destination system. then the Import Wizard imports the object. If you import a group that already exists in the destination environment. If there are not enough Named User licenses in the destination environment. the group is migrated to the destination BusinessObjects Enterprise XI environment. For more information about licensing. the wizard first checks the number of Named User license keys in the destination environment. and the imported user loses that particular alias. the wizard imports all users as Concurrent Users. These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. the list of group members is updated with any additional users who were members of the group in the source environment.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 Importing objects from Crystal Enterprise The following sections describe what happens to the objects that are imported from a Crystal Enterprise 8. User licensing can affect the behavior of the Import Wizard. Aliases If a user in the destination system has an alias that is identical to a user who is being imported.

and the scheduling patterns that you have set up in the source environment are imported automatically. make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system. You can import the report instances for each report object. the object rights are discarded. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. whether or not they exist already in the destination environment.” option in the “Please choose an import scenario” dialog box. 398 BusinessObjects Enterprise Administrator’s Guide . the ownership properties of its objects and instances are reset to your current administrative account. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise LDAP When importing users that employ LDAP authentication. Folders Folders are imported. the associated object rights are imported for every user or group who is imported at the same time. When you import content from one deployment to another. When this option is selected. If the user or group is not imported at the same time. OLAP data sources. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. For instance. Crystal Info Views. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). ownership is reflected by an object’s SI_OWNERID property and by a scheduled instances’s SI_SUBMITTERID properties. However. Supported reports are always imported with their parent folders. To ensure that existing folders are not overwritten. the Host list and Base LDAP name need to be the same on both the source and destination systems. In the SDK. you can ensure that a particular user account retains ownership of its objects and scheduled instances by importing the user along with the content. LDAP authentication must also be enabled on the destination system. ODBC data sources. or Business Views. Rights When you import folders and reports from one BusinessObjects Enterprise system to another. if you import a folder called Sales Reports when a folder called Sales Reports already exists. For example. If you don’t import the user account. whether or not they exist already in the destination environment. suppose that you import a report that explicitly grants View On Demand rights to the Everyone group in the source environment—but you do not import the Everyone group. so as not to overwrite existing folders.

For more information about how to do this. When importing server groups. the object is imported without the dependency and no longer waits for. For instance. you need to import the event at the same time as the object.5 or later system. or triggers. Note: • • When importing report objects associated with a server group. For example. the event. see the BusinessObjects Enterprise Administrator’s Guide. modifying the example above. suppose that you import the report and the Everyone group. You need to manually add servers to the imported group in the Central Management Console (CMC). If you do import the appropriate user or group.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 In this case. If you have jobs scheduled or pending on a server or server group that you are importing. The same logic applies for events: if an object is set up to wait for an event or to trigger an event. Instead. then the corresponding object rights are imported and applied to the existing user or group. the newly imported report in the destination environment will not grant the same explicit rights to the Everyone group. Note: • If Event A is being imported from the source system but there is already an Event A on the destination system. In this case. and it is a different type (for BusinessObjects Enterprise Administrator’s Guide 399 . the wizard does not bring across the servers that belong to that group. the report inherits any rights that have been set on its parent folder. the Import Wizard imports the object rights along with the report. if the server group exists on the destination system. the report loses that restriction and will run under any server group. the report objects are added to the existing group and the source system’s server group is not imported. Otherwise. Events and server groups When you use the Import Wizard to import information from a Crystal Enterprise 8. You need to import the server group at the same time as the objects that use it to keep the relationship between them. So the newly imported report in the destination environment will explicitly grant the View On Demand right to the Everyone group. you have the additional option to import events and server groups from the source environment. and it already exists by name in the destination environment. Objects that have server group restrictions lose the restrictions if the objects are imported and the server group is not. you might notice odd behavior on the destination system with the individual jobs involved until they run or time out. if a report is scheduled to run only under server group A and that server group is not imported.

see “Licensing overview” on page 530. if the source environment uses Named User licensing. However. the event should work as expected. Importing information from Crystal Info Importing objects from Crystal Info The following sections describe what happens to objects that have been imported from Crystal Info to BusinessObjects Enterprise. 400 BusinessObjects Enterprise Administrator’s Guide . These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. Generally. if the Crystal Info object is of a type that is supported within BusinessObjects Enterprise. since servers are not imported. the wizard imports all users as Concurrent Users. Once this is set. If the source environment uses Concurrent licensing. then the Import Wizard imports the object. the wizard removes the dependency on Event A from the object when it is imported. you need to manually reset the event server and file name information on the event in the destination system. the wizard imports all users as Concurrent Users. For more information about licensing. If you import a group that already exists in BusinessObjects Enterprise.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info example. Note: Users who are accessing your Crystal Info implementation when you are importing objects to BusinessObjects Enterprise might experience a delay. Users and groups The Import Wizard imports users and groups and their hierarchical relationships as they exist in Crystal Info. the wizard imports all users as Named Users. a File event instead of a Custom event). If there are not enough Named User licenses in the destination environment. the list of group members is updated with additional users who were members of the Crystal Info group. If there are enough Named User licenses in the destination environment. • Events are based on Event Servers and. and if the Crystal Info object will not overwrite an object that is already in the BusinessObjects Enterprise system. User licensing can affect the behavior of the Import Wizard. A user or group is added to BusinessObjects Enterprise only if it does not exist already by name. the wizard first checks the number of Named User license keys in the destination environment.

You can then run a conversion utility on all reports in that folder to convert them to use metadata. or OLAP data sources. only the ownership. Consequently. the Administrators group will have Full Control access to it. Supported reports are always imported with their parent folders. When this option is selected. After converting the reports. make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system” option in the “Please choose an import scenario” dialog box. so as not to overwrite existing folders. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. However. BusinessObjects Enterprise Administrator’s Guide 401 . whether or not they exist already in BusinessObjects Enterprise. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). Choose a specific folder where you want to save these reports. If the owner of a report is the Administrators group. When you import reports based on a Crystal Info View. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. whether or not they exist already in the destination environment. ODBC data sources. If you transfer reports from Crystal Info to BusinessObjects Enterprise. For example. the report will be transferred and the View On Demand access mode will be associated with the report. Rights BusinessObjects Enterprise enforces security through object rights. the Import Wizard does not import any of the folder security that is set up within the Crystal Info environment. which differ from the user rights used within Crystal Info.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info 16 Folders Folders are imported. To ensure that existing folders are not overwritten. when a folder called Sales Reports already exists in BusinessObjects Enterprise. you can publish them to BusinessObjects Enterprise with the Publishing Wizard. you are prompted to save the report files. if you import a folder called Sales Reports. The Import Wizard can import successful instances and some recurring instances from Crystal Info systems. If the owner of the report is not an administrator. the rights associated with the report are not transferred. Recurrence patterns that cannot be automatically recreated within BusinessObjects Enterprise are written to the log file created by the Import Wizard.

You then select the information that you want to import. The overall process is divided into the following procedures: • • • • • • “Specifying the source and destination environments” on page 402 “Selecting information to import” on page 405 “Importing objects with rights” on page 407 “Choosing an import scenario” on page 407 “Importing specific objects” on page 409 “Finalizing the import” on page 414 Specifying the source and destination environments This procedure shows how to specify a source environment and a destination environment using the initial screens of the Import Wizard. Importing with the Import Wizard The Import Wizard provides a series of screens that guide you through the process of importing user accounts. Before starting this procedure. Such objects include report packages.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Other objects The Import Wizard cannot import Crystal Info objects that are not supported by BusinessObjects Enterprise. You can choose to merge the contents of the source repository into the destination repository. Holos Applications. 2. or you can update the destination with the contents of the source CMS. and the Import Wizard copies the requested information from the source to the destination. Open OLAP cubes. and reports. folders. 402 BusinessObjects Enterprise Administrator’s Guide . When you import information. The screens that appear depend on the source environment and the types of information that you choose to import. query objects. To specify the source and destination environments From the BusinessObjects Enterprise program group. 1. Info cubes. Click Next. and Crystal reports based on query files. groups. click Import Wizard. you first connect to the Central Management Server (CMS) of your existing installation (the source environment) and specify the CMS of your new BusinessObjects Enterprise system (the destination environment). ensure that you have the Administrator account credentials for both the source and the destination environment.

5 Crystal Enterprise 9 Crystal Enterprise 10 BusinessObjects Enterprise 6.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 The “Specify source environment” dialog box appears. In the Source list. Crystal Enterprise 10 or earlier. If your source environment is Crystal Info.5 Crystal Enterprise 8 Crystal Enterprise 8. The available options are: • • • • • • • Crystal Info 7. This example imports information from BusinessObjects Enterprise XI.x BusinessObjects Enterprise XI You are prompted for administrative account information. 3. 4. type the name of the source environment’s CMS (Central Management Server). select the product from which you want to import information. or BusinessObjects Enterprise XI: • • In the CMS Name field. BusinessObjects Enterprise Administrator’s Guide 403 . Type the User Name and Password that provide you with administrative rights to the source environment. The fields that appear depend on the type of source environment you chose.

type the name of the destination environment’s Central Management Server. Note: You must have the General Supervisor profile. The “Choose objects to import” dialog box appears.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 5. 7. In the Domain key file field. 8. or click the browse button to select the domain file. If your source environment is BusinessObjects Enterprise 6. Type the User Name and Password of an Enterprise account that provides you with administrative rights to the BusinessObjects Enterprise system. provide the full path of the domain file for the BusinessObjects Enterprise system.x: • • 6. The “Specify destination environment” dialog box appears. Click Next. Type the User Name and Password that provide you with administrative rights to the source environment. then click Next. In the CMS Name field. 404 BusinessObjects Enterprise Administrator’s Guide .

provide the paths for your personal and/or inbox documents. Universes. If the “Import universe and connection objects” options dialog box appears. If the “Import personal documents and inbox documents” dialog box appears. To choose which objects to import In the “Choose objects to import” dialog box. All object can be imported from BusinessObjects Enterprise XI. folders. 4. Repository objects and calendars can be imported from Crystal Enterprise 10. groups. Note: You do not need to provide a path for corporate documents because they are stored in the repository. Click Next. choose an import option: BusinessObjects Enterprise Administrator’s Guide 405 . If you have not already started the Import Wizard. categories.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Selecting information to import This procedure shows how to select the users. and reports that you want to import. 2. and Web Intelligence documents can be imported from BusinessObjects Enterprise 6. see “Specifying the source and destination environments” on page 402. 1. 3. Events and server groups can be imported from Crystal Enterprise 8.5 or later. select the check box (or boxes) corresponding to the information you want to import: • Import users and user groups • • • • • • • • • • • • • Import inbox documents Import personal categories Import personal Web Intelligence documents Import favorite folders for selected users Import application rights Import corporate categories Import corporate Web Intelligence documents Import folders and objects • Import discussions associated with the selected reports Import events Import server groups Import repository objects Import calendars Import universes Note: The options available depend on the version of the source environment.x.

You can also use this option if you want to import a subset of selected universes and their dependencies. You cannot select individual universes or connections to import. 406 BusinessObjects Enterprise Administrator’s Guide . 5. Click Next. The “Import Object Principals Option” dialog box appears. Known as document dependency. connections. Import only the universes and connection objects that are associated with the documents you are importing.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • • Import all universes. and associated objects. This option imports all universes from the source environment in one batch. this option imports only the objects used by the Web Intelligence documents that you are importing.

The setting also affects how the system handles duplicate objects. users and groups from the source system overwrite users and groups that have the same name on the destination system. 2. the rights on the destination system will closely match those on the source system. If you do not enable rights fidelity. Choosing an import scenario You can merge the source and destination systems. the Import Wizard prompts you to either merge or update users and groups that have the same name on both the source and destination systems. To preserve the rights from the source system. you need to import the users and groups that have been granted these rights. If you enable rights fidelity. To enable rights fidelity In the “Import Object Principals Option” dialog box. Proceed to “Choosing an import scenario” on page 407. select the “Enforce rights fidelity” option. or you can add the source system’s information to the destination system without merging.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Importing objects with rights If you import objects that already have rights assigned to them. If you enable rights fidelity. enable the rights fidelity setting in the Import Wizard. 1. BusinessObjects Enterprise Administrator’s Guide 407 . only the update option is available. The “Please choose an import scenario” dialog box appears. If you enable rights fidelity. Click Next.

To choose an import scenario In the “Please choose an import scenario” dialog box. If an object in the source system has the same unique identifier as an object in the destination. see “Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS” on page 174.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Merging systems If you merge the source and destination systems. For more information about merging and updating systems. choose “I want to merge the source system into the destination system. When you update the contents of the destination system using the source system as a reference. you add all objects in the source system to the destination CMS. Note: This is the safest import option. Also. choose the type of import you want. Updating the destination system You can add the source system’s information to the destination system without merging. at a minimum. To merge the source and destination systems. All of the objects in the destination system are preserved. the Import Wizard adds all objects from the source system into the destination CMS without overwriting objects in the destination.” 408 BusinessObjects Enterprise Administrator’s Guide . choose “I want to update the destination system by using the source system as a reference. all objects from the source system with a unique title are copied to the destination system. the object in the destination is overwritten. 1.” To add the source system’s information to the destination system without merging.

you are prompted to choose the specific objects you want to import. proceed to “Importing specific objects” on page 409. proceed to “Finalizing the import” on page 414. In the Subgroups and Users list. If the “Import Groups Option” dialog box appears. select specific members of any group. 1. groups.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 2. If you are prompted to select specific objects for import. categories. the “Select Users and Groups” dialog box appears. choose how you want to map third-party groups. Note: • Ensure that the third party authentication is configured the same way on both the source and destination environments. In the Groups list. and click Next. You can import all of the objects or select individual objects. Click Next. or repository objects. 3. To select users and groups If you chose to import users and groups. This example imports all but one of the users in the Administrators group. universes. 2. folders. Importing specific objects If you chose to import users. BusinessObjects Enterprise Administrator’s Guide 409 . domains. Web Intelligence documents. select the groups that you want to import. 4. If the “Information collection complete” dialog box appears. Click Next.

the “Select categories” dialog box appears. then click Next. • To select domains and Web Intelligence documents If you chose to import Web Intelligence documents. • To select categories If you chose to import categories. 410 BusinessObjects Enterprise Administrator’s Guide . Select the check boxes for the categories that you want to import. you need to determine how these users will be handled upon import into BusinessObjects Enterprise XI. Select the check boxes for domains or individual documents that you want to import.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • If you are importing third-party (or external) users and groups from BusinessObjects Enterprise 6. then click Next. the “Select Domains and Web Intelligence documents” dialog box appears. see “Managing User Accounts and Groups” on page 249.x. The Import Wizard imports the selected categories and the objects that belong to the categories. For information about setting alias creation and assignment for LDAP and Active Directory users.

ensure that the Import Wizard can access the database the same way that the source environment BusinessObjects Enterprise Administrator’s Guide 411 . the “Select Universe Folder and Universes” dialog box appears. Select the check boxes for the universes that you want to import. Before you can import connection objects from BusinessObjects Enterprise 6. To select universes or universe folders If you chose to import a subset of the universes from the source environment. then click Next. its connection objects are imported automatically. Note: When you import a universe.x.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 1.

412 BusinessObjects Enterprise Administrator’s Guide . the “Connection SSO Option” dialog box appears. Select the connection object. You must use the exact same name and settings as the connection used on the source machine when you created the domain key. Tip: You can also choose to “Import all instances of each selected report and object package. If the universe uses a connection object that is associated with a secure connection that was created with the “Use Business Objects username and password” option selected.” This example imports the Report Samples folder and a subset of its contents. For example. To select folders and objects If you chose to import folders and objects. if you import SQL Server connection objects from a BusinessObjects Enterprise 6. and you can enable Single Sign-On for database access during viewing and designing.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard accesses it. 2. you must configure the connections on the destination machine via the Control Panel before you import the connection objects. and click Next. these credentials will also be used for access when viewing Web Intelligence documents or designing universes. provide your connection information. you can specify logon credentials for database access during scheduling. but you do not need to provide SSO information for described connections. Select the check boxes for the folders and reports that you want to import. This may involve installing database drivers or configuring connection settings on the machine.x source environment. Note: • • • • SSO can be enabled. and if SSO is not enabled. If your database supports Kerberos authentication. Then click Next. You can specify logon credentials for access when scheduling. You can enable SSO only for connections that support Kerberos SSO in BusinessObjects Enterprise XI. the “Select Folders and Objects” dialog box appears.

then click Next. the “Import repository objects options” dialog box appears. BusinessObjects Enterprise Administrator’s Guide 413 .Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 • To select repository objects If you chose to import repository objects. Choose an importing option for repository objects.

2. If the import summary shows that some information was not imported successfully.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Finalizing the import 1. click Finish to begin importing the information.log. The “Import Progress” dialog box displays status information and creates an Import Summary while the Import Wizard completes its tasks. a title that describes the imported information. Otherwise. When the “Information collection complete” dialog box appears. and a field that describes the action and the reason why it was taken. Note: The information that appears in the Detail Log is also written to a text file called ImportWiz. which you will find in the directory from which the Import Wizard was run. click View Detail Log for a description of the problem. By default. this directory is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ The log file includes a system-generated ID number. click Done. 414 BusinessObjects Enterprise Administrator’s Guide .

Managing Objects chapter .

copying. and hyperlinks. This chapter is broken up into four sections: • • “Report object management” on page 425 This section explains report objects and instances. and how to manage them through the Central Management Console (CMC). programs. and security considerations for program objects. updating parameters. this section explains how to create an object package and how to add objects to an object package. see “Managing User Folders” on page 367. Microsoft Word files. • “Program object management” on page 451 This section explains program objects and instances. you manage them through the Central Management Console (CMC) by going to the Objects management area. text files. After publishing objects to BusinessObjects Enterprise. and how to set object rights for users and groups. Microsoft PowerPoint files. such as moving. and how to manage them through the Central Management Console (CMC). and deleting objects. • “Object package management” on page 459 This section explains object packages and instances. rich text format files. and how to manage them through the Central Management Console (CMC). “General object management” on page 417 This section describes general object management concepts that apply to all objects. Use folders to organize and facilitate object administration for you and your users. as well as object packages. how to modify object properties. For more information. Tip: • • Go to the Object management area by clicking the Objects link on the CMC Home page. this section covers type-specific program object configuration. Microsoft Excel files. which consist of report and/or program objects. using filters. Adobe Acrobat PDFs. changing database information. Additionally. specifying alert notification.17 Managing Objects Managing objects overview Managing objects overview There are several types of objects that can exist in BusinessObjects Enterprise: reports. 416 BusinessObjects Enterprise Administrator’s Guide . and working with hyperlinked reports. It also describes how to search for objects. Managing report objects includes applying processing extensions. Web Intelligence documents. Additionally.

• • “Move” changes the location of the object from one folder to another. However. or creating a shortcut for an object Use this procedure to copy or move an object. or to create a shortcut to an object within BusinessObjects Enterprise: • “Copy” creates another copy of the object in a different location. more convenient. they are not able to schedule that report even through a shortcut that allows them full rights. Note: For information setting the rights for an object. See Chapter 14: Organizing Objects. The object retains its original set of object rights. BusinessObjects Enterprise Administrator’s Guide 417 . It includes the following sections: • • • • • • “Copying. for example. Copying. if a user does not have rights to schedule a report. access route for an object. the shortcut object rights do not override the rights of the original object. moving. or creating a shortcut for an object” on page 417 “Deleting an object” on page 419 “Searching for an object” on page 419 “Sending an object or instance” on page 420 “Changing properties of an object” on page 422 “Assigning an object to categories” on page 424 Tip: You can also manage an object by going to the Folders management area in the CMC. see “Setting object rights for users and groups” on page 317. selecting a folder (and any subfolders) by clicking the appropriate link(s). moving. For example.Managing Objects General object management 17 General object management This section describes general tasks related to managing objects and their instances. and selecting the object that is located under the Object Title column. The shortcut inherits object rights from its parent folder. You can also create a shortcut to give users access to the object when you don’t want them to access the folder that the actual object is located in. when scheduling objects by using an object package. The new copy of the object inherits all object rights from its new parent folder. to copy the objects to the package. “Create shortcut” enables you to create an alternate. You use copy. See “Scheduling objects using object packages” on page 471.

3. or create a shortcut for an object Go to the Objects management area of the CMC. The Copy/Move/Create Shortcut page appears. or create a shortcut for. For more information on folder rights. users who have access to the folder where the shortcut is located can access this object and its instances. move. 4. 5. select it and click Show Subfolders. Select one of the following options: • • • Copy to Move to Create shortcut in Tip: You may want to create a shortcut if you want to give someone access to an object without giving that user access to the entire folder that the object is located in. To copy. see “Specifying folder rights” on page 364.17 Managing Objects General object management 1. Tip: • • To expand a folder. Click Copy/Move/Shortcut. Select the appropriate destination folder. 2. move. After you create the shortcut. use the Look For field. Select the check boxes associated with the object(s) you want to copy. then click OK. To search for a specific folder or object package. 418 BusinessObjects Enterprise Administrator’s Guide .

2. BusinessObjects Enterprise Administrator’s Guide 419 . see “Managing and viewing the history of instances” on page 495. Click Search. Click Delete. 4. type the text to search for. Click OK. you have the option of deleting object instances. To delete an object Go to the Objects management area of the CMC. 1. specify the object field to search (title or description) and the matching method to use (is. which deletes all of the objects and instances that are stored in that folder. 2. In the “Search for” fields. For more information.Managing Objects General object management 17 Deleting an object This procedure explains how to delete either a single object or multiple objects. 3. is not. rather than the object itself. Select the check boxes associated with the object(s). In the Text field. You can also delete a folder (by selecting a folder and clicking Delete in the Folders management area). Searching for an object The search feature enables you to search for specific text within object titles or descriptions. all of its existing instances and scheduled instances will be deleted. does not contain). Note: When you delete an object. Specify the search criteria. 3. contains. To search for an object or objects Go to the Objects management area of the CMC. 1. As well.

a Word or Excel file. Click the History tab. 2. a report instance. For details about which types of objects can be sent to which destinations. The Send to page appears. 420 BusinessObjects Enterprise Administrator’s Guide . see See also “Available destinations by object type” on page 421. click the link for the object. 1. 3. or a shortcut to the object or instance. and then select the check boxes for the instances you want to send. nor does it refresh the data for a report instance. for example. Select only instances with a status of Success or Failed. You can send an object. You can also select the destination.17 Managing Objects General object management Sending an object or instance You can use the “Send to” feature to send existing objects or instances of an object to different destinations. or you can send instances of an object. The “Send to” function handles existing objects or instances only. To send an object or an instance to a destination Go to the Objects management area of the CMC. To send an instance of the object. FTP or Inbox. Instances with a status or Recurring or Pending are scheduled and do not contain any data yet. You can send either a copy of an object or instance. for example. Not all types of objects can be sent to all destinations. Click Send to. Select the check boxes for the objects that you want to send. for example. It does not cause the system to run the object and create new instances.

A new destination for all selected objects Allows you to specify a destination. Unm. The system will update the destination information for the object when you click Send. this option is selected and the system deletes any temporary objects or instances after they have been sent. Select the destination option you want: • • Each selected object’s scheduling destination Sends the objects or instances to the destination specified on the Destination pages for the objects. Available destinations by object type Most destinations can be used for most types of objects. or to an Email destination within BusinessObjects Enterprise. select the Set this destination as the selected object’s scheduling destination option. you must specify additional parameters for the destination information. By default. for a Web Intelligence document you cannot specify an unmanaged disk destination. Note: Send Web Intelligence documents to the “Inbox” destination only. deselect Clean up temporary objects created after objects have been sent. 6. See “Available destinations by object type” on page 421 and “Selecting a destination” on page 481. but there are some exceptions. DIsk Yes Yes Email (SMTP) FTP Yes Yes File Yes Yes Link Yes Yes Inbox File Yes Yes Yes Link Yes Yes Yes Object type Report Object Package Program BusinessObjects Enterprise Administrator’s Guide 421 . If you want. If you want to keep these 5. Click Send. In some cases recipients must have access to the BusinessObjects Enterprise system to be able to open the object. The following table summarizes which objects cannot use certain destinations. For example. you can the temporary instances that are created when you send an object or instance.Managing Objects General object management 17 4. If you select this option. The system sends the selected objects or instances to the specified destinations. If you want the destination to become the default destination for the object.

1. On the Properties page. a View button appears on the Properties page.17 Managing Objects General object management Object type Web Intelligence document Excel file Word file PDF file Text file RTF file PowerPoint file Hyperlink Unm. and the date it was created. DIsk Yes Yes Yes Yes Yes Yes - Email (SMTP) FTP Yes Yes Yes Yes Yes Yes File Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Inbox File Yes Yes Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Changing properties of an object In the Properties page of an object. you can see the last times the object was modified and/or run. Text. For objects that can be scheduled (reports. Microsoft PowerPoint. you can view its file name. Microsoft Excel. you cannot click Reset to undo changes. 3. 422 BusinessObjects Enterprise Administrator’s Guide . Provided that you have the appropriate software installed on your browser machine. you can modify an object’s title and description. Click Update. As well. To change the properties of an object In the Objects management area of the CMC. its location. and Rich Text objects. Adobe Acrobat. View button For Microsoft Word. select an object by clicking its link. change any of the properties as required. 2. Note that once you have clicked Update. and object packages). you can click the View button to open and view the object. programs.

the user will need to have rights at the View level or higher. Note: A thumbnail is a graphical representation of the first page of a report. BusinessObjects Enterprise Administrator’s Guide 423 . then a thumbnail will not be stored on BusinessObjects Enterprise. administrators have rights at the Full Control level (the highest rights setting) for all report objects.Managing Objects General object management 17 Preview button Similarly. for report objects and Web Intelligence documents. The Preview button enables you to view a report on demand with all of your current report settings. a Preview button appears. To use the Preview function. Show report thumbnail option For reports. see “Report object management” on page 425. For details about object rights.) By default. If you do not want a thumbnail preview of this report to be available in InfoView or another web application. The Show report thumbnail checkbox does not apply to Web Intelligence document objects. (To preview a report with saved data. If the original report does not contain a thumbnail. BusinessObjects Enterprise connects to the report’s data source(s) if no cached pages are available. clear the Show report thumbnail check box. the user will need to have rights at the Schedule level or higher. the “Show report thumbnail” check box is selected by default.

You can also assign objects to a category by using the categories page. Use the following procedure to assign an object to a category by using the objects page. Click the Categories tab. 1. Click OK. Otherwise. clear the “Scheduled package fails upon individual component failure” check box. 6. (A component is an object in an object package. Assigning an object to categories Like folders. The Assign Corporate Categories page appears. 3. For complete information. the “Scheduled package fails upon individual component failure” check box is selected by default. 4. See “Adding an object to a new category” on page 370. skip this step. click the Personal link. To assign an object to a category In the Object management area of the CMC. 424 BusinessObjects Enterprise Administrator’s Guide . categories are objects used to organize documents. the object package instance in the History will appear as Failed. see “Removing or deleting objects from a category” on page 370. 5. In the Available Categories list. select the category that you want the object to belong to and use the arrow buttons to move to the Assigned Categories list.17 Managing Objects General object management Scheduled package fails upon individual component failure option For object packages. or subcategories within categories. 2. select an object by clicking its link. Click Assign Categories. Repeat this step for each category that you want the object to be assigned to.) This means that if one of objects in a package fails. The Available Categories list includes all corporate or personal categories and their subcategories. A category can be a corporate or a personal category. You can associate objects with multiple categories. Note: To remove an object from a category. see Chapter 14: Organizing Objects. To assign an object to a personal category. If you do not want the object package instance to fail if one of the objects fails.

even though both instances originate from the same report object. such as InfoView or a custom web application. What are report objects and instances? A report object is an object that is created using a Business Objects designer component (such as Crystal Reports or OLAP Intelligence). Both types of objects contain report information (such as database fields). report objects are designed such that you can create several instances with varying characteristics. It includes the following sections: • • • • • “What are report objects and instances?” on page 425 “Setting report refresh options” on page 426 “Setting report processing options” on page 428 “Applying processing extensions to reports” on page 443 “Working with hyperlinked reports” on page 447 Note: Most information in this section also applies to Web Intelligence document objects. It does not contain any data yet. BusinessObjects Enterprise Administrator’s Guide 425 . For more information about scheduling. Both types of objects can also contain saved data. A report object or Web Intelligence document object can be made available to everyone or to individuals in selected user groups. you can schedule one instance that contains report data that is specific to one department and schedule another instance that contains information that is specific to another department. Any exceptions have been identified. the system creates a scheduled instance for the object. A Web Intelligence document object Web Intelligence is created using the Report panel and HTML Query panel in InfoView. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending.Managing Objects Report object management 17 Report object management This section explains report objects and instances. and how to manage them through the Central Management Console (CMC). A scheduled instance contains object and schedule information. see Chapter 18: Scheduling Objects. You can schedule objects either from CMC or by using a BusinessObjects Enterprise application. Typically. if you run a report object with parameters. For example. Scheduled instances When you schedule an object.

BusinessObjects Enterprise deletes or adds report elements in the report object to make it match the . then BusinessObjects Enterprise updates the default value of the prompt in the report object.rpt file. overwriting any changes you’ve made in BusinessObjects Enterprise. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. You can then change these settings as needed for the scheduled instance you want to create. It appears on the History page of the object and has a status of Success or Failed. and displayed in version XI format. Once published to BusinessObjects Enterprise.rpt file. Setting report refresh options Note: This feature does not apply to Web Intelligence document objects. the new default settings are displayed. Where report elements are the same in the source report and the report object. if a prompt appears only in the source . Any changes that you have made to the default value of the parameter in BusinessObjects Enterprise are overwritten. The next time you schedule the object.rpt file. the system runs the object and creates an object instance. You can set report refresh options that determine which settings of a report object are updated when you refresh it in BusinessObjects Enterprise.17 Managing Objects Report object management Object instances At the specified time. Those changes do not affect any existing scheduled instances or object instances. Making changes to an object Any changes you make to the an object (by making the changes and then clicking Update) affect the default settings for the object only. When you refresh a report object. 426 BusinessObjects Enterprise Administrator’s Guide . For example. the report refresh settings allow you to control which settings in the report object are updated with values from the source . The instance contains actual data from the database. then refreshing the report adds the prompt to the report object. BusinessObjects Enterprise compares the report object stored in BusinessObjects Enterprise with the original .rpt file stored in the Input File Repository Server. If a prompt appears in both the source . processed. This holds true no matter which report refresh options you select.rpt and the report object and you have selected the “Prompt Values” option. whether you use CMC or an application such as InfoView. reports are saved.

click the Universes link. Viewing the universes for a Web Intelligence document You build queries for Web Intelligence documents using objects in a universe. clear the appropriate report refresh option.Managing Objects Report object management 17 To preserve your changes to the values of report elements when you refresh a report. To set a report object’s refresh options In the Objects management area of the CMC. If you select Prompt Options. select a report object by clicking its link. 3. BusinessObjects Enterprise ensures that changes to either the default value of a prompt or to the current value of a prompt are updated in the report object when the report is refreshed. BusinessObjects Enterprise ensures that changes to the metadata describing a prompt is updated in the report object. Note: • • • If you select Prompt Values. 2. For example. For more information. On the Properties page. Click Refresh Report. The Universes page appears. listing the universes that are used by the document. 2. To view the universes for a Web Intelligence document In the Objects management area of the CMC. select a Web Intelligence document object by clicking its link. In CMC you can view which universes are used by a Web Intelligence document. A universe is a representation of the information available in the database. 1. BusinessObjects Enterprise Administrator’s Guide 427 . 4. see “Refreshing repository objects in published reports” on page 179. “Can be null” is a prompt option. click the Refresh Options link. 1. Choose the report elements that you want to refresh from the source report file. If you select “Use Object Repository when refreshing report”. On the Properties page. repository objects in the report object will be refreshed against the repository.

17

Managing Objects Report object management

Setting report processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the report processing options includes the following tasks:

• • • • • • • •

“Setting report viewing options” on page 428 “Specifying servers for scheduling” on page 430 “Specifying servers for viewing and modification” on page 432 “Changing database information” on page 434 “Updating parameters” on page 437 “Using filters” on page 439 “Setting printer and page layout options” on page 441 “Applying processing extensions to reports” on page 443

Setting report viewing options
Note: This feature does not apply to Web Intelligence document objects. The report viewing options available in BusinessObjects Enterprise allow you to balance users’ need for up-to-date information with the need to optimize data retrieval times and overall system performance. BusinessObjects Enterprise allows you to enable data sharing, which permits different users accessing the same report object to use the same data when viewing or refreshing a report. Enabling data sharing reduces the number of database calls, thereby reducing the time needed to generate a report instance for subsequent users of the same report, while greatly improving overall system performance under load. You can control data sharing settings on either a per-report or a per-server basis:

If you specify which servers a report uses for viewing, you can use perserver settings to standardize data sharing settings for groups of reports, and centrally administer these settings. (See “Specifying servers for viewing and modification” on page 432.) Per-report settings permit you to specify that particular reports will not share data. They also allow you to tailor the data sharing interval for each report to meet the needs of that report’s users. In addition, per-report settings enable you to decide on a report-by-report basis whether it is appropriate to allow users to access the database whenever they refresh reports.

428

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Data sharing may not be ideal for all organizations, or for all reports. To get full value from data sharing, you must permit data to be reused for some period of time. This means that some users may see “old” data when they view a report on demand, or refresh a report instance that they are viewing. The default report viewing options for BusinessObjects Enterprise emphasize data freshness and integrity. By default, when you add a report to BusinessObjects Enterprise it is configured to use per-server settings for report sharing. The default server settings ensure that users always receive up-to-date information when they refresh a report, and guarantee that the oldest data given to any user is 0 minutes old. If you choose to enable perreport settings, the default settings allow data sharing, allow a viewer refresh to retrieve fresh data from the database, and ensure that the oldest data given to a client is 5 minutes old. Tip: Disabling the sharing of report data between clients is not the same as setting the “Oldest on-demand data given to a client” to 0 minutes. Under high load, your system may receive more than one request for the same report instance at the same time. In this case, if the data sharing interval is set to 0 but the “Share report data between clients” option is enabled, BusinessObjects Enterprise shares data between the client requests. If it is important that data not be shared between different clients (for example, because the report uses a User Function Library (UFL) that is personalized for each user), disable data sharing for that report. For details on setting report viewing options on a per-server basis, see:

• • • •

“Modifying Cache Server performance settings” on page 112 “Modifying Page Server performance settings” on page 115 “Modifying performance settings for the RAS” on page 120 “Configuring the Web Intelligence Report Server” on page 122

For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system, see the planning chapter in the BusinessObjects Enterprise Installation Guide. Note: This feature does not apply to Web Intelligence document objects. 1. 2. 3. 4. To set report viewing options for a report In the Objects management area of the CMC, select a report by clicking its link. Click the Process tab. In the “Data Refresh for Viewing” area, click “Use report specific viewing settings.” Then select the options that you want to set for this report. Click Update.

BusinessObjects Enterprise Administrator’s Guide

429

17

Managing Objects Report object management

Specifying servers for scheduling
You can specify the default servers that BusinessObjects Enterprise will use to run an object, and to schedule and process instances. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Report Job Server. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Also, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Note:

If you choose the “Use the first available server” option, the Central Management Server (CMS) will check the job servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each job server. If all of the job servers have the same load percentage, then the CMS will randomly pick a job server. If you are scheduling a program object that requires access to files stored locally on a Program Job Server, but you have multiple Program Job Servers, you must specify which server to use to run the program. See “Specifying servers for viewing and modification” on page 432 for information on specifying the servers used to view or modify an object. To specify the servers to use for an object In the Objects management area of the CMC, select an object by clicking its link.

• •

1.

430

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

2.

Click the Process tab.

3.

In the “Default Servers To Use For Scheduling” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of scheduling. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

BusinessObjects Enterprise Administrator’s Guide

431

17

Managing Objects Report object management

4. 5.

Click Update. In the “Default Servers To Use For Viewing” area, repeat the activities from steps 3 and 4. Note: “Default Servers To Use For Viewing” applies only to report objects.

Specifying servers for viewing and modification
You can specify the default servers that BusinessObjects Enterprise will use when a user views or modifies a report or Web Intelligence document. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Cache Server and Page Server, or the Report Application Server, depending on which viewer is used. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your viewing, as specific reports can be processed using specific servers. You must first create server groups by going to the Server Groups management area in the CMC before you are able to select servers that belong to a selected group. You can also set the maximum number of jobs a server will accept. For more information, see “Modifying Cache Server performance settings” on page 112, “Modifying Page Server performance settings” on page 115, or “Modifying performance settings for the RAS” on page 120.

432

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Note:

If you choose the “Use the first available server” option, the Central Management Server(CMS) will check the servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each server. If all of the servers have the same load percentage, then the CMS will randomly pick a server. See “Specifying servers for scheduling” on page 430 for information on specifying Job Servers used to schedule an object. To specify the servers to use for a report object In the Objects management area of the CMC, select an object by clicking its link. Click the Process tab.

1. 2.

BusinessObjects Enterprise Administrator’s Guide

433

17

Managing Objects Report object management

3.

In the “Default Servers To Use For Viewing” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of viewing. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

4.

Click Update.

Changing database information
Note: This feature does not apply to Web Intelligence document objects. You can select your database type and set the default database logon information on the Database page for a report. The Database page displays the data source or data sources for your report object and its instances. You can choose to prompt the user for a logon name and password when he or she views a report instance. 1. 2. To change database settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the database link.

434

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

The Database page appears.

BusinessObjects Enterprise Administrator’s Guide

435

17

Managing Objects Report object management

3. 4.

In the Data Source(s) list, select the data source. Select Use original database logon information from the report or Use custom database logon information specified here. If you select the first option, you can specify a user name and password to be used with the original report database. If you select the second option, you can specify a server name (or a DSN in the case of an ODBC data source), a database name, a user name, and a password for a number of predefined database drivers, or for a custom database driver that you’ve specified. If you’ve changed the default table prefix in your database, specify a custom table prefix here. For a complete list of supported databases and drivers, refer to the
platform.txt file included with your installation.

5.

Select the database logon option you want.

Prompt the user for database logon The system will prompt users for a password when they refresh a report. Note: This option has no effect on a scheduled instance. Also, BusinessObjects Enterprise only prompts users when they first refresh a report; that is, if they refresh the report a second time, they will not be prompted.

Use SSO context for database logon The system will use the user’s security context, that is, the user’s logon and password, to log on to the database. Note: For this option to work, you must have your system configured for end-to-end single sign-on, or for single sign-on to the database. For more information, see “Configuring Kerberos single sign-on” on page 299.

Use same database logon as when report is run The system will use the same database logon information as was used when the report was run on the job server.

6.

Click Update.

436

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Updating parameters
Note: This feature does not apply to Web Intelligence document objects. Parameter fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default parameter value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users are either able to use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Parameters link is available only if the report object contains parameters. 1. 2. To view parameter settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Parameters link.

3.

Under the Value column, select the value associated with the parameter you want to change. A page opens that allows you to change the parameter value. Depending on the parameter value type, you either type a value in the field or choose a value from a list. If there is a list, you can also click Edit to type a new value.

BusinessObjects Enterprise Administrator’s Guide

437

17

Managing Objects Report object management

4. 5.

Select the Clear the current parameter value(s) check box if you want to clear the current value that is set for the specified parameter. Select the Prompt the user for new value(s) when viewing check box if you want your users to be prompted when they view a report instance through a BusinessObjects Enterprise application such as InfoView. Click Update.

6.

Updating prompts for Web Intelligence document objects
Note: This feature does not apply to Crystal reports objects. See “Updating parameters” on page 437 instead. Prompt fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default prompt value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users can either use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Prompts link is available only if the Web Intelligence document object contains prompts.

438

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2. 3. 4.

To update the prompts for a Web Intelligence document object In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Prompts link. The Prompts page appears, showing a dialog box with prompts. Select the prompt and enter a value for the prompt. Repeat this step for every prompt whose you want to change. Click Update.

Using filters
Note: This feature does not apply to Web Intelligence document objects. In the Filters page, you set the default selection formulas for the report. Selection formulas are similar to parameter fields in that they are used to filter results so that only the required information is displayed. Unlike parameters, end users will not be prompted for selection formula values when they view or refresh the report. When users schedule reports through a web-based client such as InfoView, they can choose to modify the selection formulas for the reports. By default, if any formulas are set in the CMC, they will be used by the web-based client. For more information on selection formulas, see the Crystal Reports User’s Guide. In addition to changing selection formulas, if you have developed your own processing extensions, you can select the processing extensions that you want to apply to your report. For more information, see “Applying processing extensions to reports” on page 443. When you use filters in conjunction with processing extensions, a subset of the processed data is returned. Selection formulas and processing extensions act as filters for the report. 1. 2. To use filters In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Filters link. The Filters page appears.

BusinessObjects Enterprise Administrator’s Guide

439

17

Managing Objects Report object management

440

BusinessObjects Enterprise Administrator’s Guide

• Record Selection Formula Use the Record Selection Formula to create or edit a record selection formula or formulas that limit the records used when you or a user schedules a report. Click Update. When printing a report. By selecting the Printer destination. Specifying a printer Note: This feature does not apply to Web Intelligence document objects.Managing Objects Report object management 17 3. and the page range. the number of copies. See “Changing the server user account” on page 146 for information on changing the user account. Repeat this step until you have selected the processing extensions you want. You can choose to print a report (each time it runs) using the Job Server’s default printer or a different printer. BusinessObjects Enterprise prints your report after it is processed. 4. and if printed. the printer to use. BusinessObjects Enterprise Administrator’s Guide 441 . the second area specifies custom layout settings for changing the page size and orientation (regardless of whether the report instance is printed or not). The Print Setup page contains two areas: the first area specifies whether or not a report instance is printed. Setting printer and page layout options Note: This feature does not apply to Web Intelligence document objects. Note: The Job Server must run under an account that has sufficient privileges to access the printer you specify. and move it to the Use these Processing Extensions list. you can set the number of copies and the page range. 5. select a processing extension you want from the Available Processing Extensions list. report instances are always printed in Crystal Reports format. • Group Selection Formula Use the Group Selection Formulas to create or edit a group selection formula or formulas that limit the groups used when you or a user schedules a report. You can choose to print a report instance when scheduling it. Update or add new selection formulas. In the processing extensions area.

On the Process tab. and choose the print page range. Click Update. The report instances are automatically sent to the printer in Crystal Reports format. select Specify a printer. The Print Setup page appears. select the number of copies. Specifying page layout Note: This feature does not apply to Web Intelligence document objects. 2. 5. 442 BusinessObjects Enterprise Administrator’s Guide . For instance. To assign a printer In the Objects management area of the CMC. If your job server is using Windows. type the print command that you normally use. but also to the overall look of the report.” 6. otherwise. in the “Specify a printer” field. the font metrics and other layout settings of the display and/or the printer). and so on. The settings you choose in this section of the Print Setup page affect how you’ll see a report instance when displaying it. 4. type: \\printserver\printername Where printserver is the name of your printer server.17 Managing Objects Report object management 1. click the Print Setup link. select a report object by clicking its link. 3. Note: Page layout settings are not specifically related only to scheduling a report to a printer. Select Print in Crystal Reports format using the selected printer when scheduling if you want report instances to be sent directly to a printer. page size. type: lp -d printername Note: Ensure that the printer you are using (on UNIX) is “shown” and not “hidden. in the “Specify a printer” field. This does not interfere with the format selected when scheduling the report. If your job server is running on UNIX. Leave Default printer selected if you want to print to the Job Server’s default printer. you can first specify page layout criteria such as page orientation. The overall look is affected by the properties of the device for which the report is displayed in (that is. When viewing or scheduling a report instance to any format. Enter a printer’s path and name. and printername is the name of your printer.

Managing Objects Report object management

17

1. 2.

To set a report’s page layout In the Objects management area of the CMC, select a report object by clicking its link. On the Process tab, click the Print Setup link. The Print Setup page appears.

3.

Make your settings according to the type of layout you want. The options are as follows:

• •

Report file default Choose this option if you want the page layout to conform to the settings that were chosen for the report in Crystal Reports. Specified printer settings Choose this option if you want the page layout to conform to the settings of a specified printer. You can choose the Job Server’s default printer or another printer. For information about specifying another printer, see “Specifying a printer” on page 441. When you choose this option, you can print scheduled report instances only to the printer you specify in the “Specified printer settings” area. In other words, you cannot set your report to display with one printer’s setting and then print to a different printer.

Custom settings Choose this option if you want to customize all page layout settings. You can choose page orientation, page size, measurement units (inches or millimeters), page width, and page height.

4.

Click Update.

Applying processing extensions to reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports the use of customized processing extensions. A processing extension is a dynamically loaded library of code that applies your business logic to particular BusinessObjects Enterprise view or

BusinessObjects Enterprise Administrator’s Guide

443

17

Managing Objects Report object management

schedule requests before they are processed by the system. This section shows how to register your processing extension with BusinessObjects Enterprise, and how to apply an available processing extension to a particular report object. For general information about processing extensions and how you can use them to customize report processing and security, see “Processing extensions” on page 241. For information on writing your own processing extensions with the Processing Extension API, see the developer documentation available on your product CD. Note: On Windows systems, dynamically loaded libraries are referred to as dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded libraries are often referred to as shared libraries (.so file extension). You must include the file extension when you name your processing extensions. Also, file names cannot include the \ or / characters.

Registering processing extensions with the system
Note: This feature does not apply to Web Intelligence document objects. Before you can apply your processing extensions to particular objects, you must make your library of code available to each machine that will process the relevant schedule or view requests. The BusinessObjects Enterprise installation creates a default directory for your processing extensions on each Job Server, Page Server, and Report Application Server (RAS). It is recommended that you copy your processing extensions to the default directory on each server. On Windows, the default directory is C:\Program
Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProcessExt. On UNIX, it is the bobje/processext

directory. Tip: It is possible to share a processing extension file. For details, see “Sharing processing extensions between multiple servers” on page 447. Depending upon the functionality that you have written into the extension, copy the library onto the following machines:

• • •

If your processing extension intercepts schedule requests only, copy your library onto each machine that is running as a Job Server. If your processing extension intercepts view requests only, copy your library onto each machine that is running as a Page Server or RAS. If your processing extension intercepts schedule and view requests, copy your library onto each machine that is running as a Job Server, Page Server, or RAS.

Note: If the processing extension is required only for schedule/view requests made to a particular Server Group, you need only copy the library onto each processing server in the group.

444

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2.

To register a processing extension with the system Go to the Objects management area of the CMC. Click Object Settings.

3. 4.

In the Name field, type a display name for your processing extension. In the Location field, type the file name of your processing extension along with any additional path information:

• •

If you copied your processing extension into the default directory on each of the appropriate machines, just type the file name (but not the file extension). If you copied your processing extension to a subfolder below the default directory, type the location as: subfolder/filename

Note: Although the actual file name must include the .dll or .so extension (as appropriate to the server’s operating system), you must not include the file extension in the Location field. 5. 6. Use the Description field to add information about your processing extension. Click Add. You can now select this processing extension to apply its logic to particular objects. For details, see “Selecting a processing extension for a report” on page 445. Tip: To delete a processing extension, select its check box and click Delete. (Make sure that no recurring jobs are based on this processing extension because any future jobs based on this processing extension will fail.)

Selecting a processing extension for a report
Note: This feature does not apply to Web Intelligence document objects. 1. 2. To select a processing extension for a report Go to the Objects management area of the CMC. Click the link to the report object that you want to apply your processing extension to.

BusinessObjects Enterprise Administrator’s Guide

445

17

Managing Objects Report object management

3.

Click the Process tab, and then click the Filters link.

4.

Select your processing extension in the Available Processing Extensions list. Note: Your processing extensions appear in this list only after you have registered them with the system. For details, see “Registering processing extensions with the system” on page 444. Tip: You may apply more than one processing extension to a report object. Repeat steps 4 and 5 for each processing extension; then use the up and down arrows to specify the order in which the processing extensions should be used.

5.

Click Update. Your processing extension is now enabled for this report object.

446

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Sharing processing extensions between multiple servers
Note: This feature does not apply to Web Intelligence document objects. If you want to put all processing extensions in a single location, you can override the default processing extensions directory for each Job Server, Page Server, and RAS. First, copy your processing extensions to a shared directory on a network drive that is accessible to all of the servers. Map (or mount) the network drive from each server’s machine. Note: Mapped drives on Windows are valid only until you reboot the machine. For details, see “Ensuring that server resources are available on local drives” on page 526. If you are running servers on both Windows and on UNIX, you must copy a .dll and an .so version of every processing extension into the shared directory. In addition, the shared network drive must be visible to Windows and to UNIX machines (through Samba or some other file-sharing system). Finally, change each server’s command line to modify the default processing extensions directory. Do this by adding “-report_ProcessExtPath <absolute path>” to the command line. Replace <absolute path> with the path to the new folder, using whichever path convention is appropriate for the operating system that the server is running on (for example, M:\code\extensions, /home/shared/code/extensions, and so on). The procedure for making this modification depends upon your operating system:

• •

On Windows, use the CCM to stop the server. Then open the server’s Properties to modify the command line. Start the server again when you have finished. On UNIX, run ccm.sh to stop the Job Server/Page Server. Then edit ccm.config to modify the server’s command line. Start the server again when you have finished. For reference, see “ccm.sh” on page 598.

Working with hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. Crystal Reports lets you use hyperlinks to navigate from one report object to another. You can move to a Report Part within the report itself, to other report objects or their parts, or to specific instances of reports or Report Parts. This navigation is available only in the new script-based DHTML viewers (zeroclient, server-side viewers) included in BusinessObjects Enterprise XI. By linking directly from one object to another, the required data context is passed automatically so that you navigate to the object and data that is relevant.

BusinessObjects Enterprise Administrator’s Guide

447

17

Managing Objects Report object management

Initially, when you add hyperlinks between reports in Crystal Reports, you create a link from one file directly to another. However, when you publish linked report files simultaneously to the same object package, the links are modified to point to managed report objects. (Each link is changed, so that it references the appropriate destination report by Enterprise ID, rather than by file path.) Also, the modified links become relative inside the object package. When you schedule the object package, BusinessObjects Enterprise processes its reports, and again modifies hyperlinks within each report instance: hyperlinks between report objects in an object package are converted to hyperlinks between report instances in a specific instance of the object package. For more information on object packages, see “Scheduling objects using object packages” on page 471. To view hyperlinked reports, you must publish both the home and destination reports to the same BusinessObjects Enterprise system. (A home report is one that contains a hyperlink to another report: the destination report.) Note: For information about how to create hyperlinks between report objects, see the Crystal Reports Online Help.

Publishing and hyperlinking reports
Note: This feature does not apply to Web Intelligence document objects. To avoid breaking hyperlinks between reports, it is best to publish the reports first and then to create the hyperlinks. 1. 2. 3. 4. To publish and then hyperlink reports Create the reports, without hyperlinks, in Crystal Reports. Publish them to BusinessObjects Enterprise. Use Crystal Reports to log on to your BusinessObjects Enterprise system. Create the hyperlinks between the home and destination reports. See the Crystal Reports Online Help.

Crystal Reports automatically determines what type of link—relative or absolute—to establish between the reports. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances.

Publishing reports with existing hyperlinks
Note: This feature does not apply to Web Intelligence document objects. The recommended method for creating hyperlinked reports is first to publish the individual reports, then create hyperlinks between them. See “Publishing and hyperlinking reports” on page 448.) However, because this is not always

448

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

possible, use the following procedure to publish reports after they have been hyperlinked. When you publish reports this way, the hyperlinks are converted to relative links.

BusinessObjects Enterprise Administrator’s Guide

449

17

Managing Objects Report object management

To publish reports with existing hyperlinks Using the Publishing Wizard, publish the reports (that are linked to each other) to the same object package. Note: If you publish hyperlinked reports independently of each other, rather than publishing them simultaneously to the same object package, all hyperlinks between the reports will break. You must re-establish the links using Crystal Reports and save the report back to BusinessObjects Enterprise. (For more information, see the Crystal Reports Online Help.)

Viewing hyperlinks in a report
Note: This feature does not apply to Web Intelligence document objects. You can view a list of the links in a report by clicking the Links link on the report’s Properties page. The links are listed as either relative or absolute. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances. 1. 2. To view a list of links in a report object In the Objects management area of the CMC, select the report object by clicking its link. Click the Properties tab, and then click the Links link. The Links page appears.

Viewing hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports navigation between hyperlinked reports only with script-based viewers, specifically the DHTML and Advanced DHTML viewers in InfoView. To change your preferred viewer in the CMC, click the Preferences button in the upper-right corner of the CMC, and select the appropriate viewer from the Viewer list. For information on how to change your preferred viewer, see the BusinessObjects Enterprise User’s Guide. Parameter information is not carried over between the home and destination reports. That is, when you view a destination report by clicking a hyperlink in a home report, you are prompted to enter any parameters that the destination report requires.

450

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Security considerations
To view hyperlinked reports through BusinessObjects Enterprise, you must have the appropriate rights both in BusinessObjects Enterprise and at the database level. In BusinessObjects Enterprise, to view a destination report through a hyperlink in a home report, you must have View rights to the destination report. When the hyperlink points to a report object, you must have View On Demand rights to be able to refresh the data against the data source. For information about setting the levels of access to objects, see “Setting common access levels” on page 320. Database logon information is carried over between hyperlinked reports. If the credentials you specified to view the home report are not valid for the destination report, you are prompted for a valid set of database logon credentials for the destination report.

Program object management
This section explains program objects and instances, and how to manage them through the Central Management Console (CMC). It includes the following sections:

• •

“What are program objects and instances?” on page 451 “Setting program processing options” on page 453

What are program objects and instances?
A program object is an object in BusinessObjects Enterprise that represents an application. Publishing a program object to BusinessObjects Enterprise allows you to use BusinessObjects Enterprise to schedule and run the program object and to manage user rights in relation to the program object. For information about publishing program objects, see “Publishing overview” on page 374. When you publish a program object or its associated files to BusinessObjects Enterprise, they are stored in the Input File Repository Server (FRS). Each time a BusinessObjects Enterprise program runs, the program and files are passed to the Program Job Server, and BusinessObjects Enterprise creates a program instance. Unlike report instances, which you can view in their completed format, program instances exist as records in the object history. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. This file appears when you click a program instance in the object History.

BusinessObjects Enterprise Administrator’s Guide

451

17

Managing Objects Program object management

Program types Three types of applications can be published to BusinessObjects Enterprise as program objects:

Executable Executable programs are binary files, batch files, or shell scripts. They generally have file extensions such as: .com, .exe, .bat, .sh. You can publish any executable program that can be run from the command line on the machine that runs the Program Job Server.

Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. For Java program objects to have access to Java SDK objects, your class must implement the IProgramBase interface from the BusinessObjects Enterprise Java SDK (com.businessobjects.sdk.plugin.desktop.program.IProgramBase). For details, see the BusinessObjects Enterprise Java SDK Guide.

Script Script program objects are JScript and VBScript scripts. They are run on Windows using an embedded COM object and can—once published— reference the BusinessObjects Enterprise SDK objects. For details, see the BusinessObjects Enterprise COM SDK Guide. Note: Script program objects are not supported on UNIX.

Note: As the administrator, you can choose to enable or disable any of the types of program objects. For details, see “Authentication and program objects” on page 458. Once you have published a program object to BusinessObjects Enterprise, you can configure it in the Objects management area of the CMC. For each type of program object (Executable, Java, or Script) you can choose to specify command-line arguments and a working directory. For executable and Java programs, there are additional ways, both required and optional, to configure the program objects and provide them with access to other files. Tip: Program objects allow you to write, publish, and schedule scripts or Java programs that run against BusinessObjects Enterprise, and perform maintenance tasks, such as deleting instances from the history. Furthermore, you can design these scripts and Java programs to access BusinessObjects Enterprise session information. This ensures that the scheduled program objects retain the security rights or restrictions of the user who scheduled the job. (Your scripts or java programs require access to the BusinessObjects Enterprise SDK. For details, see the BusinessObjects Enterprise COM SDK Guide or the BusinessObjects Enterprise Java SDK Guide.)

452

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Setting program processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the program processing options includes the following tasks:

• • • • •

“Specifying command-line arguments” on page 453 “Setting a working directory for a program object” on page 454 “Configuring executable programs” on page 455 “Configuring Java programs” on page 456 “Authentication and program objects” on page 458

Specifying command-line arguments
For each program object you can specify command-line arguments on the Parameters page for the object. You can specify any argument that is supported by the command-line interface for your program. Arguments are passed directly to the command-line interface, without parsing. 1. 2. To specify command-line arguments In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears.

3.

In the Arguments field, type the command-line arguments for your program, using the same format you would use at the command line itself. For example, if your program has a loops option, to set the loops value to 100, you might type -loops 100

4.

Click Update.

BusinessObjects Enterprise Administrator’s Guide

453

17

Managing Objects Program object management

Setting a working directory for a program object
By default, when a program object runs, BusinessObjects Enterprise creates a temporary subdirectory in the Program Job Server’s working directory, and uses this subdirectory as the working directory for the program. The subdirectory is automatically deleted when the program finishes running. You can specify an alternative working directory for the program object by modifying the Working Directory field on the Parameters page of the object. Or, you can modify the default setting for the working directory for the Program Job Server. Note: The account under which the program runs must have appropriate rights to the folder that you set as the working directory. The level of file permissions required depend on what the program does; however, the program’s account generally needs read, write, and execute permissions to the working directory. For information about setting credentials for an account under which a program object will run, see “Authentication and program objects” on page 458 1. 2. 3. To set a working directory for a program object In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the Working Directory field, type the full path to the directory that you want to set as the program object’s working directory. For example, on Widows, if you created a working directory named working_directory, type C:\working_directory On UNIX, type /working_directory 4. 1. 2. 3. 4. Click Update. To modify the default working directory for the Program Job Server Go to the Servers management area of the CMC. Click the link for Program Job Server. The Properties page appears. In the Temp Directory field, type the full path to the directory you want to set as the working directory for the Program Job Server. Click Update.

454

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Configuring executable programs
When you publish an executable program object to the CMC, you can:

• •

Configure the object to have access to external or auxiliary files. See “Providing Java programs with access to other files” on page 457. Customize environment variables for the shell in which BusinessObjects Enterprise runs the program. See “Specifying environment variables” on page 456.

Providing executable programs with access to other files
Some binary files, batch files, and shell scripts require access to external or auxiliary files to run. Aside from setting a working directory for the program object, there are two ways to provide access to these files:

• •

If a required file is on the same machine as the Program Job Server, you can specify the full path to the file. Alternatively, if the file is not located on the Program Job Server, you can upload the file to the File Repository Server, which will pass the files to the Program Job Server as necessary. To specify paths to required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the External Dependencies field, type the full path to the required file and click Add. Repeat step 3 for each file required. Click Update.

1. 2. 3. 4. 5.

Tip: To edit or remove external dependencies that you have specified, select the file path (in the list of external dependencies on the Parameters page) and click the appropriate button, either Edit or Remove. 1. 2. 3. 4. 5. To upload required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Auxiliary Files link. The Auxiliary Files page appears. Click Browse to navigate to the required file, then click Add File. Repeat step 3 for each required file. Click Update.

BusinessObjects Enterprise Administrator’s Guide

455

The Parameters page appears. 4. For example. where name is the environment variable name and value is the value for the environment variable. Modifications to an existing environment variable override this variable. you might type: path=%path%. select the variable (in the list of environment variables on the Parameters page). For example. and use the appropriate case. 2. type the environment variables you want to set. 456 BusinessObjects Enterprise Administrator’s Guide . In the Environment Variables field. Use the form name=value. Configuring Java programs To successfully schedule and run Java programs in BusinessObjects Enterprise. See “Providing Java programs with access to other files” on page 457. Any changes you make to environment variables exist only in the temporary shell in which BusinessObjects Enterprise runs the program. and you can specify Java Virtual Machine options.17 Managing Objects Program object management Tip: To remove auxiliary files that you have specified. Thus. you can configure your program by adding or modifying environment variables. select the file(s) (in the list of external dependencies on the Parameters page) and click Remove File(s). 3. the environment variables are destroyed. Additionally. However. and click the appropriate button. you can provide the Java program with access to other files located on the Program Job Servers. either Edit or Remove. rather than append to it. Click Update. See “Setting required parameters for Java programs” on page 457. you might type:PATH=$PATH:/usr/bin Note: BusinessObjects Enterprise sets your environment variables using the syntax that is appropriate for your operating system. Tip: To edit or remove environment variables that you have specified.c:\usr\bin On UNIX. Specifying environment variables In the CMC. on UNIX you must follow convention. 1. then click the Parameters link. Click the Process tab. when the program exits. click the link for the program object. you must specify the required parameters for the program object. you can set the path variable to append a user’s bin directory to the existing path: • • On Windows. To add an environment variable In the Objects management area of the CMC. all name values on UNIX must be typed in upper-case.

3. The Parameters page appears.class file that implements the IProgramBase interface from the BusinessObjects Enterprise Java SDK.class. BusinessObjects Enterprise Administrator’s Guide 457 . Click the Parameters tab.desktop. type the base name of the . Click the Process tab. To specify required parameters for Java programs In the Objects management area of the CMC.plugin. and stored on the Program Job Server. Note: The Java Runtime Environment must be installed on each machine that is running a Program Job Server.Managing Objects Program object management 17 Setting required parameters for Java programs To successfully schedule and run a Java program. if the file name is Arius. such as Java libraries. Click Update. In the Classpath field.IProgramBase). then click the Parameters link. type Arius 4.businessobjects. 4. a colon for UNIX.class file that implements the IProgramBase from the BusinessObjects Enterprise Java SDK (com. 2. For example.program. To provide Java programs with access to other files In the Objects management area of the CMC. you must provide BusinessObjects Enterprise with the base name of the . The Parameters page appears. click the link for the Java program object. 2. In the Class to run field. 1. You must separate multiple paths with the classpath separator that is appropriate to your operating system: a semi-colon for Windows. type the full paths to the locations of any Java library files that are required by the Java program. located on the Program Job Server. Providing Java programs with access to other files You can provide Java programs with access to files. 3. 1. click the link for the Java program object.sdk. Click Update.

You can control the types of program objects users can run. you must specify credentials for the account under which the program runs. and the rights of the program will be limited to those of the user. Note: By default. 3. Click “Schedule with the following operating system credentials” and provide a default user name and password. the program can make to files. The Logon page appears. 2. Alternatively. the program will run under that user account. and assign it appropriate rights. to give the program access to the system. Enabling or disabling a type of program object As a first level of security. you can configure the types of program objects available for use. if any. it runs under the default system account. click the link for the program object. when you schedule a program object. then click the Program Objects tab. 2. If you choose not to specify a user account for a program object. 4. the job fails if credentials are not specified. the administrator. click Object Settings in the Objects management area. then click the Logon link. The level of file permissions for the account under which a program object runs will determine what modifications. users who publish program objects to BusinessObjects Enterprise can assign their own credentials to a program object. To provide default credentials. click Object Settings. 1. to have the program object run as that account. For details.17 Managing Objects Program object management Authentication and program objects Be aware of the potential security risks associated with the publication of program objects. As the administrator. to set up a specific user account for the program. To enable or disable a type of program object In the Objects management area of the CMC. you must protect the system against abuse. 458 BusinessObjects Enterprise Administrator’s Guide . and you can configure the credentials required to run program objects. Thus. Select the type or types of program objects you want users to run. Click Update. which generally has rights locally but not across the network. 1. Click the Program Objects tab. see “Controlling users’ access to objects” on page 317. This feature allows you. Click the Process tab. To specify a user account for a program object In the Objects management area of the CMC. Authentication on all platforms In the Objects management area of the CMC.

Managing Objects Object package management 17 3. and how to manage them through the Central Management Console (CMC). a typical location is . to suit your specific needs.. type the credentials for the user account under which the program should run. For example.policy Object package management This section explains object packages and instances. Authentication for Java programs BusinessObjects Enterprise allows you to set security for all program objects. which has a default setting that is consistent with the Java default for unsecure code.policy On UNIX. Note: • • The settings for the Java Policy are universal for all Program Job Servers running on the same machine.. The first entry points to the BusinessObjects Enterprise Java SDK and allows program objects full rights to all BusinessObjects Enterprise JAR files. It includes: • • • • • “What are object packages. components. It uses the same security settings for unsecure code as the Java default for unsecure code. For Java programs. a typical location on Windows is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\conf\crystal-program. The second code base entry applies to all local files. Use the Java Policy Tool (available with the Java Development Kit) to modify the Java Policy File. the Java Policy File is installed to the Java SDK directory in the BusinessObjects Enterprise install root directory. In the User Name and Password fields. The Java Policy Tool has two code base entries. By default. and instances?” on page 460 “Creating an object package” on page 460 “Adding objects to an object package” on page 461 “Configuring object packages and their objects” on page 462 “Authentication and object packages” on page 463 BusinessObjects Enterprise Administrator’s Guide 459 . 4. BusinessObjects Enterprise forces the use of a Java Policy File. Click Update./solaris_install/bobje/enterprise11/JavaSDK/crystalprogram.

In the Title field. you can only view them by opening their object package. This field is optional. 3. if you run an object package. They have more limited configuration options than other objects. Component instances are tied to object package instances. Rather. and thereby create an instance. however. 5. and Hyperlink objects. and they do not appear in the list of all objects on the first page of the Objects management area of the CMC. Text. Ensure the correct folder name appears in the Destination field. and instances? Object packages function as distinct objects in BusinessObjects Enterprise. The Object Package tab appears. Note: You cannot place object packages in the top level folder or inside other object packages. Rich Text.) Placing multiple objects in a single object package allows you to schedule them simultaneously. BusinessObjects Enterprise Administrator’s Guide . For example. BusinessObjects Enterprise creates an object package instance each time it runs an object package. Click New Object. Creating an object package 1. (NonBusinessObjects Enterprise objects. object packages allow users to view synchronized data across reports. In the Description field. For hyperlinked report instances in object package instances. the existing object package instance does not change. will reflect the change. Go to the Objects management area of the CMC. 2. the hyperlinks point to the other report instances in the same object package instance. Object packages can be composed of any combination of report and program objects that are published to the BusinessObjects Enterprise system. cannot be added to object packages. it still contains the report instance from the report object that you removed.17 Managing Objects Object package management What are object packages. Tip: • 460 To expand a folder. 4. For details about hyperlinked reports. Component objects are not autonomous. Think of them as folders you can schedule. then remove a report object from the object package. select it and click Show Subfolders. such as Excel. type a description of the object package. Word. Future instances of the object package. then click the Object Package tab. The object package instance contains individual instances of each of its component objects. rather than to component objects. along with all of their contents. For reports. Acrobat. type the name of the object package you want to create. PowerPoint. components. see “Working with hyperlinked reports” on page 447.

the CMC displays the Properties page. or Script. 5. the component and the original are separate entities. you can add report and/or program component objects to it. use the Look For field. see “Copying. You can add previously unpublished objects directly to the object package. Click OK. once you create the copy of the original object inside the object package. or click browse to navigate to the object you want to publish. Click the Objects tab. or creating a shortcut for an object” on page 417. 1. and whether to use the Object Repository when refreshing the report. set the program type: Executable. Click OK. Set the appropriate properties. moving. set whether to generate a thumbnail for the report. 4. object settings. or you can copy existing objects into the object package. However. A list of object tabs appears. Changes in one object are not reflected in the other. and notification for the object package. Note: You publish objects to new or existing object package using the Publishing Wizard. BusinessObjects Enterprise Administrator’s Guide 461 . after you have created an object package. Click the appropriate tab. user rights. Java. Adding objects to an object package In the CMC. To publish a new object directly to an object package In the Objects management area of the CMC. destination. the component object retains the same settings as the original object. Note: When the object package has been added to the system. For details on copying objects. view an object package by clicking its link. 6. contents. • • 7. Report or Program. see “Publishing with the Publishing Wizard” on page 376. 3. You can only move copies of existing objects into the object package. Specify the file name or. you cannot move the existing objects themselves. For details. Note that you can add only report objects or program objects to an object. To search for a specific folder. 2. For programs.Managing Objects Object package management 17 • 6. then click the New Object button. When you copy an object into an object package. You can now modify the properties. scheduling information. or between object packages. For reports.

you have to specify the destination for an object package. When the system runs the object package. see: • • • • “General object management” on page 417 “Report object management” on page 425 “Program object management” on page 451 Chapter 18: Scheduling Objects Configure for an object package yes --yes Scheduling server ----yes --Configure for individual objects in a package yes yes yes -View & Modify server yes yes yes yes -yes yes Configuration tabs and links Properties tab Refresh Options Links History tab Process tab Database Parameters Filters Print Setup Schedule tab Notification Alert Notification 462 BusinessObjects Enterprise Administrator’s Guide . Note: Because the objects in an object package are copies of objects that exist outside the package. it will save the output instances to the destination you specified for the object package. that is. you configure some parameters at the object package level. for the individual objects in the object package. The following table indicates which configuration parameters you can modify for an object package or for individual objects in a package. For information on how to set or modify these parameters. and some at the object level.17 Managing Objects Object package management Configuring object packages and their objects Object packages are intended to save you time scheduling objects that have similar scheduling requirements. but you cannot specify destinations for the individual objects in the package. The parameters are identified by tab or link. the changes you make will not affect the objects outside the object package. For example. As a result.

the component instance(s) fail(s).) BusinessObjects Enterprise Administrator’s Guide 463 .Managing Objects Object package management 17 Configuration tabs and links Format Destination Schedule For Categories tab Corporate Personal Rights tab Configure for an object package -yes yes n/a yes yes yes Configure for individual objects in a package yes --n/a yes yes -- Authentication and object packages Object packages simplifies both Enterprise and database authentication. you specify database logon information for each report component object in the object package. For database authentication. You enter your Enterprise authentication only once to schedule the object package. including all of its component objects. If you attempt to schedule a package that contains one or more component objects to which you do not have schedule rights. Consequently. it initially inherits the database logon information of the original report. you must have scheduling rights for each of the objects inside the object package. (If you copied the report into the object package.

17 Managing Objects Object package management 464 BusinessObjects Enterprise Administrator’s Guide .

Scheduling Objects chapter .

A program instance is a text file that contains the standard out and standard error produced when the program object was run. “Managing instances” on page 495 This section describes how to manage instances for an object. and object packages.18 Scheduling Objects Scheduling objects overview Scheduling objects overview Scheduling an object lets you run it automatically at specified times. A scheduled instance contains object and schedule information. Output instances also appear on the History page of an object and have a status of Success or Failed. “Setting the scheduling options” on page 476 This section describes the options on the different Schedule pages for an object. You can schedule report objects. or Destination. the system creates a scheduled instance for the object. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. In order for a program object to be successfully scheduled and run. Scheduling objects When you schedule an object. This chapter contains the following sections: • • • “Scheduling objects” on page 466 This section provides information on how to schedule objects. it creates an output instance for the object. For details. see Chapter 17: Managing Objects. For details about object types and object management. It does not contain any data yet. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. see “Authentication and program objects” on page 458. Scheduled instances use the settings that are presently configured for the object in CMC. program objects. 466 BusinessObjects Enterprise Administrator’s Guide . When the system runs the object. the system creates a scheduled instance for the object. Web Intelligence documents. such as Notification. you must provide logon information for the account that the program object will run as. It does not contain any data yet. for example. A report instance contains actual data from the database. When you schedule an object. a report or program instance. A scheduled instance contains object and schedule information.

The system creates a scheduled instance and it will run the instance according to the schedule information you just specified. Many scheduling options allow you to schedule an instance with events. For a list and descriptions of the recurrence patterns. Click Schedule. To schedule an object In the Objects management area of the CMC. Set any of the other schedule options and parameters as required. Friday. For details. showing the default settings for the object. Select the recurrence pattern you want. Click the Schedule tab. 5. 2. You can view the scheduled instance on the History page for the object. Note: To save the schedule settings as the new default setting for the object. For example. For details. 4.Scheduling Objects Scheduling objects 18 For end users to schedule and run objects. BusinessObjects Enterprise Administrator’s Guide 467 . Specify the Run option and parameters that you want. Note: If a Web Intelligence document has been set to “refresh on open” then the system will access the database to obtain the latest information each time a user views the document. select an object by clicking its link. 6. whereas CMC enables you to manage and administer objects in addition to scheduling objects and viewing reports. 1. click Update. see “Recurrence patterns” on page 469. For example. See also “Managing and viewing the history of instances” on page 495. Therefore. see “Setting the scheduling options” on page 476. InfoView is designed primarily to schedule objects and view reports. it may not be advantageous to schedule Web Intelligence documents that are set to “refresh on open”. The Schedule page appears. Wednesday. The new settings on the Schedule tab for the object are saved. see “Scheduling an object with events” on page 473. select “Every week on” and then specify Monday. because running the document at scheduled times will not reduce the number of database hits. select Weekly. 3. For a list and descriptions of the Run options and parameters. see “Run options and parameters” on page 469. they must use a web-based client such as InfoView or a custom web application.

The recurrence patterns appear on the left of the Schedule page. 468 BusinessObjects Enterprise Administrator’s Guide . and then the run option (for example. You then specify additional parameters to control exactly when and how often the object will be run. you select Daily or Weekly.18 Scheduling Objects Scheduling objects About the scheduling options and parameters When you schedule an object. you choose the recurrence pattern that you want. The Run options list and related parameters appear to the right of the recurrence patterns. For example. “Every week on”).

and a start and end date you want it to run. Not all parameters apply in all cases. Run This list always appears. see: • • “Recurrence patterns” on page 469 “Run options and parameters” on page 469 Recurrence patterns When scheduling an object. You can specify which days. refer to the software. You can specify on which days of the month. but when they apply.” To see all the Run options for a recurrence pattern. For example. and a start and end date.Scheduling Objects Scheduling objects 18 Which run options and parameters are available depends on the recurrence pattern you selected. and fields are generally self explanatory. you can select to run the object “Once each day” or “Every X day(s). Calendar—The object will be run on the dates specified in a calendar. The names of the recurrence patterns. or when a specified event has occurred. if you select Daily. The calendar must have been previously created. but the options vary depending on which recurrence pattern you select. what time. You can specify what time as well as a start and end date. options.” If you select Monthly. Run options and parameters This section describes the Run parameters for scheduling an object. See Chapter 19: Managing Calendars. Once—The object will be run only once. You can specify which calendar. It can be run once a week or several times a week. It can be run now or in the future. such as start and end dates. you can choose from the following recurrence patterns: • • • • • • On demand—The object will only be run when a user request it to be run. It can be run once or several times a day. but for a complete description. their function is the same. In many case the same parameters appear. Monthly—The object will be run every month or every several months. Weekly—The object will be run every week. you can select to run the object “On the Nth day of the month” or “On the first Monday of the month. what time. Daily—The object will be run every day. BusinessObjects Enterprise Administrator’s Guide 469 .

Available Schedule Events Applies to all Run options that include “with events. even if all the other criteria are met.” Select an event and click the Add button to move it to the “Events to trigger on completion” box. the system will run the report every hour. if you specify a start date that is three months into the future. The number of times the system attempts to process an object if the first attempt is not successful. N minute(s)” Run option. The default is the current date and time. See also “Scheduling an object with events” on page 473. the system won’t run the object until the start date has passed. in seconds. if you select the “Daily” recurrence pattern and the “Every X hour(s). The system will run the object according to the schedule that you specified. but not all. Specify a different End Date if required. After that. You can then changes these values as needed. This list of events contains schedule events only. as soon as it can. You can select one or several events. When you select a Run option that contains these variables. End Date Applies to most. Once the End Date has passed. that the system will wait before it attempts to process the object again if the first attempt is unsuccessful. You cannot trigger file or custom events. to ensure an object will be run indefinitely. 470 BusinessObjects Enterprise Administrator’s Guide .” Select an event and click the Add button to move it to the “Events to wait for” box. Available Events Applies to all Run options that include “with events. you could specify to run the report every 4 (X) hours and 30 (N) minutes. For example. the system will run the report at the specified time.18 Scheduling Objects Scheduling objects X and N variables Applies to certain Daily and Monthly recurrence patterns only. The period. The system will run the object only when those events have been successfully completed. and Chapter 20: Managing Events. the system displays their default values. For example. recurrence patterns and Run options. A successful run of the object will trigger the events that you specified. but not all recurrence patterns and Run options. By default. You can select one or several events. If you don’t change the X or N value. See also “Scheduling an object with events” on page 473. after the Start Date has passed. Retry interval in seconds Always applies. Start Date Applies to most. The default is the current time and a date in the distant future. the number is zero. the system no longer runs the object. Number of retries allowed Always applies.

Otherwise: a. Go to the Objects management area of the CMC again. 2. In terms of reports and Web Intelligence document. Object packages function as distinct objects in BusinessObjects Enterprise. if you want a report object in an object package to print when scheduled. f. To schedule objects using object packages Go to the Objects management area of the CMC.Scheduling Objects Scheduling objects 18 Scheduling objects using object packages You can schedule objects in batches using the object packages feature. Select a destination for the object package. e. BusinessObjects Enterprise Administrator’s Guide 471 . Finally. see “Publishing overview” on page 374. See also “Publishing with the Central Management Console” on page 385. For example. see “Managing Objects” on page 415. For more information about configuring objects. you copy existing objects into the object package. see “Object package management” on page 459. you must configure it through the Print Setup link available on the report object’s Process tab. Type the package name and a description. For details on configuring object packages. Click OK. For details on publishing directly to an object package. it allows users to view synchronized data across instances. • 1. see “Working with hyperlinked reports” on page 447. First you publish an object package. If you want. Note: • You must configure the processing information of each of the components of an object package individually. skip this step. d. They can contain any combination of objects that can be scheduled. Then. This procedure describes how to use the CMC to schedule objects by using object packages. For information about publishing hyperlinked report objects. c. assign the object package to a category. and Web Intelligence documents. If the object package already exist. Alternatively. and then click the Object Package tab. you schedule the object package as you would any object. b. and then you can schedule that object packages as you would any object. you can publish objects directly to an object package. such as report and program objects. Click New Object. Using object packages simplifies authentication.

Select Copy to. Select the object package you created as the Destination for the objects. Tip: • • • 7. use the Look For field. To expand a folder. they must be copied to the object package. See “Scheduling objects” on page 466. and then click OK. The Copy/Move/Create Shortcut page appears. 472 BusinessObjects Enterprise Administrator’s Guide . Object packages are indicated by [square brackets]. Select the check boxes associated with each object you want to place in the object package. select it and click Show Subfolders. To search for a specific folder or object package. Note: Existing objects cannot be moved into an object packages. Schedule the object package.18 Scheduling Objects Scheduling objects 3. 5. 4. 6. Click Copy/Move/Shortcut.

see “Schedule-based events” on page 512. Also. the object will not run. Scheduling objects based on an event When you schedule an object that waits for a specified event. You can tell an object to wait for any. If the event is triggered before the start date of the object. BusinessObjects Enterprise Administrator’s Guide 473 . and only when the rest of the schedule conditions are met. the object will not run because not all of the conditions will have been met. Select the recurrence pattern you want. For a list and descriptions of the recurrence patterns. BusinessObjects Enterprise will trigger the specified event. For a sample scenario on when you would use a schedule-based event. if you choose a weekly. for example. 2. the object will have a specified time frame in which it can be processed. If you have specified an end date for this object. and if the event is not triggered before the end date occurs. select an object by clicking its link. and schedule-based. you must choose a schedule-based event. if the event is triggered outside of the 24-hour period. Note: To schedule an object with events. if the event is based on the instance being run successfully. Click the Schedule tab. select Weekly. Scheduling objects to trigger an event You can also schedule an object which triggers a schedule-based event upon completion of the object being run. The event must be triggered within this specified time for the object to run. custom-based. first ensure that you have created the event. See “Managing events overview” on page 510. the event must be triggered within the 24-hour period on Monday. 3. 1. or all of the three event types: file-based. the event won’t be triggered if the instance fails. the object will be run only when the additional condition (that is. If you want a scheduled object to trigger an event. A schedule-based event is triggered by another object being run. then the report will not run. Note: A file-based event is triggered upon the existence of a specified file. the event) occurs. To schedule an object to run based on events In the Objects management area of the CMC. if you schedule a weekly report object that runs every Monday. For example. For example. the object will run only when the event is triggered.Scheduling Objects Scheduling objects 18 Scheduling an object with events When you schedule an object with events. or calendar schedule. For a schedule-based event. monthly. When the object is run. A custom-based event is triggered manually. see “Recurrence patterns” on page 469.

To update the default scheduling information. For example. 7. Click the Schedule button to schedule the object. Start Date. 8. and so on). click Update. For a list and descriptions of the Run options and parameters. If you don’t click Update. any changes you made to the scheduling information are not saved. In the Available Events area.” 5.18 Scheduling Objects Scheduling objects 4. Select and complete the schedule parameters for your object (scheduling option. see “Run options and parameters” on page 469. 6. End Date. 474 BusinessObjects Enterprise Administrator’s Guide . “with events. the report object above is set to wait for a Custom-based event to occur before the report is processed. select a run option that contains the words. select from the list of events and click Add. In the Run list.

select from the list of events and click Add. Click the Schedule tab. From the list on the left of the page. 6.” Select and complete the schedule parameters for your object (scheduling option. “with events. Start Date. To schedule an object to trigger an event In the Objects management area of the CMC. or by Calendar. 3. Monthly. select a recurrence pattern: Once. see “Recurrence patterns” on page 469. 5. and so on). In the Available Schedule Events area. BusinessObjects Enterprise Administrator’s Guide 475 . End Date. Weekly. For a list and descriptions of the recurrence patterns. Daily. select a run option that contains the words. 4. select an object by clicking its link. 2. In the Run list.Scheduling Objects Scheduling objects 18 1.

Setting the scheduling options BusinessObjects Enterprise allows you to control the process and schedule settings for an object. the report object above is set to trigger a Schedule-based event only if the report is successfully processed. You can send notification using audit or email notification. 476 BusinessObjects Enterprise Administrator’s Guide . Click the Schedule button to schedule the object. and you can automatically inform users when new report instances run successfully. For example. Using notification settings in BusinessObjects Enterprise. Note: You can only select schedule-based events in this list. Setting the scheduling options includes the following tasks: • • • • • • “Scheduling objects” on page 466 “Setting notification for an object’s success or failure” on page 476 “Specifying alert notification” on page 479 “Selecting a destination” on page 481 “Choosing a format” on page 491 “Scheduling an object for a user or group” on page 493 Setting notification for an object’s success or failure You can set scheduling options that automatically send notification when an object instance succeeds or fails. 8. click Update. it would take too much time to manually check the reports and contact the users who need the information. With thousands of reports. you can set each object to automatically notify you when the report fails to run properly. and then send out emails to the users who need to know that the new report is available. 7.18 Scheduling Objects Setting the scheduling options For example. You need to check each instance to make sure it ran properly. You can also combine multiple notification methods. If you don’t click Update. you may have a large number of reports that run every day. and provide different notification settings for successful and failed instances. any changes you made to the scheduling information are not saved. To update the default scheduling information.

BusinessObjects Enterprise does not monitor problems with the program object’s code. if an email notification sends a message to an invalid email address. You can also set scheduling options for individual objects within an object package. To change this setting. You can choose to notify using: BusinessObjects Enterprise Administrator’s Guide 477 . You can also schedule object packages with events on the Schedule tab. If notification fails. About notification You can set notification at the object level. then the notification fails and the object instance is recorded as a failure in the object’s history. which will trigger an event based on success or failure of the object package. For more information about events. You can select unique notification options for each object. the instance is considered a failure. • Program objects For program objects. but does not perform the tasks it is supposed to. If the program runs. see “Schedule-based events” on page 512. If the program does not run. but you can set any type of notification for the individual objects in the object package. you can set only event notification. Note: You cannot set audit or email notification for object packages. The conditions required for an instance’s success or failure depend on the type of object you schedule: • Report and Web Intelligence document objects A report instance runs successfully if it doesn’t encounter any errors while processing the report object or accessing the database. For object packages. the scheduled instance either succeeds or fails. A report instance may fail if the user does not provide the correct parameters or logon information. To monitor object successes and failures from a more general perspective. click the object package’s Properties tab and clear the “Scheduled package fails upon individual component failure” option. use the auditing functionality within BusinessObjects Enterprise. • Object packages An object package may fail if one of its components fails.Scheduling Objects Setting the scheduling options 18 Determining an object’s success or failure When you schedule an object. For example. sending different types of notification for different conditions. it is still considered a successful instance because the program object ran. then the object instance fails. the program must run in order to succeed.

it will be labelled “Enabled”. you could send your administrator an email if the report fails. when it fails to run. the notification has nothing to do with the contents of the report . or both. If you use auditing to monitor your BusinessObjects Enterprise system. For example. Note: If the notification type is already being used. See “Configuring the destinations for job servers” on page 125 Note: Notification of a scheduled object’s success or failure is not the same as alert notification. 2. You can send an email when the instance fails and when it succeeds. you must configure the auditing database and enable auditing for the servers. For more information about configuring the auditing database and enabling auditing. To set notification for an instance’s success or failure Select a object in the Objects management area of the CMC. see “Managing Auditing” on page 203. 3. When you select audit notification. If not. 4. 478 BusinessObjects Enterprise Administrator’s Guide . You can choose the sender and recipients of the email message. then click the Notification link. Click the Schedule tab. Choose the specific settings for the notification. but when the report succeeds you can automatically send a notification to everyone who needs the report to let them know it is now available. Note: To enable email notification. You can choose to have a notification sent to the auditing database when the job runs successfully. you must have the Email SMTP destination enabled and configured on the job servers. it will be labelled “Not in use”. In this case. Alert notification must be built into the design of the report. you can use audit notification. For example. • Email notification You can send an email as a notification of an object instance’s success or failure. information about the scheduled object is written to the auditing database. 1. Note: For the job servers you can also set audit notification on the Auditing tab.it’s just about whether or not the report object instance has failed or succeeded. Click the notification type (or types) you want to use.18 Scheduling Objects Setting the scheduling options • Audit notification To use audit notification. alert notification can send an email to you whenever a specific value in the report exceeds $1000000.

” To send a record when the job fails. To specify the contents and recipients of the email notification. If the alert condition (as defined in Crystal Reports) is true.” Email notification Choose whether you want to send a notification when the job fails or when it succeeds. select “Set the vales to be used here” and provide the From and To email addresses. the alert is triggered and its message is displayed.Scheduling Objects Setting the scheduling options 18 Audit notification To send a record to the auditing database when the job succeeds. select “A job has been run successfully. Note: • • • The Alert Notification link is available only if the report object contains alerts. See “Configuring the destinations for job servers” on page 125. Alerts are custom messages. BusinessObjects Enterprise Administrator’s Guide 479 . set a URL for the viewer you want the email recipient to use. specify the “To.” and “From” fields for the email. To enable alert notification. add subject and message information. You can configure email delivery options. Specifying alert notification Note: This feature does not apply to Web Intelligence document objects. If you enable alert notification. see “Email (SMTP) destination properties” on page 128. Note: By default. the email subject line. and the message.” “Cc. For details on how to change the default email settings. the notification is sent to the server’s default email destination. Click Update. Alerts are triggered in the report object even if you disable alert notification. Alerts may indicate action to be taken by the user or information about report data. you must have the Email SMTP destination enabled and configured on the job servers. and set the maximum number of alert records to send. select “A job has failed to run. you can choose to send alert notification when scheduling a report. created in Crystal Reports. 5. that appear when certain conditions are met by data in a report. messages are sent through an SMTP server. In BusinessObjects Enterprise.

You can change these settings in the Servers management area. The Alert Notification page appears. see “Configuring the destinations for job servers” on page 125. If you select the first option. Click the Schedule tab. BusinessObjects Enterprise will deliver the alert notification using the Job Server’s default settings. 2. select a report object by clicking its link. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. Clear the Enable alert notification check box if you do not want to send an alert notification.18 Scheduling Objects Setting the scheduling options 1. and then click the Alert Notification link. 3. To set alert notification In the Objects management area of the CMC. For more information. 480 BusinessObjects Enterprise Administrator’s Guide . 4.

Click Update. Subject Complete the subject field.org/ 6. For more information. Selecting a destination Using BusinessObjects Enterprise. Being able to choose an additional destination gives you the flexibility to deliver instances across your enterprise system or to destinations outside your enterprise system. For more information. Note: Separate multiple addresses or distribution lists using semicolons. see http://www. When the system runs an object. To Type the addresses or distribution list that you wish to send the report to. you can specify the email settings: • • • • • From Type a return address or distribution list. Type the URL for the viewer in which you want the email recipient to view the report. The viewer URL appears in the hyperlink that is sent in the alert notification email. You can set the default URL by clicking Object Settings on the main page of the objects management area of the CMC. Message Type a short message. see the developer documentation available on your product CD. Note: You must use World Wide Web Consortium (W3C) URL encoding when typing the viewer URL. 5.w3. Type the maximum number of alert records to be included in the alert notification. Use this field to limit the number of records displayed. replace spaces in the path with %20. it always stores the output instance on the Output FRS. 7. Tip: The Alert Name and Status fields are set in Crystal Reports. if required.Scheduling Objects Setting the scheduling options 18 If you select the second option. you can select the default viewer by clicking Use default. The hyperlink in the alert notification displays a report page that contains the records that triggered the alert. you can configure an object or instance for output to a destination other than the default Output File Repository Server (FRS). For example. Alternatively. Cc Type the addresses or distribution list that you wish to send a copy of the alert notification to. BusinessObjects Enterprise Administrator’s Guide 481 .

name or title of the object. you can use a combination of ID. For example. these settings are also reflected in the default scheduling settings for InfoView. Note: You can also configure object instances to be printed after they have been run.” BusinessObjects Enterprise generates a unique name for the output file or files. The following destinations are available: • • • • • “Default destination support” on page 483 “Unmanaged Disk destination support” on page 483 “FTP support” on page 485 “Email (SMTP) support” on page 487 “Inbox support” on page 490 Note: You can change the destination setting for an object or instance either in the Central Management Console (CMC) or in InfoView. However. you cannot specify Unmanaged Disk as a destination for a Web Intelligence document. The following table summarizes which destinations you can configure for which types of objects. To generate a file name. When you specify a destination other then “Default. Object type Report Object Package Program Web Intelligence document Unm. See “Setting printer and page layout options” on page 441. because the recipients must have access to the BusinessObjects Enterprise system to be able to open these types of objects. owner information. you can set an object to have its output automatically delivered by email to other users.18 Scheduling Objects Setting the scheduling options For example. When you specify the destination settings through the CMC. For program and report objects you can specify any of the available destinations. or the date and time information. for object packages and Web Intelligence documents you cannot do this. DIsk No No Email (SMTP) FTP No No File No No Link No Inbox File Link - 482 BusinessObjects Enterprise Administrator’s Guide .

To use a destination. Click Update. for an object package you can configure the individual objects in the object package for output to Unmanaged Disk.Scheduling Objects Setting the scheduling options 18 Default destination support By default. The Destination page appears. However. The Destination page appears. select an object by clicking its link. Click the Schedule tab. select an object by clicking its link. BusinessObjects Enterprise Administrator’s Guide 483 . If the object is a Web Intelligence document or an object package. The processing server must have sufficient rights to the specified location. you can configure the objects for output to an unmanaged disk. To set your destination to default In the Objects management area of the CMC. Select Default from the Destination list. Click the Schedule tab. To set your destination to unmanaged disk In the Objects management area of the CMC. you cannot specify Unmanaged Disk as a destination. In that case. For servers using Windows. the location can also be a Universal Naming Convention (UNC) path. 2. The location must be a local or mapped directory on the processing server. Unmanaged Disk destination support When scheduling objects. Note: • • • 1. 3. the system will save an output instance to both the Output File Repository Server and the specified destination. 2. object instances are saved to the Output File Repository Server (FRS). you must have the destination enabled and configured on the job servers. 1. select that option. then click the Destination link. then click the Destination link. 4. If you want to save instances to the FRS only and not to any other destinations. See “Configuring the destinations for job servers” on page 125.

If you want. 484 BusinessObjects Enterprise Administrator’s Guide . the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. you can set the file name properties and enter user information: • Destination Directory Enter a local location. If you select the first option. see “Configuring the destinations for job servers” on page 125. When that option is selected. 3. If you select the second option. You can change these settings in the Servers management area. For more information. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. or a UNC path. select the Clean up instance after scheduling option.18 Scheduling Objects Setting the scheduling options Select Unmanaged Disk from the Destination list. 4. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. mapped location.

select an object by clicking its link. However. you must have the destination enabled and configured on the job servers. you cannot specify FTP as a destination. its file name will include the object owner’s name. Click the Schedule tab. Note: To use a destination. 1. For example. you must specify a user who has the necessary rights to upload files to the server. To set an FTP server as the destination In the Objects management area of the CMC. Note: You can specify a user name and password only for servers using Windows. To add a variable. if you add the variable “Owner. To connect to the FTP server. See “Configuring the destinations for job servers” on page 125. the variable will be replaced with the specified information from the instance. 5. you can configure the objects for output to a File Transfer Protocol (FTP) server. for an object package you can configure the individual objects in the object package for output to FTP. 2. The Destination tab appears.Scheduling Objects Setting the scheduling options 18 • • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name.” when you schedule an object. Password Type the password for the user. choose a placeholder for a variable property from the list and click Add. then click the Destination link. Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. Click Update.If you specify an FTP destination. FTP support When scheduling objects. If the object is a Web Intelligence document or an object package. • • User Name Specify a user who has permission to write files to the destination directory. BusinessObjects Enterprise Administrator’s Guide 485 . When the instance is run. the system will save an output instance to both the Output File Repository Server and the specified destination.

18 Scheduling Objects Setting the scheduling options 3. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. 5. select the Clean up instance after scheduling option. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. You can change these settings in the Servers management area. 486 BusinessObjects Enterprise Administrator’s Guide . Select FTP from the Destination list. If you select the first option. When that option is selected. 4. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. If you want. For more information see “Configuring the destinations for job servers” on page 125.

to one or more email destinations. a report instance. Account Enter the FTP account information. To add a variable. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. the system will send a copy of the output instance as an attachment to the email addresses you specified. FTP User Name Specify a user who has the necessary rights to upload an object to the FTP server. but it is rarely implemented. Provide the appropriate account only if your FTP server requires it. Click Update. choose a placeholder for a variable property from the list and click Add. 6. you can choose to send the instances of an object. BusinessObjects Enterprise supports Multipurpose Internet Mail Extensions (MIME) encoding.Scheduling Objects Setting the scheduling options 18 If you select the second option. Account is part of the standard FTP protocol. you can set the FTP and file name properties: • • • • • Host Enter the FTP host information. Port Enter the FTP port number (the default is 21). FTP Password Enter the user’s password. After it has run the object. BusinessObjects Enterprise Administrator’s Guide 487 . Email (SMTP) support With Simple Mail Transfer Protocol (SMTP) mail support. • • • Destination Directory Enter the FTP directory that you want the object to be saved to. for example. the system will save the instance to the Output File Repository Server as well as email it to the specified destinations. Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. When you select the Email (SMTP) destination. if required.

Click the Schedule tab. 488 BusinessObjects Enterprise Administrator’s Guide . Select Email (SMTP) from the Destination list 4. If you want. select the Clean up instance after scheduling option. The Destination page appears. 2. See “Configuring the destinations for job servers” on page 125. then click the Destination link. you cannot specify Email (SMTP) as a destination. select an object by clicking its link.18 Scheduling Objects Setting the scheduling options Note: To use a destination. 1. you must have the destination enabled and configured on the job servers. 3. Note: If the object is a Web Intelligence document. To send an object by email In the Objects management area of the CMC.

• Subject Complete the subject field. see “Configuring the destinations for job servers” on page 125. Click Update. BusinessObjects Enterprise Administrator’s Guide 489 . • Attach object instance to email message Clear this check box if you do not want a copy of the instance attached to the email. • Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the object. 6. you can specify the email settings and the file name properties: • From Enter a return address. Separate multiple addresses with semicolons. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC. If you select the first option. If you select the second option. • Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. For more information. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. You can change these settings in the Servers management area. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. • To Enter an address or addresses that you wish to send the object to. • Cc Enter an address or addresses that you wish to send a carbon copy of the object to. When that option is selected.Scheduling Objects Setting the scheduling options 18 5. • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. To add a variable. • Message Type a short message. if required. choose a placeholder for a variable property from the list and click Add.

In this case. the system will save the instance to both the Output File Repository Server and the inboxes you specified. Select Inbox from the Destination list. you can configure objects for output to the inboxes of users. 3. 1. Instead of sending the actual file to the inboxes. you must have the destination enabled and configured on the job servers. Click the Schedule tab. 2. Note: To use a destination. select an object by clicking its link. then click the Destination link.18 Scheduling Objects Setting the scheduling options Inbox support When scheduling objects. The Destination tab appears. See “Configuring the destinations for job servers” on page 125. 490 BusinessObjects Enterprise Administrator’s Guide . you can choose to send a shortcut. To send an object to inboxes In the Objects management area of the CMC.

Copy The system will send a copy of the instance. you can select the format that the document will be saved in when it is generated. If you selected “Set the values to be used at schedule time here. Send List Operation Specify who must receive the report instance. If you want. When that option is selected. Shortcut The system will send a shortcut to the instance. see “Selecting a destination” on page 481.Scheduling Objects Setting the scheduling options 18 4. This format will be saved to the destination you have selected. otherwise skip this step: Send Document as • • • • 7. Type the name and then click Find now. Click Update. • Set the values to be used at schedule time here BusinessObjects Enterprise will schedule the object with the parameters you specify. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. Look for Use this feature to search for a specific user or users group. For more information. select the Clean up instance after scheduling option. Select the processing option that you want: • Use the Job Server’s defaults BusinessObjects Enterprise will schedule the object with the job server’s default settings. 6. Choosing a format Web Intelligence document formats For Web Intelligence documents. rather than send a copy of the instance itself. For more information on destinations. You can select from the following formats: • • • WebIntelligence Microsoft Excel Adobe Acrobat BusinessObjects Enterprise Administrator’s Guide 491 . You can select individual users or user groups. 5. see “Configuring the destinations for job servers” on page 125.” set the parameters for that option.

Tab-separated Values. with each cell representing a field. you can select the format that a report instance will be saved in when it is generated by BusinessObjects Enterprise. the Character-separated Values format places a specified character between values. You can select from the following formats: • • • • • • • • • • • • Crystal Report Microsoft Excel Microsoft Excel (Data Only) Microsoft Word (RTF) Adobe Acrobat Rich Text Editable Rich Text Plain Text Paginated Text Tab-Separated Text Tab-Separated Values Character-separated Values For Excel. the Tab-separated Text format attempts to preserve the formatting of the report. Paginated Text. you can enter characters for the separator and delimiter. if you select Character-separated Values.” Note: • If you choose to print the report when it is scheduled (by checking the “Print in Crystal Reports format using the selected printer when scheduling” check box on the Print Setup page). The difference between Excel and Excel (Data only) is that Excel attempts to preserve the look and feel of your original report.18 Scheduling Objects Setting the scheduling options Crystal report formats For Crystal report objects. For example. the report instance is automatically sent to the printer in Crystal Reports format. This does not conflict with the format you select when scheduling the report. you specify certain formatting properties for the report. while Excel (Data only) saves only the data. • • 492 BusinessObjects Enterprise Administrator’s Guide . The Tab-separated Values format places a tab character between values. see “Selecting a destination” on page 481. For more information on destinations. In contrast. This format will be saved to the destination you have selected for the report object and its instances. you can also select the two check boxes: “Same number formats as in report” and “Same date formats as in report. Each of these two formats produce data lists. and Character-separated Values.

The Caching Options page appears. the Cache Options link is disabled for the object. On the Schedule tab.Scheduling Objects Setting the scheduling options 18 1. On the Schedule tab. 5. If you don’t select a cache format. you can choose to have the system cache the report on the Web Intelligence Report Server by selecting a cache format for the document. Select the format you want. select Web Intelligence object by clicking its link. 1. The Format page appears. 4. select a report object by clicking its link. 2. Click Update. To select a cache format for Web Intelligence documents In the Objects management area of the CMC. 4. Note: To select a cache option. If you select a different format. the format you specified on the Schedule tab for the object must be WebInteligence. Complete any fields that appear below the list and select (where appropriate) the check boxes that appear. click the Format link. 3. 3. then the system won’t cache the document when it runs the document. 2. Scheduling an object for a user or group The Schedule For feature allows you to generate reports that contain data for specific users only. Selecting cache options for Web Intelligence documents When the system runs a scheduled Web Intelligence document it stores the the instance it generates on the Output File Repository Server. Click Update. In addition. click the Caching Options link. It is intended to be used for either of the following types of objects: • • Crystal reports that are based on Business Views Web Intelligence documents that use Universes BusinessObjects Enterprise Administrator’s Guide 493 . Select a format from the Format list. To select a format for the report In the Objects management area of the CMC.

Otherwise. 494 BusinessObjects Enterprise Administrator’s Guide . 2. For example. The system will run the object and generate multiple instances of the report or document. you can schedule a sales report and on the Schedule For page you can specify the users names for all your sales representatives. To change the Schedule For settings for an object In the Objects management area of the CMC. Select who you want to schedule the object for. skip this step. At the specified time. 5. Each instance will contain data that is relevant to the individual user only. • • 4. Click Update. On the Schedule tab. 3. Schedule only for myself Schedule for specified users and user groups If you selected Schedule for specified users and user groups. click the Schedule For link. select a report object by clicking its link. select one or more users or groups and add them to the “Groups to be added to the scheduling list” by using the arrow buttons. Each instance would contain sales information for the individual sales representative only. the system runs the report object and generates the individual report instances. The Schedule For page appears.18 Scheduling Objects Setting the scheduling options Using the Schedule For feature you can schedule an object and specify for which users you want the system to run the object. 1.

For report objects. That is. For program objects. From the History page. Unlike report instances. and refresh instances. a report instance is a report object that contains report data that is retrieved from one or more databases. go to the History page for the object. Essentially. which can be viewed in their completed format. or to provide a time limit for the instances. the Format column displays which format the report is. a report instance is created when a report object is scheduled and run by the Job Server. Each instance contains data that is current at the time the report is processed. program BusinessObjects Enterprise Administrator’s Guide 495 . pause.Scheduling Objects Managing instances 18 Managing instances To view or manage instances. or will be stored in and the Parameters column indicates what parameters were or will be used for each instance. BusinessObjects Enterprise creates instances from objects. which indicate whether they were run successfully: • • A report instance contains actual report data. Managing and viewing the history of instances The History page displays all of the instances for a selected object. See “Setting instance limits for an object” on page 498. To manage storage space. See “Managing and viewing the history of instances” on page 495. it is good practice to limit the number of possible instances for an object. that is. will have a status of Success or Failed. BusinessObjects Enterprise creates a program instance each time that a program object is scheduled and run by the Program Job Server. A program instance stores the program’s standard out and standard error in a text output file. You can view specific report instances on the History page of the report object. actual report or program instances. and the instances do not contain any data yet. you can also choose to delete. The Instance Time column displays the title of the instances and the date of the last update for each instance. The system has not yet run these instances. Output instances. run. The Run By column indicates which user scheduled the instance. the Arguments column lists the command-line options that were or will be passed to the command line interface for each instance. That page lists the scheduled instances and the output instances for an object: • • Scheduled instances will have a status of Recurring or Pending. The Status column displays the status of each instance.

This file appears when you click a program instance in the object History. Click either Run Now. Click the History tab. Managing instances includes the following tasks: • • • • 1. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. To view an instance Select a object in the Objects management area of the CMC.18 Scheduling Objects Managing instances instances exist as records in the object history. Pause. The History tab appears. click the check box in the column heading. Send to. Resume. or Delete. Viewing an instance 1. 2. Select an instance or instances by selecting the appropriate check boxes. “Viewing an instance” on page 496 “Pausing or resuming an instance” on page 497 “Deleting an instance” on page 498 “Sending an object or instance” on page 420 To manage instances In the Objects management area of the CMC. click Refresh. 496 BusinessObjects Enterprise Administrator’s Guide . In this case you don’t need to select an instance first. select an object by clicking its link. Note: To refresh the list. The scheduled job will have a status of Pending. If you click Run Now. 3. the system schedules the object to be run immediately. Click the History tab. 2. see “Sending an object or instance” on page 420. 4. To select all instances. For information about the Send to button.

and the object from failing because the job server is not running. 1. 1. 3. To pause and resume an instance Go to the History page for an object. In the Instance Time column. This prevents the system from running the object. Access the Instance Manager by clicking its link in the Administrative Tools area of the BusinessObjects Enterprise Administration Launchpad. When the job server is running again. 2. Pause and resume can be applied to scheduled instances only. click the instance you want to view. Click Pause. Click Resume. you may want to pause a scheduled instance. you can resume the scheduled object. For example. Pausing or resuming an instance You can pause and then resume an instance as needed. instances that have a status of Recurring or Pending. 3. To resume an instance after pausing it Go to the History page for an object. that is. Select the check box for the scheduled instance you want to pause. Select the check box for the scheduled instance you want to resume. if a job server is down for maintenance reasons.Scheduling Objects Managing instances 18 The History page appears. BusinessObjects Enterprise Administrator’s Guide 497 . 2. You can also use the Instance Manager tool to view a list of instances by status or by user. 3.

On the History tab. To set limits for instances In the Objects management area of the CMC. Setting instance limits for an object In the Limits page. Click Delete. the object will not inherit the limits of the folder. 1. you can limit the number of instances that remain on the system for the object or for each user or group. and report or program instances. At the object level. the object limits will override the limits set for the folder. these limits will be in effect for all objects that reside within the folder (including any objects found within the subfolders). and groups” on page 365. For information on setting folder limits. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. To delete an instance Go to the History page for an object. click the Limits link. you can also set limits at the folder level. You can delete both scheduled instances.18 Scheduling Objects Managing instances Deleting an instance You can delete instances from an object as needed. 2. 2. you can also limit the number of days that an instance remains on the system for a user or group. When you set limits at the folder level. see “Setting limits for folders. 1. In addition to setting the limits for the objects from the Objects management area. select an object by clicking its link. which have a status of success of failed. users. 498 BusinessObjects Enterprise Administrator’s Guide . you can set the limits for the selected object and its instances. Select the check box for the instance or instances you want to delete. Note: When you set the limits at the object level. which have a status of recurring or pending. that is.

Select from the available users and groups and click OK. 3.) • Delete instances after N days for the following users/groups To limit the number of days that instances are saved for users or groups. select this check box. click Add/ Remove in this area.) • Delete excess instances for the following users/groups To limit the number of instances for users or groups. click Add/Remove in this area. (The default value is 100. (The default value is 100. (The default value is 100. Then type the maximum number of instances in the Instance Limit column. Click Update. Then type the maximum age of instances in the Maximum Days column. Make your settings according to the types of limits you want to set for your instances. Select from the available users and groups and click OK.Scheduling Objects Managing instances 18 The Limits page appears. BusinessObjects Enterprise Administrator’s Guide 499 . The options are as follows: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object.) 4. Then type the maximum number of instances that you want to remain on the system.

18 Scheduling Objects Managing instances 500 BusinessObjects Enterprise Administrator’s Guide .

Managing Calendars chapter .

Managing calendars includes: • • • • “Creating calendars” on page 502 “Adding dates to a calendar” on page 503 “Deleting calendars” on page 507 “Specifying calendar rights” on page 508 Creating calendars In the Central Management Console (CMC). if you want a report object to run every business day except for your country’s statutory holidays. They can copy this template calendar and modify it as necessary. You can set up as many calendars as you want in BusinessObjects Enterprise. runs the job on the run dates as scheduled. When the calendar is created. When you apply the calendar to a job. you can create a calendar with the holidays marked as “non-run” days. Tip: It is good practice to create a calendar for users to use as a template for creating new calendars. or if you want to provide users with sets of regular scheduling dates to choose from. For example. BusinessObjects Enterprise will run the job every day you have specified as a “run” day in your calendar. Calendars you create appear in the Calendar selection list available when you choose to schedule an object using a calendar. on which the report object cannot be run. go to the Calendars management area to create new calendars and to modify existing calendars. A calendar is a customized list of run dates for scheduled jobs. you need to provide a name and description. you can create a default Weekdays calendar that includes all days as run dates except weekends and company holidays. Calendars also allow you to create more complex processing schedules. When users schedule objects. To create a calendar. You can apply calendars to any object that can be scheduled. For example. combining unique scheduling dates with recurring ones. you can add run dates to it using the Dates tab. Calendars are particularly useful when you want to run a recurring job on an irregular schedule. program objects. 502 BusinessObjects Enterprise Administrator’s Guide .19 Managing Calendars Overview Overview Calendars make it easy for you to schedule complex recurring jobs efficiently. they can use a calendar to run the job on a predefined set of dates. including report objects. and object packages. By providing calendars for your users. you can create more complex processing schedules than you can with the standard scheduling options.

or monthly view of the calendar. 3. For details. 1. and its Properties tab is refreshed. Click the link for the calendar you want to change. To create a calendar Go to the Calendars management area of the CMC. or you can choose recurring dates using general formats based on the day of the month or week. You can now use the Dates tab to add run dates to this calendar. 2. BusinessObjects Enterprise Administrator’s Guide 503 . See “Recurring dates” on page 506. Click the Dates tab. This example creates a calendar for Canadian employees that schedules an object on all weekdays except statutory Canadian holidays. see “Adding dates to a calendar” on page 503. type the name and description of the new calendar. You can choose specific dates using a yearly. To add dates to a calendar Go to the Calendars management area of the CMC. 4. quarterly. Adding dates to a calendar You can add dates to a calendar using a number of different formats. Click Update. 2. Click New Calendar. The new calendar is added to the system.Managing Calendars Adding dates to a calendar 19 1. 3. On the Properties tab.

Click the days of the month that you want to include as run days for the calendar. it only allows you to add new dates and update the schedule. 504 BusinessObjects Enterprise Administrator’s Guide . by Day of Week formats. To add a date from the Yearly format. • Monthly Monthly displays the calendar’s run dates for the current month. where you can add run dates to specific days. by Day of Month allows you to add general recurring dates based on the day of the month. You can change the displayed quarter using the Previous Quarter and Next Quarter buttons. click Update. • Generic Monthly. • Quarterly Quarterly displays the calendar’s run dates for the current calendar quarter. To add a date from the Quarterly format. by Day of Week allows you to add general recurring dates based on the day of the week.19 Managing Calendars Adding dates to a calendar 4. you can select multiple dates at once by clicking the row or column headings. Week 1 starts on the Sunday of the week of the Start Date you specify. The dates are applied to the months specified between the Start and End Dates. choose from one of the five calendar format options: • Yearly Yearly displays the calendar’s run dates for the year. it does not display currently selected dates from the calendar. • Generic Monthly. Note that this format does not display the currently selected dates from the calendar. where you can add run dates to specific days. click the day again. You can change the displayed month using the Previous Month and Next Month buttons. To change the year displayed. To remove a run day. 6. by Day of Week Generic Monthly. This format allows you to add new dates and update the schedule. See also “Specific dates” on page 505 and “Recurring dates” on page 506. click a month to open it in Monthly format. you can click the Previous Year and Next Year buttons. To add the new dates to the calendar. 5. In the “Select a calendar displaying format” list. by Day of Month Generic Monthly. Tip: For the Monthly and Generic Monthly. The dates are applied to the months specified between the Start and End Dates. click a month to open it in Monthly format.

Objects that use the edited calendar are automatically updated to run on the revised date schedule. and Monthly formats to add dates to the calendars. BusinessObjects Enterprise Administrator’s Guide 505 . For example. Note: When you change an existing calendar. click a month to open it in the Monthly format. displaying the new dates. You can also view the Monthly format for the calendar. The Shipping department can now check the inventory after each shipment by scheduling a report that uses the calendar to run at the end of each shipping day. you can change the displayed time range by clicking the previous and next buttons. use the Yearly. the Yearly format will automatically appear.Managing Calendars Adding dates to a calendar 19 If you added dates using a generic format. Quarterly. The Yearly format displays the run schedule for the entire year. if your company ships products according to an irregular schedule that cannot be defined using the daily or weekly settings. BusinessObjects Enterprise checks all currently scheduled instances in your system. where you can select specific days as run dates. To add dates for the Yearly and Quarterly calendar formats. You can add specific dates in the Monthly calendar format. which displays the run dates for the current month. you can create a list of these dates in a “Shipping dates” calendar. In all three formats. The Quarterly format displays the run dates for the current quarter. Specific dates To add a specific date to a calendar.

When you update the calendar. To add every second and fourth Friday to the calendar. You can add the generic dates based on the day of the week or the day of the month. by Day of Month format to add the first four days of the month to this calendar. you must use the Yearly. Although you can set a recurring schedule using the standard scheduling options. For example. To view existing run dates. and on the second and fourth Friday of every month. the Yearly format appears with the new run dates. Quarterly. use the Generic Monthly. Then. use the generic Monthly formats. or Monthly format. by Day of Week format. first create a new calendar object and name it. to schedule a report object to run on the first four days of every month. 506 BusinessObjects Enterprise Administrator’s Guide .19 Managing Calendars Adding dates to a calendar Recurring dates To create a recurring pattern of monthly run dates. You can also run instances on dates that do not follow the pattern by adding individual days to a calendar. calendars allow you to specify several different recurring run patterns at once. the generic formats are used to add dates to the calendar. use the Generic Monthly.

3. Click Delete. 2. Tip: Select multiple check boxes to delete several calendars. To delete a calendar Go to the Calendars management area of the CMC. To ensure the objects continue to be run. change the scheduling information for the objects either by selecting a different calendar or a different recurrence pattern.Managing Calendars Deleting calendars 19 Deleting calendars When you delete a calendar. BusinessObjects Enterprise Administrator’s Guide 507 . 1. any objects that are scheduled according to the deleted calendar will be run one more time by the system. the system won’t be able to schedule the objects again. because the calendar no longer exists. After that. Select the check box associated with the calendar you want to delete. and click OK to confirm. See “Scheduling objects” on page 466.

6. 1. 4. 8. or Remove Users. Select the calendar you want to grant access to. On the Rights tab. 9. choose Advanced. 7. By default. 3. In the Select Operation list. 5. If you have many users on your system. To grant access to a calendar Go to the Calendars management area of the CMC. Select the user or group you want to grant access to the specified calendar. 2. Follow this procedure to change the rights for a calendar. Depending how you organize your calendars. To choose specific rights. inheriting rights from the users’ parent folders. select Add/Remove Groups. Click Add/Remove to add users or groups that you want to give access to the selected calendar. Click the Rights tab. Add Users. see “Rights and Access Levels” on page 563. then use the “Look for” field to search for a particular account. so you can use rights to hide calendars that aren’t applicable to a particular group. change the Access Level for each user or group. Click Update.19 Managing Calendars Specifying calendar rights Specifying calendar rights You can grant or deny users and groups access to calendars. as required. Click OK. calendars are based on current security settings. The Add/Remove page appears. Users will only be able to see the calendars they have the rights to see. your finance team may use a series of financial tracking dates that aren’t useful for other departments. For example. For complete details on the predefined access levels and advanced rights. 10. you may have specific sets of dates that you want to be available only for certain employees or departments. 508 BusinessObjects Enterprise Administrator’s Guide . select the Add Users operation.

Managing Events chapter .

For details. you might want to make some reports dependent upon the regular file output of other programs or scripts. That is. • Custom events When you create a custom event. or you might want a particular sales summary report to run only when a detailed sales report runs successfully. This chapter shows how to create events in the Events management area of the Central Management Console (CMC). Working with events consists of two steps: creating an event and scheduling an object with events. see “File-based events” on page 511. In this way. you might want certain large reports to run sequentially. Basically. once you create an event. For instance. you can select it as a dependency when you schedule an object. 510 BusinessObjects Enterprise Administrator’s Guide . see “Schedule-based events” on page 512. you specify a filename that the Event Server should monitor for a particular file.20 Managing Events Managing events overview Managing events overview Event-based scheduling provides you with additional control over scheduling objects: you can set up events so that objects are processed only after a specified event occurs. you create a shortcut for triggering an event manually. your custom event occurs only when you or another administrator clicks the corresponding “Trigger this event” button in the CMC. You can create three kinds of events: • File events When you define a file-based event. schedule-based events allow you to set up contingencies or conditions between scheduled objects. you select an object whose existing recurrence schedule will serve as the trigger for your event. For details. When the file appears. For details. • Schedule events When you define a schedule-based event. For instance. see “Custom events” on page 514. the Event Server triggers the event. The scheduled job is then processed only when the event occurs.

File-based events File-based events wait for a particular file (the trigger) to appear before the event occurs. When the log file appears. Note: For information on scheduling an event-based object in the Objects management area of the CMC. 1. 2. BusinessObjects Enterprise Administrator’s Guide 511 . The Central Management Server (CMS) then releases any schedule requests that are dependent on the event. suppose that you want your daily reports to run after your database analysis program has finished and written its automatic log file. and then schedule your daily reports with this event as a dependency. you specify the log file in your file-based event. the event is triggered only when the file is removed and then recreated. the Event Server triggers the event. To create a file-based event Go to the Events management area of the CMC.Managing Events File-based events 20 When working with events. the event is not triggered. The New Event page appears. see “Scheduling an object with events” on page 473. at most. see “Scheduling an object with events” on page 473. the event is triggered and the reports are processed. Then you can schedule the object and select this event. In this case. you must remove and recreate the file each time. When the file that you specify appears. a daily report that is dependent upon a file-based event will run. In addition. the event must occur within the time frame established when you actually schedule the event-based report. For instance. To do this. once a day (so long as the file that you specify appears every day). Before scheduling an object that waits for a file-based event to occur. Note: If the file already exists prior to the creation of the event. Click New Event. For more information on scheduling an object with events. keep in mind that an object’s recurrence schedule still determines how frequently the object runs. For instance. File-based events are monitored by the Event Server. you must first create the file-based event in the Events management area of the CMC. If you want an event to be triggered multiple times.

The drive and directory that you specify must be visible to the Event Server. Most importantly. or it can be based simply on the completion of the job. the directory should be on a local drive. When you create this type of event. Complete the Description field. 7. a schedule-based event is triggered when a particular object has been processed. Type a filename in the Filename field. 4. In the Server list. The first object serves as the trigger for the event: when the object is processed. Note: Type the absolute path to the file that the Event Server should look for (for example. Click OK. select the Event Server that will monitor the specified file. C:\folder\filename. 6. 5.20 Managing Events Schedule-based events 3. That is. select File. or /home/folder/filename). it can be based on the success or failure of a scheduled object. In the Type list. you must associate your schedule-based event with at least two scheduled objects. The second object is 512 BusinessObjects Enterprise Administrator’s Guide . the event occurs. 8. Type a name for the event in the Event Name field. Schedule-based events Schedule-based events are dependent upon scheduled objects. Ideally.

and select your new schedule-based event as the dependency. For more information on scheduling objects with events. 4. For instance. Type a name for the event in the Event Name field. 3. this second object runs. Now. Then. when program P1 runs successfully.Managing Events Schedule-based events 20 dependent upon the event: when the event occurs. In the Type list. and reports R1 and R2 are subsequently processed. which means that the event is triggered only when program P1 runs successfully. 1. select Schedule. the schedulebased event is triggered. You specify the “Success” option for the event. To do this. and set program P1 to trigger the schedule-based event upon successful completion. 5. you schedule reports R1 and R2 with events. suppose that you want report objects R1 and R2 to run after program object P1 runs. Complete the Description field. see “Scheduling an object with events” on page 473. To create a schedule-based event Go to the Events management area of the CMC. The New Event page appears. Click New Event. 2. BusinessObjects Enterprise Administrator’s Guide 513 . you create a schedule-based event in the Events management area. Schedule program P1 with events.

When you first trigger the related custom event in the morning. when you trigger the event again in the afternoon. 7. Failure The event is triggered only upon non-successful completion of a specified object. For instance. For example. To do this. you may have a scenario where you want to schedule a number of reports. In the “Event based on” area. Custom events are useful because they allow you to set up a shortcut that.20 Managing Events Custom events 6. and one set runs in the afternoon. 514 BusinessObjects Enterprise Administrator’s Guide . one set of programs is run. the remaining set of programs is run. As with all other events. return to the event in the CMC and trigger it manually. and schedule the reports with that event. BusinessObjects Enterprise then runs the reports. For more information on event-based scheduling. as required. but you want to run them after you have updated information in your database. when clicked. regardless of whether that object was processed successfully or not. see “Scheduling an object with events” on page 473. Click OK. an object based on a custom event runs only when the event is triggered within the time frame established by the object’s schedule parameters. When you update the data in the database and you need to run the reports. Note: You can trigger a custom event multiple times. you can trigger Custom events from within your own code. Tip: When developing your own web applications. triggers any dependent schedule requests. both sets of programs run at that time. If you neglect to trigger the event in the morning and trigger it only in the afternoon. Custom events A custom event occurs only when you explicitly click its “Trigger this event” button. see the developer documentation available on your product CD. you might schedule two sets of event-based program objects to run daily—one set runs in the morning. Success or Failure The event is triggered upon completion of a specified object. create a new custom event. For more information. select from three options: • • • Success The event is triggered only upon successful completion of a specified object.

you may have specific events that you want to be available only for certain employees or departments. Type a name for the event in the Event Name field. 1. To create a custom event Go to the Events management area of the CMC. select a custom event by clicking its link. so you can use rights to hide events that aren’t applicable to a particular group. those events won’t appear for a user from the HRadmin group.Managing Events Specifying event rights 20 1. 3. In the Event Name column. Follow this procedure to change the rights for an event. Click the Rights tab. Users will only be able to see events they have the rights to see. In the Type list. For example. To trigger a custom event Go to the Events management area of the CMC. inheriting rights from the users’ parent folders. events are based on current security settings. this makes the event list easier for the HRadmin group to navigate. 2. Click New Event. by granting only the ITadmin group access to IT-related events. 2. For example. Click OK. Click Trigger this event. To grant access to an event Go to the Events management area of the CMC.” Specifying event rights You can grant or deny users and groups access to events. 1. Depending how you organize your events. Note: Before you trigger this custom event. Select the event you want to grant access to. 3. By default. A message appears: “This event has been triggered. 3. select Custom. schedule an object that is dependent upon this event. Complete the Description field. 2. BusinessObjects Enterprise Administrator’s Guide 515 . you may want certain events to be triggered only by management or IT. 5. 6. 4.

To choose specific rights. 10.20 Managing Events Specifying event rights 4. 6. Click OK. change the Access Level for each user or group. If you have many users on your system. The Add/Remove page appears. select the Add Users operation. choose Advanced. In the Select Operation list. 9. Select the user or group you want to grant access to the specified event. Note: For complete details on the predefined access levels and advanced rights. Click Add/Remove to add users or groups that you want to give access to the event. On the Rights tab. Add Users. as required. 11. then use the “Look for” field to search for a particular account. 7. see “Rights and Access Levels” on page 563. or Remove Users. 5. 8. Click Update. select Add/Remove Groups. 516 BusinessObjects Enterprise Administrator’s Guide .

General Troubleshooting chapter .

In general. Thus. and appropriate server software. • If the problem relates to connectivity or functionality over the Web. see if it runs on another. consult the Platforms. For details. consider the following key points when troubleshooting: • Ensure that client and server machines are running supported operating systems.txt file. network and firewall configurations. including operating system versions. For details. database servers. database clients. and reporting environments. If the Job or Page Servers are running on Windows. • • 518 BusinessObjects Enterprise Administrator’s Guide . database servers.21 General Troubleshooting Troubleshooting overview Troubleshooting overview BusinessObjects Enterprise is designed to integrate with a multitude of different operating systems. use the sample reports and sample data included with the product to confirm whether or not the same problem exists. This chapter includes general troubleshooting steps along with solutions to some specific configuration issues. check that BusinessObjects Enterprise is integrated properly with your web environment. open the report in Crystal Reports on the server machine and check that you can refresh the report against the database. web servers. For details. and take note of the exact steps that cause the problem to recur. and general network integration. see BusinessObjects Enterprise Installation Guide and “Web accessibility issues” on page 519. included with your product distribution. Use Crystal Reports to verify that the report can be viewed properly. pay close attention to any configuration differences in the two machines. any troubleshooting that you may need to undertake will likely reflect the particularities of your deployment environment. see “Report viewing and processing issues” on page 521. If the problem relates to report viewing or report processing. verify your database connectivity and functionality from each of the affected machines. On Windows. Look for solutions in the documentation included with your product. patch levels. see “Documentation resources” on page 519. if a report fails to run on one processing server. Verify that the problem is reproducible. • • Determine whether the problem is isolated to one machine or is occurring on multiple machines. For details. If the problem is isolated to one machine. For instance.

com/ Documentation resources The BusinessObjects Enterprise Release Notes are provided in the root directory of your product distribution. BusinessObjects Enterprise Administrator’s Guide 519 . Restart the web server once you have made these changes. user forums. see BusinessObjects Enterprise Installation Guide.txt file. BusinessObjects Enterprise also includes a number of manuals. Access the HTML versions from the BusinessObjects Enterprise Administrator Launchpad. and Knowledge Base articles: http://support. as is the Platforms.General Troubleshooting Documentation resources 21 • Check out the Business Objects Customer Support technical support web site for white papers. Web accessibility issues Using an IIS web site other than the default On Windows. These documents list supported third-party software along with any known issues or implementation-specific configuration details. BusinessObjects Enterprise also sets up several application mappings on the default site. files and updates.” If you are using a web site other than the default. CHM and PDF files are located in the doc directory of your product distribution. the BusinessObjects Enterprise installation creates virtual directories on the Internet Information Server (IIS) “Default Web Site.businessobjects. These can be viewed and copied from the default web site to the web site you are using. or from within the CMC or InfoView. you must copy the virtual directory configuration from the default web site to the web site you are using. Additional Compiled HTML Help (CHM) files are provided with the following client tools: • • • • • Central Configuration Manager Publishing Wizard Repository Migration Wizard Import Wizard Crystal Report Offline Viewer Press F1 or click Help to launch the online help from within these applications. For more information.

verify that the authentication type is set to Windows NT Authentication and not Enterprise.21 General Troubleshooting Web accessibility issues Unable to connect to CMS when logging on to the CMC If you attempt to log on to the CMC while the Central Management Server (CMS) is not running. Netscape users must provide a valid Windows NT user name in the form of Domain\User. then users must use Microsoft Internet Explorer. Microsoft Internet Explorer users must provide a valid Windows NT user name. To log on with a Windows NT user name. It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS.) Windows NT authentication cannot log you on When you attempt to log on to the Central Management Console (CMC) or to InfoView. The web server and all BusinessObjects Enterprise components must be running on Windows NT/2000 for Windows NT authentication to work. the following error message appears: Unable to connect to CMS (<servername>) to retrieve cluster members. This error may occur for various reasons. the following error occurs: NT Authentication could not log you on. Investigate these common solutions: • Ensure that the specified authentication type corresponds to the user name and password provided on the log on page. users must log on to the client machine with a valid NT domain user account before logging on to BusinessObjects Enterprise. If your account is in any domain other than "DOMAIN NAME" you must enter your user name as DomainName\UserName. • • • • 520 BusinessObjects Enterprise Administrator’s Guide . Use the CCM to start the CMS. Users must log on to BusinessObjects Enterprise with a valid Windows NT user name. Please make sure your logon information is correct. It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS. In addition. use the CCM to restart it. Logon can not continue. If Windows NT Integrated security (NT Challenge/Response) is enabled in Internet Information Services (IIS) and in the Web Component Adapter (WCA). (If the CMS was already started.

and the driver name and version that you are using to connect. Check to see if the Page Server or Job Server is running under an account that has the appropriate access rights to the report database server. if a report fails to run on one processing server. check the database client configurations. BusinessObjects Enterprise Administrator’s Guide 521 . Troubleshooting reports with Crystal Reports On Windows. but fails when scheduled. If the report database server is on a remote machine. 1. If you follow these steps and the problem persists. refresh. If the reports are based off ODBC data sources. contact Business Objects technical support. see if it runs on another. the drivers and versions.General Troubleshooting Report viewing and processing issues 21 Report viewing and processing issues When troubleshooting reports. To troubleshoot a report Start Crystal Reports on the appropriate machine: • • If the report runs successfully on demand. start Crystal Reports on the Job Server. you use Crystal Reports to simulate the steps that are performed by the BusinessObjects Enterprise processing servers when a scheduled report is processed. you can install Crystal Reports on all Job Server. or save the report. depending on your version of Crystal Reports. In particular. and general network integration. change the Page Server or Job Server to use a valid domain account with enough rights to view or process the report. or when a report is viewed on demand over the Web. including operating system versions. but runs successfully when scheduled. For instance. pay close attention to any configuration differences in the two machines. Page Server. If the report fails when viewed on demand. and RAS machines in order to speed up the troubleshooting of reports and database connectivity. compare the ODBC driver versions. and the accounts under which the processing servers are running. By locating the step where Crystal Reports is unable to open. take note of the database client and version you are running. start Crystal Reports on the Page Server. If the problem is isolated to one machine. Before you call. and the versions of the MDAC layer. the database server version that you are connecting to. patch levels. you may be able to locate the source of the problem. In this way. it is especially useful to determine whether the problem is isolated to one machine or is occurring on multiple machines. the DSN configurations. Note: The exact steps and menu options may differ.

Go to the last page of the report. the report’s SQL statement is evaluated at this time. and then save the report. data begins to return to Crystal Reports. first complete these troubleshooting steps on one processing server. 4. Correct any issues reported by Crystal Reports. Verify resource allocation in case the machine is running out of memory or disk space. repeat the steps on a different processing server. change the parameter values or record selection formula accordingly. start Crystal Reports on the RAS. On the File menu. Crystal Reports will report an error. click Log On/Off Server. If the database credentials are valid. verify network connectivity between the server you are working on. 2. Check the join information. Crystal Reports will report any errors that it encounters within the report (such as formulas. Verify that the tables used in the report match the tables in the database. Open the report from the CMS. subreports. the CMS. 5. 7. Test your database connection and authentication. On the File menu. and other objects). Refresh the report and. If the SQL statement is valid. On the Database menu. If not. click Verify Database. then verify whether or not the problem is resolved on all processing servers. If the values are invalid. click Open. check the configuration of the database client software and ensure that the report contains a valid database user name and password. If you cannot log on to the database server. Note any ODBC errors that are produced. if current data is not returned from the database. 6. If the report fails in all cases. If the report’s parameters or record selection need to be modified by BusinessObjects Enterprise users when they schedule or view the report. 3. On the Database menu. clear the “Save Data with Report” check box. check these possible causes: • • • If the report fails. the temporary files increase in size.21 General Troubleshooting Report viewing and processing issues • • If the report fails when viewed on demand with the Advanced DHTML viewer. Export the report to Crystal Reports format (or any other desired format). 8. As this happens. and the Input File Repository Server. 522 BusinessObjects Enterprise Administrator’s Guide . ensure that the database credentials provide READ rights to all tables in the report. Click Enterprise Folders and log on to your CMS. If you cannot open the report.

RAS. Tip: Running a background application under an Administrator account does not inadvertently grant administrative privileges to another user. This problem is typically caused by the configuration of the Page Server or the Report Application Server (RAS). 3. Troubleshooting reports and looping database logon prompts A common issue when viewing reports over the Web is a persistent database logon prompt that is displayed repeatedly by the user’s browser. and Web Component Adapter (WCA) under a Domain Administrator account allows them to access the components necessary to connect successfully to data sources. Repeat the activity that caused the original report to fail: view the report on demand over the Web. 2. the report will not display. Close the report. Use Crystal Reports to verify the report. If you have the Crystal Reports Designer installed on the Page Server. To change a server’s logon account. 12. 9. or schedule the report for processing. because users cannot impersonate services. To troubleshoot reports and looping database logon prompts Verify the report with Crystal Reports. 1. Job Server. Verify the server’s access to ODBC Data Source Names (DSNs). test database connectivity by opening the report in Crystal Reports on the server. Regardless of the credentials provided by the user. Job Server. see “Configuring Windows processing servers for your data source” on page 132. save it back to the CMS. Close Crystal Reports. see “Troubleshooting reports with Crystal Reports” on page 521. BusinessObjects Enterprise servers require access to various local and/ or remote resources and to the database server. This section provides a series of troubleshooting steps that should resolve this problem and others that are specific to reports and database connectivity. Experience shows that running the Page Server. 11. Change the server’s logon account. BusinessObjects Enterprise Administrator’s Guide 523 . If the report now refreshes successfully. or RAS machine. For details.General Troubleshooting Report viewing and processing issues 21 This step ensures that Crystal Reports is able to create temporary files that are required in order to complete the processing of a report. 10.

21 General Troubleshooting Report viewing and processing issues Base reports off System DSNs (and not File or User DSNs). Page Server. changing each server’s logon account to that of a Domain Administrator account should resolve such problems. Check whether or not NT authentication is performed by the database. 6. For details. 5. BusinessObjects Enterprise does not pass endusers’ NT tokens through to the database server. Verify the NTFS permissions granted to the Job Server. On Windows. If you are not using ODBC. many database clients store their configuration in the registry below HKEY_LOCAL_MACHINE.INI Consult your Windows documentation for information about working with the registry. Additional configuration may be required. For the minimum set of NTFS permissions required by BusinessObjects Enterprise. you can instead change each ODBC DSN so that it implements SQL Server Login instead of NT authentication. and RAS must run under a Windows NT/2000 domain user account that has access to the appropriate database tables. the BusinessObjects Enterprise services cannot use the database client software to communicate with the database. see “Configuring Windows processing servers for your data source” on page 132. 4. the database client software must be installed on each machine that will process reports. (In this scenario. As in step 2. and RAS require Full Control or Special Access to the ODBC registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC. and set up each System DSN identically on every Job Server. and RAS machine that will process the report. The Job Server. If your database client stores its configuration below HKEY_CURRENT_USER. 524 BusinessObjects Enterprise Administrator’s Guide . and so on). the processing server must have permission to access the corresponding DSN configuration. the Job Server. Page Server.) To retain the access control levels that are set up within the database. If you report against a database that uses NT authentication for access control (Microsoft SQL Server. Sybase. This information is stored in the Windows registry. Page Server. and RAS. see “Configuring NTFS Permissions” on page 569. depending upon the database that you are reporting off of. Determine the configuration of the database client software. each server’s logon account determines the level of access it is granted by the database. Page Server. Insufficient NTFS rights on the server may cause a number of problems to arise when you view reports over the Web. If the report is based off an ODBC data source.

For example. For details. you may need to perform additional configuration. If all database client licenses are in use. Use multi-threaded database drivers. Because the servers are run as services. the BusinessObjects Enterprise servers are unable to retrieve data from the database. To decrease the “Minutes Before an Idle Job is Closed” setting. 8. 12. BusinessObjects Enterprise Administrator’s Guide 525 . Crystal Reports now includes a number of thread-safe native and OLEDB drivers. Ensure that servers have access to remote databases through UNC paths. instead of through mapped drives. Multi-threaded database drivers allow the processing servers to connect to the database without having to wait for the database to fulfill initial requests. Check for problems with particular data sources.General Troubleshooting Report viewing and processing issues 21 7. On Windows. ensure that the report references its data source with the appropriate UNC path. However. Reference remote data sources with UNC paths. the database may not service another request until the connection has been closed. if you design a report off a PC database that resides on a network drive. Consult your Windows documentation for details. 10. Ensure that you have enough database client licenses. A list of these thread-safe drivers is available in the Crystal Reports Release Notes. Environment variables are used by the operating system to govern and manage system files for particular users. Check that database connections are closed in a timely fashion. 11. see “Ensuring that server resources are available on local drives” on page 526. If your report is based on a Lotus Notes database. Therefore. Check the available environment variables. they cannot access the User Environment variables that are created by default. BusinessObjects Enterprise servers are generally most affected by the TMP and TEMP environment variables. If a database connection is not closed quickly. see “Modifying Page Server performance settings” on page 115. it is recommended that you create System Environment variables if they do not already exist. ODBC connections are typically recommended because they provide multithreaded connections to the database. 9. Download the latest instructions from the Business Objects Customer Support Knowledge Base.

because the servers do not actually log on to the network with that 526 BusinessObjects Enterprise Administrator’s Guide . the temporary directories for the Cache and Page Servers. However. For details. the directory that you specify must be on a local drive (such as C:\InputFRS or C:\Cache). check the Knowledge Base for the latest information. Tip: If your report runs against a PC database that resides on a network drive. the mapped drive is accessible to the LocalSystem account. when you restart the local machine. When you log off the local machine. See the Business Objects Customer Support Knowledge Base for discussions of this and other DB2 clients. Note: Changing a server’s log on account from the LocalSystem account to a Windows NT/2000 user account with network privileges will not resolve the problem. or the directory from which the Job Servers load processing extensions. Use local drives instead. you can specify the root directory for each File Repository Server. do not configure the servers to access network resources in this manner. In all cases. it is available to the entire operating system. Similarly. In this case. many can be configured to use specific directories to store files. once a drive is mapped. Do not use Universal Naming Convention (UNC) paths or mapped drives. Although some BusinessObjects Enterprise servers can recognize and use UNC paths. Drives are mapped according to your user profile when you log on to Windows NT/2000. For example. the servers may retain access to the mapped drive for some time (Windows will release the drive mapping if no application maintains a persistent connection to the mapped resource). the server may appear to function correctly. So. servers cannot access mapped resources when the machine is restarted. then the report itself must reference its data source through a UNC path. if you configure a server to use a mapped drive. the mapped drive is not restored until you log back on. because UNC paths can limit performance due to limitations in the underlying protocol. Ensuring that server resources are available on local drives When the BusinessObjects Enterprise servers are running on Windows. The recommended client is IBM DB2 Direct Connect. If you encounter problems with any other specific data sources. but.21 General Troubleshooting Report viewing and processing issues IBM offers several client applications for connecting to DB2. whose ODBC drivers were written for actual programmatic interaction with products like BusinessObjects Enterprise. when you log on and map a local or network drive. see “Configuring Windows processing servers for your data source” on page 132. the service must run under a domain user account with network permissions. and hence to the BusinessObjects Enterprise servers running on the local machine. However.

[On Page Server : <servername>. the destination that is set in the CMC will be selected. ensure that each user who is allowed to schedule reports has a dedicated account on the system. Please try to reconnect later. the servers perform “account impersonation.Cacheserver] This error indicates that the Page Server is not started and enabled. Note that the destination set in InfoView applies only to the scheduled instance. If the user selects the Default destination setting in BusinessObjects Enterprise Administrator’s Guide 527 .” This provides access to some profile-specific resources (such as printers and email profiles). unless the user changes the Destination option. Thus. For more information about using specific time-zone properties in your custom web applications. (If the Page Server was already started and enabled. the following error message appears: There are no Page Servers connected to the Cache Server or all the connected Page Servers are disabled. use the CCM to restart it. Instead. when a user schedules another instance in InfoView. Page Server error when viewing a report When you attempt to run or preview a report. see the BusinessObjects Enterprise SDK documentation.General Troubleshooting InfoView considerations 21 account.) InfoView considerations Supporting users in multiple time zones Avoid granting Schedule access to the default Guest account if you deploy InfoView for users in different time zones. which is available as a Client Sample on the Crystal Enterprise User Launchpad. a report's destination that is set in the CMC will be the selected destination when a report is scheduled in InfoView. To view or modify the time-zone setting for any user account. but not others (such as ODBC User Data Source Names and mapped drives). and that each user's InfoView preferences include the appropriate time-zone setting. Setting default report destinations By default. Use the CCM to start the Page Server and then enable it. Dedicated accounts are recommended because the default Guest account does not allow users to modify account preferences that would affect other users. Instead. A user can also select alternate destinations in InfoView by updating the Destination option. use the Preferences Manager.

reports are processed on the Job Server and sent to the File Repository Server. 528 BusinessObjects Enterprise Administrator’s Guide . The Default destination setting in InfoView is equivalent to the Default destination setting in the CMC.21 General Troubleshooting InfoView considerations InfoView.

Licensing Information chapter .

named. a 100 user concurrent license could support 250. and session handling see “BusinessObjects Enterprise Security Concepts” on page 227. This type of licensing is very flexible because a small concurrent license can support a large user base. RAS Report Modification licenses are also available. BusinessObjects Enterprise Embedded or RAS Report Modification licenses enable the Report Application Server’s Software Development Kit (SDK) for report-creation. count the number of processors on any servers running any component of BusinessObjects Enterprise. You may want to purchase named user licenses for people in your organization who require access to BusinessObjects Enterprise at all times. Processor licenses are based on the number of processors that are running BusinessObjects Enterprise. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. Note: If you are upgrading from a trial version of the product. 500. 530 BusinessObjects Enterprise Administrator’s Guide . For example. and processor licenses. these licenses add standard report-creation and report-modification wizards to InfoView. You can purchase concurrent. thereby providing you with tools for building your own webbased reporting and query tools. so users can create and modify reports over the Web in an ad hoc fashion. For more information about licenses. sessions. This provides named users with access to the system regardless of how many other people are connected. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. you could purchase a named user license for each of the 25 managers and a concurrent license for 175 general users.22 Licensing Information Licensing overview Licensing overview BusinessObjects Enterprise is a scalable product that provides you with the ability to add license keys as the demand for report information increases in your organization. To determine the number of processor licenses you require. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. In addition. or 700 users depending on the frequency with which the system is accessed and the number and size of the reports. For example.

For details. and processor licenses associated with each key. Select a license key. 2. The details associated with the key appear in the Licensing Information area.businessobjects. Go to the License Keys management area of the CMC. go to: http://www. 1.Licensing Information Accessing license information 22 Accessing license information The License Keys tab identifies the number of concurrent. named. To purchase additional license keys: • • Contact your Business Objects sales representative. Contact your regional office.com/company/contact_us/ BusinessObjects Enterprise Administrator’s Guide 531 .

Viewing current account activity 1. Note: Key codes are case-sensitive. 532 BusinessObjects Enterprise Administrator’s Guide . Go to the License Keys management area of the CMC.22 Licensing Information Adding a license key Adding a license key Note: If you are upgrading from a trial version of the product. along with additional job metrics. Type the key in the Add Key field. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. This tab displays current license usage. 2. The key is added to the list. 1. Go to the Settings management area of the CMC. 2. Click the Metrics tab. 3. Click Add.

NET SDK RAS support for processing extensions Distributed servers Ability to define users/ personalization Concurrent users Third-party authentication support Events Object distribution (Destinations) BusinessObjects Enterprise Mobile Desktop Server group re-direction Express X X X X X X X X X X X X Professional X X X X X X X X X X X X X X X X X X X X X X X X X X X BusinessObjects Enterprise Administrator’s Guide 533 .Licensing Information Viewing current account activity 22 Feature Crystal Repository refresh Insert subreport Unicode support Setting locale of the Report Engine New viewer architecture Smart Tags Exporting page ranges New Excel export options OLAP integration Export drill down views Embed URL link to report in email Set database location Custom printer settings Java SDK .

22 Licensing Information Viewing current account activity 534 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide From BusinessObjects 6.x to BusinessObjects XI appendix .

536 BusinessObjects Enterprise Administrator’s Guide .x suite. but are not part of it. Although the applications in each row belong to the same area of functionality. Several other applications allow you to add objects to the repository as well. InfoView • • • • • • • • • Web Intelligence Crystal Reports OLAP Intelligence OLAP Intelligence Designer Central Management Console (CMC) Developer Suite Performance Management (formerly Application Foundation) Data Integrator Import Wizard The Application Foundation suite and Data Integrator are available to complement the BusinessObjects 6.x to BusinessObjects XI Product offering Product offering Here is a list of the applications in each version’s offering.x column and those in the BusinessObjects XI column are not necessarily equivalent: In BusinessObjects 6.x In BusinessObjects XI • • • Designer Supervisor Supervisor over the Web • • • Designer Business View Manager Central Management Console Several applications allow you to add • Publishing Wizard objects to the repository.A From BusinessObjects 6. • • • • • • • • • • Administration Console Auditor InfoView BusinessObjects BusinessQuery WebIntelligence WebIntelligence for OLAP Data Sources Broadcast Agent Developer Suite • • • Central Configuration Manager Central Management Console Auditing is incorporated in the Central Management Console. those in the BusinessObjects 6.

as well as the additional components that implement business logic (portal workflows. The processing layer contains report engines. portal pages. and HSAL). WILoginServer. BusinessObjects 6.). and WIStorageManager.x BusinessObjects 6. Dispatcher. repository access. The presentation layer contains the web and application servers.From BusinessObjects 6.x to BusinessObjects XI Architecture A Architecture The overall architecture of the two systems is organized in a similar manner.x is organized five logical layers: • • • • • The client tier contains products or features that run on the end-user’s computer (either as a standalone application or in the web browser). scheduling. as well as the Business Objects components hosted on them (server SDKs. The application services layer provides the essential framework and services to the processing layer. servlets. BusinessObjects Enterprise Administrator’s Guide 537 . such as WISessionManager. The database tier is made up of the databases containing the data used in documents and reports. etc.

x system. • The data tier is made up of the databases containing the data used in reports. • The intelligence tier manages the BusinessObjects XI system. and storing report instances for rapid report viewing. 538 BusinessObjects Enterprise Administrator’s Guide .x to BusinessObjects XI Architecture BusinessObjects XI BusinessObjects XI is organized into five tiers: • The client tier contains client applications.x reports only. This layer contains fewer “servers. managing audit information.A From BusinessObjects 6. with each server processing requests for a specific type of object. rather than a provider of shared services such as WIQT. In a BusinessObjects 6. this corresponds a dedicated role such as WIReportServer. than the BusinessObjects 6. • The application tier includes the web and application servers. • The processing tier accesses the data and generates reports. routing requests to the appropriate processing layer services. There are no strict equivalents for these servers in the BusinessObjects 6.” or processes.x context. maintaining security information.x processing layer. Transactional workflows are therefore simplified. as well as the Business Objects components hosted on them. which processes WebIntelligence 6. which plays a shared role in several types of processing workflows.

It can also contain universe and document domains. such as Web Intelligence WID files. BusinessObjects Enterprise Administrator’s Guide 539 . categories and parameters.x suite uses a repository — a database that is stored in a relational database management system. The CMS is the central service/daemon in the BusinessObjects Enterprise XI system (see its entry further along in this table). Crystal Reports RPT files. Although the security domain itself is not imported. The repository database actually contains the data associated with the security. security. including users. universe and document domains. In BusinessObjects XI The repository exists here as well. Although the repository database stores specific information about the objects published to it. stored in storage associated with the File Repository Servers. servers.x Repository The BusinessObjects 6.). See “Migration” on page 542. you can import its contents (user rights. they are made into folders in the CMS database. The repository is used to secure access to your data warehouse and to provide an infrastructure for distributing information to be shared by users. it does not actually store physical copies of the objects. Making sure the repository database has enough space is therefore critical. it also contains pointers to the physical objects. etc. as one of the databases maintained by the Central Management Server (CMS). universe UNV files and third-party documents.From BusinessObjects 6.x deployment. When universe and document domains are imported from a BusinessObjects 6.x to BusinessObjects XI Basic terminology A Basic terminology Here are some of the main differences in terminology between the two releases: In BusinessObjects 6. Repository domains The repository must have a security domain. groups. folders.

the set of core processing modules enabled or disabled as a group). This installs all the processing layer modules on the server machines. In BusinessObjects XI Central Management Servers (CMS) The CMS is a single service which provides framework services. The CMS serves as the central nervous system of the BusinessObjects Enterprise intelligence layer. In addition it maintains the repository and audit databases. such as users/groups. security management. They run as services under Windows. The CMC’s ability to enable/disable and even group servers. security levels.1. Modules Processes used in Business Objects transactions which can be configured through the Administration Console are called modules. and as daemons under UNIX. for example. A few examples of modules are: Broadcast Agent Manager (which manages Schedulers) • WIStorageManager • • • • • A few examples of servers are: Job Server the File Repository Servers Web Intelligence Report Server WIReportServer 540 BusinessObjects Enterprise Administrator’s Guide . or server machines. and services.A From BusinessObjects 6.x to BusinessObjects XI Basic terminology In BusinessObjects 6. Servers Processes in the BusinessObjects Enterprise XI system are called servers. the Business Objects server back end must be installed on the cluster’s primary node and all secondary nodes. and also is responsible for maintaining the database (CMS database) containing system information. Disabling the CMS is roughly equivalent to disabling the Session Stack (starting with version 6. concerns processes. administers scheduling tasks.x Business Objects servers At a minimum. not actual Business Objects servers.

on the other hand. Each server hosts the entire set of Business Objects modules. Clusters can contain the following elements: The distinction between primary and secondary nodes does not apply. the Session Stack must be activated in order for the server to contribute to cluster processing.x to BusinessObjects XI Basic terminology A In BusinessObjects 6. When you add a new CMS to a deployment • The primary node serves as the containing a previously. This means that at a minimum only the CMS component must be installed and activated on the machine. which instructs the Job Server to process the job on a schedule managed by the CMS. By default. it workload with any existing CMS machines. Schedule-based and custom events. When a cluster contains more than one server machine. Other processes (servers) can be installed and run on other machines. as well as optional services. There is one and instruct the new CMS to connect to the existing only one primary node in a cluster. the new cluster is given the name of the is a primary node. WIReportServer Corporate documents page File Watcher allows the processing of a scheduled task only when a specified file is present in a specified location. • Optional secondary nodes run the ORB components required to communicate with the primary node and start Business Objects processes on the secondary node(s).x Clusters A cluster is one or more Business Objects servers which provide the functional processing for a given BI portal. BusinessObjects Enterprise Administrator’s Guide 541 . Web Intelligence Report Server Public folder The Event Server manages file-based events. The CMSs can be on the same machine or on different ones. In BusinessObjects XI CMS clusters A Central Management Server cluster (CMS cluster) consists of two or more CMSs working together to maintain the system databases and repository.From BusinessObjects 6. it is called a distributed deployment. are managed by the CMS. if CMS database and to share the processing the cluster contains only one node. WebIntelligence Application servers Broadcast Agent Web Intelligence Web application servers Scheduling functions are handled by the CMS. prefaced by “@”.installed CMS. first installed CMS. A CMS cluster is called an expanded deployment. Both primary and secondary nodes are considered cluster nodes. you central coordinator amongst all the nodes in the cluster.

A From BusinessObjects 6. This Wizard and how to use it is described in the BusinessObjects Enterprise XI Installation Guide. categories. universe restriction sets.rep documents to .5 suite. which when True. delivered with the BusinessObjects 6.x to BusinessObjects XI Migration Migration To import repository objects such as domains.x. documents. you can use the Report Migration Utility. • • • • Identification Strategy Logon Enable Real Time User Rights Update Enable Password Modification flag This maps to the User cannot change password property. users and groups. Password Validity settings 542 BusinessObjects Enterprise Administrator’s Guide .wid format. and reports from BusinessObjects 6. you use the Import Wizard. Here is a summary of what the Import Wizard does and doesn’t import: The Import Wizard imports: The Import Wizard doesn’t import: • • • • • • Users and groups WebIntelligence reports Universes Connections Categories Security • BusinessObjects documents To migrate . universes. means what it says.x to BusinessObjects Enterprise XI: Object User properties Specific migration information These properties are not mapped. Instructions are in the Report Migration Utility guide. • WebIntelligence OLAP • • • • Custom applications and interfaces created using the SDK Broadcast Agent Scheduler or Publisher tasks BusinessObjects Auditor Timestamps Migration and mapping of specific objects Here is some important information about migrating specific objects from BusinessObjects 6. This property must be reset manually by the administrator at the global level.

Document and universe domains become folders with the same name. User profiles Groups External groups Inbox documents Personal documents Categories Domains BusinessObjects Enterprise Administrator’s Guide 543 . After migration.x continue to refer to them in BusinessObjects Enterprise XI. Most BusinessObjects 6.x user profiles map to default groups in the new system.From BusinessObjects 6.x to BusinessObjects XI Migration A Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. which manage all document instances that have been scheduled or published to the repository.x map to appropriately-named user groups. When you import corporate categories. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI. Administrators need to create dynamic groups. The Import Wizard maps static LDAP groups. are not mapped to the Administrators group. but instead simply granted the appropriate rights on all imported objects. where only the BusinessObjects administrator and their owners have access to them. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6. Documents and universes cannot be imported unless their domain is imported as well. they are also migrated to the File Repository Servers. If Inbox already includes duplicate documents. Personal documents are imported to the user’s Favorites folder. object levels in BusinessObjects 6. For example.x domains. Supervisors. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels. General Supervisors become members of the Administrators groups. The Company group maps to the Everyone group. Inbox documents are imported to the Inbox folder. Dynamic groups are mapped with Enterprise authentication. on the other hand. Any personal or corporate categories that referred to these documents in BusinessObjects 6. Both personal and corporate categories are imported.

The Company group maps to the Everyone group. General Supervisors become members of the Administrators groups. object levels in BusinessObjects 6. The Import Wizard maps static LDAP groups. User profiles Groups External groups Inbox documents Personal documents Categories Domains 544 BusinessObjects Enterprise Administrator’s Guide . are not mapped to the Administrators group. where only the BusinessObjects administrator and their owners have access to them. If Inbox already includes duplicate documents. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels. When you import corporate categories. Dynamic groups are mapped with Enterprise authentication. Both personal and corporate categories are imported.A From BusinessObjects 6. Documents and universes cannot be imported unless their domain is imported as well.x domains. Supervisors.x to BusinessObjects XI Migration Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. For example. After migration. Inbox documents are imported to the Inbox folder. Document and universe domains become folders with the same name. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI.x continue to refer to them in BusinessObjects Enterprise XI. but instead simply granted the appropriate rights on all imported objects. which manage all document instances that have been scheduled or published to the repository.x map to appropriately-named user groups.x user profiles map to default groups in the new system. Most BusinessObjects 6. they are also migrated to the File Repository Servers. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6. Any personal or corporate categories that referred to these documents in BusinessObjects 6. Personal documents are imported to the user’s Favorites folder. on the other hand. Administrators need to create dynamic groups.

By default.x universe IDs are updated to BusinessObjects Enterprise XI IDs and CUIDs: • For universes: Universe ID. Delegated Administration does not support “modes”. Secured or Extended mode. WebIntelligence documents that used a BusinessObjects 6. General supervisors can limit other supervisors’ access by setting their scope management setting to Standard. Along with the ability to specify rights at the object level. each of which defines a different level of access to user/group information and management.g. Dashboard Manager. etc. Import attempts to set rights in the destination deployment that are at least as restrictive as the effective rights in the source deployment. imported “delegated administrators” will inherit the rights specified for the Everyone group for access to such objects. or only those associated with the WebIntelligence reports being imported. It is recommended to verify effective rights on imported objects for “delegated administrators” after import and to set appropriate rights for access to objects that only exist in BusinessObjects Enterprise XI and not in BusinessObjects 6. BusinessObjects Enterprise Administrator’s Guide 545 . Scope management Migration of user rights Key security features provided by BusinessObjects 6. A delegated administrator may nonetheless be able to view imported objects (such as connections) that were previously hidden in the source deployment.x (e. the two features are not strictly equivalent.x universe use the same universe in BusinessObjects Enterprise XI. BusinessObjects 6.x (as applied to the integrated components) are available in BusinessObjects XI.x to BusinessObjects XI Migration A Object Universes Specific migration information Users can choose between importing all universes and connections. in particular. and Performance Manager applications. connection ID.). calendars. BusinessObjects XI provides the ability to specify global rights for Web Intelligence. events.From BusinessObjects 6. This is true for all restrictions that limit modification and administration of objects. and core universe ID • For Web Intelligence reports: universe ID Scope management is a Supervisor option which allows you to control the extent of the access that all supervisors are granted to users and user groups. Although this feature is mapped to the Delegated Administration feature in Business Objects Enterprise XI.

domain folder.A From BusinessObjects 6.x Migrated to BusinessObjects Enterprise XI as. then hidden If disabled anywhere.. then denied Domain Access Right Document/ Universe Access Right Granted Denied If granted (or unspecified) anywhere: granted If granted anywhere: granted If unspecified or denied anywhere.x to BusinessObjects XI Migration The following identifies the migration path for integrated rights: Right Type in BusinessObjects 6.x) Product Access (PA) Right Default Value in Version 6. then disabled Otherwise. then denied Denied Denied 546 BusinessObjects Enterprise Administrator’s Guide . or content object Right to view domain folder Right to view content object Different default and aggregate rules The fundamental default and aggregate rules governing rights change radically in BusinessObjects Enterprise XI.x Default Value in Version XI Aggregation Rules Aggregation in Version 6. then denied If unspecified or denied anywhere. Product Access (PA) right Security Command right Domain Access right Document/Universe Access right Right to view application object Right to application object. enabled • • Hidden in 6. to maintain greater system security: Right Type (6.x = denied in XI If unspecified or denied anywhere. then denied Granted Denied (The Designer and Supervisor PA right is set to Denied on the root folder at install time..x Rules in Version XI If granted (or unspecified) anywhere: granted If unspecified or denied anywhere.) Enabled Denied Security Command Right • • • If hidden anywhere.

From BusinessObjects 6. or you can install on additional machines to distribute the load.5 supports heterogeneous clusters. The other “servers” in the intelligence layer. and deployment Here is an overview of key differences in installation. and deployment: In BusinessObjects 6.x to BusinessObjects XI Installation.x Server operating systems BusinessObjects 6. in which Business Objects servers are hosted on Windows and UNIX machines. At a minimum. This capability offers you the ability to scale your system vertically (more services on the same machine) or horizontally (more machines). To add a cluster node. you add additional cluster nodes to a cluster. This installs the entire set of processes required for system processing on each machine. can be hosted on machines running completely different (but supported) operating systems. you must install Business Objects server on the node machine. The CMS does not need to run on each machine. In BusinessObjects XI The CMS “servers” in a BusinessObjects Enterprise XI cluster must all be running on machines running the same operating system and version. configuration. such as the Job Server. configuration. however. and deployment A Installation. BusinessObjects Enterprise Administrator’s Guide 547 . You can distribute a single deployment’s transactional capabilities on the same machine by creating multiple instances of a “server”. configuration. Initial installation options • Desktop • • Server Custom • • • • • Client Server The Server option provides three installation options: New Expand Custom Distributed deployments To distribute processing. the Session Stack must be activated on each cluster node to share the transaction load.

you can select or create a new CMS database at any time using the Central Configuration Manager (CCM). For example. In a New server installation.A From BusinessObjects 6. is an integral part of BusinessObjects Enterprise installation.x Installation and the repository Repository creation is completely independent of the installation of Business Objects software. which includes the repository. the installation procedure automatically installs and configures Microsoft Data Engine (MSDE) as the CMS database. Command-line installation Application servers Application servers communicate with the Business Objects cluster through the ORB. MySQL is installed. When the installation is complete. the default user and group accounts are created. see “Deploying web applications” on page 550 applications” on page 550 in this table. then using it to configure the server as a client node of the cluster. For information on deploying web For information on deploying web applications on application servers. and the sample reports are published to the system. The WCA allows your application server to run BusinessObjects Enterprise applications making Crystal Web Requests. 548 BusinessObjects Enterprise Administrator’s Guide . the client and server components are installed. In BusinessObjects XI Setting up the CMS database. When you perform this installation. and deployment In BusinessObjects 6. and to host the Central Management Console. configuration. or by configuring the ORB manually. see “Deploying web applications on application servers. Silent installation You must install a Web Component Adapter (WCA) on any machine hosting an application server. After installation. If the application server is hosted on a machine which is neither a primary nor secondary node.x to BusinessObjects XI Installation. in this table. In similar circumstances in UNIX environments. you must configure the ORB on it in order to allow it to communicate with the cluster. InfoView doesn’t need it unless users will be viewing OLAP Intelligence documents. Installing BusinessObjects Enterprise XI on the same machine as the application server is called a server-side installation. Not all applications require the WCA. if you install a Central Management Server in a Windows environment. You configure the ORB on the application server machine either by installing the Configuration Tool on that machine. the servers are started as services on the local machine. and you do not choose to connect the CMS to an existing database.

Configuring clusters and the ORB You create clusters and configure their ORB on their nodes using the Configuration Tool. you specify where these XML files are located. OLAP Intelligence is installed separately. using the CMC. You can view your deployment’s current license keys. OLAP You install Web Intelligence for OLAP Data Sources using the standard installation process. When you install the first Central Management Server (typically a New install). This creates a cluster of one and sets the cluster up for subsequent Expand installs. License keys are stored in the CMS database. During installation.From BusinessObjects 6. as well as add or delete them. In BusinessObjects XI If you connect BusinessObjects Enterprise to a web server. BusinessObjects Enterprise Administrator’s Guide 549 . see web servers. This makes it part of the cluster. License key management Before installation. in this table. configuration.x to BusinessObjects XI Installation. The subsequent machines on which you install the CMS become part of a CMS cluster named <@Name of First CMS>. you copy your license key to a directory to which all nodes or application client machines have access. you specify the name of the first CMS you installed. For information on deploying web For information on deploying web applications on applications on web servers.x Web servers To configure the web server to work with a cluster. which add additional CMSs to the cluster. and deployment A In BusinessObjects 6. see “Deploying web applications” on “Deploying web applications” on page 550 page 550 in this table. the web server must be able to communicate with the machine that runs your Web Component Adapter (WCA). You configure the cluster’s primary node and then its secondary nodes. you must install a third-party connector to the cluster’s application server. At the installation of each additional CMS. you can define it as a cluster.

the Business Objects web applications are deployed automatically on the web and/or application server. and deployment In BusinessObjects 6. unless you are deploying to an existing Java application server. a command-line utility that you can run on all other supported application and/ or web servers. If you do not have a supported database client on the machine. the Configuration Tool can deploy the applications automatically on web and application servers. configuration.x suite.A From BusinessObjects 6. Otherwise. This allows the server to connect to it. After repository creation. J2EE only Custom web applications developed using the SDK Custom web applications developed using the SDK Although not part of the BusinessObjects 6. • You can use the wdeploy tool.x to BusinessObjects XI Installation. you must deploy web applications manually. Whenever you add a new CMS to a cluster in an Expand installation. To use your own database server. 550 BusinessObjects Enterprise Administrator’s Guide . you define the connection to the initial CMS’s database. This database will be configured during the install. Application Foundation applications can also be deployed. • You can manually deploy the application on all other supported web and/or application servers.x In BusinessObjects XI • • • • • Available web applications Administration Console InfoView Auditor Supervisor over the Web • • • • Central Management Console InfoView Performance Manager applications (formerly Application Foundation). you must copy the bomain. Repository creation You create the repository after installation and configuration. you must create a new. If you choose a New installation and are using IIS or Apache/Tomcat.key file corresponding to the repository on each node in the cluster. Deploying web applications You can deploy web applications in three ways: • If you’re using IIS or Tomcat/Apache. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database. empty database on your database server prior to running the installation. using the Supervisor application.

exe (Windows)/bolight (UNIX). Implementing an authentication method is broken down into selecting an authentication mode. which can be Repository. You implement an authentication method for each user. and as such. BusinessObjects 6. BusinessObjects Enterprise Administrator’s Guide 551 . When users log into the system. but may enter their authentication method as well. are designed to be multi-instance on cluster nodes. authentication is defined for an entire cluster and/or all desktop users.x applications use a very different security model than that provided with BusinessObjects Enterprise XI. security is much more granular. Through BusinessObjects 6. in any mixture of supported operating systems. The single exception is the Central Management Server. or on separate machines (for horizontal scaling). Security BusinessObjects 6.1.x to BusinessObjects XI Security A In BusinessObjects 6. is supported as a data source for Web Intelligence reports. administrators of BusinessObjects 6.5. External then Repository. certain modules such as WIQT. when you create the user’s account. which must run on the same operating system within a single cluster.x Multiple service instances In BusinessObjects 6. which can All CMS databases must support the Unicode protocol.5 also supports multiple Business Objects servers on the same UNIX box. Unicode databases are not supported for repositories or BusinessObjects documents. Unicode databases In BusinessObjects XI Multiple instances of the same service can run on the same machine (providing vertical scaling).x. or External. then its source. You can choose between Microsoft AD or an LDAP user management system for external authentication sources. In BusinessObjects XI. You use the Administration Console to set the number of instances in each process pool. The use of Unicode databases. Connection Server. they specify their username and password. and WIReportServer. BusinessObjects. store information in different languages and centralize all the information in a company.x systems are encouraged to read with attention the documentation shipped with BusinessObjects Enterprise XI.From BusinessObjects 6.

You can even assign multiple aliases. using the CMC.x to BusinessObjects XI Security In BusinessObjects 6. the Central applications where to find the repository’s management Server (CMS) verifies the user security domain. or create new aliases then assign them to exiting users in the system. Windows NT or Active Directory. users are automatically created.5. So if you are not using complex scenarios in which users can log on with both NT and LDAP authentications. Setting the authentication and authorization methods Up through version 6. you don’t need to create the settings for each user individually. At login.key tells Business Objects There is no bomain.1.A From BusinessObjects 6. Each CMS is configured either at installation or subsequently using the Central Management Console (CMC) to connect to a specific database.key file. 552 BusinessObjects Enterprise Administrator’s Guide . to a single user. or authentication modes. You select the authentication method for each user at the creation of the user’s account. If you import external users via LDAP.x In BusinessObjects XI bomain. Configuring authentication and authorization You set authentication/authorization for the entire cluster using the Security Configuration Tool. name and password against the security information stored in the CMS database. you set authentication/authorization for the entire cluster using the Security Configuration Tool.key The bomain. You configure authentication in the Authentication management area of the CMC.

universes. End-to-end single sign-on includes SSO to the database at the back end. You can apply user. See below. but not create documents. categories. Single Sign-On to BusinessObjects Enterprise can be provided through the use of third-party systems such as Windows AD or Netegrity SiteMinder. for example. • • • Enterprise authentication (automatically enabled when you install the system.x In BusinessObjects XI • • • • Available authentication modes Business Objects standard Windows-NTLM (similar to BusinessObjects XI Windows NT authentication) Single Sign-On • LDAP authentication Basic authentication (user Windows AD authentication authentication is delegated to the web server) Other authentication modes are available through add-in products.From BusinessObjects 6. This means. that you could allow a group to refresh document A.x) Windows NT authentication Single-Sign-On (SSO) To enable SSO. you must use Netegrity SiteMinder. BusinessObjects Enterprise Administrator’s Guide 553 . an industry standard method of controlling cascading security access. the restriction will apply regardless of the documents being used. you must use LDAP for external user management. Note: If you use SiteMinder. and role level security at the object level. but not refresh document B. such as SAP authentication. to documents. the imposition of restrictions is much more granular. Because of the use of Access Control Lists (ACL). and connections. group. and similar to Business Objects standard in version 6. but is available for certain authentication modes. You cannot restrict access at the object level. Authorization You can use security commands in Supervisor to restrict user and group access to functionalities in Business Objects products.x to BusinessObjects XI Security A In BusinessObjects 6. if you grant a group the right to refresh. For example. Single Sign-On is not a mode in itself. folders.

organize.x to BusinessObjects XI Administration Administration The administrative model applied to BusinessObjects Enterprise XI is very different from the BusinessObjects 6. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. the CCM takes into account only the servers running locally. The CCM comes in two forms. stop. • The Central Management Console (CMC) The CMC allows you to perform user management tasks such as setting up authentication and adding users and groups. and set security levels for all of your BusinessObjects Enterprise content. the CCM shell script (ccm.x model. At first.sh) allows you to manage servers from a command line. This tool allows you to start. On Windows. on Windows the CCM allows you to add servers to. these settings include default port numbers. Additionally. universes. In a Windows environment. server and cluster management. In a UNIX environment. or remove servers from your BusinessObjects Enterprise system.A From BusinessObjects 6. whenever the Central Management Server (CMS) is running. It also allows you to publish. In addition. and auditing. as well as view and configure advanced server settings. You can then connect to servers on a remote machine. and more. This section covers administrative tasks concerning the repository. 554 BusinessObjects Enterprise Administrator’s Guide . and disable Business Objects servers. SOCKS server connections. users and groups. enable. • The Central Configuration Manager The CCM is a server-management tool that allows you to view and configure each of your BusinessObjects Enterprise server components while Business Objects servers are offline. the CMC enables you to manage servers and create server groups. CMS database and clustering details.

you define the connection to the initial CMS’s database. To use your own database server. You can use Designer in online mode only.x to BusinessObjects XI Administration A In BusinessObjects 6.From BusinessObjects 6.x Repository creation and management You create your cluster’s repository after Business Objects installation and configuration. BusinessObjects Enterprise Administrator’s Guide 555 . using the Supervisor application. you must create a new. This means that unless you are logged into the repository. an initial Administrator and Guest account is is created when you create the created at installation. A “company name” group is automatically created at repository creation. you cannot work on a universe. This database will be configured during the install. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database. User/group creation and management You use Supervisor or Supervisor over the Web. Everyone If you’re using Windows NT/2000. an additional group called Business Objects NT Users is also created. Two default groups are automatically created at installation: • Administrators • Using Designer You can use Designer in online or offline mode. An initial General Supervisor account By default. In BusinessObjects XI If you do not have a supported database client on the machine. empty database on your database server prior to running the installation. You use the CMC. repository. Whenever you add a new CMS to a cluster in an Expand installation. This allows the server to connect to it.

depending on the type of setting you want to define. you use the Central Configuration Manager (CCM) to disable a Central Management Server (CMS). Under UNIX. Cluster server enable/disable You use the Administration Console. Auditor is not part of this release.x users refer to as modules. you start the cluster manually using the wstart command. You use the Central Management Console or the Central Configuration Manager.x Cluster start/stop Under Windows. Business Objects server to run automatically as a Windows service. during installation. Audit management You use the Audit facility in the Administration Console. you use the cms. You use the CMC. regardless of the operating system. you can use WINotify or the Start menu. Because the scheduler is incorporated into the CMS. total hard disk space. You can also use the Auditor application for enhanced system monitoring and analysis.x to BusinessObjects XI Administration In BusinessObjects 6. but this refers to what BusinessObjects 6. operating system. At installation. total RAM. Caution: You can use the CMC to disable/enable and even group servers. free hard disk space.sh script. number of CPUs. you can also set the In BusinessObjects XI You use the CCM to stop a Central Management Server (CMS). Note: You cannot use the Central Management Console (CMC) to stop a CMS. including information about the machine that the server is running on—its name. or use S99WebIntelligence to start it automatically on machine startup. 556 BusinessObjects Enterprise Administrator’s Guide . you can also configure the server to start automatically at machine startup. printers and file servers. The CMC allows you to configure what information you want each server/service to audit. You can also use the CMC to view server metrics. and whether you are online or offline. Setting up Broadcast Agent schedulers You create and manage schedulers using the Broadcast Agent Manager’s Properties page in the Administration Console. Server settings management You use the Administration Console.A From BusinessObjects 6. it comes automatically installed with BusinessObjects Enterprise XI and requires little or no additional configuration beyond setting up access to email servers. In UNIX. and local time. not the actual cluster nodes. In Windows.

x In BusinessObjects XI Viewing scheduled tasks You can view the full list of scheduled You cannot view a global list of scheduled jobs. as well as existing instances of the object (i. documents and their status using the You can view the status of one scheduled object at a Broadcast Agent Console. A sample application built using the Administration SDK and available from the BusinessObjects Enterprise User’s Launchpad also allows you to see all the jobs scheduled by any specific user. InfoView appearance and functionality management You can use Supervisor security commands to prevent users from modifying the default settings in the InfoView Options page. Users set the locale for their own interface in InfoView.e.x to BusinessObjects XI Administration A In BusinessObjects 6. BusinessObjects Enterprise Administrator’s Guide 557 . Setting locale You set the cluster’s language at installation. In InfoView. you can also view a list of an object’s instances by looking at the object’s history. Users can set the language of their interface in InfoView. InfoView uses the locale specified on the web server. You can modify the appearance and some functionality using the BusinessObjects Enterprise Applications management area in the CMC. you can subsequently use the Site Properties tab in the Administration Console to modify it. This list includes all scheduled jobs for the object. time in the CMC in the object’s History page. reports that have already been run and contain data).From BusinessObjects 6. You don’t specifically set the CMS locale. if they don’t.

or manual procedures.A From BusinessObjects 6. distributing and scheduling corporate data: In BusinessObjects 6. information sharing Reporting. wdeploy.x Reporting tools • BusinessObjects In BusinessObjects XI • • WebIntelligence WebIntelligence for OLAP Data Sources • • • • • Crystal Reports Web Intelligence OLAP Intelligence What reporting tools use universes? • BusinessObjects Crystal Reports Web Intelligence • WebIntelligence Crystal Reports can also connect directly to databases using a variety of methods including ODBC and native drivers. as well as enduser tasks such as accessing. It is available in JSP and ASP platforms. The out-of-the-box portal in BusinessObjects Enterprise XI is also called InfoView. 558 BusinessObjects Enterprise Administrator’s Guide . as well as XML and text files. InfoView InfoView is a web application that must be deployed after Business Objects installation using the Configuration Tool. Available for both Java and .x application. It can also use Business Views (the semantic layer from Crystal Enterprise) as a data source. analysis.x to BusinessObjects XI Reporting. information sharing This section includes information on available reporting tools. its interface is somewhat different from the BusinessObjects 6. analysis.NET platforms.

Folders contain actual copies of objects. • Categories are equivalent to BusinessObjects 6. these folders are called Favorites folders.From BusinessObjects 6. or InfoView (with reduced management capabilities) or Supervisor. There are two types of categories: • Corporate There are two kinds of categories: • Corporate • Personal • Personal Corporate categories can be created Corporate categories can be created either in from InfoView. These folders are organized within the CMC as User folders. BusinessObjects Enterprise Administrator’s Guide 559 . you can grant specific users or groups the right to create categories. You can set limits on folders. Within InfoView. while categories are used more for the classifying information regardless of its storage location. you can use categories to organize documents on a particular document list page. analysis. or object instances which have remained more than the specified number of days in the folder. • BusinessObjects Enterprise XI automatically creates a folder for each user in the system. Folders are created and managed from the CMC. information sharing A In BusinessObjects 6. which automate regular clean-ups of old Business Objects content by eliminating excess instances of particular objects. In BusinessObjects XI BusinessObjects Enterprise XI uses both categories and folders to organize documents. Folders are used for the storage location of information.x categories. You can use security commands to restrict access to corporate categories. from BusinessObjects or WebIntelligence. You do this by enabling the security command Manage All Categories or Manage My Categories. BusinessObjects. In the CMC you can restrict users’ and/or groups’ access to categories and folders. from the CMC (full management capabilities). called Personal Folders. As a general supervisor or supervisor. and to rename and delete the categories they create.x to BusinessObjects XI Reporting.x Categories Within InfoView. while categories simply point to objects.

or from InfoView.x to BusinessObjects XI Reporting. analysis.A From BusinessObjects 6. In BusinessObjects XI You schedule for refresh objects from the CMC or from InfoView. information sharing In BusinessObjects 6.x Scheduling You schedule for refresh documents and files either from 2-tier deployments of BusinessObjects. 560 BusinessObjects Enterprise Administrator’s Guide .

Use Designer to export universes to the repository. such as executables. • Creating other objects with BusinessObjects Enterprise plug-in components.x or Crystal Enterprise 10.From BusinessObjects 6. or scripts (Jscripts and VBscripts) to run at specified times. BusinessObjects Enterprise Administrator’s Guide 561 . Use the Central Management Console (CMC) when you are: • Publishing a single object.x to BusinessObjects XI Reporting. The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add any supported document to BusinessObjects Enterprise. Use the Publishing Wizard when you: • Have access to the locally installed application. • Using the OLAP Intelligence Application Designer. Publishing to the repository You add objects to the repository by: • Exporting universes from Designer or Supervisor • Adding users and groups and managing security settings from Supervisor and/or Supervisor over the Web • Saving documents to the repository from InfoView • Publishing documents from 2. You can publish objects to BusinessObjects Enterprise in several ways. Upload documents stored on your local computer when you’re using InfoView. Use the Import Wizard to migrate objects to a BusinessObjects Enterprise XI repository from BusinessObjects 6. • • • Taking care of other administrative tasks.x In BusinessObjects XI • • • You can schedule: BusinessObjects documents WebIntelligence reports WebIntelligence OLAP reports • • You can schedule: Crystal reports Web Intelligence reports You can also schedule program objects. Performing tasks remotely. Save directly to your Enterprise folders when you are: Designing reports with Crystal Reports or Web Intelligence. Java programs. analysis. information sharing A In BusinessObjects 6.and 3-tier deployments of BusinessObjects • Are adding multiple objects or an entire directory.

COM 562 BusinessObjects Enterprise Administrator’s Guide .A From BusinessObjects 6.x to BusinessObjects XI SDK SDK In BusinessObjects 6.x Development platforms • Java In BusinessObjects XI • WebServices • • • • Java WebServices .NET .

Rights and Access Levels appendix .

object-specific rights to this list. Other BusinessObjects Enterprise plug-in components may in future add their own. Description used in the CMC Respect current security by inheriting rights from parent groups Respect current security by inheriting rights from parent folders Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Define server groups to process jobs Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data View objects that the user owns Edit objects that the user owns Modify the rights users have to objects that the user owns Name used in the SDK AdvancedInheritGroups AdvancedInheritFolders ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightPickMachines ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerView ceRightOwnerEdit ceRightOwnerModifyRights 564 BusinessObjects Enterprise Administrator’s Guide .B Rights and Access Levels Rights Rights This table lists the rights available within the Advanced Rights page of the Central Management Console (CMC). The table matches the descriptions used in the CMC with the programmatic name that developers use when assigning rights with the BusinessObjects Enterprise SDK.

For details. That is. No Access This access level ensures that all rights remain unspecified.Rights and Access Levels Access levels B Description used in the CMC Delete objects that the user owns Delete instances that the user owns View document instances that the user owns Name used in the SDK ceRightOwnerDelete ceRightOwnerDeleteInstance ceRightOwnerViewInstance Pause and resume document instances ceRightOwnerPauseResume that the user owns Schedule Access levels This section lists the rights that constitute each of the predefined access levels that are available through the Advanced Rights page of the Central Management Console (CMC). see “Object rights for the Report Application Server” on page 568. When rights are unspecified. rights are neither explicitly granted nor explicitly denied. View Description used in the CMC View objects View document instances Name used in the SDK ceRightView ceRightViewInstance Schedule Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines BusinessObjects Enterprise Administrator’s Guide 565 . the system denies the right by default. Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS).

B Rights and Access Levels Access levels Description used in the CMC Copy objects to another folder Schedule to destinations View document instances Print the report’s data Export the report’s data Edit objects that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerPauseResumeSchedule Delete instances that the user owns ceRightOwnerDeleteInstance View On Demand Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Copy objects to another folder Schedule to destinations View document instances Print the report’s data Refresh the report’s data Export the report’s data Edit objects that the user owns Delete instances that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerDeleteInstance ceRightOwnerPauseResumeSchedule 566 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide 567 .Rights and Access Levels Default rights on the top-level folder B Full Control Description used in the CMC Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data Name used in the SDK ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport Define server groups to process jobs ceRightPickMachines Default rights on the top-level folder The top-level BusinessObjects Enterprise folder serves as the root for all other folders and objects that you add to the system. This folder provides the following rights by default: • • The Everyone group is granted the Schedule access level. The Administrators group is granted the Full Control access level.

You must also grant users a minimum set of object rights. To ensure that users retain the ability to perform additional reporting tasks (such as copying. When users view reports through the Advanced DHTML viewer and the RAS. change the access level to Advanced. printing.B Rights and Access Levels Object rights for the Report Application Server Object rights for the Report Application Server To allow users to create or modify reports over the Web through the Report Application Server (RAS). as appropriate) Edit objects Refresh the report’s data Export the report’s data User must also have permission to add objects to at least one folder before they can save new reports back to BusinessObjects Enterprise. When you grant users these rights to a report object. they can select the report as a data source for a new report or modify the report directly: • • • • View objects (or “View document instances”. 568 BusinessObjects Enterprise Administrator’s Guide . you allow them to modify the report by changing the access level to Advanced and explicitly granting the additional Edit objects right. For instance. The extra Edit objects right is not required. you must have RAS Report Modification licenses available on your system. and add any of the required rights that are not already granted. Tip: For more information about RAS Report Modification licenses. see “Licensing overview” on page 530. and so on). scheduling. the View access level is sufficient to display the report. it’s recommended that you first assign the appropriate access level and update your changes. Then. but View On Demand is required to actually use the advanced search features. if users already have View On Demand rights to a report object.

Configuring NTFS Permissions appendix .

Configuring NTFS permissions for BusinessObjects Enterprise components Each component requires a user account with certain NTFS access rights to specific files and folders. Ensure that each component is running on the correct user account. For details on changing server user accounts. even after you repeatedly enter the correct database logon information. users may be unable to access reports over the Web. insufficient New Technology File System (NTFS) permissions on the server can cause a number of problems. 570 BusinessObjects Enterprise Administrator’s Guide . NTFS provides security for file storage in Microsoft Windows.C Configuring NTFS Permissions Configuring NTFS permissions Configuring NTFS permissions When you view reports over the Web. see “Changing the server user account” on page 146. For information on changing NTFS permissions. a report may not appear in the viewer. To troubleshoot NTFS permissions. and make sure the user account has the required NTFS permissions. For example. If a BusinessObjects Enterprise component is running on a user account that does not have the required NTFS permissions. ensure that each BusinessObjects Enterprise component uses an account with the appropriate permissions. see the Microsoft Windows help. You may need to change the user account or change the NTFS access for particular files and folders.

However. For details on changing the user account. these accounts provide sufficient access to files and folders on the local machine. see “Changing the server user account” on page 146. Ensure this user account has the appropriate NTFS permissions for specific folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • C:\Winnt\system32 C:\Program Files\BusinessObjects Enterprise\Web Content\enterprise C:\Program Files\BusinessObjects Enterprise\WCA\CRImages C:\Program Files\BusinessObjects Enterprise\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\BusinessObjects Enterprise\WCA\Logging • • • Write • Note: This table shows the default installation paths. File Repository Servers (FRS) The Input and Output File Repository Servers (Input and Output FRS) use the local System account by default. BusinessObjects Enterprise Administrator’s Guide 571 . If your BusinessObjects Enterprise deployment includes OLAP Intelligence. the Central Management Server uses the LocalSystem account to access resources and BusinessObjects Enterprise components. if the Input or Output FRS needs access to directories on other machines. the WCA user account also needs Read permission for the OLAP Intelligence FileStore\Input folder.Configuring NTFS Permissions Configuring NTFS permissions C Web Component Adapter (WCA) By default. set its user account to a domain user account with local administrative access to all computers hosting BusinessObjects Enterprise components.

Ensure that the System account has the appropriate NTFS permissions for specific files and folders: NTFS rights Folders • • Read & Execute Write • • C:\Winnt\system32\drivers\etc\hosts C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\CITemp 572 BusinessObjects Enterprise Administrator’s Guide . This account does not need access to other machines. If the Input folder or the Output folder does not exist.C Configuring NTFS Permissions Configuring NTFS permissions Ensure that the user account for the Input FRS has the appropriate NTFS permissions for the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input For the Output FRS. make sure the user account has access to the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Output C:\Program Files\Business Objects\ BusinessObjects Enterprise 11\FileStore\Output Note: • • The Input and Output File Repository Servers cannot share the same directories. the respective FRS creates it when the service starts. Central Management Server (CMS) The CMS uses the local System account by default.

For details on changing the user account. If the CMS. For details on changing the user account. see “Changing the server user account” on page 146. or the Output FRS is not located on the same machine as the Job Server. Ensure that the Job Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore • Write BusinessObjects Enterprise Administrator’s Guide 573 . see “Changing the server user account” on page 146. set the Job Server’s user account to a domain user account that has local administrative access to all computers hosting these components.Configuring NTFS Permissions Configuring NTFS permissions C Cache Server The Cache Server uses the local System account by default. you must set its user account to a domain user account that has local administrative access to all computers hosting components. The Job Server must use a different user account if it needs to access BusinessObjects Enterprise components on other machines. If the Cache Server needs to access BusinessObjects Enterprise components on other machines. Ensure that the Cache Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • • Job Server Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\Business Objects\WCA The Job Server uses the local System account by default. the Input FRS.

For most BusinessObjects Enterprise deployments. the reporting database is located on a separate machine. Ensure that the Page Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\WCA • Write • 574 BusinessObjects Enterprise Administrator’s Guide .C Configuring NTFS Permissions Configuring NTFS permissions Page Server The Page Server connects to the database to retrieve the information needed to build the report. For details on changing the user account. see “Changing the server user account” on page 146. If the Page Server is on a different machine from the database. you must change the Page Server’s user account from the default local System account to a domain user account with local administrative access to the computer hosting the reporting database.

Customizing the appearance of Web Intelligence documents appendix .

The defaultconfig.xml. To do so.xml file is modified and saved. open the defaultconfig. you can change the default appearance of many interface elements: • • • • fonts and font sizes for tables. Back