BusinessObjects Enterprise™ XI Administrator’s Guide

BusinessObjects Enterprise XI

Patents

Business Objects owns the following U.S. patents, which may cover products that are offered and sold by Business Objects: 5,555,403, 6,247,008 B1, 6,578,027 B2, 6,490,593 and 6,289,352. Business Objects, the Business Objects logo, Crystal Reports, and Crystal Enterprise are trademarks or registered trademarks of Business Objects SA or its affiliated companies in the United States and other countries. All other names mentioned herein may be trademarks of their respective owners. Copyright © 2004 Business Objects. All rights reserved.

Trademarks

Copyright

Contents
Chapter 1 Introduction to BusinessObjects Enterprise XI Administrator’s Guide 21 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Who should use this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Business Objects information resources . . . . . . . . . . . . . . . . . . . . . . . 22 Chapter 2 What’s New in BusinessObjects Enterprise 25

Welcome to BusinessObjects Enterprise XI . . . . . . . . . . . . . . . . . . . . . . . . 26 About this version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Supported products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 New features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 End-user experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Report design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Developer flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 System administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Chapter 3 Administering BusinessObjects Enterprise 35

Administration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Central Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Logging on to the Central Management Console . . . . . . . . . . . . . . . . 37 Navigating within the Central Management Console . . . . . . . . . . . . . . 38 Setting console preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Setting the Query size threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Logging off of the Central Management Console . . . . . . . . . . . . . . . . 41 Using the Central Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the CCM for UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Making initial security settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Setting the Administrator password . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

BusinessObjects Enterprise Administrator’s Guide

3

Contents

Modifying the default security levels . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing universe connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Managing InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Managing Web Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Managing Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Accessing the Discussions page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Searching for discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Sorting search results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Deleting discussion threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Setting user rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Chapter 4 BusinessObjects Enterprise Architecture 53

Architecture overview and diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Client tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 InfoView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Management Console (CMC) . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Central Configuration Manager (CCM) . . . . . . . . . . . . . . . . . . . . . . . . . 57 Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Application tier components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Web development platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Web application environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Central Management Server (CMS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Cache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Report Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Program Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Web Intelligence Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

4

BusinessObjects Enterprise Administrator’s Guide

Contents

Web Intelligence Report Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Report Application Server (RAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Destination Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 List of Values Job Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Page Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Data tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Report viewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Information flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 What happens when you schedule an object? . . . . . . . . . . . . . . . . . . 70 What happens when you view a report? . . . . . . . . . . . . . . . . . . . . . . . 71 Choosing between live and saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Live data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Saved data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Chapter 5 Managing and Configuring Servers 77

Server management overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Viewing current metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing current server metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Viewing system metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Viewing and changing the status of servers . . . . . . . . . . . . . . . . . . . . . . . . 82 Starting, stopping, and restarting servers . . . . . . . . . . . . . . . . . . . . . . 82 Stopping a Central Management Server . . . . . . . . . . . . . . . . . . . . . . . 84 Enabling and disabling servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Printing, copying, and refreshing server status . . . . . . . . . . . . . . . . . . 86 Configuring the application tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Configuring the Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . 89 Configuring the intelligence tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Clustering Central Management Servers . . . . . . . . . . . . . . . . . . . . . . . 92 Copying data from one CMS database to another . . . . . . . . . . . . . . . . 98 Deleting and recreating the CMS database . . . . . . . . . . . . . . . . . . . . 108 Selecting a new or existing CMS database . . . . . . . . . . . . . . . . . . . . 109 Setting root directories and idle times of the File Repository Servers 110 Modifying Cache Server performance settings . . . . . . . . . . . . . . . . . 112

BusinessObjects Enterprise Administrator’s Guide

5

Contents

Modifying the polling time of the Event Server . . . . . . . . . . . . . . . . . . 114 Configuring the processing tier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Modifying Page Server performance settings . . . . . . . . . . . . . . . . . . . 115 Modifying database settings for the RAS . . . . . . . . . . . . . . . . . . . . . . 118 Modifying performance settings for the RAS . . . . . . . . . . . . . . . . . . . . 120 Modifying performance settings for job servers . . . . . . . . . . . . . . . . . 121 Configuring the Web Intelligence Report Server . . . . . . . . . . . . . . . . . 122 Configuring the destinations for job servers . . . . . . . . . . . . . . . . . . . . 125 Configuring Windows processing servers for your data source . . . . . 132 Configuring UNIX processing servers for your data source . . . . . . . . 133 Logging server activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Advanced server configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Changing the default server port numbers . . . . . . . . . . . . . . . . . . . . . 140 Configuring a multihomed machine . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Adding and removing Windows server dependencies . . . . . . . . . . . . 144 Changing the server startup type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Changing the server user account . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Configuring servers for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Chapter 6 Managing Server Groups 151

Server group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Creating a server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Working with server subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Modifying the group membership of a server . . . . . . . . . . . . . . . . . . . . . . 155 Chapter 7 Scaling Your System 157

Scalability overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Common configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 One-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Three-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Six-machine setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 General scalability considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Increasing overall system capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

6

BusinessObjects Enterprise Administrator’s Guide

Contents

Increasing scheduled reporting capacity . . . . . . . . . . . . . . . . . . . . . . 163 Increasing on-demand viewing capacity for Crystal reports . . . . . . . 164 Increasing prompting capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Delegating XSL transformation to Internet Explorer . . . . . . . . . . . . . 165 Enhancing custom web applications . . . . . . . . . . . . . . . . . . . . . . . . . 166 Improving web response speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Getting the most from existing resources . . . . . . . . . . . . . . . . . . . . . 167 Adding and deleting servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Adding a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Deleting a server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Chapter 8 Managing BusinessObjects Enterprise Repository 173

BusinessObjects Enterprise Repository overview . . . . . . . . . . . . . . . . . . 174 Copying data from one repository database to another . . . . . . . . . . . . . . 174 Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Copying data from a Crystal Enterprise 9 repository database . . . . . 176 Copying data from a Crystal Reports 9 repository database . . . . . . . 177 Refreshing repository objects in published reports . . . . . . . . . . . . . . . . . 179 Chapter 9 Working with Firewalls 181

Firewalls overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 What is a firewall? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Firewall types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Understanding firewall integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Communication between servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Firewall configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Typical firewall scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Configuring the system for firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Configuring for Network Address Translation . . . . . . . . . . . . . . . . . . 190 Configuring for packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Configuring for SOCKS servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

BusinessObjects Enterprise Administrator’s Guide

7

Contents

Chapter 10

Managing Auditing

203

Auditing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 How does auditing work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Which actions can I audit? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Configuring the auditing database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Enabling auditing of user and system actions . . . . . . . . . . . . . . . . . . . . . . 210 Controlling synchronization of audit actions . . . . . . . . . . . . . . . . . . . . . . . 212 Optimizing system performance while auditing . . . . . . . . . . . . . . . . . . . . . 213 Using sample audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Creating custom audit reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Auditing database schema reference . . . . . . . . . . . . . . . . . . . . . . . . . 218 Chapter 11 BusinessObjects Enterprise Security Concepts 227

Security overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Authentication and authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Primary authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Secondary authentication and authorization . . . . . . . . . . . . . . . . . . . . 230 About single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Security management components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Web Component Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Security plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Processing extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Active trust relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Logon tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Ticket mechanism for distributed security . . . . . . . . . . . . . . . . . . . . . . 243 Sessions and session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 WCA session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 CMS session tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Environment protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web browser to web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Web server to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 246 Auditing web activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

8

BusinessObjects Enterprise Administrator’s Guide

Contents

Protection against malicious logon attempts . . . . . . . . . . . . . . . . . . . . . . 247 Password restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Logon restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 User restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Guest account restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Chapter 12 Managing User Accounts and Groups 249

What is account management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Default groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Available authentication types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Managing Enterprise and general accounts . . . . . . . . . . . . . . . . . . . . . . . 253 Creating an Enterprise user account . . . . . . . . . . . . . . . . . . . . . . . . . 254 Adding a user to groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Modifying a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Deleting a user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 Changing password settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Creating a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Adding users to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Modifying a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Viewing group members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Deleting a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Disabling the Guest account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Granting access to users and groups . . . . . . . . . . . . . . . . . . . . . . . . 262 Managing LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Configuring LDAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Mapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 Unmapping LDAP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Viewing mapped LDAP users and groups . . . . . . . . . . . . . . . . . . . . . 272 Changing LDAP connection parameters and member groups . . . . . 272 Managing multiple LDAP hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Troubleshooting LDAP accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

BusinessObjects Enterprise Administrator’s Guide

9

Contents

Managing AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Mapping AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Unmapping AD groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Viewing mapped AD users and groups . . . . . . . . . . . . . . . . . . . . . . . . 280 Troubleshooting AD accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Setting up AD single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 Managing NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Mapping NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Unmapping NT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Viewing mapped NT users and groups . . . . . . . . . . . . . . . . . . . . . . . . 289 Troubleshooting NT accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Setting up NT single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Managing aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating a user and a third-party alias . . . . . . . . . . . . . . . . . . . . . . . . 294 Creating an alias for an existing user . . . . . . . . . . . . . . . . . . . . . . . . . 296 Assigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Reassigning an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Deleting an alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Disabling an aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Configuring Kerberos single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Setting up a service account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Configuring the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Configuring the Windows AD plug-in for Kerberos authentication . . . 301 Configuring the cache expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring the IIS and browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Configuring IIS for end-to-end single sign-on . . . . . . . . . . . . . . . . . . . 305 Configuring IIS for single sign-on to databases only . . . . . . . . . . . . . . 309 Configuring BusinessObjects Enterprise web applications . . . . . . . . . 312 Mapping AD accounts for Kerberos single sign-on . . . . . . . . . . . . . . . 313 Configuring the databases for single sign-on . . . . . . . . . . . . . . . . . . . 313

10 BusinessObjects Enterprise Administrator’s Guide

Contents

Chapter 13

Controlling User Access

315

Controlling user access overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Controlling users’ access to objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Setting object rights for users and groups . . . . . . . . . . . . . . . . . . . . . 317 Viewing object rights settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Setting common access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Setting advanced object rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 Using inheritance to your advantage . . . . . . . . . . . . . . . . . . . . . . . . . 325 Inheritance with advanced rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Customizing a ‘top-down’ inheritance model . . . . . . . . . . . . . . . . . . . 331 Controlling access to applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Controlling administrative access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Controlling access to users and groups . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to user inboxes . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Controlling access to servers and server groups . . . . . . . . . . . . . . . . 353 Controlling access to universes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Controlling access to universe connections . . . . . . . . . . . . . . . . . . . . 355 Chapter 14 Organizing Objects 357

Organizing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 About folders and categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Working with folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Creating and deleting folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 Copying and moving folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Adding a report to a new folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Specifying folder rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Setting limits for folders, users, and groups . . . . . . . . . . . . . . . . . . . . 365 Managing User Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Working with categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Creating and deleting categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Moving categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Adding an object to a new category . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Removing or deleting objects from a category . . . . . . . . . . . . . . . . . . 370

BusinessObjects Enterprise Administrator’s Guide 11

Contents

Specifying category rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Managing personal categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Chapter 15 Publishing Objects to BusinessObjects Enterprise 373

Publishing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Publishing options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Publishing with the Publishing Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Logging on to BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . 376 Adding objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Creating and selecting a folder on the CMS . . . . . . . . . . . . . . . . . . . . 377 Moving objects between folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Duplicating the folder structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Adding objects to a category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Changing scheduling options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Refreshing repository fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Selecting a program type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Specifying program credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing default values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Changing object properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Entering database logon information . . . . . . . . . . . . . . . . . . . . . . . . . 382 Setting parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Setting the schedule output format . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Adding extra files for programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Specifying command line arguments . . . . . . . . . . . . . . . . . . . . . . . . . 384 Finalizing the objects to be added . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 Publishing with the Central Management Console . . . . . . . . . . . . . . . . . . 385 Saving objects directly to the CMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Chapter 16 Importing Objects to BusinessObjects Enterprise 389

Importing information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 Importing information from BusinessObjects Enterprise 6.x . . . . . . . . . . . 390 Before importing from BusinessObjects Enterprise 6.x . . . . . . . . . . . . 391 Importing objects from BusinessObjects Enterprise 6.x . . . . . . . . . . . 392

12 BusinessObjects Enterprise Administrator’s Guide

Contents

Importing information from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 396 Importing objects from Crystal Enterprise . . . . . . . . . . . . . . . . . . . . . 397 Importing information from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing objects from Crystal Info . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Importing with the Import Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Specifying the source and destination environments . . . . . . . . . . . . . 402 Selecting information to import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 Importing objects with rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Choosing an import scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Importing specific objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Finalizing the import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Chapter 17 Managing Objects 415

Managing objects overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 General object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Copying, moving, or creating a shortcut for an object . . . . . . . . . . . . 417 Deleting an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Searching for an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Sending an object or instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Changing properties of an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Assigning an object to categories . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Report object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 What are report objects and instances? . . . . . . . . . . . . . . . . . . . . . . 425 Setting report refresh options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426 Viewing the universes for a Web Intelligence document . . . . . . . . . . 427 Setting report processing options . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Applying processing extensions to reports . . . . . . . . . . . . . . . . . . . . 443 Working with hyperlinked reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 Program object management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 What are program objects and instances? . . . . . . . . . . . . . . . . . . . . 451 Setting program processing options . . . . . . . . . . . . . . . . . . . . . . . . . 453 Object package management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 What are object packages, components, and instances? . . . . . . . . . 460

BusinessObjects Enterprise Administrator’s Guide 13

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 Adding objects to an object package . . . . . 514 14 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Selecting a destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Choosing a format . . . . . . . . . . . . . 473 Setting the scheduling options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Schedule-based events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Deleting calendars . . . . . . . . . . . . . . . . 493 Scheduling an object for a user or group . . . . . . . . . . . . . 508 Chapter 20 Managing Events 509 Managing events overview . 495 Setting instance limits for an object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468 Scheduling objects using object packages . . . . . . . . . . . . . . . . . . . . . . . 476 Setting notification for an object’s success or failure . . . . . . . . . . . . . . . . . . . 471 Scheduling an object with events . . . 491 Selecting cache options for Web Intelligence documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 Managing instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Specifying alert notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 Scheduling objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Custom events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Chapter 18 Scheduling Objects 465 Scheduling objects overview . . . . . 510 File-based events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Managing and viewing the history of instances . . . . . . . . 466 About the scheduling options and parameters . . . . . . . . . . 502 Creating calendars . . 462 Authentication and object packages . . . . . . 461 Configuring object packages and their objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 Adding dates to a calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Chapter 19 Managing Calendars 501 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Creating an object package . . . . . . . . . . . 507 Specifying calendar rights . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . 515 Chapter 21 General Troubleshooting 517 Troubleshooting overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 BusinessObjects 6. . . . . 537 BusinessObjects XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518 Documentation resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 BusinessObjects Enterprise Administrator’s Guide 15 . .x to BusinessObjects XI 535 Product offering . . . . . . . . . . . . 520 Windows NT authentication cannot log you on . . . . . . . . . 523 Ensuring that server resources are available on local drives . . . . . . . 519 Unable to connect to CMS when logging on to the CMC . 532 Viewing current account activity . . 539 Migration . . . . . . 532 Appendix A From BusinessObjects 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531 Adding a license key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Setting default report destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Web accessibility issues . . . . . . . . . . . . . . . . . . . . 536 Architecture . . . . . . . . . . . . . . . . . . . . . . . . 527 Chapter 22 Licensing Information 529 Licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520 Report viewing and processing issues . . . . . . .Contents Specifying event rights . . . . . . . . . . . . . . . . . . . 527 InfoView considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538 Basic terminology . . . . . . . . . . . . . . . . . 542 Migration and mapping of specific objects . . . . . . . . . . . . . . . . . . 521 Troubleshooting reports and looping database logon prompts . . . . . . . . . . . . . . . . . . . . . . . . . . 530 Accessing license information . . . . . . . . . . 526 Page Server error when viewing a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Supporting users in multiple time zones . . . . . . . . . . . . . 521 Troubleshooting reports with Crystal Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Using an IIS web site other than the default . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Migration of user rights .

. . 566 Full Control . . . . . . . . . . . 570 Appendix D Customizing the appearance of Web Intelligence documents 575 Customizing the appearance of Web Intelligence documents . . . . . . . . . . . . . . . . . . 590 16 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580 Example: Modifying the default font in table cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xml file . . . . . configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . and deployment . . . . . . . . . 586 Page Server and Cache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581 Appendix E Server Command Lines 583 Command lines overview . . . . . . . . . . . . . . . . . . . . . . . . 584 Standard options for all servers . . . . . . . . . . . . . . . . . . analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 View On Demand . . . . .Contents Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 View . . . . . . . . . . . . . . . . . . . . . . . . . 576 What you can do with the defaultconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Job servers . 565 No Access . . . . . . . . 570 Configuring NTFS permissions for BusinessObjects Enterprise components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585 Central Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 Appendix B Rights and Access Levels 563 Rights . information sharing . . . . . . . . . . . . 577 Locating and modifying defaultconfig. . . . . . .xml . . . . . . . . . . . . . . . . . . 567 Object rights for the Report Application Server . . . . . . . . 578 List of key values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 Appendix C Configuring NTFS Permissions 569 Configuring NTFS permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567 Default rights on the top-level folder . . . . . . . . . . 564 Access levels . . . . . . . . . . . 547 Security . . . . . . . . . . . . . . . . 551 Administration . . . . 558 SDK . . . . .

. . . . . . . . . . . . . . . . 605 Scripts used by BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . 601 serverconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Script utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601 configpatch. . . . . . . . . . . . . . 605 silentinstall. . . . . . . . . . . . . . . . . . . . . . . .sh . 603 uninstallBOBJE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 startservers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 setupinit. . 593 Input and Output File Repository Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 Script templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 bobjerestart. . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . 610 Deploying BusinessObjects Enterprise internationally . . .sh . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . 598 cmsdbsetup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 postinstall. .Contents Report Application Server . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . 607 setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 initlaunch. . . . . . . . . . . 606 patchlevel. . . . . . . . . . . .sh . .sh . . . . . . . 607 Appendix G International Deployments 609 International deployments overview . . . . . . . . . . . . . . . 606 env. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 stopservers . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . 610 Planning an international BusinessObjects Enterprise deployment . . 602 sockssetup. . . . . . . 594 Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 env-locale. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . 591 Web Intelligence Report Server . . . . . . . . . . . . . . 611 Providing a client tier for multiple languages . . . . . . . . . . . . . . . . . . 598 ccm. . . . . . . . . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . 595 Appendix F UNIX Tools 597 UNIX tools overview . . . . 613 BusinessObjects Enterprise Administrator’s Guide 17 . . . . . .sh . .sh . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . 619 Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . consulting and training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 About the accessibility guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . 628 Accessibility and conditional formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Contents Appendix H Creating Accessible Reports 615 About accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Accessibility and BusinessObjects Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629 Accessibility and suppressing sections . . . . . . . . . . 631 Text objects and data table values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 18 BusinessObjects Enterprise Administrator’s Guide . . . . . . . . . . . . . 642 Send us your feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630 Accessibility and subreports . . . . . . . . . . . . . . . . . . . . . . . . . 621 Color . . . . . . 643 How can we support you? . . . . . . . . 642 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642 Where is the documentation? . . . . . . . . . . . . . . . . . . . . . . 626 Parameter fields . . . . . . . . 637 Accessibility and customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631 Improving data table accessibility . . 616 Benefits of accessible reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 Accessibility and Business Objects products . . . . . . . . . . . . . . . . 637 Setting accessible preferences for BusinessObjects Enterprise . . . . . . . . . . . . . . 643 Customer support. . 642 What’s in the documentation set? . . . 638 Resources . . . . . . . . . . . . . . 632 Other data table design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644 Looking for training options? . . . . . . . . . . . . . . 625 Navigation . . . . . . . . . . . . 618 Improving report accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Placing objects in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Looking for the best deployment solution for your company? . . . . . . 640 Appendix I Business Objects Information Resources 641 Documentation and information services . . 627 Designing for flexibility . . . . . . . . . .

. . . . . . . . . .Contents Useful addresses at a glance . . . . . . . . . . . . . . . . . . . . . . . 644 Index 647 BusinessObjects Enterprise Administrator’s Guide 19 . .

Contents 20 BusinessObjects Enterprise Administrator’s Guide .

Introduction to BusinessObjects Enterprise XI Administrator’s Guide chapter .

as is a general understanding of web server management and scripting technologies. However. extranet. managing. analysis. Online versions of these guides are included in the doc directory of your product distribution. Familiarity with your operating system and your network environment is certainly beneficial. and reliable solution for delivering powerful. the BusinessObjects Enterprise Installation Guide. scalable. providing customers with personalized service offerings. BusinessObjects Enterprise provides a solution for increasing enduser productivity and reducing administrative efforts. Internet or corporate portal. For more information about the product. Whether it is used for distributing weekly sales reports. As an integrated suite for reporting. this guide aims to provide sufficient background and conceptual information to clarify all administrative tasks and features. and the BusinessObjects Enterprise User’s Guide. consult the BusinessObjects Enterprise Getting Started Guide. Procedures are provided for common tasks. BusinessObjects Enterprise delivers tangible benefits that extend across and beyond the organization. Once you install BusinessObjects Enterprise.Contents About this guide This guide provides you with information and procedures covering a wide range of administrative tasks. and consulting services. Business Objects information resources For more information and assistance. Who should use this guide? This guide is intended for system administrators who are responsible for configuring. BusinessObjects Enterprise is a flexible. with links to online resources. Conceptual information and technical details are provided for all advanced topics. and information delivery. or integrating critical information into corporate portals. interactive reports to end users via any web application— intranet. see Appendix I: Business Objects Information Resources. This appendix describes the Business Objects documentation. and maintaining a BusinessObjects Enterprise installation. in catering to all levels of administrative experience. they are also accessible from the BusinessObjects Enterprise Launchpad. 22 BusinessObjects Enterprise Administrator’s Guide . training. customer support.

Contents BusinessObjects Enterprise Administrator’s Guide 23 .

Contents 24 BusinessObjects Enterprise Administrator’s Guide .

What’s New in BusinessObjects Enterprise chapter .

Supported products All Business Objects products are now available under the same platform. BusinessObjects Enterprise XI provides full support for the management. and analysis. and report design options. It also provides platform-level support for semantic layers. and interaction for the following products and versions: • • • • Crystal Reports XI BusinessObjects Web Intelligence XI BusinessObjects OLAP Intelligence XI BusinessObjects Data Integrator XI 26 BusinessObjects Enterprise Administrator’s Guide . data integration. Thanks to the extensive upgrade and content migration support provided in BusinessObjects Enterprise XI. web. querying. and data integration capabilities from the Business Objects product line. BusinessObjects Enterprise provides full web-based administration and configuration of the entire system. This chapter provides an overview of the new features and enhancements available in this version of BusinessObjects Enterprise. This release extends the robust information infrastructure provided by earlier versions of BusinessObjects Enterprise and Crystal Enterprise. About this version BusinessObjects Enterprise provides an industry-standard. existing customers can leverage their current investments in Business Objects and Crystal technology. administration capabilities. and application investments without imposing a new set of standards and processes. delivery. proven architecture based largely on an enhanced version of the Crystal Enterprise architecture. and security. security. supplemented by powerful query and analysis. BusinessObjects Enterprise is designed to integrate seamlessly with existing data. from presentation-quality reporting to in-depth data analysis. BusinessObjects Enterprise XI brings together features from across the Business Objects product line to meet the diverse needs of users.2 What’s New in BusinessObjects Enterprise Welcome to BusinessObjects Enterprise XI Welcome to BusinessObjects Enterprise XI BusinessObjects Enterprise XI is the business intelligence platform that supports the entire range of reporting. This version includes a variety of major enhancements spread across our data access methods.

New features BusinessObjects Enterprise XI represents the full integration of traditional Business Objects and Crystal products. The categorization of documents enables users to locate information more easily regardless of where it is stored within the system. Excel spreadsheets. BusinessObjects Enterprise Administrator’s Guide 27 . you will notice a wide range of new features in BusinessObjects Enterprise XI. Categories If you are upgrading or migrating from an existing Crystal Enterprise deployment. Whether you have an existing BusinessObjects Enterprise system or a Crystal Enterprise system.5. Folders and categories work together to provide strong navigation capabilities. Then you can share the resulting Office documents securely using BusinessObjects Enterprise. Categories provide an effective way of classifying documents that makes it easier for users to organize documents. combining the best features of each product line. you can organize documents according to multiple criteria and improve both security and navigation. you can manage your Office documents the same way you manage your business intelligence documents. and setting appropriate rights for them. BusinessObjects Enterprise XI also supports the following add-in components: • BusinessObjects Enterprise Live Office XI Use Live Office to embed your business intelligence data into Word documents. categories are used for classifying documents in BusinessObjects Enterprise. End-user experience BusinessObjects Enterprise XI provides a significantly enhanced user experience for all customers. you will notice the addition of categories to BusinessObjects Enterprise XI. If you’re migrating from BusinessObjects Enterprise 6. and PowerPoint presentations. By taking advantage of the security and management features of BusinessObjects Enterprise. consult the documentation provided with each component.What’s New in BusinessObjects Enterprise New features 2 For information about these products. you can import your existing categories with the Import Wizard. By creating a combination of folders and categories. Users can classify documents by using categories created by themselves and by others. Folders are used as a location to store documents. Complimentary to folders.

This functionality. users can view. see the BusinessObjects Enterprise Installation Guide. New features allow users to be even more productive. Through extensive testing and design. you can share knowledge about the information in the documents. combined with comprehensive support for the entire product line. InfoView is available as a . such as managers or VPs. InfoView BusinessObjects Enterprise XI introduces a new InfoView. create. For more information on migrating documents. the term publishing is related to sending a document to multiple users containing different information depending on the user rights. 28 BusinessObjects Enterprise Administrator’s Guide . Publishing In BusinessObjects Enterprise 6 systems. In BusinessObjects Enterprise XI. You can associate documents with multiple categories. From a single web environment.NET (ASPX) version or a J2EE version (JSP). and you can create subcategories within categories. By adding discussions to documents. allowing users to add comments to documents in BusinessObjects Enterprise. Users familiar with previous versions of InfoView or ePortfolio will see that old features have been fully updated and improved. Discussions Discussions provide threaded notes on all documents within BusinessObjects XI. The important features provided by the Broadcast Agent Publisher are provided in BusinessObjects Enterprise XI. The delivery of both . a completely updated business intelligence portal. you can add discussions to any document in the system either by selecting it from the document list or while the user is viewing the document.2 What’s New in BusinessObjects Enterprise New features For example. including scheduling to different formats. you could use categories to create an alternate filing system that divides content according to different roles in your organization. You can grant other users access to the threaded discussions to allow new users to keep track of historical comments added to the documents. traditionally provided by the Broadcast Agent Publisher and is now part of BusinessObjects Enterprise XI itself. the new look and feel is designed for intuitive user interaction. and interact with information.NET and J2EE versions gives the customer the flexibility of deploying InfoView in their established environment. if you currently organize your files into departmental folders. InfoView has been designed to allow users to do most tasks within the BI environment without the need of IT intervention. and scheduling directly to email or printers.

If you are migrating from an existing BusinessObjects Enterprise 6. including significant enhancements to parameters to allow for the dynamic generation of lists of values. Report design BusinessObjects XI includes Crystal Reports. You will also notice that scheduling is more integrated in Business Objects XI and includes new features such as business calendars.What’s New in BusinessObjects Enterprise New features 2 Scheduling BusinessObjects Enterprise XI provides scheduling capabilities for both Crystal reports and Web Intelligence documents. If you’re migrating from an existing BusinessObjects Enterprise deployment. Unlike other techniques that require special programming efforts. while Universes are accessible by both Crystal Reports as well as Web Intelligence. note that the Broadcast Agent Scheduler is no longer required. Crystal ReportsXI provides improved report design. Universes Universes are patented Business Objects technology. to help make the report design process even simpler. Business Views Business Views is a flexible and reliable multi-tier system that enables companies to build detailed and specific Business Views objects that help report designers and end users access the information they require. Semantic Layer BusinessObjects Enterprise XI includes both Universes and Business Views. They act as a semantic layer between the user and a database. All universe objects and their associated connections are stored and secured in the repository of BusinessObjects Enterprise XI itself. Note: Business Views can be used only by Crystal Reports. This secure mechanism allows a single report to serve the needs of multiple users by delivering only the specific subsets of information to each user according to their security profile. BusinessObjects Enterprise XI also provides the ability to schedule documents on behalf of others. BusinessObjects Enterprise Administrator’s Guide 29 . you can use Import Wizard to import your existing universes and their connection objects. the leading report design tool in the market. usability.x deployment. this solution is more manageable and can be applied to all documents designed from secured Universes or Business Views. and processing.

and so on). Report designers no longer need to maintain static prompt lists in individual reports. Recognizing the need for comprehensive support for different development environments.2 What’s New in BusinessObjects Enterprise New features Dynamic prompts and cascading lists of values Dynamic prompts and cascading lists are now available in Crystal Reports. improving both runtime scalability and design time productivity. A single prompt definition can be stored in the repository and shared among multiple reports. the BusinessObjects XI Web Services deliver a Session service (Session management. As in the integration pack. allowing prompt values to be populated from values in a database.NET and Java SDKs. Web Services The integration pack Web Services have been updated to support the new BusinessObjects XI platform features: • • • The Web Intelligence documents are served by the BusinessObjects XI Web Intelligence report engine. The LDAP authentication is natively supported.NET and Java APIs that are used to write applications that consume the provided web services. authentication. BusinessObjects Enterprise XI includes an enhanced version of the Unified Web Services provided with the BusinessObjects Crystal Integration Pack. Web Farm is support. although we recommend migrating to .NET or Java. BusinessObjects Enterprise XI provides extensive . and so on). category management. Developer flexibility BusinessObjects Enterprise development tools BusinessObjects Enterprise provides SDKs for enterprise application developers to build application and portal integration on top of the platform. a BICatalog service (InfoObject list. The consumers simplify application development. Unified Web Services includes server components (the providers) and both . Prompts can be arranged in a cascade. 30 BusinessObjects Enterprise Administrator’s Guide . Note: BusinessObjects Enterprise also continues to support existing development in COM. and a ReportEngine service (Crystal Reports and Web Intelligence document viewing including prompt and drill management). where one value in a prompt constrains values in subsequent picklists.

you will notice key differences in the architecture of BusinessObjects Enterprise XI. scalability. Categories. Improved query language. BusinessObjects Enterprise XI is built on a component. Management The Central Management Console provides users with a centralized point for administering a variety of details including scheduling. Support for Web Intelligence. and delivering information to your users. widely recognized as a highly scalable. and extensibility. it provides better flexibility. This leads to an increase in efficiency and performance. and the smart use of resources. Universes.What’s New in BusinessObjects Enterprise New features 2 BusinessObjects Enterprise SDK BusinessObjects Enterprise SDK has been enhanced to include: • • • • JavaServer Faces for BusinessObjects Enterprise XI. managing. Inbox. BusinessObjects Enterprise XI features built-in auditing features. As a services-oriented architecture. and auditing. offering dynamic growth. Enhanced Page Server One of the many improvements in BusinessObjects Enterprise XI is the enhanced Page Server.5 system. Java and Web Farms support. The service-oriented platform allows current Business Objects products such as Web Intelligence to plug directly into the framework without requiring extensive configuration. fault tolerance. reliable. security.or services-based architecture. Auditing Instead of using a separate auditing component. The Page Server has the ability to grow and create sub processes as required. and powerful platform by customers and industry experts alike. BusinessObjects Enterprise Administrator’s Guide 31 . improved reliability. Architecture If you are upgrading from an existing BusinessObjects Enterprise 6. BusinessObjects Enterprise XI inherits most of the new platform services from the proven Crystal Enterprise architecture. System administration BusinessObjects Enterprise provides an efficient and scalable architecture for processing.

BusinessObjects Enterprise XI includes enhanced support for session-level failover. The system also provides full support for replication of all server components. while individual services with auditing functionality are considered the auditees. If a processing service fails. group. for example). There is no migration or integration of the BusinessObjects Auditor product. The auditor role is fulfilled by the Central Management Server (CMS). Redundant components automatically take over the load if the system encounters a hardware failure or excessive wait times. another service identifies the failure and continues the processing. In a multi-server environment. and object level security is controlled using Access Control Lists (ACL). you need to balance the load across multiple machines. You can then create reports based on this auditing data. security. This means that the overall system. in order to enhance scalability and maintain efficient server performance. It applies a mixture of active and passive approaches to maximize server availability and minimize response time for your users. and authentication. as well as the individual services. The auditing functionality within BusinessObjects Enterprise has been implemented with the concept of a central auditor and individual server auditees. For more information on auditing. Security BusinessObjects Enterprise XI provides all of the existing security features currently supported in Crystal Enterprise. can be audited depending on the level of detail required. The enhanced fault tolerance ensures seamless reporting and query analysis for your users. see the auditing chapter of the BusinessObjects Enterprise Administrator’s Guide. User.2 What’s New in BusinessObjects Enterprise New features The auditing functionality of BusinessObjects Enterprise XI focuses on enabling administrators to gain a better understanding of the users accessing the system and the documents they are interacting with. BusinessObjects Enterprise XI includes built-in load balancing across all system management and report processing functions. Load balancing Intelligent load balancing algorithms eliminate bottlenecks and maximize hardware efficiency. The CMS collects and collates the auditing data from the system interactions and writes the information into the auditing database. an industry standard 32 BusinessObjects Enterprise Administrator’s Guide . Fault tolerance BusinessObjects Enterprise provides fail-over at the system management level (for scheduling.

Business Objects XI now provides single sign-on with Active Directory authentication using the Kerberos protocol. and universe restriction sets. categories. BusinessObjects Enterprise Administrator’s Guide 33 . Also. By combining single sign-on and report viewing. you can now configure your deployment to use the Secure Sockets Layer (SSL) protocol for all network communication between your BusinessObjects Enterprise XI servers. The Import Wizard maps most security rights from current systems directly to new users and groups in BusinessObjects Enterprise XI. please see the BusinessObjects Enterprise XI Installation Guide.What’s New in BusinessObjects Enterprise New features 2 method for controlling cascading security access. you can provide end-to-end single sign-on. the administrator has the option to use Siteminder as an external system for authentication providing single sign-on capabilities to BusinessObjects Enterprise. and import users and groups from existing BusinessObjects Enterprise and Crystal Enterprise deployments into BusinessObjects Enterprise XI using the Import Wizard. Migration An administrator will be able to create users and groups. Please see platforms. The Central Management Console is a centralized management tool that can be used to administer security. Security can be applied at the object level to all documents. When LDAP authentication is enabled. Business Objects XI has introduced single sign-on for LDAP authentication. For details on how rights are mapped or for more information on the Import Wizard. These capabilities require the system to run all components on the Windows operating system and for the users to use Internet Explorer with Active Directory authentication. please see the BusinessObjects Enterprise XI Installation Guide. connections.txt for more information on supported platforms. For details on how rights are mapped. which allows a user’s security context to be retrieved from the host operating system and be used to access BusinessObjects Enterprise and the underlying databases for the reports and documents in the system. universes.

2 What’s New in BusinessObjects Enterprise New features 34 BusinessObjects Enterprise Administrator’s Guide .

Administering BusinessObjects Enterprise chapter .

For more information on publishing content to BusinessObjects Enterprise. It offers you a single interface through which you can perform almost every task related to user management. In a Windows environment. 36 BusinessObjects Enterprise Administrator’s Guide . you can use it to publish reports to BusinessObjects Enterprise servers that are running on Windows or on UNIX.3 Administering BusinessObjects Enterprise Administration overview Administration overview The regular administrative tasks associated with BusinessObjects Enterprise can be roughly divided into three major categories: user management. such as setting the password for the system’s default Administrator account. For an introduction to the CCM. This chapter briefly introduces new BusinessObjects Enterprise administrators to some of the available management tools. • Central Configuration Manager (CCM) This server administration tool is provided in two forms. You will typically use the following applications to manage BusinessObjects Enterprise: • Central Management Console (CMC) This web application is the most powerful administrative tool provided for managing a BusinessObjects Enterprise system. see “Using the Central Configuration Manager” on page 42. • Publishing Wizard This application allows you to publish your reporting content to BusinessObjects Enterprise quickly. It also allows you to specify a number of options on each report that you publish. The remainder of this guide provides technical and procedural information corresponding to each of these management categories. For an introduction to the CMC. It also shows you how to make initial security settings. the CCM shell script (ccm.sh) allows you to manage servers from a command line. see “Publishing overview” on page 374. and server management. see “Central Management Console” on page 37. In a UNIX environment. content management. and server management. Although this application runs only on Windows. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. content management.

For details. you can click Start > Programs > BusinessObjects XI> BusinessObjects Enterprise > BusinessObjects Enterprise . or select BusinessObjects Enterprise Administration Launchpad from the program group on the Windows Start menu.Administering BusinessObjects Enterprise Central Management Console 3 Central Management Console You will use the Central Management Console (CMC) extensively to manage your BusinessObjects Enterprise system. Any user with valid credentials to BusinessObjects Enterprise can log on to the CMC and set his or her preferences. Click Central Management Console. you can perform all of these administrative tasks remotely. the CMC enables you to manage servers and create server groups. If you’re using LDAP or Windows NT authentication. Logging on to the Central Management Console There are two ways to access the CMC: type the name of the machine you are accessing directly into your browser. Select Enterprise in the Authentication Type list. This tool allows you to perform user management tasks such as setting up authentication and adding users and groups. And it allows you to publish. organize. see “Setting the Administrator password” on page 44. 2. This default Enterprise account does not have a password until you create one. Tip: On Windows. you will need to type your URL accordingly. For this example. 4. Type your User Name and Password. see “Controlling User Access” on page 315. To log on to the CMC Go to the following page: http://webserver/businessobjects/Enterprise11/WebTools/ adminlaunch/default.NET Administration Launchpad (or Java Administration Launchpad). For complete details about object rights. However. Additionally. users who are not members of the Administrators group cannot perform any of the available management tasks unless they have been granted rights to do so. If you changed this default virtual directory on the web server. 3.aspx Replace webserver with the name of the web server machine. BusinessObjects Enterprise Administrator’s Guide 37 . type Administrator as the User Name. Because the CMC is a webbased application. you may log on using an account that has been mapped to the BusinessObjects Enterprise Administrators group. 1. and set security levels for all of your BusinessObjects Enterprise content.

You can click the hyperlinked portions of the path to jump quickly to different parts of the application. 2. your location within the CMC is indicated by a path that appears above the title of each page. In this example. 3. Click OK. Click Go if your browser doesn’t take you directly to the new page. Setting console preferences The Preferences area of the CMC allows you to customize your administrative view of BusinessObjects Enterprise. 38 BusinessObjects Enterprise Administrator’s Guide . 1. Home > Users > New User indicates that you’re on the New User page. Navigating within the Central Management Console Because the CMC is a web-based application. you can navigate through its areas and pages in a number of ways: • • Click the links or icons on the Home page to go to specific “management areas. Once you leave the Home page. you must map your third-party user accounts and groups to BusinessObjects Enterprise before you can use these types of authentication. The CMC Home page appears. Click Log On.3 Administering BusinessObjects Enterprise Central Management Console Windows AD. 5. Windows NT and LDAP authentication also appear in the list. however. See “CMC preferences” on page 39.” Select the same “management areas” from the drop-down list in the title area of the window. you could click Home or Users to go to the corresponding page. To set the console preference Log on to the CMC and click the Preferences button in the upper-right corner of the CMC. For example. Set the preference as required.

Note: This setting does not limit the number of objects displayed. At the top of every page. so threecharacter hyperlinks are used to index the report objects on each page. This setting determines the number of characters that are included in each hyperlink. if you select Eastern Time BusinessObjects Enterprise Administrator’s Guide 39 . select the Unlimited check box. Maximum number of characters for each page index When a list of objects spans multiple pages. In this example. the full list is sorted alphanumerically and indexed before being subdivided. see “Setting the Query size threshold” on page 40. Measuring units for report page layout Specify inches or millimeters as the measuring units used by default when you customize a report’s page layout on the report object’s Print Setup tab. For details about limiting the number of objects displayed on a page or in a search. simply the number displayed per page. Time zone If you are managing BusinessObjects Enterprise remotely. hyperlinks are displayed as an index to each of the remaining pages. the maximum number of characters is set to 3. To set the available and default viewers for all users. For instance. use this list to specify your time zone. Maximum number of objects per page This option limits the number of objects listed on any page or tab in the CMC. see “Configuring the processing tier” on page 115. BusinessObjects Enterprise synchronizes scheduling patterns and events appropriately. Note: To specify an unlimited maximum number of characters.Administering BusinessObjects Enterprise Central Management Console 3 CMC preferences Viewer This list sets the default report viewer that is loaded when you view a report in the CMC.

and Users management areas of the CMC and when displaying search results in these management areas. This means that BusinessObjects Enterprise prompts users to use the search function of the CMC if the return size exceeds 500 objects.3 Administering BusinessObjects Enterprise Central Management Console (US & Canada). Click the BusinessObjects Enterprise Central Management Console link. and you schedule a report to run at 5:00 a. Setting the Query size threshold By default. Groups. By default the Query size threshold value is 500. My Password Click the Change Password link to change the password for the account under which you are currently logged on. a list of objects in that management area is displayed. Groups. 2. when you go to the Objects. Modify this value to specify the maximum number of objects that displayed on the initial pages of the Objects. Folders. 1. To set the Query size threshold Go to the BusinessObjects Enterprise Applications management area of the CMC. then the server will run the report at 2:00 a. every day on a server that is located in San Francisco. 40 BusinessObjects Enterprise Administrator’s Guide .m. Because BusinessObjects Enterprise loads each of the objects in the list. You can modify the number of objects displayed by setting the Query size threshold in the Business Objects Applications management area of the CMC. For more information about time zones. if you have numerous objects this can heavily tax your system resources. or Users management areas of the CMC. see “Supporting users in multiple time zones” on page 527. Pacific Time.m. Folders.

Groups. type the maximum number of objects you want to be returned in searches and on the initial pages of the Objects. Click Update. Note: To modify the number of objects displayed on a page (rather than the total number of objects displayed). In the Prompt for search if the return size exceeds field. The Logoff button is located in the upper-right corner of the console. It needs to call these pages in order to support the previewing of reports and to enable administration tasks to be performed from Crystal Reports. 5. 3. Folders. type the URL for the CMC. Specifying the URL here allows Crystal Reports to get this URL from the CMS in order to call pages in the CMC.Administering BusinessObjects Enterprise Central Management Console 3 The Query size threshold page appears. and Users management areas. BusinessObjects Enterprise Administrator’s Guide 41 . 4. see “Setting console preferences” on page 38. Logging off of the Central Management Console When you have finished using the CMC. In the CMC Access URL field. end the session by logging off.

A status icon is displayed for each server: • • • A green arrow indicates the server is running. If you are managing servers on a remote machine. then press Enter. stop.3 Administering BusinessObjects Enterprise Using the Central Configuration Manager Using the Central Configuration Manager The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. you can connect to a remote machine in several ways: • In the Computer Name field. This tool allows you to start. 42 BusinessObjects Enterprise Administrator’s Guide . It also allows you to view and to configure advanced server settings such as default port numbers. and more. To access the CCM. CMS database and clustering details. SOCKS server connections. Servers must be enabled before they will respond to BusinessObjects Enterprise requests. A red arrow indicates the server is not running. 1. To run the CCM. use the CCM to manage BusinessObjects Enterprise server components that are running locally or on a remote Windows machine. To connect to servers on a remote machine Once you have started the CCM. click Central Configuration Manager. enable. Note: The status icons do not indicate whether servers are enabled or disabled. For details. Click Enable/Disable on the toolbar to log on and enable or disable servers. Depending on the configuration of your network. see “Enabling and disabling servers” on page 85. see: • “Accessing the CCM for Windows” on page 42 Accessing the CCM for Windows From a Windows machine. To start the CCM From the BusinessObjects Enterprise program group. you must have NT administrator rights on the local machine. and disable servers. you might be prompted to enter a user name and password. The servers that are available on the local machine appear in the list. you must also have NT administrator rights on the machine you are connecting to. type the name of the machine you want to connect to. A yellow arrow indicates the server is starting.

sh with command-line options to manage one or more servers. Run ccm./ccm. On the toolbar. issue the following command: . To view additional help on ccm.sh -start all . log on to the remote machine with an account holding administrative rights. You can run the CCM remotely through a telnet session or locally through a terminal window. To run the CCM Go to the Business Objects directory that was created by the BusinessObjects Enterprise installation: cd INSTALL_ROOT/bobje 2.sh script also provides a detailed description of its command-line options./ccm. Accessing the CCM for UNIX Run the CCM on your UNIX server to manage BusinessObjects Enterprise server components that are running on that machine. Select the appropriate computer./ccm. In the Computer Name field.sh The ccm.sh -enable all Note: The main options for the CCM are covered in more detail in “UNIX Tools” on page 597.Administering BusinessObjects Enterprise Making initial security settings 3 • • 2. click Browse. you may want to configure the following security settings before you publish content or provide users with access to BusinessObjects Enterprise: • • “Setting the Administrator password” on page 44 “Disabling the Guest account” on page 44 BusinessObjects Enterprise Administrator’s Guide 43 . you must have execute permissions on the ccm. select a remote machine from the list. To see the command-line help. then click OK. To run the CCM. The CCM lists the servers associated with this machine. Note: You may need to type your user name as domain\username. For instance. 1. If prompted. the following set of commands starts the BusinessObjects Enterprise servers and enables each server on its default port: .sh -help | more Making initial security settings To ensure system security.sh script and on its parent Business Objects directory.

2. 4. select the Account is disabled check box. 5. BusinessObjects Enterprise creates an Administrator account and a Guest account that do not have passwords. Click Update. Click the link for the Administrator account. Log on to the Central Management Console (CMC) with the Administrator account and use the following procedure to create a secure password for the Administrator account. 44 BusinessObjects Enterprise Administrator’s Guide . 3. 1. see “Disabling the Guest account” on page 44. To change the Administrator password Go to the Users management area of the CMC. 1.3 Administering BusinessObjects Enterprise Making initial security settings • • • • “Modifying the default security levels” on page 45 Chapter 11: BusinessObjects Enterprise Security Concepts “Available authentication types” on page 252 “Controlling User Access” on page 315 For additional security information. clear the “User must change password at next logon” check box. so users will be unable to access InfoView without providing a valid user name and password. 2. Disabling the Guest account By disabling the Guest account. If it is selected. Note: Do not create a password for the Guest account if you plan to use the anonymous single sign-on or the Sign Up features available in BusinessObjects Enterprise. you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise. 3. In doing so. you may also want to refer to: Setting the Administrator password As part of the installation. In the Enterprise Password Settings area. you ensure that no one can log on to BusinessObjects Enterprise with this account. In the Account Name column. click Guest. enter and confirm the new password. On the Properties tab. To disable these features. To disable the Guest account Go to the Users management area of the CMC.

see “Managing Enterprise and general accounts” on page 253. If you are prompted for confirmation. They can do data analysis and create reports using the objects in a universe. For a full description of object rights and inheritance patterns. 3. For complete information. or having to know anything about. Managing universes Web Intelligence users connect to a universe. BusinessObjects Enterprise Administrator’s Guide 45 . Initially. you can view and delete universes. see “Controlling users’ access to objects” on page 317. 4. For more information about user accounts. change the entry in the Access Level list for each user or group that is displayed. the underlying data structures in the database. Click Update.Administering BusinessObjects Enterprise Managing universes 3 4. Click the Rights tab. Modifying the default security levels This procedure shows where you can modify the default object rights that users are granted to the top-level BusinessObjects Enterprise folder. click OK. 1. see “Controlling users’ access to objects” on page 317. the Everyone group is granted Schedule access to the top-level folder. 5. You can also control who has access rights to a universe. see the Designer’s Guide. 1. For detailed information. As required. without seeing. To modify top-level security settings Go to the Settings management area of the CMC. 5. To view a universe Go to the Universes management area of the CMC. You can change these default security levels to suit your needs. Using CMC. See “Controlling access to universes” on page 354. and the Administrators group is granted Full Control. Click Update. 2. You create a universe by using the Designer. and run queries against a database. Click Add/Remove to grant different levels of security to additional users or groups.

Click Delete. 2. Click the link for the universe you want to view. Select the connection you want to delete.3 Administering BusinessObjects Enterprise Managing universe connections The Universes page appears. 1. 1. A connection links Web Intelligence to your middleware. You can also control who has access rights to a connection. 3. You must select or create a connection when you create a universe. You must have a connection to access data. The properties page for the connection appears. Click Delete. Select the universe you want to delete. 1. 46 BusinessObjects Enterprise Administrator’s Guide . To view connections Go to the Universe Connections management area of the CMC. Managing universe connections A connection is a named set of parameters that defines how a BusinessObjects application accesses data in a database file. For complete information. See “Controlling access to universe connections” on page 355. Click the link for the connection you want to view. 3. The Universe Connections page appears. see the Designer’s Guide. The properties page for the universe appears. The Universes page appears. 2. The Connections page appears. you can view and delete connections. 2. Using CMC. To delete a universe Go to the Universes management area of the CMC. 2. To delete a universe connection Go to the Universe Connections management area of the CMC.

You can also configure settings that control which viewers are available to users. the report is processed by the Report Application Server. If you are using the Java version of InfoView and want users to be able to use the Active X or Java viewers. Consult the BusinessObjects Enterprise Installation Guide for more information. without doing any programming. When users view a report using the Advanced DHTML viewer. BusinessObjects Enterprise Administrator’s Guide 47 . you must enter the context path of the Web Component Adapter.Administering BusinessObjects Enterprise Managing InfoView 3 Managing InfoView You can use the Business Objects Applications area of the Central Management Console to make minor changes to the appearance and functionality of InfoView.

Click Update. Managing Web Intelligence For the Web Intelligence application.3 Administering BusinessObjects Enterprise Managing Web Intelligence 1. Click Update. select the options that you want. make sure you grant access to the “Allows interactive HTML viewing (as per license)” option in order for users to be able use the Interactive view format and use the Query HTML panel. 4. 3. Managing Discussions includes the following tasks: • • • • • “Accessing the Discussions page” on page 49 “Searching for discussion threads” on page 49 “Sorting search results” on page 51 “Deleting discussion threads” on page 51 “Setting user rights” on page 51 48 BusinessObjects Enterprise Administrator’s Guide . select the options that you want. 1. To manage settings for Web Intelligence Go to the BusinessObjects Enterprise Applications management area of the CMC. 2. Click InfoView. 3. On the Properties tab. To manage settings for InfoView Go to the BusinessObjects Enterprise Applications management area of the CMC. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. 4. 2. Managing Discussions BusinessObjects Enterprise administrators are responsible for maintaining the discussion threads and for granting the appropriate access rights to BusinessObjects Enterprise users. On the Properties tab. Click Web Intelligence.

click Cancel. Click Discussions. Note: To cancel a search and reset the search values back to the default settings. 2. Searching for discussion threads By default.Administering BusinessObjects Enterprise Managing Discussions 3 Accessing the Discussions page 1. BusinessObjects Enterprise Administrator’s Guide 49 . You can search for a specific thread or group of threads. Click Discussions. To access the Discussions page Go to the BusinessObjects Enterprise Applications management area of the CMC. Use the Previous and Next buttons to page through the list of discussion threads. Only the root level threads are displayed. 2. The Discussions page appears. the Discussions page displays the titles of all discussion threads. To search for a discussion thread Go to the BusinessObjects Enterprise Applications management area of the CMC. The Discussions page appears. 1. Branches from the root level thread are not displayed.

Thread title. Author. after: The DMC searches for any discussion threads that were created or modified after the search date. Click Search to display all the records that match your search criteria. or the author name. exactly match the text that you type into the third field. 6. contains: The DMC searches for any discussion threads that contain the search text string within any part of the thread title or the author’s name. type in the text string. From the second list. there are the following options. is not: The DMC searches for any discussion threads where the thread title. Search by the date the thread was created. or the author name. If you selected a text-based search in the first two fields.3 Administering BusinessObjects Enterprise Managing Discussions 3. In the Field name list. Last modified date. Searches are not case sensitive. Search based on the date a thread was last modified. Search by the title of a thread. If you search by Creation date or Last modified date. do not exactly match the text that you type into the third field. the second field provides you with the following options. between: The DMC searches for any discussion threads that were created or modified between the two search dates. If you selected a date-based search. does not contain: The DMC searches for any discussion threads that do not contain the text string within any part of the thread title. If you search by Thread title or Author. Creation date. select which of the following criteria you want to search by: • • • • 4. refine your search. Search by the author of a specific thread. Use the third field to further refine your search. • • • • is: The DMC searches for any discussion threads where the thread title. enter the date or dates in the appropriate fields. before: The DMC searches for any discussion threads that were created or modified before the search date. • • • 5. 50 BusinessObjects Enterprise Administrator’s Guide .

In the second list. Click Search. For example you can display them in ascending alphabetical order. 2. 3. or add a note to a report. Click Delete. Deleting discussion threads You can delete any discussion thread. To sort your results In the Sort by list. see “Accessing the Discussions page” on page 49. Author. Tip: You can use the Select All and Clear All buttons to select or clear all the threads displayed on the page. For details. Sort based on the date a thread was last modified. Sort by the author of a specific thread. select whether you want the records to be displayed in ascending or descending order. The selected threads are deleted. and choose how many results to display per page. 1. enter how many results you want to be displayed on each page. Creation date.Administering BusinessObjects Enterprise Managing Discussions 3 Sorting search results You can select how you want your search results to display. Setting user rights Users of the Discussions feature must have the right to view a report in order to create a discussion thread. For more information on setting user rights to reports and report objects. BusinessObjects Enterprise Administrator’s Guide 51 . In the third category. Last modified date. select which of the following criteria you want to display: • • • • 2. Sort by the title of a thread. 1. Thread title. see Chapter 13: Controlling User Access. To delete a discussion thread On the Discussions page. 4. Sort by the date the thread was created. select which threads you want to delete in the results list.

3 Administering BusinessObjects Enterprise Managing Discussions 52 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Architecture chapter .

and scalability the components that make up each of these tiers can be installed on one machine. This configuration is called “vertical scaling. The “servers” run as services on Windows machines. In BusinessObjects Enterprise. The following diagram illustrates how each of the components fits within the multi-tier system. and the general tasks that each component performs. Consult each product’s installation or administration guides for details about how it integrates with the BusinessObjects Enterprise framework. This chapter describes the framework itself. This means that the services can all run on the same machine.4 BusinessObjects Enterprise Architecture Architecture overview and diagram Architecture overview and diagram BusinessObjects Enterprise is a multi-tier system. reliability. the intelligence tier. and the data tier. Note: BusinessObjects Enterprise Standard requires all of the components to be installed on one machine. or they can run on separate machines. the processing tier. there are five tiers: the client tier. they can be logically grouped based on the type of work they perform. you can run the Central Management Server and the Event Server on one machine. they are actually services and daemons that do not need to run on separate computers.” The important thing to understand is that. use this chapter to gain familiarity with the BusinessObjects Enterprise framework. Although the components are responsible for different tasks. such as OLAP Intelligence and Report Application Server. The same service can also run in multiple instances on a single machine. This configuration is called “horizontal scaling.” If the Report Application Server is running on a multi-processor computer. plug in to the BusinessObjects Enterprise framework in various ways. then you may choose to run multiple Report Application Servers on it. the application tier. the servers run as daemons. even though these are called servers. and they can be “horizontally scaled” to take advantage of multiple computers over a network environment. 54 BusinessObjects Enterprise Administrator’s Guide . its components. or spread across many. For example. Other Business Objects products. On UNIX. while you run the Report Application Server on a separate machine. To provide flexibility. If you are new to BusinessObjects Enterprise. These services can be “vertically scaled” to take full advantage of the hardware that they are running on.

see Chapter 5: Managing and Configuring Servers and Chapter 7: Scaling Your System. reports are saved. the key BusinessObjects Enterprise components. and their primary responsibilities: • • • • “Client tier” on page 56 “Application tier” on page 58 “Processing tier” on page 64 “Data tier” on page 68 Tip: When you are familiar with the architecture and want to customize your system configuration. processed. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. Once published to BusinessObjects Enterprise. and displayed in version XI format.BusinessObjects Enterprise Architecture Architecture overview and diagram 4 The remainder of this chapter describes each tier. BusinessObjects Enterprise Administrator’s Guide 55 .

schedule.NET Server Components. This tier is made up of the applications that enable people to administer. The web server forwards the user request directly to an application server where the request is processed by the WCA. In the case of . publish. Each BusinessObjects Enterprise request that a user makes is directed to the BusinessObjects Enterprise application tier.4 BusinessObjects Enterprise Architecture Client tier Client tier The client tier is the only part of the BusinessObjects Enterprise system that administrators and end users interact with directly. and keep track of published reports. organize.NET. InfoView also demonstrates how you can use the BusinessObjects Enterprise . For more information. and view reports and other objects. InfoView also serves as a demonstration of the ways in which you can use the BusinessObjects Enterprise Software Development Kit (SDK) to create a custom web application for end users. the CMC enables you to 56 BusinessObjects Enterprise Administrator’s Guide . It also allows you to publish. a web-based interface that end users access to view. and set security levels for all of your BusinessObjects Enterprise content. Additionally. see the developer documentation available on your product CD. The client tier includes: • • • • • “InfoView” on page 56 “Central Management Console (CMC)” on page 56 “Central Configuration Manager (CCM)” on page 57 “Publishing Wizard” on page 57 “Import Wizard” on page 57 InfoView BusinessObjects Enterprise comes with InfoView. Central Management Console (CMC) The Central Management Console (CMC) allows you to perform user management tasks such as setting up authentication and adding users and groups.

see “Publishing overview” on page 374 and “Controlling users’ access to objects” on page 317. On Windows. This tool allows you to start. some of these functions are performed using other tools. see “Central Management Console (CMC)” on page 56. see the developer documentation available on your product CD. For more information. groups. The CMC also serves as a demonstration of the ways in which you can use the administrative objects and libraries in the BusinessObjects Enterprise SDK to create custom web applications for administering BusinessObjects Enterprise. and disable servers.BusinessObjects Enterprise Architecture Client tier 4 manage servers and create server groups. Because the CMC is a web-based application. and folders from an existing BusinessObjects Enterprise. see “Importing with the Import Wizard” on page 402. For more information. The Publishing Wizard publishes reports from a Windows machine to BusinessObjects Enterprise servers running on Windows or on UNIX. enable. SOCKS server connections. and it allows you to view and to configure advanced server settings. BusinessObjects Enterprise Administrator’s Guide 57 . For more information. On UNIX. CMS database and clustering details. In addition. By assigning object rights to BusinessObjects Enterprise folders. For more information. reports. For more information. Crystal Enterprise. Central Configuration Manager (CCM) The Central Configuration Manager (CCM) is a server-management tool that allows you to configure each of your BusinessObjects Enterprise server components. on Windows the CCM allows you to add or remove servers from your BusinessObjects Enterprise system. Import Wizard The Import Wizard is a locally installed Windows application that guides administrators through the process of importing users. or Crystal Info implementation to BusinessObjects Enterprise. and more. Publishing Wizard The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add reports to BusinessObjects Enterprise. you control who can publish reports and where they can publish them to. these settings include default port numbers. you can perform all of these administrative tasks remotely. stop. see “Using the Central Configuration Manager” on page 42 and Chapter 5: Managing and Configuring Servers.

but you can use it to import information into a new BusinessObjects Enterprise system running on Windows or on UNIX. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS). In BusinessObjects Enterprise XI. The application tier includes: • • • “Application tier components” on page 58 “Web development platforms” on page 59 “Web application environments” on page 60 Application tier components For both the Java and . Application tier The application tier hosts the server-side components that process requests from the client tier as well as the components that communicate these requests to the appropriate server in the intelligence tier.NET platforms. both on Windows and Unix platforms. 58 BusinessObjects Enterprise Administrator’s Guide . the application tier includes the following components: • • “Application server and BusinessObjects Enterprise SDK” on page 59 “Web Component Adapter (WCA)” on page 59 Note: In Crystal Enterprise 10 on Windows. the web server communicates directly with the application server and the WCA handles the WCS functionality. The application tier includes support for report viewing and logic to understand and direct web requests to the appropriate BusinessObjects Enterprise server in the intelligence tier. the communication between the web server and the application server was handled through the Web Connector.4 BusinessObjects Enterprise Architecture Application tier The Import Wizard runs on Windows.

NET SDK run on a third party application server. and uses the SDK to convert report pages (.NET platform” on page 60 BusinessObjects Enterprise Administrator’s Guide 59 . the web server communicates directly with the application server and the WCA handles the WCS functionality. Web development platforms BusinessObjects Enterprise supports the following web development platforms: • • “Java platform” on page 60 “Windows .NET (. In BusinessObjects Enterprise XI. It also supports InfoView and other Business Objects applications. which then forwards the requests on to the WCA. The application server acts as the gateway between the web server and the rest of the components in BusinessObjects Enterprise.BusinessObjects Enterprise Architecture Application tier 4 Application server and BusinessObjects Enterprise SDK BusinessObjects Enterprise systems that use the BusinessObjects Enterprise Java SDK or the BusinessObjects Enterprise . The web server passes requests directly to the application server. See the Platforms. The application server is responsible for processing requests from your browser.aspx) and Java Server Pages (. The WCA has two primary roles: • • It processes ASP. the communication between the web server and the application server was handled through the Web Connector. Web Component Adapter (WCA) The web server communicates directly with the application server that hosts the BusinessObjects Enterprise SDK.aspx requests).jsp) files It also supports Business Objects applications such as the Central Management Console (CMC) and Crystal report viewers (that are implemented through viewrpt. both on Windows and Unix platforms. Note: In Crystal Enterprise 10 on Windows. the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS).txt file included with your product distribution for a complete list of tested application servers and version requirements. The Web Component Adapter (WCA) runs within the application server and provides all services that are not directly supported by the BusinessObjects Enterprise SDK.epf files) to HTML format when users view pages with a DHTML viewer.

It also includes a set of . Java Server Pages (. see the developer documentation available on your product CD.aspx) pages. Windows .NET SDK with ASP.asp). the functionality of the Web Component Adapter (WCA) was provided through the Web Component Server (WCS).NET (. You do not need a Web Component Adapter for custom ASP.NET.NET (. a Java application server is required to host the WCA and the BusinessObjects Enterprise Java SDK. For more information. Note: In Crystal Enterprise 10 on Windows. In BusinessObjects Enterprise XI. BusinessObjects Enterprise includes web applications developed in . 60 BusinessObjects Enterprise Administrator’s Guide .NET applications that use the BusinessObjects Enterprise SDKs in conjunction with third party APIs.4 BusinessObjects Enterprise Architecture Application tier Java platform All UNIX installations of BusinessObjects Enterprise include a Web Component Adapter (WCA).NET platform BusinessObjects Enterprise installations that use the .aspx) pages allow you to develop cross-platform J2EE and ASP. Web application environments BusinessObjects Enterprise supports Java Server Pages (.NET Server Components that you can optionally use to simplify the development of custom applications.NET Framework include Primary Interop Assemblies (PIAs) that allow you to use the BusinessObjects Enterprise . The use of a web server is optional as you may choose to have static content hosted by the application server.NET.csp) and Active Server Pages (. This configuration requires the use of a Microsoft Internet Information Services (IIS) web server. Note: For backward compatibility.NET.NET applications. both on Windows and Unix platforms.aspx. BusinessObjects Enterprise continues to l support Crystal Server Pages (. BusinessObjects Enterprise also includes Primary Interop Assemblies (PIAs) that enable you to use the BusinessObjects Enterprise SDK and Report Application Server SDK with ASP. the communication between the web server and the application server was handled through the Web Connector.NET Server Components which simplify development of custom BusinessObjects Enterprise applications in ASP. and a set of . such as InfoView and the sample applications available via the BusinessObjects Enterprise Launchpad.jsp) and ASP.jsp) and ASP. the web server communicates directly with the application server and the WCA handles the WCS functionality. In this configuration.

It maintains all of the security information. The CMS also maintains the BusinessObjects Enterprise Repository. • Managing objects The CMS keeps track of the location of objects and maintains the containment hierarchy. This data allows the CMS to perform its four main tasks: • Maintaining security By maintaining a database of users and their associated object rights. and a separate audit database of information about user actions. which other components can access as required. sends requests to the appropriate servers. security levels. categories. the CMS is able to ensure that scheduled jobs run at the appropriate times. and inboxes. and servers. manages audit information. BusinessObjects Enterprise content. which includes folders. the CMS enforces who has access to BusinessObjects Enterprise and the types of tasks they are able to perform. and stores report instances.BusinessObjects Enterprise Architecture Intelligence tier 4 Intelligence tier The intelligence tier manages the BusinessObjects Enterprise system. For more information. The data stored by the CMS includes information about users and groups. refer to the following sections: • • • • “Central Management Server (CMS)” on page 61 “Cache Server” on page 63 “File Repository Servers” on page 63 “Event Server” on page 64 Central Management Server (CMS) The CMS is responsible for maintaining a database of information about your BusinessObjects Enterprise system. These tasks include enforcing and maintaining the licensing policy of your BusinessObjects Enterprise system. By communicating with the Job Servers and Program Job Servers. BusinessObjects Enterprise Administrator’s Guide 61 .

The CMS database should not be accessed directly. so the CMS can create its own system database and BusinessObjects Enterprise Repository database using your organization’s preferred database server. for instance. System information should only be retrieved using the calls that are provided in the BusinessObjects Enterprise Software Development Kit (SDK). This audit information allows system administrators to better manage their BusinessObjects Enterprise deployment. • Managing auditing By collecting information about user actions from each BusinessObjects Enterprise server. the installation program uses it to create the CMS system database. and the audit database frequently. You can access the audit database directly to create custom audit reports. If you are unsure of the procedure. Typically. you provide the CMS with database connectivity and credentials when you install BusinessObjects Enterprise. Note: • It is strongly recommended that you back up the CMS system database. to identify which Cache Server is free to use for a report viewing request. see the BusinessObjects Enterprise Installation Guide. the Setup program can install and configure its own Microsoft Data Engine (MSDE) database if necessary. The backup procedure depends upon your database software. the CMS is able to maintain a list of server status. See the Platforms. You can migrate your default CMS system database to a supported database server later. For more information. and also as the Automated Process Scheduler (APS). and then writing these records to a central audit database. the Central Management Server (CMS) was known as the Crystal Management Server.4 BusinessObjects Enterprise Architecture Intelligence tier • Managing servers By staying in frequent contact with each of the servers in the system. See “Creating custom audit reports” on page 217 for more information. If you already have the MSDE or SQL Server installed. see the developer documentation available on your product CD. Report viewers access this list. and “Configuring the auditing database” on page 209.txt file included with your product distribution for a complete list of tested database software and version requirements. For details about setting up CMS databases. the CMS acts as the system auditor. 62 BusinessObjects Enterprise Administrator’s Guide . Note: In previous versions of Crystal Enterprise. MSDE is a client/server data engine that provides local data storage and is compatible with Microsoft SQL Server. • • On Windows. consult with your database administrator.

or a Business Objects designer component such as Crystal Reports or the Web Intelligence Java or HTML Report Panels). the Import Wizard. BusinessObjects Enterprise Administrator’s Guide 63 . BusinessObjects Enterprise avoids accessing the database each and every time a report is requested. Tip: If you use the BusinessObjects Enterprise SDK. see “Configuring the intelligence tier” on page 92. adding files to the repository. its system database. the Cache Server automatically balances the processing load across Page Servers. and CMS clusters. For more information. File Repository Servers There is an Input and an Output File Repository Server in every BusinessObjects Enterprise implementation. The Input File Repository Server manages all of the report objects and program objects that have been published to the system by administrators or end users (using the Publishing Wizard. the Central Management Console. see “Managing Auditing” on page 203. If the Cache Server cannot fulfil the request with a cached report page. querying for the size of a file. the Cache Server returns that cached report page. it passes the request along to the Page Server. The Cache Server checks whether or not it can fulfill the request with a cached report page. For more information about Auditing. By storing report pages in a cache. The Output File Repository Server manages all of the report instances generated by the Report Job Server or the Web Intelligence Report Server. and removing files from the repository. The Page Server runs the report and returns the results to the Cache Server. and returns the data to the viewer. querying for the size of the entire file repository.BusinessObjects Enterprise Architecture Intelligence tier 4 For details about configuring the CMS. If you are running multiple Page Servers for a single Cache Server. you can also publish reports from within your own code. The Cache Server then caches the report page for future use. see “Modifying Cache Server performance settings” on page 112. with data that has been refreshed from the database within the interval that you have specified as the default. Cache Server The Cache Server is responsible for handling all report viewing requests. The File Repository Servers are responsible for listing files on the server. If the Cache Server finds a cached page that displays exactly the required data. and the program instances generated by the Program Job Server.

• Event Server The Event Server manages file-based events. are stored on the Input File Repository Server. Objects with files associated with them. In larger deployments. It is the only tier that interacts directly with the databases that contain the report data. When the file is newly created in the monitored directory. Likewise. there may be multiple Input and Output File Repository Servers. Note: Schedule-based events. The processing tier includes: 64 BusinessObjects Enterprise Administrator’s Guide . all Input File Repository Servers must share the same directory. When the appropriate file appears in the monitored directory. such as text files. When you set up a file-based event within BusinessObjects Enterprise.4 BusinessObjects Enterprise Architecture Processing tier Note: • • The Input and Output File Repository Servers cannot share the same directories. the Event Server again triggers your file-based event. all Output File Repository Servers must share a directory. the Event Server notifies the CMS that the file-based event has occurred. After notifying the CMS of the event. and custom events are managed by the Central Management Server. Microsoft Word files. or PDFs. This is because one of the File Repository Servers could then delete files and directories belonging to the other. In this case. the Event Server resets itself and again monitors the directory for the appropriate file. for redundancy. The CMS then starts any jobs that are dependent upon your file-based event. the Event Server monitors the directory that you specified. the Event Server triggers your file-based event: that is. Processing tier The processing tier accesses the data and generates the reports.

NET programs that run against. program objects are custom applications. publish. as requested by the CMS. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system. The Report Job Server processes scheduled reports. You can configure a Job Server to process either report objects or program objects when you add it to your BusinessObjects Enterprise system.BusinessObjects Enterprise Architecture Processing tier 4 • • • • • • • • “Report Job Server” on page 65 “Program Job Server” on page 65 “Web Intelligence Job Server” on page 66 “Web Intelligence Report Server” on page 66 “Report Application Server (RAS)” on page 66 “Destination Job Server” on page 67 “List of Values Job Server” on page 67 “Page Server” on page 67 Report Job Server A Job Server processes scheduled actions on objects at the request of the CMS. Once it has generated the report instance. If you configure a Job Server to process program objects. as requested by the CMS. and then runs the program. the Program Job Server first retrieves the files from storage on the Input File Repository Server. By definition. it becomes a Program Job Server. the Report Job Server obtains the report object from the Input FRS and communicates with the database to retrieve the current data. If you configure a Job Server to process report objects. and perform maintenance work on. and generates report instances (instances are versions of a report object that contain saved data). BusinessObjects Enterprise Administrator’s Guide 65 . including scripts. Java programs or . The Program Job Server processes scheduled program objects. Program objects allow you to write. Program Job Server A Job Server processes scheduled actions on objects at the request of the CMS. and schedule custom applications. it stores the instance on the Output FRS. BusinessObjects Enterprise. it becomes a Report Job Server. Therefore the outcome of running a program will be dependent upon the particular program object that is run. To run a program. To generate a report instance.

view. the RAS uses an internal caching mechanism that involves no interaction with the Cache Server. Web Intelligence Report Server The Web Intelligence Report Server is used to create. The Report Application Server also includes an SDK for reportcreation and modification. which it stores on the Output File Repository Server (FRS). Report Application Server (RAS) The Report Application Server (RAS) processes reports that users view with the Advanced DHTML viewer. providing you with tools for building custom report interaction interfaces. The RAS is very similar to the Page Server: it too is primarily responsible for responding to page requests by processing reports and generating EPF pages. or it will refresh the data in the document and then cache the new information. the Web Intelligence Report Server will use cached information. The RAS also provides the ad hoc reporting capabilities that allow users to create and modify reports over the Web. program instances exist as records in the object history. It forwards these requests to the Web Intelligence Report Server. edit. ASP. The Web Intelligence Job Server does not actually generate object instances. 66 BusinessObjects Enterprise Administrator’s Guide . which will generate the instance of the Web Intelligence document. and Java viewer SDKs. which can be viewed in their completed format. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. This file appears when you click a program instance in the object History.NET. Web Intelligence Job Server The Web Intelligence Job Server processes scheduling requests it receives from the CMS for Web Intelligence documents. Depending on the user’s access rights and the refresh options of the document. and analyze Web Intelligence documents. the RAS supports COM. It also processes scheduled Web Intelligence documents and generates new instances of the document. As with the Page Server.4 BusinessObjects Enterprise Architecture Processing tier Unlike report instances. However.

List of Values Job Server The List of Values Job Server processes scheduled list-of-value objects. it become a Destination Job Server. it retrieves the object from the Input File Repository Server. by sending a file to an email address.BusinessObjects Enterprise Architecture Processing tier 4 Destination Job Server When you add a job server to your BusinessObjects Enterprise system. see “Sending an object or instance” on page 420. you can configure it to process report objects or program objects. it retrieves the instance from the Output File Repository Server. The Destination Job Server does not run the actual report or program objects. A Destination Job Server processes requests that it receives from the CMS and sends the requested objects or instances to the specified destination: • • If the request is for an object. When retrieving data from the database. The EPF pages contain formatting information that defines the layout of the report. see the Business Views Administrator’s Guide. There is never more than one instance of a list-of-values object. The Page Server retrieves data for the report from an instance or directly from the database (depending on the user’s request and the rights he or she has to the report object). for example. If you configure it to send objects or instances. the BusinessObjects Enterprise Administrator’s Guide 67 . Lists of values are use to implement dynamic prompts and cascading lists of values within Crystal Reports. These are objects that contain the values of specific fields in a Business View. List-of-value objects do not appear in CMC or InfoView. For more information. For more information. or to send objects or instances to specified destinations. If the request is for a report or program instance. On demand list of value objects are processed by the Report Application Server. The List of Values Job Server behaves similarly to the Report Job Server in that it retrieves the scheduled objects from the Input File Repository Server (FRS) and saves the instance it generates to the Output FRS. for example. or outside the system. It only handles objects and instances that already exist in the Input or Output File Repository Servers. The Destination Job Server can send objects and instances to destinations inside the BusinessObjects Enterprise system. a user’s inbox. Page Server The Page Server is primarily responsible for responding to page requests by processing reports and generating Encapsulated Page Format (EPF) pages.

(For more information on the specific functionality or platform support provided by each report viewer. (However.) The Cache Server and Page Server work closely together. the Page Server responds to page requests made by the Cache Server. the report is processed by the Report Application Server. The Page Server and Cache Server also interact to ensure cached EPF pages are reused as frequently as possible. ASP. See the Platforms. and Java viewer Software Development Kits (SDKs). if a user’s default viewer is the Advanced DHTML viewer.NET. and new pages are generated as soon as they are required. (This behavior conserves database licenses. BusinessObjects Enterprise supports a wide range of corporate databases.4 BusinessObjects Enterprise Architecture Data tier Page Server automatically disconnects from the database after it fulfills its initial request and reconnects if necessary to retrieve additional data.txt file included with your product distribution for a complete list of tested database software and version requirements. Specifically. Report viewers BusinessObjects Enterprise includes report viewers that support different platforms and different browsers in the client tier. Data tier The data tier is made up of the databases that contain the data used in the reports. 68 BusinessObjects Enterprise Administrator’s Guide . see the BusinessObjects Enterprise User’s Guide or the Crystal Reports Developer’s Guide.) All of the viewers fall into two categories: • client-side viewers Client-side viewers are downloaded and installed in the users’ web browser. and which have different report viewing functionality. BusinessObjects Enterprise takes advantage of this behavior by ensuring that the majority of report-viewing requests are made to the Cache Server and Page Server.) The Page Server also supports COM.

The user will be prompted to reinstall the ActiveX viewer only when a new version becomes available on the server. When a user requests a report. This section covers two different scenarios: • • “What happens when you schedule an object?” on page 70 “What happens when you view a report?” on page 71 BusinessObjects Enterprise Administrator’s Guide 69 .epf file to the client-side viewer. The application server then passes the . the application server processes the request. Client-side viewers Client-side viewers are downloaded and installed in the user’s browser. client-side viewers Active X viewer Java viewer zero client viewers DHTML viewer Advanced DHTML viewer All report viewers help process requests for reports. When a user requests a report. the application server processes the request. The Active X viewer is downloaded the first time a user requests a report.epf format from the BusinessObjects Enterprise framework.epf format from the BusinessObjects Enterprise framework. and retrieves the report pages in . Zero client viewers Zero client viewers reside on the application server. The SDK creates a viewer object on the application server which processes the .epf files and displays them directly in the browser. which processes the .epf and creates DHTML pages that represent both the viewer controls and the report itself. Installing viewers If they haven’t already done so. and then remains installed on the user’s machine. Information flow This section describes the interaction of the server components in order to demonstrate how report-processing is performed. users are prompted to download and install the appropriate viewer software before the report is displayed in the browser. and present report pages that appear in the user’s browser. The viewer object then sends these pages through the web server to the user’s web browser. and then retrieves the report pages in .BusinessObjects Enterprise Architecture Information flow 4 • zero client viewers The code to support zero client viewers resides in the application tier.

it sends the job to the Web Intelligence Job Server. the CMS schedules the object to be run at the specified time(s). If the job was for a Web Intelligence document. 3. see “Supporting users in multiple time zones” on page 527. When a user schedules an object using InfoView. The job server retrieves the object from the Input File Repository Server and runs the object against the database. The Web Intelligence Job Server then notifies the CMS that the job was completed successfully. the Web Intelligence Report Server notifies the Web Intelligence Job Server. 8. If the object is Web Intelligence document. Note: 70 BusinessObjects Enterprise Administrator’s Guide . it sends the job to the Program Job Server. The job server then saves the instance to the Output File Repository Server. where it is evaluated by the BusinessObjects Enterprise SDK. For details. Tip: For details about multiple time zones. Tip: BusinessObjects Enterprise also allows you to schedule jobs that are dependent upon other events. 4. 6. When the time occurs. see “Managing events overview” on page 510. Depending on the type of object. thereby creating an instance of the object. or on a recurring schedule. which sends the request to the Web Intelligence Report Server. and tells the CMS that it has completed the job successfully. The web server passes the web request directly to the application server. 5. For example. The SDK passes the request to the Central Management Server. the CMS passes the job to the appropriate job server. the following happens: 1. If the object is program.4 BusinessObjects Enterprise Architecture Information flow What happens when you schedule an object? When you schedule an object. you instruct BusinessObjects Enterprise to process an object at a particular point in time. InfoView sends the request to the web server. If the object is a report. if you have a report that is based on your web server logs. you can schedule the report to run every night on a recurring basis. it sends the job to the Report Job Server. The CMS checks to see if the user has sufficient rights to schedule the object. 2. the CMS will send the job to one of the following job servers: • • • 7. If the user has sufficient rights.

and the rights you have to the report. • Users without schedule rights on an object will not see the schedule option in BusinessObjects Enterprise. verifies the user’s session and retrieves the logon token from the browser.aspx. however. especially in large installations. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Report Application Server. the processing flow varies depending upon your default report viewer. Different report viewers require different viewing mechanisms: • The zero-client DHTML viewer is implemented through report_view_dhtml. What happens when you view a report? This section describes the viewing mechanisms that are implemented in InfoView. This ID is passed as a parameter to a server-side script that. When evaluated by the application server.aspx. This can be an important consideration when deciding how to configure BusinessObjects Enterprise. the request that begins at the web server must be forwarded to the application server.BusinessObjects Enterprise Architecture Information flow 4 • The Cache Server and the Page Server do not participate in scheduling reports or in creating instances of scheduled reports. hosted by the WCA. • The client-side report viewers (the ActiveX and Java viewers) are implemented through viewrpt. • The zero-client Advanced DHTML viewer is implemented through report_view_advanced. The processing flow for custom applications may differ. When evaluated by the application server. the type of report. the interaction between servers follows the same pattern as it does for reports. When you schedule program objects or object packages. The actual request is constructed as a URL that includes the report’s unique ID. this script communicates with the framework (through the published SDK interfaces) in order to create a viewer object and retrieve a report source from the Cache Server and Page Server. BusinessObjects Enterprise Administrator’s Guide 71 .aspx. In all cases. The script then checks the user’s InfoView preferences and redirects the request to the viewing mechanism that corresponds to the user’s default viewer. When you view a report through BusinessObjects Enterprise. when evaluated by the application server. See “Scaling Your System” on page 157.

If a cached version of the . the Page Server generates the .epf format from the Cache Server and Page Server. If the user is granted the right to view the report.epf files to the application server. 3. b. d. That is.epf file is available: a.epf files from the Page Server. The viewer code communicates with the framework in order to retrieve a report page in . the Page Server will generate pages of the report instance using the data stored in the report instance. g. If the user has sufficient rights. Cached pages are stored as Encapsulated Page Format (. the Cache Server checks to see if it has the requested pages cached. If a cached version of the . depending on how the initial request was made: 72 BusinessObjects Enterprise Administrator’s Guide .epf) files.epf file is unavailable: a. The Cache Server then caches the .epf files. Report viewing with the Cache Server and Page Server This section describes the process for viewing a Crystal report when using the zero-client DHTML. If the report is an object. e. Upon receiving a report-viewing request. c. 4. b. 2. If the report is an instance. or Java viewer. This process uses the Cache Server and the Page Server. and the user only has View rights. f.epf file to the application server. the Cache Server sends the . The Cache Server requests new . The application server sends the report to the user’s Web browser in one of two ways. The Page Server checks with the CMS to see if the user has rights to view the report. If the user is granted the right to view the report. the Page Server will not retrieve the latest data from the database. ActiveX. If they haven’t already done so. the Page Server retrieves the report from the Input File Repository Server. users are prompted to download and install the appropriate viewer software. the user must have View On Demand rights to view the report successfully (because the Page Server needs to retrieve data from the database).4 BusinessObjects Enterprise Architecture Information flow The Crystal Web Request is executed internally through viewer code on the application server.epf pages and forwards them to the Cache Server. The Cache Server checks with the CMS to see if the user has rights to view the report. 1. The Cache Server sends the .

That is. then the RAS will refresh the report against the database. BusinessObjects Enterprise Administrator’s Guide 73 .epf file is available: a. The RAS checks with the CMS to see if the user has rights to view the report. the viewer SDK (residing on the application server) is used to generate HTML that represents both the DHTML viewer and the report itself. Upon receiving a report-viewing request. If the user is granted the right to view the report. If the user is granted the right to view the report. then the RAS will only ever generate pages of the latest report instance.aspx). obtains the data from the database. c. caches the . the application server forwards the . This process flow uses the Report Application Server (RAS). If the initial request was made through an Active X or Java viewer (viewrpt.BusinessObjects Enterprise Architecture Information flow 4 • If the initial request was made through a DHTML viewer (report_view_dhtml. the RAS retrieves the report object from the Input File Repository Server. the RAS will not retrieve the latest data from the database. If the user is granted View On Demand rights to the report object.epf pages to the application server. d. • Report viewing with the Report Application Server (RAS) This section describes the process for viewing a Crystal report when using the Advanced DHTML viewer.epf file is unavailable: a. b. 1.) If a cached version of the . If the user is granted View rights to the report object.epf pages.epf pages to the application server. b. the RAS checks to see if it has the requested report data in cache.aspx). Note: The interactive search and filter features provided by the Advanced DHTML viewer are available only if the user has View On Demand rights (or greater) to the report object. The HTML pages are then returned through the web server to the user’s web browser.epf pages and sends the . which is separate from the Cache Server. The RAS checks with the CMS to see if the user has rights to view the report. If a cached version of the . 3. (The RAS has its own caching mechanism.epf pages through the web server to the report viewer software in the user’s web browser. generates the . the RAS returns . The RAS then processes the report object. 2.

4. b. When the application server receives the . and they are stored on the Output FRS. 5. which creates a new session with the Web Intelligence Report Server. Viewing Web Intelligence documents This section describes the process for viewing a Web Intelligence document. The Web Intelligence Report Server obtains the document information from the CMS and checks what rights the user has on the document. The Web Intelligence Report Server contacts the CMS to check whether the user has the right to view the document. 7.epf pages from the RAS. The web application server sends the request to the application server. If the document is set to “refresh on open” and the user has the View On Demand rights. 5. If the user has the right to view the document. 6. 1. The Web Intelligence Report Server checks if the user has rights to use the Web Intelligence application. The application server sends the HTML pages through the web server to the user’s web browser. and to check when the document was last updated. Documents are stored on the Input FRS. c. Instances are generated when an object is run according to a schedule. 74 BusinessObjects Enterprise Administrator’s Guide . 3. The Web Intelligence Report Server obtains the Web Intelligence document from either the Input or Output File Repository Server and loads the document file. the viewer SDK generates HTML that represents both the Advanced DHTML viewer and the report itself. 2. the following happens: a. InfoView sends the request to the web application server. The web application server then sends the request to the Web Intelligence Report Server. If cached content is available. Note: Which FRS is used depends on whether the request was for a Web Intelligence document that was saved to BusinessObjects Enterprise or for an instance of the document. the Web Intelligence Report Server refreshes the data in the document with data from the database.4 BusinessObjects Enterprise Architecture Information flow 4. the Web Intelligence Report Server checks whether it has up-to-date cached content for the document. the Web Intelligence Report Server sends the cached document information to the SDK. If cached content is not available.

you may prefer to schedule reports on a recurrent basis so that users can always view recent data (report instances) without hitting the database server. 10. Live data On-demand reporting gives users real-time access to live data. then all those requests to the database do little more than increase network traffic and consume server resources. The SDK applies an XSLT style sheet to the XML to transform it to HTML. e. Whichever choice you make. The viewer script returns the HTML to the browser. consider whether or not you want all of your users hitting the database server on a continual basis. BusinessObjects Enterprise Administrator’s Guide 75 . Choosing between live and saved data When reporting over the Web. Use live data to keep users up-to-date on constantly changing data. 11. In such cases. The viewer script calls the SDK to get the requested page of the document. it renders the page to XML using the current data for the document. For instance. The request is passed to the Web Intelligence Report Server. however. 8. so they can access information that’s accurate to the second.BusinessObjects Enterprise Architecture Choosing between live and saved data 4 Note: If the document is set to “refresh on open” but the user does not have View On Demand rights. if the managers of a large distribution center need to keep track of inventory shipped on a continual basis. BusinessObjects Enterprise displays the first page as quickly as possible. If the data isn’t rapidly or constantly changing. If the Web Intelligence Report Server has cached content for the page. d. however. an error message is displayed. The Web Intelligence Report Server stores the document file and the new document information in cache. so you can see your report while the rest of the data is being processed. it returns the cached XML to the SDK. It then returns the XML to the SDK. then live reporting is the way to give them the information they need. The Web Intelligence Report Server sends the document information to the SDK. straight from the database server. If the Web Intelligence Report Server does not have the cached content for the page. the choice to use live or saved data is one of the most important decisions you’ll make. 9. Before providing live data for all your reports.

they don’t access the database server directly.5 and later). Saved data To reduce the amount of network traffic and the number of hits on your database servers. Tip: Users require only View access to display report instances. 76 BusinessObjects Enterprise Administrator’s Guide . For example. When users navigate through report instances. instead. Consequently. but also lighten the database server’s workload. but they are not hitting the database every time they open a report. you can schedule reports to be run at specified times. reports with saved data not only minimize data transfer over the network. and drill down for details on columns or charts. they access the saved data. When the report has been run. Report instances are useful for dealing with data that isn’t continually updated. users can view that report instance as needed. without triggering additional hits on the database. Sales representatives then always have access to current sales data. you can run the report on a similar schedule.4 BusinessObjects Enterprise Architecture Choosing between live and saved data For more information about optimizing the performance of reports that are viewed on demand. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. Tip: Users require View On Demand access to refresh reports against the database. if your sales database is updated once a day.

Managing and Configuring Servers chapter .

For example. The default values for these settings have been chosen to maximize the reliability. and consistency of operation of a typical BusinessObjects Enterprise installation. and to change the default server port numbers. disabling data sharing means that every user can always assume that they will receive the latest data. you use the CCM to stop servers. If you prefer to place more emphasis on the efficiency. Because the CMC is a web-based interface. For example. to modify performance settings. 78 BusinessObjects Enterprise Administrator’s Guide . access server metrics. The default settings guarantee the highest degree of data accuracy and timeliness. data sharing between reports is disabled. • Central Configuration Manager (CCM) The CCM is a program that allows you to view and to modify server settings while Business Objects servers are offline. and scalability of BusinessObjects Enterprise. the CCM allows you to configure BusinessObjects Enterprise remotely over your corporate network You can accomplish some configuration tasks with both tools. you can tune server settings to set your own balance between system reliability and performance. by default. you use the CMC to change the status of a server. you can configure your BusinessObjects Enterprise servers remotely over the Internet or through your corporate intranet. With BusinessObjects Enterprise. or create server groups. while other tasks must be performed with a specific tool. you can also specify how long data will be shared between users. It also includes information on the server settings that you can alter to accommodate the needs of your organization. For instance. When running reports on demand. economy. BusinessObjects Enterprise administrative tools BusinessObjects Enterprise includes two key administrative tools that allow you to view and to modify a variety of server settings: • Central Management Console (CMC) The CMC is the web-based administration tool that allows you to view and to modify server settings while BusinessObjects Enterprise is running. To take advantage of this feature while ensuring that every user receives data that meets your criteria for timeliness. For instance. change server settings.5 Managing and Configuring Servers Server management overview Server management overview This chapter provides information on a range of server tasks that allow you to customize the behavior of BusinessObjects Enterprise. enabling data sharing between reports markedly increases system performance when user loads are heavy. predictability.

see “Managing Server Groups” on page 151. 1. The general information also includes the time the server started and the version number of the server. along with details that are specific to the type of server. Viewing current server metrics The Servers management area of the CMC displays server metrics that provide statistics and information about each BusinessObjects Enterprise server. Tip: For an example of how to use server metrics in your own web applications. For more information. The CMC also allows you to view system metrics. 2. your CMS. see the developer documentation available on your product CD. you can now access and modify server metrics and settings from your own web applications. number of CPUs. Click the Metrics tab. With the BusinessObjects Enterprise Software Development Kit (SDK). free hard disk space. total RAM. and local time. Click the link to the server whose metrics you want to view. For information about creating groups of servers. operating system. These metrics include general information about each machine. and your current system activity. BusinessObjects Enterprise Administrator’s Guide 79 . 3. To view server metrics Go to the Servers management area of the CMC. which include information about your product version. see “BusinessObjects Enterprise Architecture” on page 53. total hard disk space. Viewing current metrics The CMC allows you to view server metrics over the Web.Managing and Configuring Servers Viewing current metrics 5 Related topics: • • • For an overview of the multi-tier architecture and the BusinessObjects Enterprise server components. see the “View Server Summary” sample on the BusinessObjects Enterprise Admin Launchpad. The general information displayed for each server includes information about the machine that the server is running on—its name.

and the number of writers for each active file. Each File Repository Server also has an Active Files tab. Event Server The Metrics tab of the Event Server contains statistics on the files that the server is monitoring. as well as the number of bytes sent and received. the location of the cache files. indicates the maximum idle time. server-specific information: Input and Output File Repository Servers The Metrics tab of each File Repository Server lists the root directory of the files that the server maintains. the minutes between refreshes from the database. This tab includes a table showing the file name and the last time the event occurred. The Metrics tabs for the following servers include additional. the minutes before an idle job is closed. along with the number of connections made to each Page Server.crystald. the number of current connections. The Metrics tab also provides a table that lists the Page Servers that the Cache server has connections to. the total threads running.5 Managing and Configuring Servers Viewing current metrics This example shows the metrics for an Event Server that is running on a machine called Crystal-E501888.net. and displays the number of active files and active client connections. the number of requests served. It also lists the total available hard disk space. the maximum cache size. which lists the filename. Cache Server The Metrics tab of the Cache Server displays the maximum number of processing threads. and the number of requests that are queued. the number of bytes transferred. the cache hit rate. 80 BusinessObjects Enterprise Administrator’s Guide . the number of readers. whether or not the database is accessed whenever a viewer’s file (object) is refreshed.

shows a list of users who have active sessions on the system. whether a viewer refresh always hits the database. Metrics. The Properties tab. Click any user’s link to view the associated account details. the total number of requests served. It also lists the data source. and the setting for the Report Job Database Connection. the total number of failed job creations. the processing mode. the location of temporary files. The Cluster tab lists the name of the CMS you are connected to. the oldest processed data given to a client. View the contents of the Properties. and the location of its temporary files. database name. Viewing system metrics The Settings management area of the CMC displays system metrics that provide general information about your BusinessObjects Enterprise installation. the name of the CMS cluster. the number of minutes before an idle connection is closed. BusinessObjects Enterprise Administrator’s Guide 81 . 1. To view system metrics Go to the Settings management area of the CMC. the minutes before a report job is closed. the total number of requests received. and the names of other cluster members. along with the number of open connections that have been created. Report Application Server The Metrics tab of the Report Application Server (RAS) shows the number of reports that are open. and the number of reports that have been opened. Job servers and Web Intelligence servers The Metrics tabs of theses servers lists the current number of jobs that are being processed. 2. along with statistics about current and processed jobs. Central Management Server The Metrics tab of the CMS lists only the general information about the machine it is running on. The Properties tab includes information about the product version and build. It lists the maximum number of simultaneous report jobs. It also shows the number of open connections. however. and Cluster tabs. and the total bytes transferred. the current number of processing threads running.Managing and Configuring Servers Viewing current metrics 5 Page Server The Metrics tab of the Page Server contains information on how the server is running. It also shows the number of current connections. and database user name of the CMS database. the maximum number of database records shown when previewing or refreshing a report. the number of requests queued. The Metrics tab lists current account activity.

Restarting a server Restarting a server is a shortcut to stopping a server completely and then starting it again. see Licensing overview. enabled. and restarting servers” on page 82 “Enabling and disabling servers” on page 85 “Printing. you need Starting a server to start it to effect your changes and to have the server resume processing requests. however. stopping. stopping. and refreshing server status” on page 86 Starting. however. because these tasks appear frequently. and restarting servers are common actions that you perform when you configure servers or take them offline for other reasons. the changes typically do not take effect until your restart the server. the concepts and differences are explained first. stopped. Viewing and changing the status of servers The status of a server is its current state of operation: a server can be started. 82 BusinessObjects Enterprise Administrator’s Guide . A server that is disabled is still running as a process. The remainder of this chapter tells you when a certain configuration change requires that you first stop or restart the server.5 Managing and Configuring Servers Viewing and changing the status of servers Related topics: • • For more information about licenses and account activity. copying. For information about CMS clusters. Action Stopping a server Description You must stop BusinessObjects Enterprise servers before you can modify certain properties and settings. This section shows how to modify the status of servers with the CMC and the CCM. and the general procedures are provided for reference. stopping. It includes: • • • “Starting. it is not accepting requests from the rest of BusinessObjects Enterprise. However. a server must be started and enabled. If you have stopped a server to configure it. see Clustering Central Management Servers. To respond to BusinessObjects Enterprise requests. and restarting servers Starting. A server that is stopped is no longer running as a process. You can change certain settings without stopping the server. or disabled.

BusinessObjects Enterprise Administrator’s Guide 83 . We recommend that you disable Job Servers and Program Job Servers before stopping them so that they can finish processing any jobs they have in progress before stopping. you start the server again to effect your changes. See “Stopping a Central Management Server” on page 84 for more information. 3. In this example. Once you have made your changes. A list of servers appears. For details. The icon associated with each server identifies its status: • • • Running is indicated by a server with a green arrow. Stopped is indicated by a server with a red arrow. and the remaining servers are running and enabled. the Page Server Server is stopped. If you want to prevent a server from receiving requests without actually stopping the server process. 4. the Event Server is disabled. You may be prompted for network credentials that allow you to start and stop services running on the remote machine. Click Refresh to update the page. or restart servers with CMC Note: You cannot use CMC to stop the CMS. Select the check box for the server whose status you want to change. or Restart. you terminate the server’s process. Go to the Servers management area of the CMC. Depending upon the action you need to perform. To start. thereby stopping the server completely. 2. Disabled is indicated by a server with a red circle. if you want to change the name of a CMS.Managing and Configuring Servers Viewing and changing the status of servers 5 For example. then you must first stop the server. You must use the CCM instead. you can also enable and disable servers. Tip: When you stop (or restart) a server. click Start. stop. Stop. see “Enabling and disabling servers” on page 85. 1.

5

Managing and Configuring Servers Viewing and changing the status of servers

1. 2. 3.

To start, stop, or restart a Windows server with the CCM Start the CCM. Select the server that you want to start, stop, or restart. On the toolbar, click the appropriate button.

Toolbar Action Icon Start the selected server. Stop the selected server. Restart the selected server. You may be prompted for network credentials that allow you to start and stop services. Note: When you provide your network credentials, they are first checked against the machine hosting the CMS. If the server that you want to start, stop, or restart is located on another machine, the same credentials are used to access the other machine. If you supply credentials that are valid on the remote machine but not on the machine running the CMS, then you receive an error message. The CCM performs the action and refreshes the list of servers. To start, stop, or restart a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Stopping a Central Management Server
If your BusinessObjects Enterprise installation has a single Central Management Server (CMS), shutting it down will make BusinessObjects Enterprise unavailable to your users and will interrupt the processing of reports and programs. Before stopping your CMS, you may wish to disable your processing servers so that they can finish any jobs in progress before BusinessObjects Enterprise shuts down. See “Enabling and disabling servers” on page 85 for more information. If you have a CMS cluster consisting of more than one active CMS, you can shut down a single CMS without losing data or affecting system functionality. The other CMS in the cluster will assume the workload of the stopped server.

84

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

Using a CMS cluster enables you to perform maintenance on each of your Central Management Servers in turn without taking BusinessObjects Enterprise out of service. For more information on CMS clusters, see “Clustering Central Management Servers” on page 92.

Enabling and disabling servers
When you disable a BusinessObjects Enterprise server, you prevent it from receiving and responding to new BusinessObjects Enterprise requests, but you do not actually stop the server process. This is especially useful when you want to allow a server to finish processing all of its current requests before you stop it completely. For example, you may want to stop a Job Server before rebooting the machine it is running on. However, you want to allow the server to fulfill any outstanding report requests that are in its queue. First, you disable the Job Server so it cannot accept any additional requests. Next, go to the Central Management Console to monitor when the server completes the jobs it has in progress. (From the Servers management area, choose the server name and then the metrics tab). Then, once it has finished processing current requests, you can safely stop the server. Note: The CMS must be running in order for you to enable and/or disable other servers. 1. To enable and disable servers with CMC Go to the Servers management area of the CMC. The icon associated with each server identifies its status. In this example, the Event Server is disabled (but not stopped), and the remaining servers are running and enabled.

BusinessObjects Enterprise Administrator’s Guide

85

5

Managing and Configuring Servers Viewing and changing the status of servers

2. 3. 1. 2. 3. 4.

Select the check box for the server whose status you want to change. Depending upon the action you need to perform, click Enable or Disable. To enable or disable a Windows server with the CCM Start the CCM. On the toolbar, click Enable/Disable. When prompted, log on to your CMS with the credentials that provide you with administrative privileges to BusinessObjects Enterprise. Click Connect. The Enable/Disable Servers dialog box appears.

This dialog box lists all of the BusinessObjects Enterprise servers that are registered with your CMS, including servers running on remote machines. By default, servers running on remote machines are displayed as MACHINE.servertype. In this example, all of the listed servers are currently enabled. 5. 6. To disable a server, clear the check box in the Server Name column. Click OK to effect your changes and return to the CCM.

To enable or disable a UNIX server with the CCM Use the ccm.sh script. For reference, see “ccm.sh” on page 598.

Printing, copying, and refreshing server status
When using the CCM on Windows, you can print and copy the properties of a server, and refresh the list of servers.

86

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Viewing and changing the status of servers

5

1. 2.

To print the status of a server Start the CCM. Select the server(s).

BusinessObjects Enterprise Administrator’s Guide

87

5

Managing and Configuring Servers Configuring the application tier

3. 4.

Click Print. The Print dialog box appears. Click OK. A brief listing of the server’s properties is printed, including the Display Name, Version, Command Line, Status, and so on.

To copy the status of a server To save the status of a server, you can copy the details from the CCM to a document or to an email message (if you want to send the status information to someone else). 1. 2. 3. 4. Start the CCM. Select the server(s). Click Copy. Paste the information into a document for future reference. To refresh the list of servers To ensure you are looking at the latest information, click Refresh.

Note: Disabled servers may not appear in this list. Click Enable/Disable to view a list of servers and ensure that each is enabled.

Configuring the application tier
This section includes technical information and procedures that show how you can modify settings for the application tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements.

88

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Note: This section does not show how to configure your Web application server to deploy BusinessObjects Enterprise applications. This task is typically performed when you install BusinessObjects Enterprise. For details, see the BusinessObjects Enterprise Installation Guide. For further troubleshooting, see “Working with Firewalls” on page 181.

Configuring the Web Component Adapter
The WCA provides support for the Central Management Console and CSP applications. The Web Component Adapter is a web application. It does not appear as a server in the Central Management Console or in the Central Configuration Manager. To configure the WCA, edit either of the following files, depending on whether you are running the system on a Java or .NET platform:

• •

On a Java platform edit the web.xml file associated with the WCA. See “Configuring the Java Web Component Adapter” on page 89. On a .NET platform edit the web.config file associated with the WCA. See “Configuring the .NET Web Component Adapter” on page 91.

Configuring the Java Web Component Adapter
To configure the Java WCA you edit the web.xml file associated with the WCA:

• •

Windows: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\java\applications directory UNIX: WEB-INF subdirectory of the webcompadapter.war archive file stored in the bobje_root/enterprise11/java/applications directory

For example, the context parameter that controls whether a group tree will be generated looks like this:
<context-param> <param-name>viewrpt.groupTreeGenerate</param-name> <param-value>true</param-value> <desctiption>”true” or “false” value determining whether a group tree will be generated.</description> </context-param>

To change the value of a context parameter, edit the value between the <param-value> </param-value> tags. To configure web.xml Note: Your Java Web Application Server may provide tools to allow you to edit web.xml directly from an administrative console.Otherwise use the following procedure to configure web.xml.

BusinessObjects Enterprise Administrator’s Guide

89

5

Managing and Configuring Servers Configuring the application tier

1. 2. 3. 4.

Stop your application server. Extract the web.xml file from the webcompadapter.war archive. Edit the file by using a text editor such as Notepad or vi. Reinsert the file into the WEB-INF directory in webcompadapter.war. Tip: To reinsert web.xml into WEB-INF using WinZip, right-click on the WEB-INF directory that contains your edited web.xml file and select “Add to Zip File...”. Adding the file in this way ensures that it is placed in the correct directory inside the archive.

5.

Restart your application server.

When you install more than one WCA, each webcomponentadapter.war file contains its own web.xml file containing configuration parameters for that WCA. However, you can only set the parameters listed in the following table individually for each WCA. The remaining parameters must be the same for all WCA in your system. Context Parameter display-name cspApplication.defaultPage Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the real path to the directory containing the CSP/WAS application(s) that you would like to host. This is a required field. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true. If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB.

cspApplication.dir

connection.cms

connection.listeningPort log.file

log.ext log.isRolling log.size

90

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the application tier

5

Context Parameter log.level log.entryPattern

Description The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

Configuring the .NET Web Component Adapter
To configure the .NET WCA you edit the web.config file associated with the the WCA. This file is located in the following directory:
C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\application

For example, the context parameter that controls whether a group tree will be generated looks like this: To configure web.config Note: Your .NET Web Application Server may provide tools to allow you to edit web.config directly from an administrative console. 1. 2. 3. Stop your application server. Edit the web.config file by using a text editor such as Notepad. Restart your application server. Description Equivalent to WCA name. The default page that will be loaded if no filename is specified in a particular request. This is the name (or name and port number) of the CMS that you would like your application(s) to connect to. This field defaults to the port that the WCA related servlets are running on. Filename of the logfile including full real path to file, excluding extension. Defaults to WCA with no path File extension of logfile, defaults to .log Determines whether or not the logs will be rotated, defaults to true.

Parameter display-name cspApplication.defaultPage

connection.cms

connection.listeningPort log.file

log.ext log.isRolling

BusinessObjects Enterprise Administrator’s Guide

91

5

Managing and Configuring Servers Configuring the intelligence tier

Parameter log.size

Description If log rolling is turned on, this will govern the max size before logfile is rotated. Accepted suffix: MB, KB and GB. The default loglevel is “error.” Please refer to log4j documentation for accepted log entry patterns.

log.level log.entryPattern

Configuring the intelligence tier
This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the intelligence tier.

The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware, software, and network configurations. Consequently, the settings that you choose will depend largely upon your own requirements. Configuring the intelligence tier includes the following tasks:

• • • • • • •

“Clustering Central Management Servers” on page 92 “Copying data from one CMS database to another” on page 98 “Deleting and recreating the CMS database” on page 108 “Selecting a new or existing CMS database” on page 109 “Setting root directories and idle times of the File Repository Servers” on page 110 “Modifying Cache Server performance settings” on page 112 “Modifying the polling time of the Event Server” on page 114

Clustering Central Management Servers
If you have a large or mission-critical implementation of BusinessObjects Enterprise, you will probably want to run several CMS machines together in a CMS cluster. A CMS cluster consists of two or more CMS servers working together to maintain the system database. If a machine that is running one CMS fails, a machine with another CMS will continue to service

92

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

BusinessObjects Enterprise requests. This “failover” support helps to ensure that BusinessObjects Enterprise users can still access information when there is equipment failure. This section shows how to add a new CMS cluster member to a production system that is already up and running. When you add a new CMS to an existing cluster, you instruct the new CMS to connect to the existing CMS database and to share the processing workload with any existing CMS machines. For information about your current CMS and CMS cluster, go to the Settings management area of the CMC and click the Cluster tab. Before clustering CMS machines, you must make sure that each CMS is installed on a system that meets the detailed requirements (including version levels and patch levels) for operating system, database server, database access method, database driver, and database client outlined in the platforms.txt file included in your product distribution. In addition, you must meet the following clustering requirements:

For best performance, the database server that you choose to host the system database must be able to process small queries very quickly. The CMS communicates frequently with the system database and sends it many small queries. If the database server is unable to process these requests in a timely manner, BusinessObjects Enterprise performance will be greatly affected. For best performance, run each CMS cluster member on a machine that has the same amount of memory and the same type of CPU. Configure each machine similarly:

• •

• • • • • • •

Install the same operating system, including the same version of operating system service packs and patches. Install the same version of BusinessObjects Enterprise (including patches, if applicable). Ensure that each CMS connects to the CMS database in the same manner: whether you use native or ODBC drivers, ensure that the drivers are the same on each machine, and are a supported version. Ensure that each CMS uses the same database client to connect to its system database, and that it is a supported version. Check that each CMS uses the same database user account and password to connect to the CMS database. This account must have create, delete, and update rights on the system database. Run each CMS service/daemon under the same account. (On Windows, the default is the “LocalSystem” account.) Verify that the current date and time are set correctly on each CMS machine (including settings for daylight savings time).

BusinessObjects Enterprise Administrator’s Guide

93

5

Managing and Configuring Servers Configuring the intelligence tier

• •

Ensure that each and every CMS in a cluster is on the same Local Area Network. If you wish to enable auditing, each CMS must be configured to use the same auditing database and to connect to it in the same manner. The requirements for the auditing database are the same as those for the system database in terms of database servers, clients, access methods, drivers, and user IDs. See also Chapter 10: Managing Auditing.

Tip: By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. To modify the default name, see “Changing the name of a CMS cluster” on page 96. There are two ways to add a new CMS cluster member. Follow the appropriate procedure, depending upon whether or not you have already installed a second CMS:

• •

“Installing a new CMS and adding it to a cluster” on page 94 See this section if you have not already installed the new CMS on its own machine. “Adding an installed CMS to a cluster” on page 95 Follow this procedure if you have already installed a second, independent CMS on its own machine. While testing various server configurations, for instance, you might have set up an independent BusinessObjects Enterprise system with its own CMS. Follow this procedure when you want to incorporate this independent CMS into your production system.

Note: Back up your current CMS database before making any changes. If necessary, contact your database administrator.

Installing a new CMS and adding it to a cluster
When you install a new CMS, you can quickly cluster it with your existing CMS. Run the BusinessObjects Enterprise installation and setup program on the machine where you want to install the new CMS cluster member. The setup program allows you to perform an Expand installation. During the Expand installation, you specify the existing CMS whose system you want to expand, and you select the components that want to install on the local machine. In this case, specify the name of the CMS that is running your existing system, and choose to install a new CMS on the local machine. Then provide the Setup program with the information it needs to connect to your existing CMS database. When the Setup program installs the new CMS on the local machine, it automatically adds the server to your existing CMS cluster.

94

BusinessObjects Enterprise Administrator’s Guide

Managing and Configuring Servers Configuring the intelligence tier

5

For complete requirements for CMS added to a cluster, see “Clustering Central Management Servers” on page 92. For complete information on running the Setup program and performing the Expand installation, see the BusinessObjects Enterprise Installation Guide.

Adding an installed CMS to a cluster
In these steps, the independent CMS refers to the one that you want to add to a cluster. You will add the independent CMS to your production CMS cluster. By adding an independent CMS to a cluster, you disconnect the independent CMS from its own database and instruct it to share the system database that belongs to your production CMS. Before starting this procedure, ensure that you have a database user account with Create, Delete, and Update rights to the database storing the BusinessObjects Enterprise tables. Ensure also that you can connect to the database from the machine that is running the independent CMS (through your database client software or through ODBC, according to your configuration). Also ensure that the CMS you are adding to the cluster meets the requirements outlined in “Clustering Central Management Servers” on page 92. Note: Back up your current CMS database before beginning this procedure. If necessary, contact your database administrator. 1. 2. To add an installed CMS to a cluster on Windows Use the CCM to stop the independent Central Management Server. With the CMS selected, click Specify CMS Data Source on the toolbar. The CMS Database Setup dialog box appears.

3.

Click Select a Data Source; then click OK.

BusinessObjects Enterprise Administrator’s Guide

95

5

Managing and Configuring Servers Configuring the intelligence tier

4.

In the Select Database Driver dialog box, specify whether you want to connect to the production CMS database through ODBC, or through one of the native drivers. Click OK. The remaining steps depend upon the connection type you selected:

5. 6.

If you selected ODBC, the Windows “Select Data Source” dialog box appears. Select the ODBC data source that corresponds to your production CMS database; then click OK. If prompted, provide your database credentials and click OK. The CCM connects to the database server and adds the new CMS to the cluster. If you selected a native driver, you are prompted for your database Server Name, your Login ID, and your Password. Once you provide this information, the CCM connects to the database server and adds the new CMS to the cluster.

The SvcMgr dialog box notifies you when the CMS database setup is complete. 7. 8. Click OK. Start the Central Management Server.

To add an installed CMS to a cluster on UNIX Use the cmsdbsetup.sh script. For reference, see “cmsdbsetup.sh” on page 601.

Changing the name of a CMS cluster
By default, a CMS cluster name reflects the name of the first CMS that you install, but the cluster name is prefixed by the @ symbol. For instance, if your existing CMS is called BUSINESSOBJECTSCMS, then the default cluster name is @BUSINESSOBJECTSCMS. This procedure allows you to change the name of a cluster that is already installed and running. To change the cluster name, you need only stop one of the CMS cluster members. The remaining CMS cluster members are dynamically notified of the change. For optimal performance, after changing the name of the CMS cluster reconfigure each Business Objects server so that it registers with the CMS cluster, rather than with an individual CMS. 1. 2. To change the cluster name on Windows Use the CCM to stop any Central Management Server that is a member of the cluster. With the CMS selected, click Properties on the toolbar.

96

BusinessObjects Enterprise Administrator’s Guide

3. Save the file. and then click Properties. If necessary. if the cluster name was changed to ENTERPRISE. Do not include a port number with the cluster name.Managing and Configuring Servers Configuring the intelligence tier 5 3. For example. 5. 1. Select the Change Cluster Name to check box. type @ENTERPRISE. type the name of the cluster. The name of the cluster begins with the @ symbol. To register servers with the CMS cluster on Windows Use the CCM to stop a Business Objects server. Click the Configuration tab. Click OK and then start the Central Management Server. 6. if the cluster name was changed to ENTERPRISE. BusinessObjects Enterprise Administrator’s Guide 97 . The name of the cluster begins with the @ symbol. enable any servers that have been disabled by your changes. 7. 2. Type the new name for the cluster. and change the name of the CMS to the name of the CMS cluster.sh script. Go to the Servers management area of the CMC and check that all of your servers remain enabled. Repeat for each Business Objects server in your installation. To registers servers with the CMS cluster on UNIX Use ccm. For example. Select the server from the list.sh” on page 601.config file found in the root directory of your BusinessObjects Enterprise installation. Use a text editor such as vi to open the ccm. 4. and then use ccm. 3. 5. 4. To change the cluster name on UNIX Use the cmsdbsetup. In the CMS Name box. For reference. Click OK.sh to stop each server. and then start the server. All other CMS cluster members are dynamically notified of the new cluster name (although it may take several minutes for your changes to propagate across cluster members). 2. Click the Configuration tab. see “cmsdbsetup. 4. The CMS cluster name is now changed.sh to restart the servers. 1. type @ENTERPRISE in the box. Find the -ns command in the launch string for each server.

see “Importing with the Import Wizard” on page 402. The destination database is initialized before the new data is copied in. Throughout this section. Ensure that you have a database user account that has permission to read all data in the source database. Note: Prior to BusinessObjects Enterprise XI. Tip: If you want to import users. the CMS was known as Crystal Management Server.5 Managing and Configuring Servers Configuring the intelligence tier Copying data from one CMS database to another BusinessObjects Enterprise enables you to copy the contents of one CMS database into another database. folders. and also as the Automated Process Scheduler (APS). according to your configuration—from the CMS machine whose database you are replacing. and Update rights to the destination database. Ensure also that you can connect to both databases—through your database client software or through ODBC. migrating a CMS database will include several of the following tasks: • • • • “Preparing to migrate a CMS database” on page 98 “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 “Completing a CMS database migration” on page 104 Preparing to migrate a CMS database Before migrating a CMS database. 98 BusinessObjects Enterprise Administrator’s Guide . This procedure is also referred to as migrating a CMS database. Back up both CMS databases. the destination database is established as the current database for the CMS. you can migrate the data from your current CMS database into a different data source. the source CMS database refers to the database that holds the data you are copying. without deleting the contents of the current CMS database. this data is copied into the destination database. Depending on the platform of your system and the version of your CMS database. You can migrate CMS data from a different CMS database (versions 8. Delete. take the source and the destination environments offline by disabling and subsequently stopping all servers. and a database user account that has Create. If necessary.5 through 10 of Crystal Enterprise and version XI of BusinessObjects Enterprise) into your current CMS database. groups. Once the data has been copied. and back up the root directories used by all Input and Output File Repository Servers. and reports from one system to another. Or. contact your database or network administrator. so any existing contents of the destination database are permanently deleted (all BusinessObjects Enterprise tables are destroyed permanently and then recreated).

After you migrate the database. your current CMS database is the source environment. Log on with an administrative account to the machine that is running the CMS whose database you want to move. make note of the current root directories used by the Input and Output File Repository Servers in the source environment. License keys from earlier versions of Crystal Enterprise are not copied. During migration. the destination database is initialized before the new data is copied in. or Sybase. License keys in the destination database are replaced with license keys from the source database when the source license keys are valid for the current version of BusinessObjects Enterprise. thus making the report files available for the new system to process. Complete the following procedure: • • • • “Copying data from a CMS on Windows” on page 100 “Copying data from a CMS installed on UNIX” on page 103 When you migrate a CMS database from an earlier version of Crystal Enterprise. your current CMS database is the destination database whose tables are deleted before they are replaced with the copied data. such as Microsoft SQL Server. Informix. or 10 of Crystal Enterprise or version XI of BusinessObjects Enterprise) into your current CMS database. the database and database schema are upgraded to the format required by the current version of BusinessObjects Enterprise. That is. if your destination database does not contain the four BusinessObjects Note: BusinessObjects Enterprise Administrator’s Guide 99 . The database migration does not actually move report files from one directory location to another.0. When you copy data from one database to another. which is then established as the active database for the current CMS. This is the procedure to follow if you want to move the default CMS database on Windows from the local Microsoft Data Engine (MSDE) to a dedicated database server. 9. license keys that are present in the destination database are retained only if the source database contains no license keys that are valid for the current version of BusinessObjects Enterprise. 8. In this scenario.5. Complete the procedure that corresponds to the version of the source environment: • • “Copying data from a CMS on Windows” on page 100 “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101 If you are copying a CMS database from its current location to a different database server. If you are copying CMS data from a different CMS database (version 8. you will connect your new Input and Output File Repository Servers to the old root directories.Managing and Configuring Servers Configuring the intelligence tier 5 Make a note of the license keys you purchased for the current version of BusinessObjects Enterprise. DB2. Its contents are copied to the destination database. Oracle. Log on with an administrative account to the CMS machine whose database you want to replace.

In the Select Database Driver dialog box. You must now specify the source CMS database whose contents you want to copy.5 Managing and Configuring Servers Configuring the intelligence tier Enterprise XI system tables. Click Copy data from another Data Source. 3.5. Informix. 4. Click OK. then click OK. 100 BusinessObjects Enterprise Administrator’s Guide . 5. or through one of the native drivers. The next steps depend upon the connection type you selected: 7. the tables will be permanently deleted. these tables are created. Copying data from a CMS on Windows Use this procedure if your CMS is installed on Windows and you are copying data from versions 8. In the “Source contains data from version” list. are unaffected. 6. 1. With the CMS selected. and data from the source database will be copied into the new tables. new system tables will be created. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. 9. specify whether you want to connect to the source CMS database through ODBC. click Autodetect (or explicitly select the version of the source CMS database). If the destination database does contain BusinessObjects Enterprise XI system tables. The Specify Data Source dialog box appears. To copy data from a CMS on Windows Use the CCM to stop the Central Management Server. 2. including previous versions of Crystal Enterprise system tables. Other tables in the database. If you are copying data from version 8 of Crystal Enterprise. please see “Copying data from a Crystal Enterprise 8 APS on Windows” on page 101. Click Specify. click Specify CMS Data Source on the toolbar. 8.

provide your database credentials and click OK. 14. then click OK. If you selected a native driver. then click OK. 13. provide your database Server Name. when prompted to confirm. Select the ODBC data source that corresponds to the destination CMS database. specify whether you want to connect to the destination CMS database through ODBC. then click OK. and you are copying data from a Crystal Enterprise 8 APS system database. Select the data source that corresponds to the source CMS database. Copying data from a Crystal Enterprise 8 APS on Windows Note: Prior to BusinessObjects Enterprise XI. and your Password. In the Select Database Driver dialog box. 11. Click OK and. the Windows “Select Data Source” dialog box appears. Proceed to “Completing a CMS database migration” on page 104. If prompted. • You are returned to the Specify Data Source dialog box. Click OK. BusinessObjects Enterprise Administrator’s Guide 101 . If you selected a native driver. your Login ID. or through one of the native drivers. 12. 10. the CMS was known as Crystal Management Server. your Login ID. • You are returned to the Specify Data Source dialog box. then click OK. Use this procedure if your CMS is installed on Windows. Tip: If the correct destination database already appears in the “Copy to the following data source” field. click Yes. The SvcMgr dialog box notifies you when the CMS database setup is complete. 15. the Windows “Select Data Source” dialog box appears. provide your database credentials and click OK. Click Browse. The next steps depend upon the connection type you selected: • If you selected ODBC. You must now specify the destination CMS database whose contents you want to replace with the copied data. and your Password. Click OK.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected ODBC or Informix. You are now ready to copy the CMS data. provide your database Server Name. proceed to step 13. If prompted. 9. and also as the Automated Process Scheduler (APS).

• CMS ODBC data source Click this option if you do not have administrative rights to the Crystal Enterprise 8 CMS machine. 7. In the “Browse data” dialog box. To copy data from a Crystal Enterprise 8 APS on Windows Use the CCM to stop the Central Management Server. click Specify CMS Data Source on the toolbar. You must now specify the destination CMS database whose contents you want to replace with the copied data. Click OK and use the Browse for Computer dialog box to specify the CMS machine. The Specify Data Source dialog box appears. 2. If prompted. then click OK. provide your database credentials and click OK. You are returned to the Specify Data Source dialog box. 102 BusinessObjects Enterprise Administrator’s Guide . In the Select Database Driver dialog box. specify whether you want to connect to the destination CMS database through ODBC. 4. 5. 9.5 Managing and Configuring Servers Configuring the intelligence tier 1. 3. Tip: If the correct destination database already appears in the “Copy to the following data source” field. or through one of the native drivers. click one of the following: • CMS machine name Click this option if you have administrative rights to the Crystal Enterprise 8 CMS machine. In the “Source contains data from version” list. then click OK. 10. The next steps depend upon the connection type you selected: • If you selected ODBC. the Windows “Select Data Source” dialog box appears. 8. With the CMS selected. 6. click Crystal Enterprise 8. Click OK. If prompted. Select the ODBC data source that corresponds to the destination CMS database.0. provide your database credentials and click OK. Your administrative rights allow the CCM to read the data source information from the Windows Registry on the CMS machine. You must now specify the source CMS database whose contents you want to copy. Click Specify. proceed to step 11. Use the Windows “Select Data Source” dialog box to select (or create) an ODBC data source that provides the local machine with access to the Crystal Enterprise 8 CMS database. Click Browse. Click Copy data from another Data Source.

Copying data from a CMS installed on UNIX Note: Prior to BusinessObjects Enterprise XI. Tip: For information on finding the name of your CMS. when prompted to confirm.sh. To copy data from a CMS installed on UNIX Use ccm. and also as the Automated Process Scheduler (APS). 9. the CMS was known as Crystal Management Server. click Yes. BusinessObjects Enterprise Administrator’s Guide 103 . When prompted. 13. Click OK. Run cmsdbsetup. and then press enter to proceed. You are now ready to copy the CMS data. Type copy to begin the database migration. or 10 of Crystal Enterprise or from version XI of BusinessObjects Enterprise. Proceed to “Completing a CMS database migration” on page 104. Note: • On UNIX you can not migrate directly from a source environment that uses an ODBC connection to the CMS database.5. You are returned to the Specify Data Source dialog box. then click OK. enter the name of your CMS or press enter to select the default name.sh” on page 598. Use this procedure if your CMS is installed on UNIX and you are copying data from versions 8. you cannot migrate directly from a Crystal Enterprise version 8 APS. Note: Migration of a large source database could take several hours. you must first migrate that system to a supported native driver. provide your database Server Name. Then proceed to “Completing a CMS database migration” on page 104. If your source CMS database uses ODBC.) If your CMS is installed on UNIX. your Login ID. 3. 11. Click OK and. (See “Copying data from a CMS on Windows” on page 100. see “ccm.Managing and Configuring Servers Configuring the intelligence tier 5 • If you selected a native driver. and your Password. • 1.sh to stop the Central Management Server.sh” on page 598. 12. Type yes. The script prompts you to confirm that all data in the destination database will deleted. See “ccm. The SvcMgr dialog box notifies you when the CMS database setup is complete. 4. 2.

Reports that depend on a particular server group for scheduled processing will not execute until a job server is added to that group. 1. Next the script asks you for the version of your source Crystal Enterprise installation. a db_migration log file was created in the logging directory on the machine where you ran the CCM to carry out the migration. Reports that depend on a particular server group for processing are not available until servers are added to that group. Press Enter. Proceed to “Completing a CMS database migration” on page 104. The CCM will notify you if you need to check the log file. You must enable these servers before they can be used. You may add the new servers to the imported groups as appropriate. You can also select autodetect to have the version of the source detected automatically. you are first asked for information about the new destination database. When migrating from an older version of Crystal Enterprise. After entering the source information. the script will begin the migration process. 6. Now the script asks you if you want to use the current CMS database as your destination.5 Managing and Configuring Servers Configuring the intelligence tier 5. The default logging directory is: 104 BusinessObjects Enterprise Administrator’s Guide . but they will be empty. Note: Migration of a large source database could take several hours. the script gives you the location of a log file explaining the migration results. If errors occurred during the migration. If you type yes. servers that existed in the source installation do not appear in the migrated install. New servers are automatically detected and added to the servers list (outside of any group) in a disabled state. The script notifies you when migration is complete. Server groups from the old installation appear in the new system. If you type no. and are then prompted for information on the source database. you are prompted for information about the source CMS database. Completing a CMS database migration When you finish copying data from the source database to the destination database. To complete a CMS database migration on Windows If errors occurred during migration. This occurs because there cannot be a mix of old and new servers in a BusinessObjects Enterprise installation. 7. 8. complete these steps before allowing users to access the system. 9.

you can run the BusinessObjects Enterprise setup program to upgrade the servers directly. Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly. See Appendix E: Server Command Lines for more information. 4. Log on to the Central Management Console with the default Administrator account. In the CCM. Then you need not move the input and output directories. see “Setting root directories and idle times of the File Repository Servers” on page 110. keep in mind that you now need to provide the Administrator password that was valid in the older system. modify the -ns option in both servers’ command lines to have them register with your new CMS. 7. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are both started and enabled. Use the Central Configuration Manager (CCM) to start the CMS on the local machine. check that the Root Directory points to the correct location. • • For more information. on the Properties tab. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use. 8. If the old Input and Output File Repository Servers are running on a dedicated machine. you need to make your old input and output directories available to the new Input and Output File Repository Servers.Managing and Configuring Servers Configuring the intelligence tier 5 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging\ 2. Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. BusinessObjects Enterprise Administrator’s Guide 105 . Tip: If you just replaced your CMS database with data from an older system. 9. start and enable the Input File Repository Server and the Output File Repository Server. 6. If you migrated CMS data from a different CMS database into your current CMS database. Click the link to each File Repository Server and. Instead. 3. Return to the Central Configuration Manager. 10. Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. using Enterprise authentication. 5. Make sure your web application server is running.

you need to make your old input and output directories available to the new Input and Output File Repository Servers. 1. To complete a CMS database migration on UNIX If errors occurred during migration. The script will notify you if you need to check the log file. click Update. The Update Objects dialog box tells you how many objects require updating. 12. you need to update the objects now.sh to carry out the migration. When prompted. Start and enable the remaining BusinessObjects Enterprise servers. Because your Central Management Server was stopped when the migration occurred. If you migrated CMS data from a different CMS database into your current CMS database. If objects in your source database require updating. If there are objects that require updating. or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. a db_migration log file was created in the logging directory on the machine where you ran cmsdbsetup. the Update Objects button on the toolbar contains a flashing red exclamation mark. 2. You can do this in several ways: • Copy the contents of the original input root directory into the root directory that the new Input File Repository Server is already configured to use. log on to your CMS with credentials that provide you with administrative privileges to BusinessObjects Enterprise. 14. 15. 13. • 106 BusinessObjects Enterprise Administrator’s Guide . Reconfigure the new Input and Output File Repository Servers to use the old input and output root directories. otherwise click Cancel. Verify that BusinessObjects Enterprise requests are handled correctly. and check that you can view and schedule reports successfully. Then copy the contents of the original output directory into the root directory that the new Output File Repository is already configured to use. Click Update Objects. The default logging directory is: BusinessObjects_root/logging where BusinessObjects_root is the absolute path to the root Business Objects directory of your BusinessObjects Enterprise installation. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise.5 Managing and Configuring Servers Configuring the intelligence tier 11.

Run the ccm. 9. Use the ccm. Use ccm. Then you need not move the input and output directories./ccm. 3.sh to start and enable the remaining BusinessObjects Enterprise servers. Use the ccm. Log on to the Central Management Console with the default Administrator account. 8. See “ccm. 4.sh script to start and enable the Input File Repository Server and the Output File Repository Server. you can run the BusinessObjects Enterprise setup program to upgrade the servers directly.Managing and Configuring Servers Configuring the intelligence tier 5 • If the old Input and Output File Repository Servers are running on a dedicated machine. If you migrated a source database from an earlier version of BusinessObjects Enterprise. see “Setting root directories and idle times of the File Repository Servers” on page 110. See Appendix E: Server Command Lines for more information. enter the following command: . Go to the Authorization management area and check that your BusinessObjects Enterprise license keys are entered correctly. For more information. Instead.sh -updateobjects authentication info See Appendix F: UNIX Tools for information on the authentication information required by ccm. on the Properties tab. 11. 6.sh” on page 598 for more information. Objects typically require updating because their internal representation has changed in the new version of BusinessObjects Enterprise.sh script again.sh. Ensure that the Java web application server that hosts your Web Component Adapter is running. using Enterprise authentication. BusinessObjects Enterprise Administrator’s Guide 107 . or because the objects require new properties to support the additional features offered by BusinessObjects Enterprise XI. 5. Go to the Servers management area of the Central Management Console and verify that the Input File Repository Server and the Output File Repository Server are started and enabled. keep in mind that you now need to provide the Administrator password that was valid in the older system. 7. 10. Click the link to each File Repository Server and. Tip: If you just replaced your CMS database with data from an older system.sh script to start the CMS on the local machine. check that the Root Directory points to the correct location. modify the -ns option in both servers’ command lines to have them register with your new CMS.

custom web applications. Start the Central Management Server. Note: Remember that all data in your current CMS database will be destroyed if you follow this procedure. In the CMS Database Setup dialog box. 3. You are returned to the CCM. Click OK. To recreate the CMS database on Windows Use the CCM to stop the Central Management Server. if you need to enter license keys again. and check that you can view and schedule reports successfully. your existing license keys should be retained in the database. 6. click Specify CMS Data Source on the toolbar. This procedure is useful. When you recreate the CMS database with the CCM. 5. contact your database administrator. Deleting and recreating the CMS database This procedure shows how to recreate (re-initialize) the current CMS database. With the CMS selected.sh” on page 601. click Recreate the current Data Source. 2. You can re-initialize the CMS database in your development environment every time you need to clear the system of absolutely all its data. Go to the Authorization management area and enter your information on the License Keys tab. You may need to click the Refresh button in the CCM to see that the CMS has successfully started. when prompted to confirm. log on to the CMC with the default Administrator account (which will have been reset to have no password). see “cmsdbsetup. 1. While it is starting. For reference. Click OK and. you destroy all data that is already present in the database.5 Managing and Configuring Servers Configuring the intelligence tier 12. click Yes. Consider backing up your current CMS database before beginning.sh script. Verify that BusinessObjects Enterprise requests are handled correctly. However. By performing this task. for instance. 4. If necessary. The SvcMgr dialog box notifies you when the CMS database setup is complete. the CMS writes required system data to the newly emptied data source. To recreate the CMS database on UNIX Use the cmsdbsetup. 108 BusinessObjects Enterprise Administrator’s Guide . if you have installed BusinessObjects Enterprise in a development environment for designing and testing your own.

4. If you want to select and initialize an empty database for BusinessObjects Enterprise. If the alternate database already contains BusinessObjects Enterprise system data. the Windows “Select Data Source” dialog box appears. If you have restored a CMS database from backup (using your standard database administration tools and procedures) in a way that renders the original database connection invalid. 3. Click Select a Data Source. For complete details about CMS clusters. in this case. there are no other CMS machines already maintaining the database. The remaining steps depend upon the connection type you selected: • If you selected ODBC. BusinessObjects Enterprise Administrator’s Guide 109 . With the CMS selected. 6. for instance. In the Select Database Driver dialog box. specify whether you want to connect to the new database through ODBC. the CCM initializes it by writing system data that is required by BusinessObjects Enterprise. Generally. however. these steps allow you to disconnect from. you will need to reconnect the CMS to the restored database. none of the data in the current database is copied into the alternate database. The CMS Database Setup dialog box appears. When prompted. 2. see “Clustering Central Management Servers” on page 92. and then reconnect to. click Specify CMS Data Source on the toolbar.) When prompted.Managing and Configuring Servers Configuring the intelligence tier 5 Selecting a new or existing CMS database Follow this procedure if you want to disconnect a CMS from its current database and connect it to an alternate database. the CMS uses that data when it starts. if you restored the original CMS database to a newly installed database server. provide your database credentials and click OK. If the alternate database is empty. (This might occur. Select the ODBC data source that you want to use as the CMS database. Click OK. When you complete these steps. 1. 5. these steps allow you to select that new data source. you can provide the CMS with the new password. then click OK. or through one of the native drivers. To select a new or existing database for a CMS on Windows Use the CCM to stop the Central Management Server. (Click New to configure a new DSN. there are only a few times when you need to complete these steps: • • • If you have changed the password for the current CMS database.) Note: These steps are essentially the same as adding a CMS to an existing cluster. then click OK. the current database.

The SvcMgr dialog box notifies you when the CMS database setup is complete. To select a new or existing database for a CMS on UNIX Use the cmsdbsetup. your Login ID.sh script. In other words. you are prompted for your database Server Name.5 Managing and Configuring Servers Configuring the intelligence tier • If you selected a native driver. For reference. Provide this information and then click OK. if the Input and Output File Repository Servers share the same root directory. 110 BusinessObjects Enterprise Administrator’s Guide . Start the Central Management Server. These root directories contain all of the report objects and instances on the system. 8. see “cmsdbsetup. You may change these settings if you want to use different directories after installing BusinessObjects Enterprise. then one server might damage files belonging to the other.sh” on page 601 Setting root directories and idle times of the File Repository Servers The Properties tabs of the Input and Output File Repository Servers enable you to change the locations of the default root directories. 7. Click OK. and your Password. or if you upgrade to a different drive (thus rendering the old directory paths invalid). because modifications to the files and subdirectories belonging to one server could have adverse effects on the other server. Note: • The Input and Output File Repository Servers must not share the same root directory.

4. 3. The server will remain idle for a maximum of 15 minutes. 2. To modify settings for a File Repository Server Go to the Servers management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 111 . The root directory should be on a drive that is local to the server.Managing and Configuring Servers Configuring the intelligence tier 5 • If you run multiple File Repository Servers. Click Update to save the changes. the Input File Repository Server is set to use D:\InputFRS\ as its root directory.” as appropriate. Click the link to the File Repository Server you want to change. In this example. If you run multiple instances of each server. It is recommended that you replicate the root directories using a RAID array or an alternative hardware solution. Make your changes on the Properties tab. all Input File Repository Servers must share the same root directory. This setting limits the length of time that the server waits before it closes inactive connections. 1. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. their names should be prefixed with “Input. By default. Before you change this setting.” and “Output. and all Output File Repository Servers must share the same root directory (otherwise there is a risk of having inconsistent instances). it is important to understand that setting a value too low can cause a user's request to be closed prematurely. the File Repository Servers are named Input and Output. You must restart the server for the changes to take effect. • • You can also set the maximum idle time of each File Repository Server. respectively. Setting a value that is too high can result the uneasier consumption of system resources such as processing time and disk space.

but the “Maximum Simultaneous Processing Threads” is increased to 50. the Cache Server retains most of the default settings. 112 BusinessObjects Enterprise Administrator’s Guide . Click the link to the Cache Server whose settings you want to change. the maximum number of simultaneous processing threads. To modify Cache Server performance settings Go to the Servers management area of the CMC. and the number of minutes between refreshes from the database. 1. 3. In this example. 2. Make your changes on the Properties tab. the maximum cache size.5 Managing and Configuring Servers Configuring the intelligence tier Modifying Cache Server performance settings The Properties tab of the Cache Server allows you to set the location of the cache files. the number of minutes before an idle job is closed.

When the Cache Server has to handle large numbers of reports. and your reporting requirements. and resource utilization on the machine is high (that is. a larger cache size is needed. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Cache Server waits for further requests from an idle connection. If your Cache Server responds slowly under high load.Managing and Configuring Servers Configuring the intelligence tier 5 4. it is important to understand that setting a BusinessObjects Enterprise Administrator’s Guide 113 . you may wish to decrease the number of threads to improve performance. Maximum Cache Size Allowed The “Maximum Cache Size Allowed” setting limits the amount of hard disk space (in KBytes) that is used to cache reports. increasing the number of threads may improve performance. Location of the Cache Files The “Location of the Cache Files” setting specifies the absolute path to the directory on the Cache Server machine where the cached report pages (.epf files) are stored. The default value is set to “Automatic”. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. Maximum Simultaneous Processing Threads The “Maximum Simultaneous Processing Threads” setting limits the number of concurrent reporting requests that the Cache Server processes. and is acceptable for most. If the Cache Server is slow under high load but CPU utilization is low. You must restart the server for the changes to take effect. The default value is 5000 Kbytes. particularly in the kernel). the Cache Server sets the maximum number of threads using the number of processors in your system as a guide. With this setting. either memory usage is high or CPU utilization is high. it is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Thus. which is large enough to optimize performance for most installations. Before you change this setting. Click Update to save the changes. reporting scenarios. if not all. or reports that are especially complex. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. your database software. Note: The cache directory must be on a drive that is local to the server. the ideal setting for your reporting environment is highly dependent upon your hardware configuration. However.

This “File Polling Interval in Seconds” setting determines the number of seconds that the server waits between polls. This setting is respected for report instances with saved data. Then click the Configuration tab. the “Viewer Refresh Always Yields Current Data” setting ensures that. 2. Click the link to the Event Server whose settings you want to change. 5. When disabled. Return to the Servers management area of the CMC. this setting prevents users from retrieving new data more frequently than is permitted by the time specified in the “Minutes Between Refreshes from Database” setting. 3. and setting a value that is too high can cause requests to be queued while the server waits for idle jobs to be closed. Stop the Event Server and view its Properties. 114 BusinessObjects Enterprise Administrator’s Guide . 4. and new data is retrieved directly from the database. To modify the polling time Go to the Servers management area of the CMC. the lower the value. the optimal value is largely dependent upon your reporting requirements. The value that you type must be 1 or greater. Tip: On Windows. you can also change this setting in the CCM. Oldest On-Demand Data Given To a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes)” setting determines how long cached report pages are used before new data is requested from the database. Modifying the polling time of the Event Server The Properties tab of the Event Server allows you to change the frequency with which the Event Server checks for file events. all cached pages are ignored. and for report objects that do not have on-demand subreports or parameters and that do not prompt for database logon information. the default value of 15 minutes is acceptable: as with other performance settings. Viewer Refresh Always Yields Current Data When enabled. 1. the more resources the server requires. Make your changes on the Properties tab. It is important to note that. Click Update. The minimum value is 1 (one).5 Managing and Configuring Servers Configuring the intelligence tier value too low can cause a user’s request to be closed prematurely. Generally. when users explicitly refresh a report.

Report Application Servers. The processing tier includes different job servers. The majority of the settings discussed here allow you to integrate BusinessObjects Enterprise more effectively with your current hardware. the number of database records to read when previewing or refreshing a report.Managing and Configuring Servers Configuring the processing tier 5 Configuring the processing tier This section includes technical information and procedures that show how you can modify settings for the BusinessObjects Enterprise servers that make up the processing tier. the minutes before an idle connection is closed. software. the minutes before a processing job is closed. the oldest processed data to give a client. Page Servers. BusinessObjects Enterprise Administrator’s Guide 115 . the maximum number of simultaneous report jobs. Consequently. and when to disconnect from the report job database. the settings that you choose will depend largely upon your own requirements. and Web Intelligence Job Servers and Web Intelligence Report Servers. Configuring the processing tier includes: • • • • • • • • “Modifying Page Server performance settings” on page 115 “Modifying database settings for the RAS” on page 118 “Modifying performance settings for the RAS” on page 120 “Modifying performance settings for job servers” on page 121 “Configuring the Web Intelligence Report Server” on page 122 “Configuring the destinations for job servers” on page 125 “Configuring Windows processing servers for your data source” on page 132 “Configuring UNIX processing servers for your data source” on page 133 Modifying Page Server performance settings The Properties tab of the Page Server in the Central Management Console lets you set the location of temporary files. and network configurations.

2. The default value of 75 is acceptable for most. Location of Temp Files The “Location of Temp Files” setting specifies the absolute path to a directory on the Page Server machine. if not all. job processing may be slower than usual. Make your changes on the Properties tab.This directory must have plenty of free hard disk space. Click the link to the Page Server whose settings you want to change. 4. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. You must restart the server for the changes to take effect. however.5 Managing and Configuring Servers Configuring the processing tier 1. The ideal setting for your reporting environment. 3. is highly dependent upon your hardware configuration. To modify Page Server performance settings Go to the Servers management area of the CMC. your database software. Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that any single Page Server processes. If not enough disk space is available. Click Update to save the changes. and your 116 BusinessObjects Enterprise Administrator’s Guide . reporting scenarios. or job processing may fail.

If the Page Server receives a request that can be met using data that was generated to meet a previous request. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the Page Server waits for further requests from an idle connection. If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. then the Page Server will reuse this data to meet the subsequent request. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. You may prefer to schedule such reports. (Note that this setting works in conjunction with the “Report Job Database Connection” setting. BusinessObjects Enterprise Administrator’s Guide 117 . Setting a value that is too high can cause system resources to be consumed for longer than necessary. This setting is useful when you want to prevent users from running on-demand reports containing queries that return excessively large record sets. Before you change this setting. both to make the reports available more quickly to users and to reduce the load on your database from these large queries. Reusing data in this way significantly improves system performance when multiple users need the same information. Oldest On-Demand Data Given to a Client (in minutes) The “Oldest On-Demand Data Given To a Client (in minutes):” setting controls how long the Page Server uses previously processed data to meet requests. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. it is difficult to discuss the recommended or optimum settings in a general way.Managing and Configuring Servers Configuring the processing tier 5 reporting requirements. Minutes before an Idle Report Job is Closed The “Minutes before an Idle Report Job is Closed” setting alters the length of time that the Page Server keeps a report job active. and the time elapsed since that data was generated is less than the value set here.) Database Records to Read When Previewing Or Refreshing a Report The “Database Records to Read When Previewing Or Refreshing a Report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. Thus. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. When setting the value of the “oldest processed data given to a client” consider how important it is that your users receive up-to-date data. Setting a value that is too high can cause system resources to be consumed for longer than necessary. Before you change this setting.

all previously processed data is ignored.5 Managing and Configuring Servers Configuring the processing tier Viewer Refresh Always Yields Current Data When enabled. and therefore limits the number of database licenses consumed by the Page Server. Click the link to the RAS whose settings you want to change. the setting ensures that the Page Server will treat requests generated by a viewer refresh in exactly the same way as it treats as new requests.) Modifying database settings for the RAS The Database tab of the Report Application Server (RAS) in the Central Management Console lets you modify the way the server runs reports against your databases. when users explicitly refresh a report. if the Page Server needs to reconnect to the database to generate an on-demand sub-report or to process a group-by-on-server command for that report. 1. Selecting this option limits the amount of time that Page Server stays connected to your database server. 4. If you select “Disconnect when all records have been retrieved or the job is closed”. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. To modify database interaction settings for the RAS Go to the Servers management area of the CMC. Note that you can set the “Minutes before a Report Job is Closed” above. 2. 3. When disabled. Make your changes on the Database tab. Click Update to save the changes. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. You must restart the server for the changes to take effect. the Page Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. 118 BusinessObjects Enterprise Administrator’s Guide . (The latter option ensures that Page Server stays connected to the database server until the report job is closed. and new data is retrieved directly from the database. However. the “Viewer Refresh Always Yields Current Data” setting ensures that.

If the data is not in either cache. When setting the value of the “oldest on-demand data given to a client” consider how important it is that your users receive up-to-date data. to support the data needs of users performing ad hoc reporting.Managing and Configuring Servers Configuring the processing tier 5 Tip: On Windows. it is retrieved from the database. The batch size cannot be equal to or less than zero. Number of database records to read when previewing or refreshing a report The “Number of database records to read when previewing or refreshing a report” area allows you to limit the number of records that the server retrieves from the database when a user runs a query or report. Report Job Database Connection The “Report Job Database Connection” settings can be used to make a tradeoff between the number of database licenses you use and the performance you can expect for certain types of reports. When the RAS retrieves records from the database. Reusing data in this way significantly improves system performance when multiple users need the same information. If the RAS receives a request that can be met using data that was generated to meet a previous request. then the RAS will reuse this data to meet the subsequent request. Stop the RAS and view its Properties. The “Number of records per batch” setting allows you to determine the number of records that are contained in each batch. and the time elapsed since that data was generated is less than the value set here. This is the default on the RAS. BusinessObjects Enterprise Administrator’s Guide 119 . you can also change these settings in the CCM. the query results are returned in batches. If it is very important that all users receive fresh data (perhaps because important data changes very frequently) you may need to disallow this kind of data reuse by setting the value to 0. Oldest on-demand data given to a client (in minutes) The “Oldest on-demand data given to a client (in minutes)” setting controls how long the RAS uses previously processed data to meet requests. The data will be retrieved first from the client’s cache—if it is available—and then from the server’s cache. Click the Parameters tab. and you want to prevent them from running queries that return excessively large record sets. Number of records to browse The “Number of records to browse” setting allows you to specify the number of distinct records that will be returned from the database when browsing through a particular field’s values. select Database. From the Option Type list. This setting is particularly useful if you provide users with ad hoc query and reporting tools.

and therefore limits the number of database licenses consumed by the RAS. From the Option Type list. (The latter option ensures that RAS stays connected to the database server until the report job is closed. 4. Click the link to the RAS whose settings you want to change. Click either Apply or Update: • • Click Apply to submit changes and restart the server so that the changes take effect immediately. Click the Parameters tab. you can also change these settings in the CCM. Stop the RAS and view its Properties. Note: The RAS server must have been installed and configured in order to use the List of Values Job Server. To modify performance settings for the RAS Go to the Servers management area of the CMC. and setting a value 120 BusinessObjects Enterprise Administrator’s Guide . Before you change this setting. performance for these reports will be significantly slower than if you had selected “Disconnect when the job is closed”. if the RAS needs to reconnect to the database to generate an ondemand sub-report or to process a group-by-on-server command for that report. 2. see “Processing tier” on page 64.) Modifying performance settings for the RAS The Server tab of the Report Application Server (RAS) in the Central Management Console allows you to modify the number of minutes before an idle connection is closed. For more information. 3. 1. it is important to understand that setting a value too low can cause a user’s request to be closed prematurely. the Report Application Server will automatically disconnect from the report database as soon as it has retrieved the data it needs to fulfill a request. select Server. Selecting this option limits the amount of time that RAS stays connected to your database server. You must restart the server for the changes to take effect. and the maximum number of simultaneous processing threads. However.5 Managing and Configuring Servers Configuring the processing tier If you select “Disconnect when all records have been retrieved or the job is closed”. Minutes Before an Idle Connection is Closed The “Minutes Before an Idle Connection is Closed” setting alters the length of time that the RAS waits for further requests from an idle connection. Click Update to save the changes. Tip: On Windows. Make your changes on the Server tab.

and the Web Intelligence Job Server.Managing and Configuring Servers Configuring the processing tier 5 that is too high can affect the server’s scalability (for instance. if not all. Maximum Jobs Allowed The “Maximum Jobs Allowed” setting limits the number of concurrent independent processes (child processes) that the server allows—that is. The default value is acceptable for most. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. Destination Job Server. 3. Thus. Use the following procedure to modify the performance settings for any of the job servers. is highly dependent upon your hardware configuration. 1. and your reporting requirements. Return to the Servers management area of the CMC. if the ReportClientDocument object is not closed explicitly. 2. the job servers run jobs as independent processes rather than as threads. that is the Report Job Server. You can tailor the maximum number of jobs to suit your reporting environment. however. This method allows for more efficient processing of large. the server will be waiting unnecessarily for an idle job to close). 5. your database software. reporting scenarios. Click Update. List of Values Job Server. Click the link to the job server whose settings you want to change. The ideal setting for your reporting environment. it is difficult to discuss the recommended or optimum settings in a general way. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. it limits the number of scheduled objects that the server will process at any one time. Program Job Server. complex reports. BusinessObjects Enterprise Administrator’s Guide 121 . Maximum Simultaneous Report Jobs The “Maximum Simultaneous Report Jobs” setting limits the number of concurrent reporting requests that a RAS processes. Make your changes on the Properties tab. 4. To modify performance settings for job servers Go to the Servers management area of the CMC. Modifying performance settings for job servers By default.

however. Click Update to save the changes. 122 BusinessObjects Enterprise Administrator’s Guide . reporting scenarios. 3. is highly dependent upon your hardware configuration. and your reporting requirements. 2.5 Managing and Configuring Servers Configuring the processing tier The default “Maximum Jobs Allowed” setting is acceptable for most. Click Apply to submit changes and restart the server so that the changes take effect immediately. Make your changes on the Properties tab. your database software. Return to the Servers management area of the CMC and restart the Job Server. Click either Apply or Update: • • 5. it is difficult to discuss the recommended or optimum settings in a general way. You must restart the server for the changes to take effect. To modify performance settings for the Web Intelligence report server Go to the Servers management area of the CMC. Temp Directory You can also change the default directory where the server stores its temporary files. 1. The ideal setting for your reporting environment. 4. if not all. Click the link to the Web Intelligence Report Server whose settings you want to change. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. A Business Objects services consultant can then assess your reporting environment and assist you in customizing these advanced configuration and performance settings. Configuring the Web Intelligence Report Server Use the following procedure to configure the performance settings for the Web Intelligence Report Server. Thus.

BusinessObjects Enterprise Administrator’s Guide 123 . from sources such the Web Intelligence SDK or the Web Intelligence Job Server. If this limit is reached. then the list of values will be returned to the user in several batches of this size or less. the user will receive an error message. Although there is no limit on the maximum value. if the number of values in a list of values exceeds this size. For example. unless another server is available to handle the request. Universe Cache Size The number of universes to be cached on the Web Intelligence Report Server. Business Objects recommends that you limit it to 30000. The minimum value that you can enter is 10. List of Values Caching Enables or disables caching per user session of list of values in Web Intelligence Report Server. The default is for the feature to be on. Connection Time Out The number of minutes before an idle connection to the Web Intelligence Report Server will be closed.Managing and Configuring Servers Configuring the processing tier 5 Maximum Simultaneous Connections The maximum number of simultaneous connections that the server allows at one time. List of Values Batch Size The maximum number of values that can be returned per list of values batch.

5 Managing and Configuring Servers Configuring the processing tier Enable Viewing Caching When this parameter is on. Amount of Cache To Keep When Document Cache is Full If the storage size is bigger than the allocated storage size. or when they are generated as a result of having been run as a scheduled job. Nor does it cache the documents when they are run as a scheduled job. Note: To improve system performance. set the Maximum Number Of Downloaded Documents To Cache to zero when this option is selected. Document Cache Size The size (in kilobytes) of the document cache. but enter a value for Maximum Number Of Downloaded Documents To Cache when this option deselected. provided the pre-cache was enabled in the document. Maximum Number of Downloaded Documents To Cache The number of Web Intelligence documents that can be stored in cache. the Web Intelligence Report Server does not cache the Web Intelligence documents when the documents are viewed. Enable Real Time Caching When this parameter is on. When this parameter is off both real-time caching of Web Intelligence documents and viewing of cached Web Intelligence documents is impossible. Document Cache Duration The amount of time (in minutes) that content is stored in cache. Real-time caching is done only if both this parameter and the Enable Real Time Caching parameters are on. the system will delete documents with the oldest “last accessed time. the Web Intelligence Report Server caches Web Intelligence documents when the documents are viewed. real-time caching is possible for Web Intelligence documents when they are viewed. This parameter is taken into account only when the Enable Viewing Caching is set to on. 124 BusinessObjects Enterprise Administrator’s Guide . Document Cache Scan Interval The number of minutes that the system waits before checking the document cache for cleanup. The server also caches the documents when they are run as a scheduled job. the Web Intelligence Report Server will clean up the cache until the amount of cache percentage is reached. When the parameter is off.” Then if the cache size is still exceeds the maximum storage size.

For example. which sends an existing object to a specified destination. you can specify a different destination. you have to enable and configure the Unmanaged Disk destination on the Job Server. If you do. the Inbox destination is enabled by default. List of Values Job Server. to be able to schedule a report object for output to an unmanaged disk.Managing and Configuring Servers Configuring the processing tier 5 Note: To improve system performance. when the system runs a scheduled report or a program object. BusinessObjects Enterprise Administrator’s Guide 125 . In order for the system to work with destinations other than the default. you have to enable and configure the other destinations on the job servers. the destination must have been enabled and configured on the respective job server. Note: On the Destination Job Server. but enter a value when Enable Real Time Caching is deselected. To send a report instance by email. Configuring the destinations for job servers By default. However. You also specify a destination when you use the Send to feature. Destination Job Server. If you want. For a job server to store output instances in a destination other than the default. set this value to zero when Enable Real Time Caching is selected. it stores the output instance it creates on the Output File Repository Server (FRS). Configuring destinations for job servers includes: • • • • “Enabling or disabling destinations for job servers” on page 125 “Configuring the destination properties for job servers” on page 126 “Selecting a destination” on page 481 “Sending an object or instance” on page 420 For information about selecting destinations for objects see: Enabling or disabling destinations for job servers This procedure applies to the Job Server. and Web Intelligence Job Server. you can enable and configure additional destinations on the Destination Job Server. Program Job Server. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. you have to configure the Email (SMTP) destination on the Destination Job Server. See also “Configuring the destination properties for job servers” on page 126. and one at the specified destination. the system will store one output instance on the Output FRS.

Click the link for the job server whose setting you want to change. To enable or disable destinations for a job server Go to the Servers management area of the CMC. Click the link for the destination whose setting you want to set. 2. for example. To disable destinations. Make sure the destination has been enabled.5 Managing and Configuring Servers Configuring the processing tier 1. For a job server to store output instances in a destination other than the default. Set the properties for the destination. See also “Enabling or disabling destinations for job servers” on page 125. When a destination is disabled a red circle is shown beside the name. See “Enabling or disabling destinations for job servers” on page 125. you must also configure the destination. 4. 3. 5. 7. Configuring the destination properties for job servers This procedure applies to the Job Server. See “Configuring the destination properties for job servers” on page 126. 4. Click Enable. you have to enable and configure the other destinations on the job servers. “Inbox destination properties” on page 127 “Unmanaged Disk destination properties” on page 131 “FTP destination properties” on page 130 “Email (SMTP) destination properties” on page 128 Click Update. Destination Job Server. Program Job Server. To set the destination properties for a job server Go to the Servers management area of the CMC. and Web Intelligence Job Server. see: • • • • 6. List of Values Job Server. 3. Click the link for the job server for which you want to enable or disable a destination. Click the Destinations tab. If you enabled the destination. FTP. For information about the properties for each destination. 2. 126 BusinessObjects Enterprise Administrator’s Guide . click Disable. Select the check box for each destination you want to support. 5. 1.

Managing and Configuring Servers Configuring the processing tier 5 Inbox destination properties The Inbox destination stores an object or instance in the user inboxes on the BusinessObjects Enterprise system. A user inbox is automatically created when you add a user. Send document as Select the option you want: • • Shortcut—The systems sends a shortcut to the specified destination. Copy—The system sends a copy of the instance. you can enable and configure additional destinations on the Destination Job Server. Note: On the Destination Job Server. If you want. the . see “Configuring the destination properties for job servers” on page 126 and “Controlling access to user inboxes” on page 352. This allows you to use the “Send to” feature and to distribute reports to users within the BusinessObjects Enterprise system. Send List Specify which users or user groups you want to receive instances that have been generated or processed by the job server. to the destination. the Inbox destination is enabled by default. for example. BusinessObjects Enterprise Administrator’s Guide 127 . For more information.rpt file.

SMTP Password Provide the Job Server with the password for the SMTP server. Its name is EMAIL_SERV and it is listening on the standard SMTP port. Server Name Enter the name of the SMTP server. Plain text authentication is being used. 128 BusinessObjects Enterprise Administrator’s Guide . See also “Configuring the destination properties for job servers” on page 126. (This standard SMTP port is 25. Domain Name Enter the fully qualified domain of the SMTP server.com domain. and an account called BusinessObjectsJobAccount has been created on the SMTP server for use by the Job Server.) Authentication Select Plain or Login if the job server must be authenticated using one of these methods in order to send email. SMTP User Name Provide the Job Server with a user name that has permission to send email and attachments through the SMTP server.5 Managing and Configuring Servers Configuring the processing tier Email (SMTP) destination properties In this example. the SMTP server resides in the businessobjects. Port Enter the port that the SMTP server is listening on.

Windows will know which program to use to open the file when users want to view the file. Subject. Users can override this default when they schedule an object. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. BusinessObjects Enterprise Administrator’s Guide 129 . To add a variable. and Message Set the default values for users who schedule reports to this SMTP destination. Users can override these defaults when they schedule an object. This is similar to selecting File Extension from the list and clicking Add.%EXT% extension to the specified filename. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC. You can also add a variable to the file name. the email recipient must log on to BusinessObjects Enterprise to see the report. If you send a hyperlink.) Users can override this default when they schedule an object. Users can override these defaults when they schedule an object. Specified File Name Select this option if you want to enter a file name.Managing and Configuring Servers Configuring the processing tier 5 From Provide the return email address. Attach report instance to email message Clear this check box if you do not want to attach a copy of the report or program instance attached to the email. Add file extension Adds the . choose a placeholder for a variable property from the list and click Add. By adding an extension to the file name. Cc. Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the report. To.

See also “Configuring the destination properties for job servers” on page 126.businessobjects.5 Managing and Configuring Servers Configuring the processing tier FTP destination properties In this example. Port Enter the FTP port number (the standard FTP port is 21). 130 BusinessObjects Enterprise Administrator’s Guide . reports scheduled to this destination are randomly named and uploaded to the ftp. if required. Account is part of the standard FTP protocol. FTP User Name Specify a user who has the necessary rights to upload a report to the FTP server. FTP Password Enter the user’s password. Host Enter your FTP host information.com site. but it is rarely implemented. Account Enter the FTP account information. Provide the appropriate account only if your FTP server requires it.

Unmanaged Disk destination properties An unmanaged disk is disk on a system outside the BusinessObjects Enterprise system. Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. See also “Configuring the destination properties for job servers” on page 126. or on any other machine that you can specify with a UNC path. To add a variable. The directory can be on a local drive of the Job Server machine. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. A relative path is interpreted relative to the root directory on the FTP server. Destination Directory Type the absolute path to the directory.Managing and Configuring Servers Configuring the processing tier 5 Destination Directory Enter the FTP directory that you want the object to be saved to. BusinessObjects Enterprise Administrator’s Guide 131 . Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. choose a placeholder for a variable property from the list and click Add.

This account determines the permissions that each service is granted on the local machine. 132 BusinessObjects Enterprise Administrator’s Guide .txt file included with your installation. Tip: Running a service under an Administrator account does not inadvertently grant administrative privileges to another user. To add a variable. For details on changing the user accounts. Each file name will be randomly generated.” the file name of each object includes the object owner’s name. Configuring Windows processing servers for your data source When started on Windows. this account is irrelevant in relation to the server’s task of processing reports against your data source. In the majority of cases. This account does not grant the service any network permissions. For example. However. because users cannot impersonate services. you can usually leave each server’s default logon account unchanged or. the report processing servers by default log on to the local system as services with the Windows “LocalSystem” account. the variable is replaced with the appropriate information. (The database logon credentials are stored with the report object. choose a placeholder for a variable property from the list and click Add. User Name Specify a user who has permission to write files to the destination directory. refer to the platform. when you add the variable “Owner. if you prefer.) Thus. the destination directory is on a network drive that is accessible to the Job Server machine through a UNC path. there are certain cases when you must change the logon account used by the processing servers. For a complete list of supported databases and drivers. and a user name and password have been specified to grant the Job Server permission to write files to the remote directory. When each instance runs.5 Managing and Configuring Servers Configuring the processing tier Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. or because the database client software is configured for a particular Windows user account. These cases arise either because the server needs additional network permissions to access the database. see “Changing the server user account” on page 146. In this example. Password Type the password for the user. This table lists the various database/ driver combinations and shows when you must complete additional configuration. you can change it to a Windows user account with the appropriate permissions.

Managing and Configuring Servers Configuring the processing tier 5 Configuring UNIX processing servers for your data source The Job Servers and Page Server support native and ODBC connections to a number of reporting databases. These include: • • Oracle The ORACLE_HOME environment variable must define the top-level directory of the Oracle client installation. software. so this variable must be defined for the login environment of each Job Server and Page Server. Sybase The SYBASE environment variable must define the top-level directory of the Sybase client installation. additional environment variables may be required for the Job Server and Page Server to use the client software. Use the DB2 instance initialization script to ensure that the DB2 environment is correct. BusinessObjects Enterprise Administrator’s Guide 133 . The SYBPLATFORM environment variable must define the platform architecture. and configuration files that must be available to the servers in order for them to process reports successfully. you must install the appropriate database client software on each Job Server and/or Page Server machine that will process the reports. and so on). ensure that the reporting environment configured on the server accurately reflects the reporting environment configured on the Windows machine that you use when designing reports with Crystal Reports. Click the appropriate link to jump to that section: • • Native drivers “Native drivers” on page 133 “ODBC drivers” on page 134 If you design reports using native drivers. This section discusses the environment variables. • DB2 The DB2INSTANCE environment variable must define the DB2 instance that is used for database access. The server locates the client software by searching the library path environment variable that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. The server loads the client software at runtime in order to access the database that is specified in the report. Whether your reports use native or ODBC drivers. LIBPATH on IBM AIX. See the Platforms. Depending on your database.txt file included with your product distribution for a complete list of tested database software and version requirements.

1.7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH. If you report off DB2 using ODBC. creates configuration files and templates related to ODBC reporting. your database administrator must first bind the UNIX version of the driver to every database that you report against (and not just each database server).5 Managing and Configuring Servers Configuring the processing tier Note: For complete details regarding these and other required environment variables.1.bnd. Note: • Detailed documentation covering the various ODBC drivers is included in the Merant Connect ODBC Reference (odbcref.export LD_LIBRARY_PATH ORACLE_HOME=/opt/oracle/app/oracle/product/8. This is installed below the crystal/enterprise/platform/odbc directory. add these commands to the crystal user’s login script: setenv LD_LIBRARY_PATH /opt/oracle/app/oracle/product/8. You installed BusinessObjects Enterprise under the crystal user account (as recommended in the BusinessObjects Enterprise Installation Guide). and sets up the required ODBC environment variables.1. The bind packages are installed below the crystal/enterprise/platform/odbc/lib directory. you must ensure that each server is set up properly for ODBC.7 setenv SYBASE /opt/sybase setenv SYBPLATFORM sun_svr4 If the crystal user’s default shell is a Bourne shell.7/ lib:opt/sybase/lib:$LD_LIBRARY_PATH setenv ORACLE_HOME /opt/oracle/app/oracle/product/8.export ORACLE_HOME SYBASE=/opt/sybase. This section discusses the installed environment. The Sybase database client is installed in /opt/sybase.bnd.export SYBPLATFORM ODBC drivers If you design reports off ODBC data sources (on Windows).7.7. BusinessObjects Enterprise installs ODBC drivers for UNIX. suppose that you are running reports against both Sybase and Oracle. it is also located in the doc directory of your product distribution. If the crystal user’s default shell is a C shell.1. see the documentation included with your database client software. As an example. their filenames are iscsso.export SYBASE SYBPLATFORM=sun_svr4. and the Oracle client is installed in /opt/oracle/app/oracle/product/8. along with the information that you need to edit. iscswhso.1. During the installation.pdf). modify the syntax accordingly: LD_LIBRARY_PATH=/opt/oracle/app/oracle/product/8. • 134 BusinessObjects Enterprise Administrator’s Guide . In addition. you must set up the corresponding data sources on the Job Server and Page Server machines.

bnd. and so on). you define each of the ODBC data sources (DSNs) that the Job Server and Page Server need in order to process your reports.odbc. LIBPATH on IBM AIX. and isurwhso.csh script only if you have customized your configuration of ODBC.bnd. The BusinessObjects Enterprise installation includes a file called env. include the clientless ODBC driver for Informix connectivity. The ODBCINI environment variable is defined as the path to the . ensure also that the Windows version of the driver has been bound to each database. Thus.Managing and Configuring Servers Configuring the processing tier 5 isrrso. Working with the ODBC system information file The system information file (. The BusinessObjects Enterprise installation completes most of the required information—such as the location of the ODBC directory and the name and location of each installed ODBC driver—and shows where you need to provide additional information. however. ODBC environment variables The environment variables related to ODBC reporting are: the library path that corresponds to your operating system (LD_LIBRARY_PATH on Sun Solaris. and ODBCINI.ini) is created in the HOME directory of the user account under which you installed BusinessObjects Enterprise (typically the crystal user account). Because Crystal Reports runs on Windows. isrrwhso. bobje/defaultodbc. BusinessObjects Enterprise does not include the Informix client-dependent ODBC driver (CRinf16) that is installed on Windows.bnd. In this file.ini file that was created by the BusinessObjects Enterprise installation. isurso. The main ODBC configuration file that you need to modify is the system information file.odbc. The UNIX version does. Modify the environment variables in the env. the environment for the Job Server and Page Server is set up automatically: • • • The INSTALL_ROOT/bobje/enterprise11/platform/odbc/lib directory of your installation is added to the library path environment variable. The ODBC_HOME environment variable is set to the INSTALL_ROOT/ bobje/enterprise11/platform/odbc directory of your installation.csh that is sourced automatically every time you start the BusinessObjects Enterprise servers with the CCM. ODBC_HOME.bnd.ini Tip: A template of the system information file is installed to INSTALL_ROOT/ BusinessObjects Enterprise Administrator’s Guide 135 . • On UNIX.

These pairs essentially correspond to the Name=Data pairs that Windows stores for each System DSN in the registry: \\HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\odbc. • 136 BusinessObjects Enterprise Administrator’s Guide . some Windows drivers store a UID value in the registry. lists all the DSNs that are defined later in the file. For example. see the Merant Connect ODBC Reference (odbcref. the system information file is structured in three major sections: • The first section. Note: For detailed documentation on each ODBC driver.70 DB2 ODBC Driver [CRDB2] Driver=/opt/bobje/enterprise11/platform/odbc/lib/crdb216. the options for a particular ODBC driver on UNIX may not correspond by name to the options available for a Windows version of the same driver. it is also located in the doc directory of your product distribution. Each DSN is defined through a number of option=value pairs.pdf). and on UNIX you may need to specify this value with the LogonID option. The value of dsn must correspond exactly to the name of the System DSN (on Windows) that the report was based off. The beginning of each definition is denoted by [dsn]. This DSN allows the Job Server and Page Server to process reports based on a System DSN (on Windows) called CRDB2: [ODBC Data Sources] CRDB2=MERANT 3. [CRDB2] marks the beginning of the single DSN that is defined in the file.70 DB2 ODBC Driver Database=myDB2server LogonID=username [ODBC] Trace=0 TraceFile=odbctrace. Each entry in this section is provided as dsn=driver.so InstallDir=/opt/bobje/enterprise11/platform/odbc As shown in the example above. The second section sequentially defines each DSN that is listed in the first section.so Description=MERANT 3. The options that you must define depend upon the ODBC driver that you are using. and there must be one entry for every DSN that is defined in the file.5 Managing and Configuring Servers Configuring the processing tier The following example shows the contents of a system information file that defines a single ODBC DSN for servers running on UNIX.ini\dsn However. In the example above. The PDF is installed below the crystal/enterprise/platform/odbc directory.out TraceDll=/opt/bobje/enterprise11/platform/odbc/lib/ odbctrac. denoted by [ODBC Data Sources].

70 Oracle8 ODBC Driver ServerName= ProcedureRetResults=1 LogonID= [CRSS] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crmsss16.so Description=MERANT 3.so Description=MERANT 3. This example shows the entire contents of a system information file created when BusinessObjects Enterprise was installed to the /usr/local directory.70 DB2 ODBC Driver Database= LogonID= [CRINF_CL] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crifcl16.70 SQL Server ODBC Driver CRSYB=MERANT 3. denoted by [ODBC].70 Informix Dynamic Server ODBC Driver ServerName= HostName= PortNumber= Database= LogonID= [CROR8] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816.70 Sybase ASE ODBC Driver CRTXT=MERANT 3. You need not modify this section.70 Text ODBC Driver [CRDB2] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crdb216. [ODBC Data Sources] CRDB2=MERANT 3.so Description=MERANT 3. The standard options that are commonly required for each driver are included in the file (Database=. it completes some fields and sets up a number of default DSNs—one for each of the installed ODBC drivers. LogonID=.70 SQL Server ODBC Driver Address= Database= QuotedId=Yes LogonID= BusinessObjects Enterprise Administrator’s Guide 137 . and so on). When the installation creates the system information file.so Description=MERANT 3. Edit the file and provide the corresponding values that are specific to your reporting environment.70 Oracle8 ODBC Driver CRSS=MERANT 3.70 DB2 ODBC Driver CRINF_CL=MERANT 3. includes ODBC tracing information.70 Informix Dynamic Server ODBC Driver CROR8=MERANT 3.Managing and Configuring Servers Configuring the processing tier 5 • The final section of the file.

so InstallDir=/usr/local/bobje/enterprise11/platform/odbc Adding a DSN to the default ODBC system information file When you need to add a new DSN to the installed system information file (.ini) file.5 Managing and Configuring Servers Configuring the processing tier [CRSYB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crase16.out TraceDll=/usr/local/bobje/enterprise11/platform/odbc/lib/ odbctrac.70 Text ODBC Driver Database= [ODBC] Trace=0 TraceFile=odbctrace. 138 BusinessObjects Enterprise Administrator’s Guide .so Description=MERANT 3. For example. To create the corresponding DSN.70 Sybase ASE ODBC Driver NetworkAddress= Database= LogonID= [CRTXT] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ crtxt16.70 Oracle8 ODBC Driver Then define the new DSN by adding the following lines just before the system information file’s [ODBC] section: [SalesDB] Driver=/usr/local/bobje/enterprise11/platform/odbc/lib/ cror816. Then add the corresponding [dsn] definition just before the [ODBC] section.so Description=MERANT 3. the new DSN is available to the Job Server and Page Server.so Description=MERANT 3. first append this line to the [ODBC Data Sources] section of the system information file: SalesDB=MERANT 3.70 Oracle8 ODBC Driver ServerName=MyServer ProcedureRetResults=1 LogonID=MyUserName Once you have added this information.odbc. first add the new DSN to the bottom of the [ODBC Data Sources] list. suppose that you have a Crystal report that uses ODBC drivers to report off your Oracle8 database. The report is based off a System DSN (on Windows) called SalesDB. so they can process reports that are based off the SalesDB System DSN (on Windows).

On UNIX. You can view the results with the Event Viewer (in the Application Log). The programmatic information logged to these files is typically useful only to Business Objects support staff for advanced debugging purposes. the default logging directory INSTALL_ROOT/bobje/logging directory of your installation.On Windows NT/2000. This example shows two messages logged to the syslog daemon on UNIX: • Each server also logs assert messages to the logging directory of your product installation. The important point to note is that these log files are cleaned up automatically. The location of these log files depends upon your operating system: • • On Windows. • In addition.Managing and Configuring Servers Logging server activity 5 Logging server activity BusinessObjects Enterprise allows you to log specific information about BusinessObjects Enterprise web activity. BusinessObjects Enterprise logs to the Event Log service. each of the BusinessObjects Enterprise servers is designed to log messages to your operating system’s standard system log. see “Configuring the Web Component Adapter” on page 89. For details on locating and customizing the web activity logs. BusinessObjects Enterprise logs to the syslog daemon as a User application. BusinessObjects Enterprise Administrator’s Guide 139 . so there will never be more than approximately 1 MB of logged data per server. the default logging directory is C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Logging On UNIX. Each server prepends its name and PID to any messages that it logs.

If necessary. It includes: • • • • • • “Changing the default server port numbers” on page 140 “Configuring a multihomed machine” on page 143 “Adding and removing Windows server dependencies” on page 144 “Changing the server startup type” on page 145 “Changing the server user account” on page 146 “Configuring servers for SSL” on page 146 Changing the default server port numbers During installation. you can instruct each server component to listen on a specific port (rather than dynamically selecting any available port). On Windows. and then listens for BusinessObjects Enterprise requests.) The Web Component Adapter is not a server.config file. If so. The default CMS port number is 6400. 140 BusinessObjects Enterprise Administrator’s Guide . you view and modify server command lines (also referred to as launch strings) in the ccm. you can change the default CMS port. The Command field appears on each server’s Properties tab. which is installed in the crystal directory. registers with this port on the CMS. it is possible that your custom applications use these ports. Thus. you can configure its listening port by changing the connection. On UNIX. depending upon your reporting environment.5 Managing and Configuring Servers Advanced server configuration options Advanced server configuration options This section includes additional configuration tasks that you may want to perform. When started and enabled. However. See “Configuring the Web Component Adapter” on page 89.listeningPort context parameter in web. BusinessObjects Enterprise communication on these ports should not conflict with third-party applications that you have in place.xml. (Although unlikely. the CMS is set up to use default port numbers. you view and modify server command lines with the CCM. each of the other BusinessObjects Enterprise servers dynamically binds to an available port (higher than 1024). This ports fall within the range of ports reserved by Business Objects (6400 to 6410).

(-port number has no meaning for these servers). For more information.cms context parameter in web. Selected dynamically if unspecified. On Windows. consider the following: • CMS port number. see “Configuring a multihomed machine” on page 143 or “Configuring for Network Address Translation” on page 190. specify -port interface only. and thus available to accept BusinessObjects Enterprise requests. because it maintains a list that includes the host name and port number of each server that is started. n/a -ns Before modifying any port numbers. enabled. If you are working with multihomed machines or in certain NAT firewall configurations. to ensure that each server connects to the appropriate port of the CMS.Managing and Configuring Servers Advanced server configuration options 5 This table summarizes the command-line options as they relate to port usage for specific server types. For servers other than the CMS. See “Configuring the Web Component Adapter” on page 89. Specifies the CMS that the server will register with. For details. • • BusinessObjects Enterprise Administrator’s Guide 141 . (The -ns option stands for “nameserver. you may wish to specify -port interface:number for the CMS and -port interface for the other servers. this default port is not actually in use (each server registers its -requestPort number with the CMS instead). In both cases. Option -port CMS Specifies the primary BusinessObjects Enterprise port on which the CMS listens for requests from all other servers. Selected dynamically if unspecified.xml. The server registers this port with the CMS.) You must also set the name and port number of the CMS with the connection. you must change the -ns option in every other server’s command line. the CCM displays default port numbers on each server’s Configuration tab. -requestPort Specifies the secondary port Specifies the port on which that the CMS uses for identifying other servers and for registering with itself and/ or a cluster. the server listens for BusinessObjects Enterprise requests. The default is 6400.” The CMS functions as the nameserver in BusinessObjects Enterprise. see Appendix E: Server Command Lines. Other Servers Used only in multihomed environments or for certain NAT firewall environments. This displayed port corresponds to the -port option.

xml. Start and enable the server. For more information.5 Managing and Configuring Servers Advanced server configuration options 1. Replace number with the port that the CMS is listening on. See “Configuring the Web Component Adapter” on page 89.sh (on UNIX) to stop all the BusinessObjects Enterprise servers.) 3. see “Configuring for Network Address Translation” on page 190. To change the default CMS port for BusinessObjects Enterprise servers Use the CCM (on Windows) or ccm. Add (or modify) the following option in the CMS command line: -port number Replace number with the port that you want the CMS to listen on. rather than by name. It then registers with the CMS and begins listening for BusinessObjects Enterprise requests on the new port. each server registers itself with the CMS by IP address. By default. 2. Start and enable all the BusinessObjects Enterprise servers. Having the servers register by name can be useful if a NAT firewall resides between the server and the CMS. Add (or modify) the following option in the server’s command line: -requestPort number 1. Set the name and port number of the CMS with the connection. 4. Add (or modify) the following option in the command line of all of the remaining non-CMS BusinessObjects Enterprise servers: -ns hostname:number Replace hostname with the host name of the machine that is running the CMS.cms context parameter in web. 142 BusinessObjects Enterprise Administrator’s Guide . To change the port a server registers with the CMS Use the CCM (on Windows) or ccm. use the -requestPort option in conjunction with -port interface (where interface is the server’s fully qualified domain name). 5. 3. (The default port is 6400. The CMS begins listening on the port specified by number. This typically provides the most reliable behavior. If you need each server to register with the CMS by fully qualified domain name instead. The server binds to the new port specified by number. 2. and the non-CMS servers broadcast to that port when attempting to register with the CMS. Replace number with the port that you want the server to listen on. The host name must resolve to a valid IP address within your network.sh (on UNIX) to stop the server.

For details. If you have multiple interface cards.Managing and Configuring Servers Advanced server configuration options 5 You may also need to specify -port interface when BusinessObjects Enterprise is running on a multihomed machine. You may accomplish this with multiple network interfaces. replace port with 6400 for the CMS. or with a single network interface that has been assigned multiple IP addresses. Configuring the CMS to bind to a network address When you use the -port command-line option to configure the CMS to bind to a specific IP address. Add the following option to both of their command lines: -port interface:port If the machine has multiple network interfaces. interface must be the IP address that you want the server to bind to. To configure the WCA. For instance. change the binding order so that the card at the top of the binding order is the one you want the BusinessObjects Enterprise servers to bind to. you will need to make additional configuration changes. Configuring a multihomed machine A multihomed machine is one that has multiple network addresses. the DNS must route communications from the other BusinessObjects Enterprise servers to the private address of the File Repository Servers. each with one or more IP addresses.) • BusinessObjects Enterprise Administrator’s Guide 143 . Advanced configurations such as this require your DNS configuration to route communications effectively between all the BusinessObjects Enterprise server components. use interface:port when setting the connection. but it is possible to bind individual servers to different addresses. If the machine has a single network interface. (See “Configuring the Web Component Adapter” on page 89.xml. In this example. interface can be the fully qualified domain name or the IP address of the interface that you want the server to bind to. Tip: This section shows how to restrict all servers to the same network address. you might want to bind the File Repository Servers to a private address that is not routable from users’ machines. If you change the default port numbers. Note: • To retain the default port numbers. each with a single IP address. you must also include the port number these servers use (even if the server is using the default port).listeningPort context parameter in web. use the -port command-line option to specify a IP address for the BusinessObjects Enterprise server. see “Changing the default server port numbers” on page 140. If your interface card has multiple IP addresses.

click Add. and Remote Procedure Call (RPC) services. 144 BusinessObjects Enterprise Administrator’s Guide . If you are having problems with a server. so you need only add the following option to their command lines: -port interface Replace interface with the same value that you specified for the CMS. Ensure that each server’s -ns parameter points to the CMS. To add a dependency to the list. click Properties on the toolbar. at least three services should be listed: Event Log. Adding and removing Windows server dependencies When installed on Windows. To add and remove server dependencies Use the CCM to stop the server whose dependencies you want to modify. each server in BusinessObjects Enterprise is dependent on at least three services: the Event Log. With the server selected. As shown here. and that the DNS resolves the value to the appropriate network address. 2. NT LM Security Support Provider. 4. Click the Dependency tab.5 Managing and Configuring Servers Advanced server configuration options Configuring the remaining servers to bind to a network address The remaining BusinessObjects Enterprise servers select their ports dynamically by default. 1. NT LM Security Support Provider. 3. check to ensure that all three services appear on the server’s Dependency tab. and Remote Procedure Call (RPC).

as required. To remove a dependency from the list. BusinessObjects Enterprise Administrator’s Guide 145 . Restart the server. Click OK. each server is configured to start automatically. Manual requires you to start the server before it will run. select it and click Remove. 7. 6. Changing the server startup type When installed on Windows. Select the dependency or dependencies. As with other Windows services. there are three startup types: • • • Automatic starts the server each time the machine is started. Disabled requires you to change the startup type to automatic or manual before it can run.Managing and Configuring Servers Advanced server configuration options 5 The Add Dependency dialog box provides you with a list of all available dependencies. 5. and then click Add.

Tip: The Program Job Server must be configured to use the Local System account. or a user account that has the right “Act as part of the operating system”. 4.5 Managing and Configuring Servers Advanced server configuration options 1. With the server selected. 2. 5. the server process will log on to the local machine with this user account. 2. Click Apply. change it in the Central Configuration Manager (CCM). 3. Click Properties. Start the server. Click OK. To change a server’s user account Use the CCM to stop the server. Disabled. 5. 3.sh” on page 607. In addition. See “setupinit. Click the Startup Type list and select Automatic. To change the server startup type on Windows Start the CCM. and then click OK. 6. 6. Restart the server. click Properties on the toolbar. this requires root privileges. Enter the Windows user name and password information. 1. 4. or Manual. all reports processed by this server will be formatted using the printer settings associated with the user account that you enter. To set up SSL for all server communication you need to perform the following steps: 146 BusinessObjects Enterprise Administrator’s Guide . To change the server startup type on UNIX On UNIX. When started. Clear the System Account check box. Changing the server user account If the incorrect user account is running on a server on Windows. Stop the server whose startup type you want to modify. Configuring servers for SSL You can use the Secure Sockets Layer (SSL) protocol for all network communication between clients and servers in your BusinessObjects Enterprise deployment.

To create key and certificate files for a machine Run the SSLC. 5. 4. a Certificate Authority (CA) certificate request (cacert.req) and a private key (privkey.cnf file. type the following command: sslc rsa -in privkey.pem -req -signkey cakey.Managing and Configuring Servers Advanced server configuration options 5 • • • Deploy BusinessObjects Enterprise with SSL enabled. Note: For more information about using the SSLC command line tool. By default.cnf -new -out cacert.pem -days 365 This command creates a self-signed certificate. that expires after 365 days.rver communication. Create key and certificate files for each machine in your deployment. cakey.pem and cacert.cnf file's certificate and private_key options. stored in the same folder as the SSLC command line tool. Creating key and certificate files To set up SSL protocol for your se. Perform the following steps based on settings in the sslc.pem -out cakey. the settings in the sslc.pem files in the directories specified by sslc. consult the SSLC documentation. Choose the number of days that suits your security needs.pem.pem.pem private_key = $dir/private/cakey. The SSLC tool is installed with your BusinessObjects Enterprise software. it is installed by default in C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86.pem).req This command creates two files. 1. (On Windows.cnf file are: certificate = $dir/cacert.pem BusinessObjects Enterprise Administrator’s Guide 147 . Open the sslc.cnf file. for example.) 2.pem This command creates the decrypted key. Configure the location of these files in the Central Configuration Manager (CCM) and your web application server. • Place the cakey. 3.req -out cacert. To decrypt the private key. use the SSLC command line tool to create a key file and a certificate file for each machine in your deployment. cacert.exe command line tool. type the following command: sslc x509 -in cacert. To sign the CA certificate. Type the following command: sslc req -config sslc.

Ensure that this file provides an octet-string serial number (in hexadecimal format).pem server. which contains the signed certificate.cnf file's database setting. Note: To ensure that you can create and sign more certificates. Store the following key and certificate files in a secure location (under the same directory) that can be accessed by the machines in your BusinessObjects Enterprise deployment: • • • • the trusted certificate file (cacert.pem in servercert.cnf -days 365 -out servercert.) • 6. 8. 9.cnf file's serial setting.der -outform DER 10. type the following command: sslc ca -config sslc.key To sign the certificate with the CA certificate.pem -out cacert. Create a text file for storing the plain text passphrase used for decrypting the generated private key. 11. choose a large number.der) the server key file (server.pem file. Create a file with the name specified by the sslc.pem -out servercert. type the following command: sslc req -config sslc. Use the following commands to convert the certificates to DER encoded certificates: sslc x509 -in cacert.der) the generated server certificate file (servercert.5 Managing and Configuring Servers Advanced server configuration options • • Create a file with the name specified by the sslc.cnf file's new_certs_dir setting. such as 11111111111111111111111111111111. Make a copy of the private key copy privkey.req 7.txt.req This command creates the servercert.key) the passphrase file 148 BusinessObjects Enterprise Administrator’s Guide . Create the directory specified by the sslc. Note: By default.der -outform DER sslc x509 -in servercert. The file can be empty. this file is $dir/index.cnf -new -out servercert. To create a certificate request and a private key.

Configuring the SSL protocol After you create keys and certificates for each machine in your deployment.txt 2. To configure the SSL protocol in the CCM In the CCM. you need to provide the Central Configuration Manager (CCM) and your web application server with the secure location. Note: Make sure you provide the directory for the machine that the server is running on. 2. 1. click the Protocol tab. run the sslconfig tool from the command line and follow the configuration steps. 3. In the Properties dialog box.oci.der -DsslKey=client.orb. Repeat steps 1 to 3 for all servers. right-click a server and choose Properties. To configure the SSL protocol for the web application server If you have a J2EE web application server. and store them in a secure location. 1.protocol=ssl -DcertDir=d:\ssl -DtrustedCert=cacert. 4. BusinessObjects Enterprise Administrator’s Guide 149 . run the Java SDK with the following system properties set: -Dbusinessobjects.Managing and Configuring Servers Advanced server configuration options 5 This location will be used to configure SSL for the CCM and your web application server. If you have an IIS web application server. Provide the file path for the directory where you stored the key and certificate files.key -Dpassphrase=passphrase.der -DsslCert=clientcert.

5 Managing and Configuring Servers Advanced server configuration options 150 BusinessObjects Enterprise Administrator’s Guide .

Managing Server Groups chapter .

Therefore. you can easily set up default processing settings. when you manage a group of servers. If you group your servers by region. you would optimize system performance for viewing these reports. if you had a number of reports that ran against a DB2 database. If you then configured the appropriate reports to always use this Page Server group for viewing. file servers. The only difference is that you see only the servers that you added to the server group. and schedule destinations that are appropriate to users who work in a particular regional office. you might want to create a group of Page Servers that process reports only against the DB2 database server. you can configure objects to be processed by servers that have been optimized for those objects. More importantly. or for viewing and modifying reports. Placing processing servers close to the database server that they need to access improves system performance and minimizes network traffic. recurrent schedules. processing servers need to communicate frequently with the database containing data for published reports. server groups prove especially useful when maintaining systems that span multiple locations and multiple time zones. you need to specify the name and description of the group. configure objects to use specific server groups for scheduling. For details. For example.6 Managing Server Groups Server group overview Server group overview Server groups provide a way of organizing your BusinessObjects Enterprise servers to make them easier to manage. And you can associate scheduled objects with a particular server group to ensure that scheduled objects are sent to the correct printers. so the object is always processed by the same servers. If you group your servers by type. or for objects of different types. After creating server groups. Creating a server group To create a server group. and configure your servers in the organize Server Groups area—just as you would in the organize Servers area. obtain metrics. and then add servers to the group. see “Specifying servers for scheduling” on page 430 or “Specifying servers for viewing and modification” on page 432. you need only view a subset of all the servers on your system. 152 BusinessObjects Enterprise Administrator’s Guide . server groups are a powerful way of customizing BusinessObjects Enterprise to optimize your system for users in different locations. and so on. You can associate an object with a single server group. Thus. That is. You can change the status.

Managing Server Groups Creating a server group 6 1. 7. type a name for the new group of servers. 6. Click OK. 8. In the Server Group Name field. 2. 4. Tip: Use CTRL+click to select multiple servers. On the Servers tab. Click OK. Use the Description field to include additional information about the group. Click New Server Group. then click the > arrow. 5. The New Server Group Properties tab appears. click Add/Remove Servers. Select the servers that you want to add to this group. To create a server group Go to the Server Groups management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 153 . 3.

select the server groups that should include your group as a member. then click the > arrow. In the Available server groups list. select the server groups that you want to add as subgroups. 2. 4. 3. see “Server management overview” on page 78. and add each regional group to the corresponding country group. A subgroup is just a server group that is a member of another server group. To make one server group a member of another Go to the Server Groups management area of the CMC. For example. view server metrics. To add subgroups to a server group Go to the Server Groups management area of the CMC. 154 BusinessObjects Enterprise Administrator’s Guide . create a group for each country. 2. The results are the same. 1. There are two ways to set up subgroups: you can modify the subgroups of a server group. On the Member of tab. click Add/Remove Groups. which now lists all the server groups that you added to the parent group. 5. 3. or you can make one server group a member of another. which now lists all the servers that you added to the group. On the Subgroups tab. This group is the parent group. You are returned to the Servers tab. To organize servers in this way. Click the group that you want to add subgroups to. Click the group that you want to add to another group. and add the appropriate servers to each regional group. then each regional group becomes a subgroup of a country group. then click the > arrow. Click OK. and change the properties of the servers in the group. if you group servers by region and by country. For more information. 4. In the Available server groups list. You can now change the status. click the Member of button. You are returned to the Subgroups tab. Working with server subgroups Subgroups of servers provide you with a way of further organizing your servers. 1. first create a group for each region.6 Managing Server Groups Working with server subgroups This example adds the servers to a server group called Northern Office Servers. Then. so use whichever method proves most convenient.

For example. You are returned to the “Member of” tab. Click OK. click the server’s Member of link. The “Modify Member Of” page appears. which now lists all the server groups that the initial group is now a member of. you can click the server’s “Member of” link to add it to all three regions at once. Move server groups from one list to another to specify which groups the server is a member of. 6. Instead of having to add the CMS individually to each regional server group. 5. Modifying the group membership of a server You can modify a server’s group membership to quickly add the server to (or remove it from) any group or subgroup that you have already created on the system. 4. In the Server Group column. suppose that you created server groups for a number of regions. Click OK. To modify a server’s group membership Go to the Servers management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 155 . Locate the server whose membership information you want to change. 2. 5. 1. The “Member of” page lists any server groups that the server currently belongs to. Click the Member of button. 3. You might want to use a single Central Management Server (CMS) for multiple regions.Managing Server Groups Modifying the group membership of a server 6 This example makes the Job Servers group a member subgroup of the Northern Office Servers group.

6 Managing Server Groups Modifying the group membership of a server 156 BusinessObjects Enterprise Administrator’s Guide .

Scaling Your System chapter .

This chapter details common scalability scenarios for administrators who want to expand beyond a stand-alone installation of BusinessObjects Enterprise.7 Scaling Your System Scalability overview Scalability overview The BusinessObjects Enterprise architecture is scalable in that it allows for a multitude of server configurations. your database software. to large-scale deployments supporting global organizations. see “Common configurations” on page 159. single-machine environments. Follow these steps when you need to add server components to a machine that is already running BusinessObjects Enterprise. Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on additional machines. This chapter also provides the related procedures for adding and deleting servers from your BusinessObjects Enterprise installation. and your reporting requirements. It is recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. 158 BusinessObjects Enterprise Administrator’s Guide . The flexibility offered by the product’s architecture allows you to set up a system that suits your current reporting requirements. A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. It must be emphasized. run the BusinessObjects Enterprise installation and setup program. For details. The setup program allows you to perform an Expand installation. and you select the components that want to install on the local machine. Note: If you customize or expand your system beyond these common configurations without first contacting Business Objects Services. your deployment may not be officially supported. These three scenarios have received the most testing. and are recommended for the majority of deployments. however. see the BusinessObjects Enterprise Installation Guide. you specify the existing CMS whose system you want to expand. that the optimal configuration for your deployment will vary depending upon your hardware configuration. ranging from stand-alone. without limiting the possibilities for future growth and expansion. During the Expand installation. For details.

Scaling Your System Common configurations 7 Common configurations This section details the common ways in which you should begin to scale. For details. If you are still using the MSDE CMS database on Windows. your BusinessObjects Enterprise system. and installs all BusinessObjects Enterprise servers on a single machine. As a baseline. installation. or expand. migrate the CMS database to a supported database server. This section describes the following common configurations: • • • “One-machine setup” on page 159 “Three-machine setup” on page 160 “Six-machine setup” on page 160 One-machine setup This basic configuration separates the BusinessObjects Enterprise servers from the rest of your reporting environment and from your web server. For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). Run the CMS database on your database server. dedicated machine. This grants the BusinessObjects Enterprise servers their own set of processing resources. BusinessObjects Enterprise Administrator’s Guide 159 . For preliminary installation information. The scenarios described are those that have been most thoroughly tested by Business Objects. however. Tip: If you are deploying multi-processor machines. you may also want to run one or more BusinessObjects Enterprise servers in multiple instances on that machine. this section assumes that you have not yet distributed the BusinessObjects Enterprise servers across multiple machines.txt file included with your product distribution for a list of supported database servers. see the BusinessObjects Enterprise Installation Guide. see “Adding a server” on page 169. install your BusinessObjects Enterprise servers on the same machine as your Java web application server and the Web Component Adapter. which they do not have to share with database and web server processes. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install all of the BusinessObjects Enterprise servers on a single. and server configuration. See the Platforms. this section does assume familiarity with the BusinessObjects Enterprise architecture.

the Web Intelligence Report Server. In general. the Event Server should be installed on the machine where your monitored. Web Intelligence Job Server. file-based events occur. Install the Page Server. List of Values Job Server. For a UNIX installation (or for a Windows installation that uses the BusinessObjects Enterprise Java SDK). the Report Application Server (RAS). but you increase the number of available machines and servers for redundancy and fault-tolerance. Note: It is recommended that you use three multi-processor machines (dualCPU or better). Tip: Here. however. this scenario prepares your system for further expansion to provide redundancy. based on the types of work performed by each server. and the Input and Output File Repository Servers on the third machine. or if you need to take one or two machines offline completely. In this way. Destination Job Server. the Report Job Server.7 Scaling Your System Common configurations Three-machine setup This second configuration divides the BusinessObjects Enterprise processing load in a logical manner. Note: As with the one-machine setup. you need not interrupt BusinessObjects Enterprise requests in order to service the system. which they do not have to share with database and web server processes. You maintain the logical breakdown of processing based on the types of work performed by each server. In addition. For instance. you prevent the server components from having to compete with each other for the same hardware and processing resources. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • Install the CMS and the Event Server on one machine. the Event Server is installed on the same machine as the CMS. Six-machine setup This third configuration mirrors the three-machine setup. if a server stops responding. • • Install the application server. with at least 2 GB RAM installed on each machine. the Web Component Adapter and the Cache Server on the second machine. 160 BusinessObjects Enterprise Administrator’s Guide . install the Java web application server and the Web Component Adapter on the same machine as your Cache Server. Program Job Server. This grants the BusinessObjects Enterprise servers their own set of processing resources. install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers.

This grants the BusinessObjects Enterprise servers their own set of processing resources. In general. Ensure that the web. which they do not have to share with database and web server processes. Web Intelligence Report Server. file-based events occur. Web Intelligence Job Server.Scaling Your System Common configurations 7 This tested configuration is designed to meet the reporting requirements of 85% of all deployment scenarios. and RAS on the remaining machine. Install a second CMS/Event Server pair on the fourth machine. Ensure that all Page Servers and job servers. Program Job Server. • Note: As with the one-machine setup. along with a second Cache Server. Install and configure any required database client software similarly on each machine. Cluster the two CMS services. These are the general steps to setting up this configuration for the default Windows installation of BusinessObjects Enterprise: • • Install the three-machine setup first. can access your reporting database in exactly the same manner. see “Three-machine setup” on page 160. with at least 2 GB RAM installed on each machine. however. Destination Job Server. For details. the same database user name and password. so they share the task of maintaining the CMS database. Ensure that each CMS accesses the CMS database in exactly the same manner (the same database client software.xml file is configured correctly for each WCA. BusinessObjects Enterprise Administrator’s Guide 161 . install your BusinessObjects Enterprise servers on machines that are separate from your web server and database servers. • Install a second application server and Web Component Adapter on the fifth machine. Note: It is recommended that you use six multi-processor machines (dualCPU or better). the Event Server is installed on the same machine as the CMS. This machine must have a fast network connection (minimum 10 Mbps) to the CMS that you have already installed. Report Job Server. Tip: Here. including the Web Intelligence Report Server. and so on). If you have further requirements or more advanced configuration needs. the Event Server should be installed on the machine where your monitored. Consult your web application server documentation for information on load-balancing and clustering your application servers. Install a second Page Server. List of Values Job Server. along with any ODBC DSNs that are required for your reports. along with a pair of Input and Output File Repository Servers. contact your Business Objects sales representative for additional assistance. Verify that BusinessObjects Enterprise is functioning correctly.

A Business Objects Services consultant can then assess your reporting environment and assist in determining the configuration that will best integrate with your current environment. Each subsection focuses on one aspect of your system’s capacity. see “Clustering Central Management Servers” on page 92. CMS clusters can improve overall system performance because every BusinessObjects Enterprise request results. at some point. You can install multiple CMS services/daemons on the same machine. 162 BusinessObjects Enterprise Administrator’s Guide . you should ideally install each cluster member on its own machine. in a server component querying the CMS for information that is stored in the CMS database. General scalability considerations include the following: • • • • • • • “Increasing overall system capacity” on page 162 “Increasing scheduled reporting capacity” on page 163 “Increasing on-demand viewing capacity for Crystal reports” on page 164 “Increasing prompting capacity” on page 165 “Enhancing custom web applications” on page 166 “Improving web response speeds” on page 166 “Getting the most from existing resources” on page 167 Increasing overall system capacity As the number of report objects and users on your system increases.7 Scaling Your System General scalability considerations General scalability considerations This section provides information about system scalability and the BusinessObjects Enterprise servers that are responsible for particular aspects of your system. you instruct the new CMS to share in the task of maintaining and querying the CMS database. and provides a number of ways in which you might modify your configuration accordingly. However. For more information. it is strongly recommended that you contact your Business Objects sales representative and request information about the BusinessObjects Enterprise Sizing Guide. to provide server redundancy and faulttolerance. When you cluster two CMS machines. Before modifying these aspects of your system. you can increase the overall system capacity by clustering two (or more) Central Management Servers (CMS). discusses the relevant components.

and so on. each containing one or more Job Servers. if you run several very complex reports on a regular. when you schedule recurrent reports. or by running multiple Report Job Servers on a single multi-processor machine. you can use Schedule events to ensure that the reports are processed sequentially. When designing reports in Crystal Reports. For instance.Scaling Your System General scalability considerations 7 Increasing scheduled reporting capacity Increasing Crystal reports processing capacity All Crystal reports that are scheduled are eventually processed by a Job Server. using the database server’s resources to group data. consider distributing the processing load through the use of server groups. Then. Verify the efficiency of your reports. you might create two server groups. If the Job Server is currently running on a machine along with other BusinessObjects Enterprise components. by modifying record selection formulas. these strategies may improve the processing speed of the Job Server. Ensure also that the File Repository Servers are readily accessible to all Job Server (so they can read report objects from the Input FRS and write report instances to the Output FRS quickly).5 and later). see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. If some reports are much larger or more complex than others. there are several strategies you can adopt to maximize your system’s processing capacity: • Install the Job Server in close proximity to (but not on the same machine as) the database server against which the reports run. If the majority of your reports are scheduled to run on a regular basis. because there is less distance for data to travel over your corporate network. For instance. you can specify that it be processed by a particular server group to ensure that especially large reports are distributed evenly across resources. Use event-based scheduling to create dependencies between large or complex reports. Depending upon your network configuration. there are a number of ways in which you can improve the performance of the report itself. consider moving the Job • • • • BusinessObjects Enterprise Administrator’s Guide 163 . For more information. This is a useful way of minimizing the processing load that your database server is subject to at any given point in time. You can expand BusinessObjects Enterprise by running individual Report Job Servers on multiple machines. incorporating parameter fields. nightly basis. Increase the hardware resources that are available to a Job Server.

For details. 164 BusinessObjects Enterprise Administrator’s Guide . Note: When deciding whether to increase the number Web Intelligence Report Servers. the Report Application Server (RAS) processes the request. and the Cache Server stores recently viewed report pages for possible reuse. incorporating parameter fields. if users use the Advanced DHTML viewer. When designing reports in Crystal Reports. or by running multiple Web Intelligence Report Servers on a single multi-processor machine. a Web Intelligence Job Server must exist in the same group as the Web Intelligence Report Servers. Verify the efficiency of your reports. However. Increasing Web Intelligence document processing capacity All Web Intelligence documents that are scheduled are eventually processed by a Web Intelligence Job Server and Web Intelligence Report Server. you can install multiple Job Servers on the same machine (typically no more than one service/daemon per CPU). whereas requests for Crystal reports are processed by three separate servers. Increasing on-demand viewing capacity for Crystal reports When you provide many users with View On Demand access to reports. the Report Job Server. If your reporting requirements demand that users have continual access to the latest data. by modifying record selection formulas. there are a number of ways in which you can improve the performance of the report itself. if you are working with server groups. you don’t need to duplicate the Web Intelligence Job Server. you can increase capacity in the following ways: • • Increase the maximum allowed size of the cache. If the new machine has multiple CPUs. the Cache Server and Page Server. see “Modifying Cache Server performance settings” on page 112. keep in mind that Web Intelligence Report Server processes both scheduling and viewing requests. You can expand BusinessObjects Enterprise by running individual Web Intelligence Report Servers on multiple machines. and so on. you allow each user to view live report data by refreshing reports against your database server.5 and later). using the database server’s resources to group data. For most requests. For more information. the Page Server retrieves the data and performs the report processing.7 Scaling Your System General scalability considerations Server to a dedicated machine. see the “Designing Optimized Web Reports” section in the Crystal Reports User’s Guide (version 8. However. When running multiple Web Intelligence Report Servers. One Web Intelligence Job Server can be used to drive multiple Web Intelligence Report Servers.

each containing one or more Cache Server/Page Server pairs along with one or more Report Application Servers. You can do this by installing additional Page Servers on multiple machines. and then distribute the processing load through the use of server groups. In CMC you can then create a RAS server group and assign the dedicated RAS to the RAS server group. To delegate XSL transformation to the browser for document display: On the application server. the RAS processes the list-of-values objects for the report when the report is being viewed. It is therefore no longer recommended that you install multiple Page Servers on one machine. set the CLIENT_XSLT variable in webiviewer. primarily during document display. This substantially decreases the load on the server. In Business View Manager. It does this regardless of whether the list-of-value object was scheduled or whether data needs to be retrieved from the data base.0 browser. Increase the number of Page Servers. You can then specify individual reports that should always be processed by a particular server group. located in the WEB-INF\classes subfolder of the application server as follows: CLIENT_XSLT=Y 2. The Page Server has been re-designed to optimize the processing capability of a machine. By default.properties. and Report Application Servers on the system. the XSL transformation delegation is not activated. you can instruct the Web Intelligence Report Server to delegate the transformation of XML to XSL to the browser. do not install more than one Page Server per machine.Scaling Your System General scalability considerations 7 • Increase the number of Page Servers that service requests on behalf of Cache Servers. • Increasing prompting capacity When reports use a list of values. Delegating XSL transformation to Internet Explorer If your users access InfoView via the Internet Explorer 6. you might create two server groups. you then assign the list-ofvalues objects to be processed by the RAS server group. For instance. To avoid contention with other applications that use the RAS. you can add a RAS server that will be dedicated to processing list-of-value objects. Restart the application server. BusinessObjects Enterprise Administrator’s Guide 165 . Cache Servers. However. 1. but also during display of the portal itself.

These are some common aspects of your deployment that you should consider before deciding how to expand BusinessObjects Enterprise: • Assess your web server’s ability to serve the number of users who connect regularly to BusinessObjects Enterprise. be sure to review the libraries and APIs. incorporate complete security and scheduling options into your own web applications. see “Increasing scheduled reporting capacity” on page 163 and “Increasing on-demand viewing capacity for Crystal reports” on page 164. Use the administrative tools provided with your web server software (or with your operating system) to determine how well your web server performs. ensure that you have set up a CMS cluster.7 Scaling Your System General scalability considerations Enhancing custom web applications If you are developing your own custom desktops or administrative tools with the BusinessObjects Enterprise Software Development Kit (SDK). users. and groups on behalf of their team. If the web server is indeed limiting web response speeds. consider increasing the web server’s hardware. Improving web response speeds Because all user interaction with BusinessObjects Enterprise occurs over the Web. To improve the scalability of your system. consider distributing administrative efforts by developing web applications for delegated content administration. You can also modify server settings from within your own code in order to further integrate BusinessObjects Enterprise with your existing intranet tools and overall reporting environment. You can grant select users the ability to manage particular BusinessObjects Enterprise folders. In addition. For details. department. If you are running a large deployment. You can now. Take into account the number of users who regularly access your system. content. be sure to check the developer documentation available on your BusinessObjects Enterprise product CD for performance tips and other scalability considerations. If web response speeds are slowed only by report viewing activities. • • 166 BusinessObjects Enterprise Administrator’s Guide . or regional office. for instance. The query optimization section in particular provides some preliminary steps to ensuring that custom applications make efficient use of the query language. you may need to investigate a number of areas to determine exactly where you can improve web response speeds. see “Increasing overall system capacity” on page 162.

If the application server is currently running on the web server. set up two (or more) WCS machines to take advantage of the dynamic load balancing that is built into the Web Connector components. Note: BusinessObjects Enterprise does not support the sessionreplication functionality provided by some Java web application servers. consider the following options: • Increase the hardware resources that are available to the application server. If you are using the default Windows installation of BusinessObjects Enterprise. and scalability. clustering. Consult your network administrator for more information. don’t forget that BusinessObjects Enterprise depends upon your existing IT infrastructure. If the new machine has multiple CPUs. you can install multiple application servers on the same machine (typically no more than one per CPU). • • Getting the most from existing resources One of the most effective ways to improve the performance and scalability of your system is to ensure that you get the most from the resources that you allocate to BusinessObjects Enterprise.Scaling Your System General scalability considerations 7 If you find that a single application server inadequately services the number of scripting requests made by users who access your system on a regular basis. without bringing down the entire system. BusinessObjects Enterprise Administrator’s Guide 167 . Consult the documentation for your web application server for information on loadbalancing. BusinessObjects Enterprise uses your network for communication between servers and for communication between BusinessObjects Enterprise and client machines on your network. Optimizing network speed and database efficiency When thinking about the overall performance and scalability of BusinessObjects Enterprise. This also provides you with the benefits of being able to take one WCS machine offline for service. Consider setting up two (or more) application servers. Make sure that your network has the bandwidth and speed necessary to provide BusinessObjects Enterprise users with acceptable levels of performance. or on a single machine with other BusinessObjects Enterprise components. consider moving the application server to a dedicated machine. The Web Connector distributes the processing load evenly across WCS hosts: each new BusinessObjects Enterprise session is sent to the least used WCS.

2. thereby reducing the time needed to provide report pages to subsequent users of the same report while greatly improving overall system performance under load. 3. see the planning chapter in the BusinessObjects Enterprise Installation Guide. The Report Application Server is optimized for report modification. or refresh a report instance that they are viewing. which permits different users accessing the same report object to use the same data when viewing a report on demand or when refreshing a report. Consult your database administrator for more information. 168 BusinessObjects Enterprise Administrator’s Guide . This means that some users may see “old” data when they view a report on demand. or the Java viewer. For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system. 1. the Active X viewer. to get full value from data sharing. For details on data sharing options for reports.7 Scaling Your System General scalability considerations BusinessObjects Enterprise processes reports against your database servers. However. Disabling the Advanced DHTML Viewer In the Central Management Console. For simple report viewing you can achieve better system performance if users select the DHTML viewer. you must permit data to be reused for some period of time. select Business Objects Applications. These report viewers process reports against the Page Server. Click Update. you can disable the Advanced DHTML viewer for all users of BusinessObjects Enterprise. If the ability to modify reports is not needed at your site. Using the appropriate processing server When users view a report using the Advanced DHTML viewer. Select Web Desktop. then the performance of BusinessObjects Enterprise may suffer. On the Properties tab. Enabling data sharing reduces the number of database calls. see “Setting report viewing options” on page 428. Optimizing BusinessObjects Enterprise for report viewing BusinessObjects Enterprise allows you to enable data sharing. the report is processed by the Report Application Server rather than the Page Server and Cache Server. If your databases are not optimized for the reports you need to run. go to the Viewers area. Clear the option labeled Allow users to use the Advanced DHTML Viewer. 4.

During the Expand installation. Adding a server These steps add a new instance of a server to the local machine. and you select the components that you want to install on the local machine. you specify the existing CMS whose system you want to expand. run the BusinessObjects Enterprise installation and setup program from your product distribution. The Add Business Objects Server Wizard displays its Welcome dialog box. Start the CCM on the BusinessObjects Enterprise machine upon which you want to install a new server. The setup program allows you to perform an Expand installation. you must log on as an Administrator of the local machine. see the BusinessObjects Enterprise Installation Guide. additional machines. BusinessObjects Enterprise Administrator’s Guide 169 . 1. On the toolbar. Click Next. You can run multiple instances of the same BusinessObjects Enterprise server on the same machine. 2. 3.Scaling Your System Adding and deleting servers 7 Adding and deleting servers This section shows how to add and delete servers from a machine that is already running BusinessObjects Enterprise components. It includes the following sections: • • “Adding a server” on page 169 “Deleting a server” on page 171 Tip: If you are adding new hardware to BusinessObjects Enterprise by installing server components on new. To add a Windows server Note: To complete this procedure. For details. click Add Server.

6. Change the default Display Name field if you want a different name to appear in the list of servers in the CCM. So. Change the default Server Name field if required. This Server Name is displayed when you manage servers over the Web in the Central Management Console (CMC).SERVER02. Each server on the system must have a unique name.” prefix. 4. 170 BusinessObjects Enterprise Administrator’s Guide .” prefix is required by the system.servertype (a number is appended if there is more than one server of the same type on the same host machine). the CCM actually names the server Input.7 Scaling Your System Adding and deleting servers The “Server Type and Display Name Configuration” dialog box appears. The contents of this dialog vary slightly. 5. depending upon the type of server that you are installing. When you add Input or Output File Repository Servers. Click the Server Type list and select the kind of server you want to add. If you subsequently modify the server’s name through its command line. 7. do not remove the prefix. The default naming convention is HOSTNAME.” or “Output. This “Input. the wizard always precedes the server name you type with an “Input. Note: The display name for each server on the local machine must be unique. Click Next. The “Set Configuration for this server” dialog box appears. if you add an Input FRS with the name SERVER02.

Tip: Auditing in BusinessObjects Enterprise is enabled on a per server basis. If you do not. When prompted for confirmation.sh” on page 602. For details. click Delete Server on the toolbar. The new server appears in the list. but it is neither started nor enabled automatically. To delete a Windows server Start the CCM on the BusinessObjects Enterprise machine that you want to delete a server from. With the server selected.sh script. Stop the server that you want to delete from the system. 11. Click Next to accept any other default values. Type the name of the CMS that you want the server to communicate with. the actions performed on the new server will not be audited. 3. then click Finish. see “serverconfig. To delete a UNIX server Use the serverconfig. change ports through each server’s command line. Note: If port number options are displayed in this dialog box.sh” on page 602.Scaling Your System Adding and deleting servers 7 8. See “Enabling auditing of user and system actions” on page 210 for more information. Use the CCM (or the CMC) to start and then to enable the new server when you want it to begin responding to BusinessObjects Enterprise requests. do not modify them. see “Changing the default server port numbers” on page 140. To add a UNIX server Use the serverconfig. Deleting a server 1. For reference. BusinessObjects Enterprise Administrator’s Guide 171 . 10. 4. If you add a new server to your BusinessObjects Enterprise installation you must enable auditing of actions on each new server.sh script. If your CMS is not listening on the default port (6400). or modify them to suit your environment. as in CMSname:port# 9. 2. For reference. Confirm the summary information is correct. include the appropriate port number. For details. see “Viewing and changing the status of servers” on page 82. Instead. click Yes. see “serverconfig.

7 Scaling Your System Adding and deleting servers 172 BusinessObjects Enterprise Administrator’s Guide .

Managing BusinessObjects Enterprise Repository chapter .

Copying data from one repository database to another BusinessObjects Enterprise enables you to copy the contents of one repository database into another database. custom functions.8 Managing BusinessObjects Enterprise Repository BusinessObjects Enterprise Repository overview BusinessObjects Enterprise Repository overview The BusinessObjects Enterprise Repository is a database in which you manage shared report elements such as text objects. this data is copied into the destination database. This procedure is also referred to as migrating a BusinessObjects Enterprise Repository database. You can migrate repository data from a different repository database (from version 10 of Crystal Reports. you can refresh a report’s repository objects on demand over the Web. or you may want to import repository objects from one BusinessObjects Enterprise XI installation to another. Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS You may want to import repository objects from a Crystal Enterprise 10 installation. Or. When you save any Business View. You can refresh a report’s repository objects with the latest version from your BusinessObjects Enterprise Repository when you publish reports to BusinessObjects Enterprise. it is also saved to the BusinessObjects Enterprise Repository. and custom SQL commands. move your existing Crystal Repository to the Central Management Server database. 174 BusinessObjects Enterprise Administrator’s Guide . you can migrate the repository data from your current CMS database into a different data source. Throughout this section. the source CMS database refers to the database that holds the data you are copying. you may have repository data on a test system that you want to move onto a production server. or version 10 of Crystal Enterprise) into your current CMS database. bitmaps. Alternatively. See the rest of this chapter for details. Before publishing reports that reference repository objects. The BusinessObjects Enterprise Repository is now hosted by the Central Management Server (CMS) system database. For example.

If an object in the source repository has the same unique identifier as an object in the destination. at a minimum. If an object from the source has the same title as an object in the destination. Renaming these folders would change the unique identifier associated with the Business View.” The end result is a destination repository that contains all objects from the source repository that have unique titles. the object in the destination is overwritten. and all objects originally in the destination repository. causing the Business View functionality to fail. When an object is copied from the source CMS to the destination CMS. you add all objects in the source CMS to the destination CMS. BusinessObjects Enterprise Administrator’s Guide 175 . Note: Top-level folders containing Business Views are not renamed.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 Use the Import Wizard to copy repository data from the source CMS. Updating the destination repository When you update the contents of the destination repository using the source repository as a reference. all repository objects from the source system with a unique title are copied to the destination repository. and the objects in such folders to be copied to these renamed folders. Selecting “Automatically rename top-level folders that match top-level folders on the destination system” allows these folders to be renamed on the destination repository. regardless of the options set. You have selected “Automatically rename top-level folders that match top-level folders on the destination system. Also. You can choose to merge the contents of the source repository into the destination repository. replicating the folder hierarchy of the source system on the destination. This is the safest import option. copies of all non-Business View objects from the source repository that have titles that match titles of objects in the destination. However. All of the objects in the destination repository are preserved. the folder or folders that contain the object are also copied. the object is imported to the destination repository if: • • The object is not a Business View. or you can update the destination with the contents of the source CMS. the names of top-level folders must be unique. you add all repository objects from the source CMS into the destination CMS without overwriting objects in the destination. Merging repositories When you merge the contents of the source repository with the destination repository.

Copying data from a Crystal Enterprise 9 repository database In Crystal Enterprise 9. regardless of the options set. If you want these objects to be copied. Then replace the repository by importing its contents into the CMS database using the Repository Migration Wizard. Note: Reports configured to use the source repository will now refer to the destination data source. select the check box “Automatically rename objects if an object with that title already exists in the destination folder. When you use the Repository Migration Wizard. By default. click Repository Migration Wizard. and calendars). if copying an object from the source CMS to the destination CMS would result in more than one object in a folder with the same title. 2. click the name of the repository that you want to import. If the Wizard finds identical objects (that is.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another All object titles in a folder must be unique.” Note: System Objects (users. Objects from the source repository will be added to the destination repository database. See “Importing with the Import Wizard” on page 402 for full instructions on using the Import Wizard to copy objects from one BusinessObjects Enterprise XI repository to another. events. the Crystal Repository database was hosted on a separate database server that you could connect to through ODBC. You must run the wizard on the machine containing your source repository. When you copy repository objects into BusinessObjects Enterprise XI. servers. server groups. the copy fails. only the most recent version of each object is copied. are not renamed when you import them from one CMS to another. begin by making a backup copy of the source repository database. objects with the same unique identifier) in the source and destination repositories. From the Source list in the Select Source Repository dialog. 1. neither the source nor the destination database is overwritten. the source objects will not be copied. server management. In a BusinessObjects Enterprise environment. Changing the names of these objects would cause user management. To copy repository data from Crystal Enterprise 9 From the BusinessObjects Enterprise program group. 176 BusinessObjects Enterprise Administrator’s Guide . and event management for these objects to fail. user groups.

0\bin\ BusinessObjects Enterprise Administrator’s Guide 177 . type the name of the destination data source’s Central Management Server. select the items that you want to copy to your BusinessObjects Enterprise repository database. Click Next. By default. 7. From the “Source Repository Objects” list. and then Finish to complete the transfer and close the Repository Migration Wizard. 4. reporting success or failure for each object. 6. The Select Destination Data Source dialog appears.Managing BusinessObjects Enterprise Repository Copying data from one repository database to another 8 3. it was located in the following directory of your Crystal Reports installation: C:\Program Files\Common Files\Crystal Decisions\2. BusinessObjects Enterprise exports the selected repository objects from your BusinessObjects Enterprise Repository. Click Next. then click Next. Type the UserID and Password of a user with administrative rights to the repository database. 5. Copying data from a Crystal Reports 9 repository database The Crystal Repository shipped with Crystal Reports 9 was an Access database (Repository.mdb). In the CMS field. Click Next. Type the User Name and Password of an Enterprise account that provides you with administrative rights to the CMS.

2. If the Wizard finds identical objects in the source and destination repositories. Note: Reports configured to use the source repository will now refer to the destination data source. When you copy repository objects into BusinessObjects Enterprise XI. Then replace the default repository by importing its contents into the CMS database using the Repository Migration Wizard. the source objects will not be copied. select the items that you want to copy to your BusinessObjects Enterprise repository database. type a User id and Password valid for the repository database. 3. Log on to the CMS using a user name with administrative rights to BusinessObjects Enterprise. 4. neither the source nor the destination database is overwritten. 5. Click Next.8 Managing BusinessObjects Enterprise Repository Copying data from one repository database to another Begin by making a backup copy of this default database. Objects from the source repository will be added to the destination repository database. click the name of the repository that you want to import. click Repository Migration Wizard. only the most recent version of each object is copied. From the Source list in the Select Source Repository dialog. Click Next. 1. If you created security for your repository database. 178 BusinessObjects Enterprise Administrator’s Guide . From the “Source Repository Objects” list. When you use the Repository Migration Wizard. To copy repository data from Crystal Reports 9 From the BusinessObjects Enterprise program group. You must run the wizard on the machine containing your source repository.

and then click “Delete the item/folder”. Click Next. and then Finish to complete the transfer and close the Repository Migration Wizard.Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports 8 6. select “Insert a new folder”. the old repository objects stored in the report are replaced with the latest versions from the BusinessObjects Enterprise Repository. BusinessObjects Enterprise exports the selected repository objects from your Crystal Reports repository. you will want to update the published Crystal reports that reference those repository objects. Click Next. BusinessObjects Enterprise Administrator’s Guide 179 . Select the folder in your destination repository where objects from your source directory will be placed. Refreshing repository objects in published reports As you update objects stored in your BusinessObjects Enterprise Repository. • 7. When you refresh a report in this way. reporting success or failure for each object. • To add objects to a new folder. select it. and then type the name of the folder. 8. To delete an existing folder from your repository.

click the Refresh Options link.rpt files. Tip: If you use Crystal Reports to open reports directly from your BusinessObjects Enterprise folders. To refresh a published report’s repository objects Go to the Objects management area of the CMC. you can also refresh reports by setting options that compare reports to their original source . Tip: Once you have enabled repository refresh for each report. Click Refresh Report. you can update repository objects at that time. see “Setting report refresh options” on page 426. 3. 4. For details. Verify that the Use Object Repository when refreshing report check box is selected. you can refresh multiple reports simultaneously using the Report Repository Helper. You can also refresh repository objects when you publish reports. Note: If the check box is cleared. 180 BusinessObjects Enterprise Administrator’s Guide . select it now and click Update.8 Managing BusinessObjects Enterprise Repository Refreshing repository objects in published reports Note: Although refreshing with the repository is faster. 5. The Report Repository Helper is available from Administrative Tools area in the BusinessObjects Enterprise Admin Launchpad. Click the link to the report you want to refresh. 1. 2. On the Properties tab. For more information. see “Publishing Objects to BusinessObjects Enterprise” on page 373.

Working with Firewalls chapter .

To help explain how firewalls work. Packets are typically too small to contain all the data that is sent at any one time. each containing a portion of the overall data. TCP/IP and packets TCP/IP (Transmission Control Protocol/Internet Protocol) is the communications protocol used on the Internet. A firewall restricts people to entering and leaving your network at a carefully controlled point. When data is sent by TCP/IP. and be a focus for security decisions. the packets are constructed such that a layer for each protocol is wrapped around each packet. so multiple packets are required. It also prevents attackers from getting close to your other defenses. Typically. a firewall protects a company’s intranet from being improperly accessed through the Internet. The units of data transmitted through a TCP/IP network are called packets. and HTTP). 182 BusinessObjects Enterprise Administrator’s Guide . A firewall can’t protect against malicious insiders or connections that don’t go through it. TCP/IP packets have the following layers: • Application layer (for example. Typically. This chapter provides general information about what a firewall is and types of firewalls: • • “What is a firewall?” on page 182 “Firewall types” on page 183 If you are already familiar with firewalls and the configuration used in your network. FTP. A firewall also can’t set itself up correctly or protect against completely new threats. What is a firewall? A firewall is a security system that protects one or more computers from unauthorized network access. log Internet activity. proceed directly to “Understanding firewall integration” on page 186. some basic networking terms are described here: • • “TCP/IP and packets” on page 182 “Ports” on page 183 If you are already familiar with these topics see “Understanding firewall integration” on page 186.9 Working with Firewalls Firewalls overview Firewalls overview BusinessObjects Enterprise works with firewall systems to provide reporting across intranets and the Internet without compromising network security. telnet. A firewall can enforce a security policy.

Ports Ports are logical connection points that a computer uses to send and receive packets. High-level applications that use TCP/IP have ports with pre-assigned numbers. Network Access layer (for example. you communicate with the web server on port 80. For instance. ports allow a client program to specify a particular server program on a computer in a network. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. the packet consists simply of the data to be transferred. which is the pre-assigned port for HTTP communication.Working with Firewalls Firewalls overview 9 • • • Transport layer (TCP or UDP). BusinessObjects Enterprise Administrator’s Guide 183 . we recommend you switch to a different firewall method. it binds to its designated port number. At the application layer. ethernet and ATM). When a service or daemon initially is started. each layer adds a header to the packet. when you visit a typical HTTP site over the Web. Firewall types Firewalls primarily function using at least one of the following methods: • • • “Packet filtering” on page 184 “Network Address Translation” on page 184 “SOCKS proxy servers” on page 185 BusinessObjects Enterprise works with these firewall types. the process is reversed: the layers are sequentially removed until the transferred data is available to the destination application. When any client program wants to use that server. it must also request to bind to the designated port number. Other application processes are given port numbers dynamically for each connection. preserving the data from the previous level. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. Internet layer (IP). When the packet reaches its destination. These headers are used to determine the packet’s destination and to ensure that it arrives intact. If you are using SOCKS proxy servers now. but ports 0 to 1024 are reserved for use by certain privileged services. With TCP/IP. Note: Business Objects will be moving away from supporting SOCKS proxy servers. As the packet moves through the layers. Valid port numbers range from 0 to 65536.

NAT is also called IP masquerading. The firewall maintains a translation table to keep track of the address conversions that it has performed. Stateful packet filters remember the state of connections at the network and session layers by recording the established session information that passes through the filter gateway. Packet filtering can reject packets based on the following: • • • • • The address the data is coming from. The filter then uses that information to discriminate valid return packets from invalid connection attempts. NAT makes it appear that all traffic from your site comes from one (or more) external IP addresses. instead. Firewalls that employ packet filtering will work with BusinessObjects Enterprise. Typically there are two types of packet filtering: • Network Address Translation Network Address Translation (NAT) converts private IP addresses in a private network to globally unique. Stateless packet filters do not retain information about connections in use. The main purpose of NAT is to hide internal hosts. 184 BusinessObjects Enterprise Administrator’s Guide . they make determinations packet-by-packet based only on the information contained within the packet. Once the translation is complete. The address the data is going to. The data contained within the packet. the firewall sends the data payload on to its original destination. As outgoing packets are routed through the firewall. the firewall uses this translation table to determine which internal host should receive the response. NAT can also be described as a simple proxy. NAT hides internal hosts by converting their IP addresses to an external address. The session and application ports being used to transfer the data. When an incoming response arrives at the firewall. Because this type of firewall essentially sends and receives data on behalf of internal hosts. public IP addresses for use external to that network.9 Working with Firewalls Firewalls overview Packet filtering Packet filtering rejects TCP/IP packets from unauthorized hosts and rejects connection attempts to unauthorized services. thus.

BusinessObjects Enterprise supports and works with SOCKS servers. establishes a proxy connection. Because a translation entry does not exist until an internal client establishes a connection out through the firewall. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. you can establish a static route through the firewall for that service. Note: Some protocols do not function correctly when the port is changed. Dynamic translation (automatic. and relays data between the internal and external networks. When an external request is made. if you run an email server inside a firewall. If you are using SOCKS proxy servers now. it returns that response to the original client as if it were the originating external server. For example. hide mode. external computers have no way to address an internal host that is protected using a dynamically translated IP address. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. • BusinessObjects Enterprise and static translation NAT can be configured so that they work together. we recommend you switch to a different firewall method. BusinessObjects Enterprise Administrator’s Guide 185 . These protocols will not work through a dynamically translated connection. or IP masquerade) shares a small group of external IP addresses amongst a large group of internal clients for the purpose of expanding the internal network address space. SOCKS is a networking protocol that enables computers on one side of a SOCKS server to access computers on the other side of a SOCKS server without requiring a direct IP connection. the SOCKS server sends the requests to the internal network as if the SOCKS server itself was the originating client. SOCKS proxy servers Note: Business Objects will be moving away from supporting SOCKS proxy servers.Working with Firewalls Firewalls overview 9 There are two basic types of NAT: • Static translation (port forwarding) grants a specific internal host a fixed translation that never changes. This effectively hides the identity and the number of clients on the internal network from examination by anyone on the external network. When the SOCKS server receives a response from the internal server. A SOCKS server typically authenticates and authorizes requests. A SOCKS server redirects connection requests from computers on one side of it to computers on the other side of it. SOCKS servers work by listening for service requests from internal clients.

When a BusinessObjects Enterprise server first connects to the BusinessObjects Enterprise framework. 186 BusinessObjects Enterprise Administrator’s Guide . it contacts the directory listing service on the CMS to obtain the connection information. It includes: • • “Communication between servers” on page 186 “Typical firewall scenarios” on page 188 For detailed step-by-step instructions on how to configure your system to work in a firewalled environment. When one BusinessObjects Enterprise server needs to communicate with another. Communication between servers It is helpful to understand the basics of internal communications between BusinessObjects Enterprise servers before configuring your BusinessObjects Enterprise system to work with firewalls. BusinessObjects Enterprise connections include: • • “Communication between servers and the CMS directory listing service” on page 186 “Communication between the application tier and CMS” on page 187 Some examples also apply to communications between a BusinessObjects Enterprise server and the BusinessObjects Enterprise SDK (or other BusinessObjects Enterprise SDKs. these examples are indicated in the descriptions. Communication between servers and the CMS directory listing service The Central Management Server (CMS) manages a directory listing service for the application server and the servers in the Intelligence tier and the Processing tier. Where applicable. By default this port number is dynamically chosen. see “Configuring the system for firewalls” on page 190. It also reviews the most common firewall scenarios. See “Architecture overview and diagram” on page 54 for a listing of these servers. it registers its IP address and port number with the CMS. such as the Report Application Server SDK or the Viewer SDK). The first server then uses this information to communicate directly with the second server.9 Working with Firewalls Understanding firewall integration Understanding firewall integration This section gives a conceptual overview of internal communications between BusinessObjects Enterprise servers and the implications for firewall configuration.

the Job Server must communicate with the Input File Repository Server (FRS) to obtain the report object. Subsequent communications continue using this address and second port number. before running a scheduled report. The Job Server contacts the CMS and requests connection information for the Input FRS. see “Changing the default server port numbers” on page 140 for additional configuration information. To do so: 1. The Job Server uses this information to connect directly to the Input FRS. 2. rather than one that is dynamically selected. Note: • Before changing the default port numbers. All subsequent communications between the two servers continues using the same address and port. The WSA contacts the CMS using a pre-defined address and port number. The CMS replies with its address and a second port number. This communication model is also used when a BusinessObjects Enterprise SDK or the WCA communicates directly with a server in the Intelligence tier or the Processing tier. rather than using one that is dynamically selected. Using the -requestport command. rather than using the pre-defined default value (port 6400 for the CMS). BusinessObjects Enterprise Administrator’s Guide 187 . See “Communication between the application tier and CMS” on page 187. Note: • • • Communication between the application tier and CMS Not all BusinessObjects Enterprise components use the directory listing service on the CMS to make their initial connections with other elements of BusinessObjects Enterprise.Working with Firewalls Understanding firewall integration 9 For example. Communications between the CMS and the BusinessObjects Enterprise SDK and WCA follow another model. Using the -port option. you can also customize the CMS to listen on a specific port for initial communications. You can use the -requestport command to configure the CMS to reply with a fixed port number for subsequent communications. The CMS replies to the Job Server with the IP address and port number of the Input FRS. you can configure any BusinessObjects Enterprise server to register a fixed port number with the CMS. which by default is selected dynamically. 3.

their communication is uninterrupted by firewalls. However. 2. The process is similar when you configure your BusinessObjects Enterprise system to communicate across SOCKS proxy filters. Firewall configuration overview By default BusinessObjects Enterprise uses dynamically chosen port numbers for communications between components. so you need only configure each component to be aware of the location and type of the proxies that they communicate with. But BusinessObjects Enterprise provides direct support for SOCKS proxy filters. you must: 1. To enable BusinessObjects Enterprise to communicate across such a firewall. Typical firewall scenarios If all users of your BusinessObjects Enterprise system are on your internal network. You must change this default when you place a stateful firewall that uses packet filtering or Network Address Translation (NAT) between BusinessObjects Enterprise components because these firewalls provide protection by permitting communications from outside the firewall with only specified addresses and ports inside the firewall. If the components reside on the same computer. Simply place all BusinessObjects Enterprise components on computers inside your firewall. you must consider where to place each BusinessObjects Enterprise component. Note: When this section mentions firewalling different BusinessObjects Enterprise components. it assumes that the components reside on separate computers.9 Working with Firewalls Understanding firewall integration • You may also change the default port that the CMS uses to listen for initial communications from the Configuration tab of the Properties dialog in the Central Configuration Manager. Configure your firewall to allow communications to the services behind the firewall using these addresses and ports. and how to configure both BusinessObjects Enterprise and your firewalls in order to provide this access. and no additional configuration is required. This section outlines the following common firewall scenarios: • • 188 “Application tier separated from the CMS by a firewall” on page 189 “Thick client separated from the CMS by a firewall” on page 189 BusinessObjects Enterprise Administrator’s Guide . there is no need to perform any special configuration of your firewalls or of BusinessObjects Enterprise. if you need to provide access to BusinessObjects Enterprise to external users. Configure its components to use fixed addresses and ports.

while placing the CMS and all other BusinessObjects Enterprise servers on the internal network. You may chose to place your application server in the DMZ. Application tier separated from the CMS by a firewall In most cases. Note: Placing your application server in the DMZ is less secure than placing it on your internal network. your File Repository Servers. For maximum security. Typically. BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls. you should be able to support BusinessObjects Enterprise in wide variety of contexts. You must configure your CMS. For more information. However. see: • • “Configuring NAT when thick client is separated from the CMS” on page 195 “Configuring packet filtering when thick client is separated from the CMS” on page 198 BusinessObjects Enterprise Administrator’s Guide 189 . the DMZ is set up between two firewalls: an outer firewall and an inner firewall. This means that if there is a firewall between the computer running one of these thick clients and the CMS. you may prefer to place your BusinessObjects Enterprise application server on your internal network.Working with Firewalls Understanding firewall integration 9 These scenarios are general cases: once you understand the firewalling issues involved. or by using the Import Wizard or Publishing Wizard. For more information. the thick clients communicate directly with the CMS. this operation fails. and your firewall if you want to support this network configuration. clients access protected information through a web server running in a Demilitarized Zone (DMZ). see: • • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring for SOCKS servers” on page 199 Thick client separated from the CMS by a firewall You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. A DMZ is a network area that is neither part of the internal network nor directly part of the Internet.

however. BusinessObjects Enterprise cannot communicate across a firewall whose IP translation is dynamic. Note: You can configure BusinessObjects Enterprise to communicate properly across NAT firewalls that use static IP translation. Depending on your system configuring. However. if you separate BusinessObjects Enterprise components using NAT. see “Understanding firewall integration” on page 186. and then specify a firewall rule for the server. configuring for Network Address Translation can include one or both of the following tasks: • • “Configuring NAT when application tier is separated from the CMS” on page 190 “Configuring NAT when thick client is separated from the CMS” on page 195 Configuring NAT when application tier is separated from the CMS If the application server is separated from the CMS and other BusinessObjects Enterprise servers by NAT. it passes a fully qualified domain name (FQDN) that is routable by the firewall. 190 BusinessObjects Enterprise Administrator’s Guide . Configure each server as described in the section that describes your firewall environment. Note: If you have multiple BusinessObjects Enterprise servers of a given type. Configuring for Network Address Translation If you use Network Address Translation (NAT) only on the outer firewall of the DMZ.9 Working with Firewalls Configuring the system for firewalls Configuring the system for firewalls This section gives practical step-by-step instructions for configuring your BusinessObjects Enterprise system to work in a firewalled environment. It includes: • • • “Configuring for Network Address Translation” on page 190 “Configuring for packet filtering” on page 195 “Configuring for SOCKS servers” on page 199 For a conceptual overview of communications between BusinessObjects Enterprise components and of supported firewall configurations. you need to configure these components to communicate properly through the firewall. then no special configuration is required for BusinessObjects Enterprise to communicate properly. the overall procedure for configuring your system to work with firewalls will not change. you must ensure that whenever a BusinessObjects Enterprise server passes an address across the firewall to the application server.

substitute any valid free port number for portnum. Click OK to return to the CCM. 6. If you change the default port number of the CMS you must perform additional system configuration.sh. In the Command box. Start the Central Management Server. substitute your new port number for the default value of 6400. replace FQDN with the fully qualified domain name of the machine that is running the CMS. This machine must be routable from the application server. To configure the CMS on Windows Start the CCM. Tip: If you want to customize the CMS so that it listens on a port other than the default. For the -requestport command. By default the script and the ccm. Before changing the port number. see “Changing the default server port numbers” on page 140. add the following option: -port FQDN:6400 -requestport portnum For the -port command. Stop the Central Management Server. BusinessObjects Enterprise Administrator’s Guide 191 .Working with Firewalls Configuring the system for firewalls 9 Ports The application server must be able to communicate with every BusinessObjects Enterprise server behind the firewall. you must open a port on the firewall for each server. 2. 5. 1. Therefore. 4.config file are installed in the Business Objects install directory. for example /export/home/ businessobjects. 3. To configure the CMS on UNIX Run ccm. The application server must be a Tomcat or IIS server. Configuring BusinessObjects Enterprise for Network Address Translation when the application tier is separated from the CMS by a firewall includes: • • • • “Configuring the CMS” on page 191 “Configuring the BusinessObjects Enterprise servers” on page 192 “Configuring the hosts files” on page 193 “Specifying firewall rules for NAT” on page 194 Configuring the CMS 1. click Properties. On the toolbar.

replace FQDN with the fully qualified domain name of the machine that is running the server. 5. This machine must be routable from the application server. 4.config file to insert the following command line: -port FQDN:6400 -requestport portnum For the -port command. • • 1. 6. On the toolbar. By default the script and the ccm. Use ccm. substitute any valid free port number for portnum.sh to start the Central Management Server. 4. Click OK to return to the CCM. substitute any valid free port number for portnum.config file are installed in the Business Objects install directory. Edit the ccm. replace FQDN with the fully qualified domain name of the machine that is running the CMS. For the -requestport command. click Properties. If more than one server is installed on the same machine. 1. each server on that machine must use a unique port number. 3. add the following option: -port FQDN -requestport portnum For the -port command. Repeat for each BusinessObjects Enterprise server.sh. “To configure BusinessObjects Enterprise servers on Windows” on page 192 “To configure BusinessObjects Enterprise servers on UNIX” on page 192 To configure BusinessObjects Enterprise servers on Windows Start the CCM. Start the server. Stop the Central Management Server. Stop the server. To configure BusinessObjects Enterprise servers on UNIX Run ccm. 2. 3. 192 BusinessObjects Enterprise Administrator’s Guide . Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. 7. For the -requestport command. for example /export/home/ businessobjects. This machine must be routable from the application server. In the Command box.9 Working with Firewalls Configuring the system for firewalls 2.

4. BusinessObjects Enterprise Administrator’s Guide 193 . you must configure the hosts file so that the server can map the FQDN it receives from the Central Management Server (CMS) to an internally routable IP address. The hosts file is located at \WINNT\system32\drivers\etc\hosts. The procedure for configuring the hosts file is different for Windows and UNIX. Open the hosts file using an editor like vi. “To configure the hosts files on Windows” on page 193 “To configure the hosts files on UNIX” on page 193 To configure the hosts files on Windows Open the hosts file using a text editor like Notepad. The hosts file is located at \etc\hosts. Edit the ccm. Use ccm. replace FQDN with the fully qualified domain name of the machine that is running the server. Save the hosts file. Configuring the hosts files On each machine running a BusinessObjects Enterprise server. See: • • 1. For the -requestport command. If more than one server is installed on the same machine. 5. Use the internally routable IP address of the machine and its externally routable fully qualified domain name. substitute any valid free port number for portnum. each server on that machine must use a unique port number.Working with Firewalls Configuring the system for firewalls 9 2. 3. Stop the server. before consulting DNS. This is necessary to enable communication between servers inside the firewall. Repeat for each BusinessObjects Enterprise server. 1. 3. Follow the instructions in the hosts file to add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server or servers. Consult your UNIX systems documentation for details.config file to insert the following command line: -port FQDN -requestport portnum For the -port command. 2. To configure the hosts files on UNIX Note: Your UNIX operating system must be configured to first consult the hosts file to resolve domain names.sh to start the server. This machine must be routable from the application server.

Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise Server 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be one inbound firewall rule for each BusinessObjects Enterprise server behind the firewall. Save the hosts file. add a route from the translated IP address to the actual internal IP address: route add translatedIPaddress actualIPaddress 3. 4. Specifying firewall rules for NAT When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule. See “Configuring the CMS” on page 191. Add an entry for each machine behind the firewall that is running a BusinessObjects Enterprise server. On the firewall machine. Use the translated IP address of the machine and its fully qualified domain name. and actualIPaddress is the actual internal IP address for the a server. For details about the rules see: • • “Inbound Rules” on page 194 “Outbound Rules” on page 195 The fixed port numbers specified in the chart are the port numbers you specify for servers using -requestport. Whenever more than one server is installed on the same machine.9 Working with Firewalls Configuring the system for firewalls 2. each server on that machine must use a unique port number. Where translatedIPDaddress is the actual translated IP address. 194 BusinessObjects Enterprise Administrator’s Guide . and “Configuring the BusinessObjects Enterprise servers” on page 192 for details. consult your firewall documentation. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers For details of how to specify these rules.

This section includes: • • “Configuring packet filtering when application tier is separated from CMS” on page 196 “Configuring packet filtering when thick client is separated from the CMS” on page 198. then no special configuration is required for BusinessObjects Enterprise to communicate properly. Configuring NAT when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. or by using the Import or Publishing Wizards. However. Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server. follow the detailed steps in “Configuring NAT when application tier is separated from the CMS” on page 190 but: • • Configure only the Central Management Server and the Input File Repository Server. you need to configure them to communicate properly through the firewall. These listeners may initiate communication with the application server. For full instructions. if you separate BusinessObjects Enterprise components using packet filtering. this operation fails. Configuring for packet filtering If you use packet filtering only on the outer firewall of the DMZ. if there is a firewall between the computer running one of these thick clients and the Central Management Server (CMS). BusinessObjects Enterprise Administrator’s Guide 195 . You do not need to establish an outbound firewall rule.Working with Firewalls Configuring the system for firewalls 9 Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses Network Address Translation (NAT) is very similar to configuring your system to support a NAT firewall between the application tier and the Central Management Server. However.

Start the server. 2. See: • • 1. 4. For example: -port cmsport -requestport portnum If you change the default port number of the CMS you must perform additional system configuration. This includes: • • “Configuring the BusinessObjects Enterprise servers” on page 196 “Specifying firewall rules for packet filtering” on page 197 Configuring the BusinessObjects Enterprise servers The procedure for configuring the BusinessObjects Enterprise servers varies for Windows and UNIX. substitute any valid free port number for portnum. 6.sh. for example /export/home/ businessobjects. each server on that machine must use a unique port number.config file are installed in the BusinessObjects install directory. To configure BusinessObjects Enterprise servers on UNIX Run ccm. 5. where cmsport is the new port number for the default value of 6400. also add -port cmsport to the command line. “To configure BusinessObjects Enterprise servers on Windows” on page 196 “To configure BusinessObjects Enterprise servers on UNIX” on page 196 To configure BusinessObjects Enterprise servers on Windows Start the CCM. On the toolbar. Click OK to return to the CCM. 1. click Properties. 196 BusinessObjects Enterprise Administrator’s Guide .9 Working with Firewalls Configuring the system for firewalls Configuring packet filtering when application tier is separated from CMS If your firewall performs packet filtering. Stop the first server. Before changing the port number. Repeat for each BusinessObjects Enterprise server behind the firewall. Tip: If you want to customize the CMS so that it listens on a port other than the default. you must configure the CMS and every BusinessObjects Enterprise server inside the inner firewall to respond to communications from the application server on a fixed port. 7. If more than one server is installed on the same machine. see “Changing the default server port numbers” on page 140. 3. In the Command box. add the following option: -requestport portnum For the -requestport command. By default the script and the ccm.

If more than one server is installed on the same machine. substitute any valid free port number for portnum. each server on that machine must use a unique port number. For details about the rules see: • • “Inbound Rules” on page 198 “Outbound Rules” on page 198 The fixed port numbers specified in the chart are the port numbers you specify for the CMS and other BusinessObjects Enterprise servers using -requestport.config file to insert the following command line: -requestport portnum For the -requestport command. Repeat for each BusinessObjects Enterprise server.sh to start the server. see “Changing the default server port numbers” on page 140. If you change the default port number of the CMS you must perform additional system configuration. consult your firewall documentation. Stop the server.Working with Firewalls Configuring the system for firewalls 9 2. The outbound rule is needed because the application server may register listeners with any of the BusinessObjects Enterprise servers. BusinessObjects Enterprise Administrator’s Guide 197 . Use ccm. 4. For details of how to specify these rules. Specifying firewall rules for packet filtering When there is a firewall between the application server and the rest of the BusinessObjects Enterprise servers you need to specify the inbound access rules and one outbound rule. Before changing the port number. 5. Tip: If you want to customize the CMS so that it listens on a port other than the default. Edit the ccm. also add -port 6400 to the command line. substituting your new port number for the default value of 6400. 3.

Whenever more than one server is installed on the same machine. However. each server on that machine must use a unique port number.9 Working with Firewalls Configuring the system for firewalls Inbound Rules Source Computer Application server Application server Application server Any Any Port Any Any Any Any Any Destination Computer Port CMS CMS Other BusinessObjects Enterprise server CMS Other BusinessObjects Enterprise servers 6400 Action Allow Allow Allow Reject Reject fixed fixed Any Any Note: There must be an inbound firewall rule for each BusinessObjects Enterprise server behind the firewall. 198 BusinessObjects Enterprise Administrator’s Guide . Configuring your BusinessObjects Enterprise system to support this configuration when the firewall uses packet filtering is very similar to configuring your system to support a packet filtering firewall between the application tier and the Central Management Server (CMS). Configuring packet filtering when thick client is separated from the CMS You can publish reports or analytic objects to BusinessObjects Enterprise by saving these objects to BusinessObjects Enterprise from within Crystal Reports or OLAP Intelligence. Outbound Rules Source Computer Machines hosting BusinessObjects Enterprise server Port Any Destination Computer Port Application server Any Action Allow This outbound rule is needed because the application server may register listeners on servers behind the firewall. follow the detailed steps in “Configuring packet filtering when application tier is separated from CMS” on page 196 but: • Configure only the Central Management Server and the Input File Repository Server to use fixed port numbers for communication. or by using the Import or Publishing Wizards. These listeners may initiate communication with the application server. if there is a firewall between the computer running one of these thick clients and the CMS. this operation fails. For full instructions.

There is limited support of SOCKS for the UNIX installation of BusinessObjects Enterprise. we recommend you switch to a different firewall method. Note: The EBUS layer of the Java SDK does not support communications using the SOCKs protocol. BusinessObjects Enterprise provides direct support for SOCKS proxy server firewalls on Windows installations that use the BusinessObjects Enterprise . BusinessObjects Enterprise Administrator’s Guide 199 .NET SDK. The means that applications written using the Java SDK cannot be on the outside of a firewall from any components that must be accessed. so you don’t need to configure them separately. BusinessObjects Enterprise requires that the CMS and the remaining server components are not separated from one another by firewalls. You do not need to establish an outbound firewall rule. You can configure the Web Component Adapter to communicate through a SOCKS server. As a result SOCKS proxy servers are still supported in BusinessObjects Enterprise XI. if the only means of traversing the firewall is using the SOCKs protocol. but the Java SDK has no support for SOCKS. but you cannot use JSP pages through a SOCKS firewall. or for a Windows installation that uses the BusinessObjects Enterprise Java SDK. complete these steps regardless of the location of your SOCKS server(s). Configuring the WCA for SOCKS servers When configuring your WCA for SOCKS. SOCKS proxy servers will be deprecated in a future release of BusinessObjects Enterprise. If you are using SOCKS proxy servers now. as required. Therefore only perform the test cases that utilize socks when using IIS on a windows deployment This list describes when to use the procedures that are provided in the remainder of this section: • • Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the WCA from the CMS. Therefore you may be able to configure your system to support a custom CSP application and SOCKS. Configuring for SOCKS servers Note: Business Objects will be moving away from supporting SOCKS proxy servers.Working with Firewalls Configuring the system for firewalls 9 • Establish inbound firewall rules for communication between the Crystal Reports or OLAP Intelligence machine and the CMS and Input File Repository Server. The remaining server components automatically obtain their SOCKS configuration from the CMS.

For details. and then enter your user name and password. 8. 7. 1. Start the BusinessObjects Enterprise server components. 200 BusinessObjects Enterprise Administrator’s Guide . Click OK.” on page 602. click Add. Select the CMS and. 3. select the authentication check box. Select the SOCKS version that you are running (Ver 4 or Ver 5). 9.9 Working with Firewalls Configuring the system for firewalls Configuring the CMS for SOCKS Servers Complete these steps if one or more SOCKS servers separate the application server from the CMS. On the Connection tab. type the Server Name or IP Address of your SOCKS server. Configuring the WCA for SOCKS servers Complete these steps if one or more SOCKS servers separates the Web Component Adapter (WCA) from the Central Management Server (CMS). To configure the CMS on Windows Start the CCM. To configure the CMS on UNIX The UNIX version of BusinessObjects Enterprise includes a utility that allows you to configure BusinessObjects Enterprise servers to work with SOCKS servers. These steps provide the WCA with the required information about each SOCKS server. 10. The remaining BusinessObjects Enterprise servers automatically obtain their SOCKS configuration from the CMS. 5. 4. so you don’t need to configure them separately. as required. on the toolbar. Then click Up and Down to order the SOCKS servers from the outermost (closest to the application server or Web Component Server) to the innermost (closest to the CMS). see “Scalability overview” on page 158. In the Server Port field. see “For more information about each of these topics. 2. repeat steps 4 to 8 for each additional server. click Properties. If you are using version 5 and you would like to secure access to the server. type the number of the port that the SOCKS server is listening on. 6. in order. from the outermost to the innermost. In the SOCKS Proxy dialog box. including the Central Management Server. Click OK in all three dialog boxes to return to the CCM. If you have more than one SOCKS server. Stop all of the Business Objects servers.

User:Password@SOCKSserver:Port/ CMSmachine:Port c. see “sockssetup. To configure the WCA on Windows Add the SOCKS information to the WCA. 2. Repeat step 3 for all the BusinessObjects Enterprise server. Double-click the CMS.sh script to configure the BusinessObjects Enterprise servers and WCA to work with the SOCKS servers. b. “To configure the WCA on UNIX” on page 201 “To configure the WCA on Windows” on page 201 To configure the WCA on UNIX Run the sockssetup. Enter the SOCKS information.xml.socksUri” value-“*”/> Add the following SOCKS server information: *Socks://Version. Go to the line: <add key=”connection.war to insert a SOCKS URI (universal resource identifier). Configure the BusinessObjects Enterprise server: BusinessObjects Enterprise Administrator’s Guide 201 . d. b.xml deployment descriptor file associated with the webcompadapter. Start the CCM. 3.config. Stop the CMS. 1. The innermost SOCKS server is the last SOCKS server that the WCA communicates with before the CMS. Edit the file C:\Inetpub\wwwroot\Web. Click Configuration tab. a. See: • • 1.Working with Firewalls Configuring the system for firewalls 9 The outermost SOCKS server is the one closest to the web server. This URI tells your WCA how to contact the CMS through your SOCKS server(s). Start the server again. f. For details. e. The Properties dialog box appears. g. See “Configuring the Web Component Adapter” on page 89 for details on editing web. The procedure for configuring the WCA is different for Windows and Unix.sh” on page 603. a. c. Save the file. Edit the web.

9 Working with Firewalls Configuring the system for firewalls 202 BusinessObjects Enterprise Administrator’s Guide .

Managing Auditing chapter .

Each server writes audit records to a log file local to the server. As the auditee. How does auditing work? The Central Management Server (CMS) acts as the system auditor. This information lets you be more proactive in managing the operation and deployment of your BusinessObjects Enterprise system. To ensure that the time stamps of actions on different servers are consistent. Then you must enable auditing of that action in the Servers management area of the Central Management Console. Having information about who is using your system and which objects they are accessing allows you to answer system-level questions like “which groups within the company use our BusinessObjects Enterprise system the most?” or “how many concurrent user licenses are we using at any given time?” Auditing also allows you to better administer individual user accounts and reports by giving you more insight into what actions users are taking and which reports they are accessing. When the CMS receives these records it writes data from the log files to the central auditing database. As the auditor. they make a correction to the time stamp they record in their log files for subsequent audit actions. If differences exist. the BusinessObjects Enterprise server will then begin to record these audit actions in a local log file. At regular intervals the CMS communicates with the auditee servers to request copies of records from the auditee’s local log files. The CMS also controls the synchronization of audit actions that occur on different machines. you must first determine which server controls that action. To audit an action in BusinessObjects Enterprise. The auditees then compare this time to their internal clocks. while helping you better evaluate the value that BusinessObjects Enterprise provides to your organization. Each auditee provides a time stamp for the audit actions that it records in its log file. the CMS controls the overall audit process. the CMS periodically broadcasts its system time to the auditees. while each BusinessObjects Enterprise server that controls actions that you can monitor is an auditee.10 Managing Auditing Auditing overview Auditing overview Auditing allows you to monitor and record key facts about your BusinessObjects Enterprise system. 204 BusinessObjects Enterprise Administrator’s Guide . Once the data is in the auditing database you can run pre-configured reports against the database or design custom reports to suit your own needs.

access data. (For a complete list of auditable actions. BusinessObjects Enterprise Administrator’s Guide 205 . The CMS acts as both an auditor and as an auditee when you configure it to audit an action that the CMS itself controls. If the machine that is running this CMS fails. BusinessObjects Enterprise records the time of the action. It is organized according to the types of actions that you can audit. or to answer more complex queries such as “how many concurrent licenses are we using at a given time?”. Once you have collected this data. another CMS from the cluster will take over and begin acting as auditor. and the data that is recorded for each audit action. see “Reference list of auditable actions” on page 205). For step by step instructions on how to enable audit actions. see “Enabling auditing of user and system actions” on page 210.Managing Auditing Auditing overview 10 Note: • • • You must configure the auditing database on the CMS before you can begin to audit. or create file-based events. Which actions can I audit? You can use auditing to track the actions of individual users of BusinessObjects Enterprise as they log in and out of the system. see the “Auditing database schema reference” on page 218. and a variety of other parameters more fully documented in “Auditing database schema reference” on page 218. the server where it was performed. See “Configuring the auditing database” on page 209. to help you find the server where you enable auditing of these actions. See “Using sample audit reports” on page 214 or “Creating custom audit reports” on page 217 for more information. you can use a custom or pre-configured report to view the raw data. the cluster will nominate one CMS to act as system auditor. You can also monitor system actions like the success or failure of scheduled objects. the name and user group of the user who initiated the action. For each action. For more information about the actions that are audited. Reference list of auditable actions This list contains a complete list of the audit actions you can enable in BusinessObjects Enterprise. In a CMS cluster.

BusinessObjects Enterprise Server CMS Crystal reports A folder is modified. or as they edit an existing Web Intelligence document. Save document to repository. A report fails to save using a custom application based on the RAS API. Selection of universe. a custom application that uses RAS SDK. (The name. RAS A report fails to open. A report has been created successfully using: • a custom application that uses the RAS SDK. Get list of universes. A folder is deleted. which triggers a request to the server for the list of available universes. Cache Server A report could not be viewed. location. Read Document. 206 BusinessObjects Enterprise Administrator’s Guide . A report fails to be created.) A report has been viewed successfully. or description of a folder is modified. A report is saved successfully (using a custom application based on the RAS SDK). User opens an existing Web Intelligence document. Web Intelligence Web Report Server Intelligence • A user has begun creating a new Web Intelligence documents document. A user has selected a universe as they create a new Web Intelligence document. • • • A user has saved a Web Intelligence document within BusinessObjects Enterprise. • • A report is opened successfully using: the Advanced DHTML viewer.10 Managing Auditing Auditing overview User Actions Actions Folders A folder is created.

A user’s password is changed. A named user logon succeeds. Edit document.) A job failed but will try to run again.Managing Auditing Auditing overview 10 Actions Refresh document. • User drills past the scope of the data currently in memory. • Users A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document. Web Intelligence • User manually refreshes a Web Intelligence documents document. (A user has successfully sent an object to a destination.) A job has failed to run. Drill out of scope. A user logon fails. CMS Send an object to a destination Destination Job Server BusinessObjects Enterprise Administrator’s Guide 207 . BusinessObjects Enterprise Server Web Intelligence Report Server • • User enters “Edit document” mode for an existing Web Intelligence document. Get page. Generate SQL. (An object has failed to be sent to a destination. and triggers a call to the database for more data. • Server generates an SQL query in response to a user action that requires data to be retrieved from a database. • Server renders the pages of a Web Intelligence document in response to a user request to display all or part of a document. Apply format. User logs off. A concurrent user logon succeeds. A job has been run successfully. User applies a formatting change to an existing Web Intelligence document in a query panel. List of values. or the user opens a Web Intelligence document that is set to “refresh on open”.

a scheduled Crystal report has run successfully. or filename of an event is modified. Tip: To audit every failure of a scheduled Crystal report. (Event is removed from system. enable auditing of “A job has failed to run” on the Job Server. Event Server 208 BusinessObjects Enterprise Administrator’s Guide . and the scheduled time for running the report expired. a scheduled Crystal report has failed to run because communication with the instance was lost. a scheduled program.” on the Central Management Server.) An event is unregistered. or a scheduled List of Values. a scheduled Crystal report has failed to run. For example.) System Actions Actions Scheduled objects BusinessObjects Enterprise Server A job has been run successfully.10 Managing Auditing Auditing overview Actions File-based events BusinessObjects Enterprise Server An event is registered. An event is triggered. and registered with system) An event is updated. Job Servers For example. For example. (The name. A job has failed to run. Communication with a running instance is lost. description. A job failed but will try to run again. Event Server (Event is created. CMS File-based events Note: You do not need to enable this option to audit every failure of a scheduled Web Intelligence document. and “Communication with a running instance is lost.

Note: • The CMS system database and the auditing database are independent. 4. contact your database administrator for more information. If you choose. In the Select Database Driver dialog box. 5. specify whether you want to connect to the new database through SQL Server (ODBC). then click OK. It is recommended that you develop a back up strategy for your auditing database. or you can install these databases on separate servers. provide your database credentials and click OK. The remaining steps depend upon the connection type you selected: • 1. 6. 3. you must configure your Central Management Server to connect to an auditing database. using the same connection method and the same connection name. • If you selected ODBC. (Click New to configure a new DSN. which only recognizes System DSNs. Click Specify Auditing Data Source. If necessary. Stop the CMS. BusinessObjects Enterprise Administrator’s Guide 209 . the Windows “Select Data Source” dialog box appears. Click OK. See the Platforms. Note that connection names are case sensitive. Select the ODBC data source that you want to use as the auditing database. (See “Installing a new CMS and adding it to a cluster” on page 94 for more information on CMS clusters.Managing Auditing Configuring the auditing database 10 Configuring the auditing database Before you audit actions within BusinessObjects Enterprise. When prompted.) To configure the auditing database on Windows Start the Central Configuration Manager (CCM). and not a User DSN or File DSN. or through one of the native drivers. If you have a CMS cluster.) Use a System DSN. By default. server services are configured to run under the System account. You can use any database server supported for the CMS system database for your auditing database.txt file included with your product distribution for a complete list of tested database software and version requirements. you can use different database software for the CMS system database and the auditing database. 2. every CMS in the cluster must be connected to the same auditing database.

if you are interested in the total number of concurrent user logons.sh to start the CMS. and then go to the Configuration tab. If you enable auditing on only one Central Management Server. you are prompted for your database Server Name. select Properties. 6. 210 BusinessObjects Enterprise Administrator’s Guide . 2. For example. 7. Then you must enable auditing on the server from the Servers management area of the Central Management Console (CMC). 4. your Login ID. it will create the auditing database. Enter the port number of the CMS when prompted (the default value is 6400). Start the CMS. 8. 5. Provide this information and then click OK. you will only collect audit information about actions that occur on that server. Use ccm.10 Managing Auditing Enabling auditing of user and system actions • If you selected a native driver. Note: You can also configure the auditing database using the Properties option for the CMS. Enabling auditing of user and system actions To audit an action in BusinessObjects Enterprise you must first determine which BusinessObjects Enterprise server controls the action. Select the CMS. Stop the CMS. it will create the auditing database. Choose the selectaudit option. Run cmsdbsetup. and then supply the requested information about your database server.sh. 1. Select “Write server audit information to specified data source”. The SvcMgr dialog box notifies you when the auditing database setup is complete. enable auditing of concurrent user logons on each of your Central Management Servers. and then click Specify. and enable auditing. 7. and your Password. Use ccm.sh. Choose the “Modify a server” option. Run serverconfig. When the CMS starts. 3. Click OK. When the CMS starts.sh to stop the CMS. Doing so ensures that you collect information on all user or system actions in your BusinessObjects Enterprise system. To configure the auditing database on UNIX For more information on UNIX scripts. If you have multiple BusinessObjects Enterprise servers of a given type. see “UNIX Tools” on page 597. be sure to enable identical audit actions on every server.

Select the Auditing is enabled check box. Click the Auditing tab. Ensure that your audit log file is located on a hard drive that has sufficient space to store the log files. 6. 4. To enable audit actions Go to the organize Servers area of the CMC. it is not necessary to enable auditing on every Job Server in your system. 1. 2. You only need to enable auditing on the Job Server where the reports are processed. (See “Optimizing system performance while auditing” on page 213 for information on adjusting the size of log files.Managing Auditing Enabling auditing of user and system actions 10 In some special cases you may wish to enable auditing on only one server of a given type. See “Configuring the auditing database” on page 209 for instructions.) Click Update. Select the audit actions that you wish to record. if you are interested in the success or failure of only one kind of scheduled report and you have configured your system so that these reports are processed on one particular Job Server. (See the “Reference list of auditable actions” on page 205 to find the correct server. 7. Note: You must configure the auditing database before you can collect data on audit actions. Click the server that controls the action that you wish to audit. For example. Tip: BusinessObjects Enterprise Administrator’s Guide 211 .) 3. 5.

Only one CMS in the cluster acts as the auditor. However. and “Communication with a running instance is lost. you must enable logging of concurrent logons on every Central Management Server in your system. Auditing is enabled independently on each server. Otherwise your audit record will be incomplete. apply the same command-line options to each server. This correction affects only the time stamp that the auditee records in its audit log file. For more accurate and robust time synchronization. if you want to track the total number of concurrent logons to your BusinessObjects Enterprise system. If these options are different than those of the original auditor. and then make the appropriate correction to the time stamp (in UTC) they record for subsequent audit actions. another CMS takes over auditing. the CMS broadcasts its system time every 60 minutes. This built-in method of time synchronization will be accurate enough for most applications. The CMS periodically broadcasts its system time to the auditees in UTC (Coordinated Universal Time). The auditees compare this time to their internal clocks. By default. configure the auditee and auditor machines to use an NTP (Network Time Protocol) client. enable auditing of “A job has failed to run” on the Job Server. This CMS will apply its own command-line options.” on the Central Management Server. For example. or a scheduled List of Values. audit behavior may not be what you expect. For more information. if this CMS fails.10 Managing Auditing Controlling synchronization of audit actions • To audit every failure of a scheduled Crystal report. If you want to audit all actions of a given type. 212 BusinessObjects Enterprise Administrator’s Guide . The auditee does not adjust the system time of the machine on which it is running. enable identical audit actions on every server that supports those actions. and then turn off internal synchronization by setting -AuditeeTimeSyncInterval 0 Tip: If you have a CMS cluster. • Controlling synchronization of audit actions The CMS controls the synchronization of audit actions that occur on different machines. a scheduled program. see “Central Management Server” on page 586 in “Server Command Lines” on page 583. You can change the interval using the command-line option -AuditeeTimeSyncInterval minutes You can turn off this option by setting minutes to zero.

However. Alternatively. you can choose a short audit interval and a large audit batch size. (The default value is 200. In this case. (The default value is 5. Choosing these options minimizes the impact that auditing has on the performance of BusinessObjects Enterprise. where number is between 50 and 500. You can use these options to optimize audit performance to meet your needs. you can optimize system performance by fine-tuning these command-line options: • • • -AuditInterval minutes. if you frequently need up-to-date information about audited actions. thereby increasing the length of time that it takes these records to get transferred to the central auditing database. Changing each of these options has a different impact on system performance. Note: Log files remain on the audited server until all records have been requested by the CMS. these options can create a backlog of records stored in audit log files. However.) The CMS requests this fixed number of records from each audited server. For example. The maximum number of records that an audited server will store in a single audit log file. Increasing the maximum number of audit events stored in each audit log file reduces the number of file open and close operations performed by audited servers. In this case you can choose to increase the audit interval.Managing Auditing Optimizing system performance while auditing 10 Optimizing system performance while auditing Enabling auditing should have minimal effect on the performance of BusinessObjects Enterprise. However. every time interval. BusinessObjects Enterprise Administrator’s Guide 213 . For example. choosing these options may have an impact on the performance of BusinessObjects Enterprise. When this maximum value is exceeded. the server opens a new log file. increasing the audit interval reduces frequency with which the CMS writes events to the auditing database. all audit records are quickly transferred to the auditing database. and to decrease the number of audit records in each batch. -auditMaxEventsPerFile number (number has a default value of 500 and must be greater than 0). and you can always report accurately on the latest audit actions. -AuditBatchSize number.) The CMS requests audit records from each audited server every audit interval. where minutes is between 1 and 15. depending upon activity levels in your system. Decreasing the audit batch size decreases the rate at which records are moved from the audit log files on the audited servers to the auditing database. you may only need to review audit results periodically (weekly. for example).

You can now use the sample reports to view auditing data collected about user and system actions on your installation of BusinessObjects Enterprise. Publish the sample audit reports to the “admin reports” folder within BusinessObjects Enterprise. Next configure an auditing database. The sample audit reports were created using a ODBC connection to a database server named AuditData (that is. but means that at times your audit reports may not contain records of the most recent audit actions. 1. go to the Folders management area of the Central Management Console (CMC). and a database called AuditData. Click Report Samples. (The sample audit reports are in Samples > Reports > AdminReports on your product CD. Using sample audit reports BusinessObjects Enterprise ships with several sample audit reports created using Crystal Reports. the DSN was AuditData). 214 BusinessObjects Enterprise Administrator’s Guide .10 Managing Auditing Using sample audit reports This backlog is cleared at times of low system activity (such as overnight. They are available on your product CD. see “Server Command Lines” on page 583. Finally. first publish them to BusinessObjects Enterprise. Note: If you have recently enabled auditing. For more information on changing command-line options. Note: To create this folder. If you have not already configured your auditing database. To use sample audit reports Create a folder called “admin reports” inside the Report Samples folder to hold the sample auditing reports. 3. or you can use a database server name and database name of your choice. and then enable auditing of the user and server actions needed to provide data for the sample reports. see “Publishing Objects to BusinessObjects Enterprise” on page 373. or over a weekend). 2. and then click New Folder. You can create an auditing database that uses these names. do so now. ensure that the sample reports are configured to use database connection information valid for your auditing database. To use these sample reports.) For more information about publishing. See “Configuring the auditing database” on page 209 for instructions. the sample audit reports may contain little or no data the first time you view them.

Click Report Samples. 7. Enable auditing of the actions that are included in the sample audit report. BusinessObjects Enterprise Administrator’s Guide 215 . Note: The description of the sample reports indicates which audit actions to enable for each report. Go to the Servers management area of the CMC. See “Enabling auditing of user and system actions” on page 210 for instructions. 5. then admin reports to display the list of sample audit reports. 6.Managing Auditing Using sample audit reports 10 4. Go to the Folders management area of the CMC. select the Central Management Console (CMC). BusinessObjects Enterprise will now begin to collect data on audit actions. From the Crystal Enterprise Admin Launchpad.

click the Database link. click “Use custom database logon information specified here. Click the name of a report that you want to use. or database logon information for your auditing database are different than the values originally specified for the sample report.10 Managing Auditing Using sample audit reports 8. database name. Configure the report to use your auditing database. from the Process tab. If the server name. 9.” 216 BusinessObjects Enterprise Administrator’s Guide . then.

16. Consult the Designer’s Guide and the Web Intelligence guides for details. From the Process tab. 11.Managing Auditing Creating custom audit reports 10 10. Alternatively. With this information. 14.See your Crystal Reports User’s Guide for full instructions on creating reports. Type the Server name (DSN) and Database name that you specified for your auditing database. where DatabaseName is the name of the database that you specified above. 13. Click Update. in the box. Type a User name and Password for a user with administrative rights to the auditing database. Creating custom audit reports This section contains information to help you understand the auditing database and the information it records about audit actions. and then type DatabaseName.dbo. click the Parameters link. The sample audit report is now configured to use your auditing database as its data source. you can use Crystal Reports to create custom audit reports of user and system actions. Click the value of any parameter to specify a default value for that parameter. Click Update. 12. so that you can create your own Web Intelligence documents. You may now view the report in BusinessObjects Enterprise. Click Specify a custom table prefix. Make sure you select the same database driver that you used when configuring the auditing database. BusinessObjects Enterprise Administrator’s Guide 217 . or to indicate that the user should be prompted for a parameter value when the report is run. 15. you may wish to use Designer to create a universe against the auditing database.

Time for start of action in UTC (Coordinated Universal Time) to the nearest millisecond. Duration. and includes any correction necessary to synchronize with CMS time. as shown in the following entityrelationship diagram. Audit_Event table This table stores one record per action that is audited. Combined with Server_CUID to form the primary key for the Audit_Event table. in seconds. A unique ID generated by the server to identify the audit event. Field Server_CUID Description Server process ID. Name of user who performed the action.10 Managing Auditing Creating custom audit reports Auditing database schema reference The Audit database contains six tables. Combined with the Event_ID to form the primary key for the Audit_Event table. The time stamp is created by the server recording the action in its log file. You may want to correct this time to your local time zone when creating audit reports. Event_ID User_Name Start_Timestamp Duration 218 BusinessObjects Enterprise Administrator’s Guide . of the action that is audited.

Event_ID Detail_ID Detail_Type_ID Detail_Text BusinessObjects Enterprise Administrator’s Guide 219 . Foreign key for the Detail_Type table. the first will have a Detail_ID of 1. and the second will have a Detail_ID of 2. Information about the audit detail being recorded. For example. Combined with Server_CUID and the Detail_ID to form the primary key for the Audit_Detail table. if the Detail_Type_Description were “universe name”. when a user logon fails. Combined with the Event_ID and the Detail_ID to form the primary key for the Audit_Detail table.Managing Auditing Creating custom audit reports 10 Field Event_Type_ID Description Number that uniquely identifies the type of action the entry represents. Foreign key for the Event_Type table. Field Server_CUID Description Server process ID. A unique ID generated by the server to identify the audit event. Field reserved for error codes generated by the Web Intelligence Report Server. the reasons for that failure are recorded as audit details. Number that uniquely identifies the type of detail about the audit action that the entry represents. For example. the detail text would contain the name of that universe. Info Object ID of object associated with the action. Object_CUID Error_Code Audit_Detail table The Audit_Detail table records more information about each audit action recorded in the Audit_Event table. That is. This number uniquely identifies an object. if there are two details associated with a particular audit action. There may be more than one record in this table for each audit action recorded in the Audit_Event table. The Detail_ID field is used to number the individual details associated with each audit action.

servertype. This table provides information roughly equivalent to that provided by AuditIDs and AuditStrings in Crystal Enterprise 10. Primary key for the Server_Process table. 220 BusinessObjects Enterprise Administrator’s Guide . Server_Version Version of BusinessObjects Enterprise on server that produced the action. the host name. Foreign key to the Application_Type table. The default friendly name is hostname. these events are ordered according to the server that generates each type of event. That is. Field Server_CUID Server_Name Description Server process ID. Field Event_Type_ID Description Number that uniquely identifies the type of audit event that the entry represents. The server’s friendly name is the name displayed in the CMC. Event_Type table reference The following tables list the Event_Type_ID and Event_Type_Description of all events that can be audited in your system. Event_Type_Description Description of the type of audit event.10 Managing Auditing Creating custom audit reports Server_Process table The Server_Process table contains information about the servers running within your BusinessObjects Enterprise system which can generate audit events. Machine name of the server that produced the action. Event_Type table The Event_Type table contains a static list of the kinds of events that can be audited in your BusinessObjects Enterprise system. that generated the audit action. Application_Type_ID A unique ID that identifies the type of application Server_FullName Friendly name of the server that produced the action. For your convenience.

Note that this audit string will be recorded when a user account (and therefore the user’s folder) is deleted. New folder created. but was not successful. The name. using a concurrent user license. Job failed. User attempted to view a Crystal report.Managing Auditing Creating custom audit reports 10 CMS audit events Event_Type_ ID Event_Type_Description Description 65537 65538 65540 65541 65539 65542 Concurrent user logon succeeded. Note: This action must be audited by the CMS as Job Servers are not aware of losing communications with a job. Logon failed because there was no valid license key available. Note that this audit string will not be recorded when a new user account is created. even though creating a user creates a user folder. The user logged on successfully. and the scheduled time for running the job expired. A scheduled report or scheduled program failed to run because communication with the running instance was lost. User password has been changed. Reason: Unresponsive Job Server Child process. User logon failed. or description of the folder was changed. using a named user license. Named user logon succeeded. or an existing folder is copied. A folder is deleted. BusinessObjects Enterprise Administrator’s Guide 221 . The user logged on successfully. User logged off. A new folder is created. A report could not be viewed. Description User successfully viewed a Crystal report that has saved or live data. 65543 Folder deleted. 65544 65545 Folder modified. location. Cache Server audit events Event_Type_ ID Event_Type_Description 196609 196610 Crystal report viewed successfully.

Events are updated when a user modifies the name or description of the file-based event. The object ran as scheduled (or requested) and the job completed successfully. For more information on scheduling jobs. Job failed. The scheduled job did not complete successfully. the audit messages give you information on whether an object was sent to a destination. For example. The scheduled job did not complete successfully. or by the system. the audit messages can tell you if a scheduled report ran successfully. see “Scheduling objects” on page 466. Job will be retried by the CMS. For the Destination Job Server. The job will be retried by the CMS at a later time.10 Managing Auditing Creating custom audit reports Job Server audit events For scheduled objects. 327682 327683 Job failed. Event object was modified by a user. User deletes a file-based event. Event Server audit events Event_Type_ ID Event_Type_Description Description 262145 Event registered User creates a file-based event that can be used to schedule objects. File-based event was initiated. the audit messages give you information about the status of scheduled actions. Event_Type Event_Type_Description Description _ ID 327681 Job successful. 262146 262147 Event unregistered Event updated 262148 Event triggered 222 BusinessObjects Enterprise Administrator’s Guide . as requested by a user.

458756 Report could not be opened. you may see this message when the database driver for the report is not present on the client machine A processing extension associated with the report aborts viewing. The report used Business Views and the user did not have permissions to refresh the underlying data connections. Event_Type_ ID Event_Type_Description 458753 Description Report was opened for User opened a report for viewing or viewing and/or modification modification. Note: In a few cases. There are problems with the database setup for the report. An existing report was saved. Note: This Event_Type_ID is generated when a custom application created using the RAS SDK saves a report (using the Save method). Consult your RAS SDK documentation for details. Consult your RAS SDK documentation for details. The report could not be opened by the RAS. This may occur when: • • • • 458754 Report was saved to the CMS. or fails.Managing Auditing Creating custom audit reports 10 Report Application Server audit events The Report Application Server (RAS) is used to view reports opened with the Advanced DHTML viewer. For example. BusinessObjects Enterprise Administrator’s Guide 223 . this Event_Type_ID may be generated when the report opens but cannot be viewed. and to create reports using custom applications developed with the RAS SDK. The machine running the RAS ran out of space in its temporary directory. A new report was created and saved. Note: 458755 Report was created and saved to the CMS • This Event_Type_ID is generated when a custom application created using the RAS SDK saves a new report (using the Save As method).

19 Document refresh 21 List of values 22 28 40 Edit document Apply format Get page 224 BusinessObjects Enterprise Administrator’s Guide . A list of values is retrieved from the database to populate a picklist associated with a prompt used to filter the data in a document. Description An existing report could not be saved by RAS. 458758 Report could not be created in the CMS. Consult your RAS SDK documentation for details. Web Intelligence Report Server audit events Event_Type_ ID Event_Type_Description Description 6 9 11 13 Get list of universes Save document to repository Read document Selection of universe User accesses a list of universes as part of a document creation workflow. in a query panel. User manually refreshes a Web Intelligence document. User action results in a request to server to generate the necessary data and layout to display all or part of a Web Intelligence document. User saves a Web Intelligence document to BusinessObjects Enterprise. Note: This Event_Type_ID is generated when a custom application created using the RAS SDK cannot save a new report (using the Save As method). or user opens a Web Intelligence document that has the “refresh on open” document property assigned. User has moved into Edit document mode.10 Managing Auditing Creating custom audit reports Event_Type_ ID Event_Type_Description 458757 Report could not be saved to the CMS. This event occurs when a user opens the query panel. User selects a universe as part of a document creation workflow. User opens an existing Web Intelligence document. A newly created report could not be saved by RAS. User applies a formatting change to a document.

Managing Auditing Creating custom audit reports 10 Event_Type_ ID Event_Type_Description Description 41 42 Generate SQL Drill out of scope Appears when a user refreshes a document. and triggers a call to the database for more data. the applications that can be audited are servers. User drills past the scope of the data currently in memory. Application_Type_Description Application_Type table reference Application_Type_ID Application_Type_Description 1 8 11 12 13 14 15 16 18 19 Unknown Application Web Intelligence Report Server Central Management Server (CMS) Cache Server Report Job Server Report Application Server (RAS) Event Server Program Job Server Destination Job Server Web Intelligence Job Server BusinessObjects Enterprise Administrator’s Guide 225 . Field Name Application_Type_ID Description A unique ID that identifies the type of application that generated the audit action. The description of the application generating the audit event. In BusinessObjects Enterprise XI. Application_Type table The Application_Type table contains a static list of the applications that can produce audit events.

For example. 226 BusinessObjects Enterprise Administrator’s Guide . These reasons are listed as entries in the Detail_Type table. Field Detail_Type_ID Detail_Type_Description Description Number that uniquely identifies the type of audit detail that the entry represents. The information in the Detail_Type table is equivalent to the information that was recorded in variable AuditStrings in Crystal Enterprise 10. The description of the type of audit detail generated by the audit event. a user logon can fail for a number of different reasons.10 Managing Auditing Creating custom audit reports Detail_Type table The Detail_Type table contains a static list of the standard details that can be recorded about audited events.

BusinessObjects Enterprise Security Concepts chapter .

To allow for further customization of security. this chapter does not provide explicit procedural details. for monitoring and auditing purposes. this chapter details the security features and related functionality to show how the framework itself enforces and maintains security. For procedures that show how to set object rights for your BusinessObjects Enterprise content. For procedures that show how to set up authentication. The current release supports features such as distributed security. passwords. And. Related topics: • • • For key procedures that show how to modify the default accounts. BusinessObjects Enterprise supports dynamically loaded processing extensions. and third-party Windows NT. see “Making initial security settings” on page 43.11 BusinessObjects Enterprise Security Concepts Security overview Security overview The BusinessObjects Enterprise architecture addresses the many security concerns that affect today’s businesses and organizations. Because BusinessObjects Enterprise provides the framework for an increasing number of components from the Enterprise family of Business Objects products. This section describes the authentication and authorization processes in order to provide a general idea of how system security works within BusinessObjects Enterprise. As such. and Windows AD authentication in order to protect against unauthorized access. Each of the components and key terms is discussed in greater detail later in this chapter. LDAP. single sign-on. it focuses on conceptual information and provides links to key procedures. BusinessObjects Enterprise allows you to log various web statistics. granular object rights. users. instead. and authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. resource access security. and other security settings. 228 BusinessObjects Enterprise Administrator’s Guide . see “Managing User Accounts and Groups” on page 249. thus enabling you to detect potential security concerns. and groups. Authentication and authorization Authentication is the process of verifying the identity of a user who attempts to access the system. see “Controlling User Access” on page 315.

depending upon which type(s) you have enabled and set up in the Authorization management area of the Central Management Console (CMC). Alternatively. the authentication and authorization processes may vary from system to system. If the security plug-in reports a successful match of credentials (including a match to an appropriate group membership for Windows NT. If you are developing your own BusinessObjects Enterprise end-user or administrative applications using the BusinessObjects Enterprise Software Development Kit (SDK). see “Available authentication types” on page 252. the SDK ensures that the BusinessObjects Enterprise security plug-in performs the authentication. this session consumes one user license on the system. the SDK uses the corresponding security plug-in to authenticate the user. This section uses InfoView as a model and describes its default behavior.BusinessObjects Enterprise Security Concepts Authentication and authorization 11 Because BusinessObjects Enterprise is fully customizable. The WCA stores the user’s information in memory in a WCA session variable. or Windows AD authentication. Windows AD. The authentication type may be Enterprise. or Windows AD Authentication.aspx and runs the script. The Central Management Server (CMS) uses the BusinessObjects Enterprise security plug-in to verify the user name and password against the system database. The WCA passes the user’s information to logon. if the user specifies Windows NT. While active. Windows NT. For procedures that show how to set up the different authentication types. LDAP. ultimately. Primary authentication Primary authentication occurs when a user first attempts to access the system. For complete details. Internally. BusinessObjects Enterprise Administrator’s Guide 229 . or LDAP authentication). The user provides a user name and password and specifies an authentication type. While active. this script communicates with the SDK and. this session stores information that allows BusinessObjects Enterprise to respond to the user’s requests. see the developer documentation available on your product CD. which routes the information to the Web Component Adapter (WCA). The user’s web browser sends the information by HTTP to your web server. For instance. the appropriate security plug-in to authenticate the user against the user database. the CMS grants the user an active identity on the system and the system performs several actions: • • • The CMS stores the user’s information in memory in a CMS session variable. LDAP. you can customize the system’s behavior to meet your needs. The CMS generates and encodes a logon token and sends it to the WCA. if the user specifies Enterprise Authentication.

In a single sign-on situation. see “Available authentication types” on page 252. the WCA ensures that the user has a valid logon token: • • If there is a valid logon token. because each step consists of storing information that is used for secondary identification and authorization purposes. 1. or otherwise act upon an object that is managed by BusinessObjects Enterprise. For more information about logon tokens. Authorization is the process of verifying that the user has been granted sufficient rights to perform the requested action upon the specified object. Each of these steps contributes to the distributed security of BusinessObjects Enterprise. First. you should note that the WCA here instantiates the InfoStore object and stores it in the WCA session variable. its encoded information serves as the user’s valid ticket for the system. However. • Secondary authentication and authorization Secondary authentication is the process of double-checking the identity of each user who attempts to view.11 BusinessObjects Enterprise Security Concepts Authentication and authorization Note: • • • If you are familiar with the SDK. If there is no valid logon token. The session variable does not contain the user’s password. BusinessObjects Enterprise retrieves users’ credentials and group information directly from the Windows NT or Windows AD system. see “Logon tokens” on page 243. This is the model used in InfoView. Hence. if you are developing your own client application and you prefer not to store session state on the WCA. the primary authentication process is repeated. and Windows AD security plug-ins work only once you have mapped groups from the external user database to BusinessObjects Enterprise. Until the logon token expires. For details. the web browser sends the request by HTTP to the WCA. Before fulfilling the user’s request. schedule. the WCA proceeds to its next task. users are not prompted for their credentials. you can design your application such that it avoids using WCA session variables. and the web browser caches the token in a cookie. the WCA performs a series of security-related steps. Note: • The third-party Windows NT. run. 230 BusinessObjects Enterprise Administrator’s Guide . The WCA sends the logon token to the user’s web browser. LDAP. When a user attempts to access an object on the system.

For details about how the CMS calculates a user’s effective rights to an object. If the WCA session variable has timed out. the WCA queries the CMS database for a list of the reports that the user is authorized to see. it queries the CMS database for the rights associated with the object that the user requested. For instance. however. The Page Server passes the logon token to the CMS to ensure that the user is authorized to refresh the report. Note: If the user does not have the right to perform the requested action. In this case. the authentication algorithm followed by the WCA maintains system security in the fewest number of steps. The WCA then dynamically lists the reports in an HTML page. Second. 3. the WCA sends the request and the user’s logon token to the appropriate server component. • If a different server component must process the request. the user is logged back on with the logon token. The SDK authenticates the user against the appropriate user database. the WCA passes the request along to the Page Server. the WCA checks internally for an active WCA session that matches the user’s logon token: • • If the corresponding WCA session variable remains in memory. and the CMS and the WCA recreate the required session variables. This secondary authentication and authorization process begins similarly to initial identification. BusinessObjects Enterprise does not have to prompt the user for credentials. For details about setting object rights. the WCA ensures that the appropriate server component actually processes the user’s request: • If the WCA can process the request itself. here. because the encoded logon token contains the required information. thereby providing the most efficient response to the user’s initial request. if the user attempts to refresh a report’s data. if the user requests a list of reports in a specific folder. see “Controlling User Access” on page 315. the WCA proceeds to its next task.BusinessObjects Enterprise Security Concepts Authentication and authorization 11 2. Third. That server component then queries the CMS database for the rights associated with the object that the user requested. see “Calculating a user’s effective rights” on page 328. and sends the page to the user’s browser. For instance. BusinessObjects Enterprise Administrator’s Guide 231 . the WCA displays an appropriate message.

or by different authentication tools such as Windows NT. but it specifically refers to the single sign-on functionality for the Guest user account. The system uses this token to authenticate the users and grant them access to BusinessObjects Enterprise and its components. or LDAP with SiteMinder. For more information. For information on configuring single sign-on to BusinessObjects Enterprise. At its most basic level. see “Disabling the Guest account” on page 44. Within the context of BusinessObjects Enterprise. The term “anonymous single sign-on” also refers to single sign-on to BusinessObjects Enterprise. When the Guest user account is enabled. it refers to a situation where a user can access two or more applications or systems while providing their log-on credentials only once. which it is by default. see: • • • • “Managing Enterprise and general accounts” on page 253 “Setting up NT single sign-on” on page 292 “Configuring LDAP authentication” on page 263 “Setting up AD single sign-on” on page 282 232 BusinessObjects Enterprise Administrator’s Guide .11 BusinessObjects Enterprise Security Concepts Authentication and authorization About single sign-on The term single sign-on is used to describe different scenarios. Single sign-on to BusinessObjects Enterprise can be provided by BusinessObjects Enterprise. thus making it easier for users to interact with the system. anyone can log on to BusinessObjects Enterprise as Guest and will have single sign-on access to BusinessObjects Enterprise. Windows AD. we distinguish the following levels of single sign-on: • • • “Single sign-on to BusinessObjects Enterprise” on page 232 “Single sign-on to database” on page 233 “End-to-end single sign-on” on page 233 Single sign-on to BusinessObjects Enterprise Single sign-on to BusinessObjects Enterprise means that once users have logged on to the operating system they can access BusinessObjects Enterprise without having to provide their logon credentials again. a logon token is created. When they log on to the operating system. Single sign-on to BusinessObjects Enterprise was already supported in previous versions of Crystal Enterprise and continues to exist in BusinessObjects Enterprise XI.

to have access to BusinessObjects Enterprise and to be able to perform actions that require database access. such as viewing reports. without having to provide their logon credentials again. It includes: • • • “Web Component Adapter” on page 234 “Central Management Server” on page 234 “Security plug-ins” on page 235 BusinessObjects Enterprise Administrator’s Guide 233 . In BusinessObjects Enterprise XI single sign-on to the database is supported through Windows AD using Kerberos. End-to-end single sign-on End-to-end single sign-on refers to a configuration where users have both single sign-on access to BusinessObjects Enterprise at the front-end. but it is managed primarily by the WCA. users need to provide their logon credentials only once. to provide users with even easier access to the resources they need. in particular. Thus. In BusinessObjects Enterprise XI end-to-end single sign-on is supported through Windows AD and Kerberos. when they log on to the operating system. such as SiteMinder and Kerberos. See “End-to-end single sign-on” on page 233. and its other objects. the CMS.BusinessObjects Enterprise Security Concepts Security management components 11 Single sign-on to database Once users are logged on to BusinessObjects Enterprise. These components work together to authenticate and to authorize users who access BusinessObjects Enterprise. the security plug-ins. and “Configuring web applications for single sign-on to the databases” on page 313. in particular “Configuring IIS for single sign-on to databases only” on page 309. Security management components System security within BusinessObjects Enterprise is distributed across most components. and third-party authentication tools. if you don’t want the LocalSystem account for the IIS to be trusted for delegation. single sign-on to the database enables them to perform actions that require database access. and single sign-on access to the databases at the back-end. viewing reports and Web Intelligence documents. its folders. Single sign-on to the database can be combined with single sign-on to BusinessObjects Enterprise. see “Configuring Kerberos single sign-on” on page 299. For more information see “Configuring Kerberos single sign-on” on page 299. For more information. You may want to use single sign-on to the database rather than end-to-end single sign-on. This section discusses the key components as they relate to system security.

the CMS allows you to create user accounts and groups within BusinessObjects Enterprise. The CMS also responds to authorization requests made by the rest of the system. the CMS authorizes the request only when it has verified that the user’s account or group membership provides sufficient privileges. 234 BusinessObjects Enterprise Administrator’s Guide . the CMS coordinates the authentication process with its security plug-ins. This data includes security information. with its thirdparty security plug-ins. or if it has expired. If the logon token is missing.11 BusinessObjects Enterprise Security Concepts Security management components • “Processing extensions” on page 241 Note: Because these components are responsible for additional tasks. an LDAP directory server. For details. This session variable contains information that BusinessObjects Enterprise uses when fulfilling user’s requests. several of the components discussed in this section are described in additional detail in “BusinessObjects Enterprise Architecture” on page 53. LDAP. When a user requests a list of reports in a particular folder. the CMS then grants the user a logon token and an active session on the system. so users can log on to BusinessObjects Enterprise with their current Windows NT. and object rights that define user and group privileges. And. group memberships. The CMS supports third-party authentication. the WCA receives all HTTP requests that are sent to BusinessObjects Enterprise from users’ web browsers. When you first set up your system. As such. The majority of these tasks rely upon the database that the CMS uses to keep track of BusinessObjects Enterprise system data. The WCA ensures that each user has a valid logon token for the system. the WCA initiates the primary authentication process. Web Component Adapter The WCA is the gateway between the web server and the remaining BusinessObjects Enterprise components. Central Management Server In relation to system security. The WCA is also responsible for maintaining the user’s session state in the WCA session variable. For details. or a Windows AD server). or Windows AD credentials. see “Primary authentication” on page 229. the Central Management Server (CMS) performs a number of important tasks. see “Sessions and session tracking” on page 244. the CMS allows you to reuse existing user accounts and groups that are stored in a third-party system (a Windows NT user database. When users log on. such as user accounts.

LDAP. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. You can map third-party user accounts or groups to existing BusinessObjects Enterprise user accounts or groups. see “Central Management Server (CMS)” on page 61. you need not update or refresh the listing in BusinessObjects Enterprise. you might map some user accounts or groups from Windows NT. So. they choose from the available authentication types that you have enabled and set up in the Authorization management area of the CMC: Enterprise (the system default). When you make subsequent changes to the third-party group membership. Each security plug-in acts as an authentication provider that verifies user credentials against the appropriate user database. all users who belong to that group can log on to BusinessObjects Enterprise. or Windows AD. when you need to assign rights or create new. custom groups within BusinessObjects Enterprise. and Windows AD security plug-ins. the security plug-in dynamically creates an alias for that new user when he or she first logs on to BusinessObjects Enterprise with valid NT credentials. Moreover. For more information about the CMS and the CMS database. LDAP. see “Calculating a user’s effective rights” on page 328. security plug-ins enable you to assign rights to users and groups in a consistent manner.BusinessObjects Enterprise Security Concepts Security management components 11 For details about the CMS and how it calculates a user’s effective rights to an object. For example. once you map a Windows NT. or Windows AD group into BusinessObjects Enterprise. The security plug-ins dynamically maintain third-party user and group listings. because the mapped users and groups are treated as if they were Enterprise accounts. and then you add a new NT user to the NT group. if you map a Windows NT group to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 235 . Windows NT. or if your system uses the BusinessObjects Enterprise Java SDK. Security plug-ins facilitate account creation and management by allowing you to map user accounts and groups from third-party systems into BusinessObjects Enterprise. Security plug-ins Security plug-ins expand and customize the ways in which BusinessObjects Enterprise authenticates users. and some from an LDAP directory server. Then. you make all of your settings in the CMC. or you can create new Enterprise user accounts or groups that corresponds to each mapped entry in the external system. For instance. BusinessObjects Enterprise currently ships with the system default BusinessObjects Enterprise security plug-in and with the Windows NT. When users log on to BusinessObjects Enterprise. Each security plug-in offers several key benefits. LDAP.

11 BusinessObjects Enterprise Security Concepts Security management components BusinessObjects Enterprise supports the following security plug-ins: • • • • “BusinessObjects Enterprise security plug-in” on page 236 “Windows NT security plug-in” on page 236 “LDAP security plug-in” on page 238 “Windows AD security plug-in” on page 240 BusinessObjects Enterprise security plug-in The BusinessObjects Enterprise security plug-in (secEnterprise. 236 BusinessObjects Enterprise Administrator’s Guide . see “Disabling the Guest account” on page 44. Single sign-on The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account. this plug-in sets up two default Enterprise accounts: Administrator and Guest.dll) is installed and enabled by default when you install BusinessObjects Enterprise. Neither account has a default password. Default accounts When you first install BusinessObjects Enterprise. For details on setting up Enterprise users and groups. In this case. For details on setting these passwords. user names and passwords are authenticated against the BusinessObjects Enterprise user list. see “Making initial security settings” on page 43. see “Managing Enterprise and general accounts” on page 253. Thus. Users are authenticated against the Windows NT user database. For details. the system logs them on automatically under the Guest account. it also enables the system to verify all logon requests that specify Enterprise Authentication. If you assign a secure password to the Guest account. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows NT Authentication. and have their membership in a mapped NT group verified before the CMS grants them an active BusinessObjects Enterprise session. Windows NT security plug-in The Windows NT security plug-in (secWindowsNT. when users connect to BusinessObjects Enterprise without specifying a user name and password.dll) allows you to map user accounts and groups from your Windows NT user database to BusinessObjects Enterprise. you disable this default behavior. This plug-in allows you to create and maintain user accounts and groups within BusinessObjects Enterprise. or if you disable the Guest account entirely. and users are allowed or disallowed access to the system based solely on that information.

The Business Objects NT Users group is then mapped to BusinessObjects Enterprise. see “Windows AD security plug-in” on page 240. and your NT user account is added to the group. all of the BusinessObjects Enterprise client tools support NT authentication. If a Windows 2000 Active Directory user database is configured in native mode and contains universal groups that span several domains. see “Managing NT accounts” on page 284. The result is that you can log on to BusinessObjects Enterprise with your usual NT user credentials. you must use the Windows AD security plug-in.BusinessObjects Enterprise Security Concepts Security management components 11 This plug-in is compatible with NT 4 and Windows 2000 Active Directory user databases (when Windows 2000 Active Directory is configured in non-native mode only). the Windows NT security plug-in queries the operating system for the current user’s credentials when the client is launched. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. except for the Import Wizard. For information on the Windows AD security plug-in. the user must be running a Windows operating system. thereby allowing authenticated NT users to log on to BusinessObjects Enterprise without explicitly entering their credentials. see the developer documentation available on your product CD. then this plug-in is enabled by default. A new NT group (called Business Objects NT Users) is created on the local machine. or over the Web. In this scenario. For more information. and the application must use the BusinessObjects Enterprise SDK. For information on mapping Windows NT users and groups to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 237 . and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped NT group: • To obtain NT single sign-on functionality from a thick-client application (such as the Publishing Wizard). Once you have mapped your NT users and groups. Note: The Windows NT and Windows AD security plug-ins cannot authenticate users if the BusinessObjects Enterprise server components are running on UNIX. Default account If you install BusinessObjects Enterprise on Windows as an Administrator of the local machine. or if your system uses the BusinessObjects Enterprise Java SDK. In both scenarios. the security plug-in obtains the security context for the user from the authentication provider. Single sign-on The Windows NT security plug-in supports single sign-on. You can also create your own applications that support NT authentication.

it also enables the system to verify all logon requests that specify LDAP Authentication. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. and the web server must be running Internet Information Server (IIS).11 BusinessObjects Enterprise Security Concepts Security management components • To obtain single sign-on functionality over the Web.” which uses Enterprise authentication. 238 BusinessObjects Enterprise Administrator’s Guide . authorization. User lists and group memberships are dynamically maintained by BusinessObjects Enterprise. Also as with NT or AD authentication. and can assign LDAP aliases to existing users if the user names match the Enterprise user names. LDAP security plug-in The LDAP security plug-in (secLDAP. Note: IIS performs the Challenge/Response authentication for every web page viewed. In addition. you can create new Enterprise accounts for existing LDAP users. For information on NT single sign-on. the system must use Microsoft components only. For information on mapping your LDAP users and groups to BusinessObjects Enterprise. This can result in severe performance degradation. and alias creation. Users are authenticated against the LDAP directory server. Internet Explorer and IIS engage in Windows NT Challenge/Response authentication before IIS forwards the user’s credentials to BusinessObjects Enterprise. LDAP authentication for BusinessObjects Enterprise is similar to NT and AD authentication in that you can map groups and set up authentication.dll) allows you to map user accounts and groups from your LDAP directory server to BusinessObjects Enterprise. Specifically. and have their membership in a mapped LDAP group verified before the CMS grants them an active BusinessObjects Enterprise session. Note: InfoView provides its own form of “anonymous single sign-on. In this scenario. Map users and groups from the LDAP directory service. see “Setting up NT single sign-on” on page 292. You can specify that BusinessObjects Enterprise use a Secure Sockets Layer (SSL) connection to communicate to the LDAP directory server for additional security. you can do the following: • • • Implement LDAP authentication when BusinessObjects Enterprise is running on Windows or on UNIX. the user must be running Internet Explorer on a Windows operating system. For details on configuring IIS for single sign-on. as opposed to Windows NT authentication. see “Setting up NT single sign-on” on page 292. Specify multiple host names and their ports. see “Managing LDAP accounts” on page 262.

both the LDAP server and BusinessObjects Enterprise have security certificates. enables users to share information among various applications. More about LDAP Lightweight Directory Access Protocol (LDAP). Refer to your LDAP documentation for more information. all of the BusinessObjects Enterprise client tools support LDAP authentication. Note: The LDAP security plug-in provided with BusinessObjects Enterprise can be configured to communicate with your LDAP server via SSL. As long as you have an LDAP server (or servers) running. Based on an open standard. the LDAP security plug-in provided with BusinessObjects Enterprise can communicate with your LDAP server using an SSL connection established using either server authentication or mutual authentication. the LDAP server has a security certificate which BusinessObjects Enterprise uses to verify that it trusts the server. Because LDAP is application-independent. LDAP provides a means for accessing and updating information in a directory.500 standard. while the LDAP server allows connections from anonymous clients. except for the Import Wizard. which uses a directory access protocol (DAP) to communicate between a directory client and a directory server. For example. NT. With mutual authentication.500 operations and features. You can also create your own applications that support LDAP authentication. LDAP offers you the ability to set up users to log on to BusinessObjects Enterprise through LDAP authentication. With server authentication. any client with the proper authorization can access its directories. but always performs basic authentication when verifying users’ credentials. applicationindependent directory. LDAP is an alternative to DAP because it uses fewer resources and simplifies and omits some X. The directory structure within LDAP has entries arranged in a specific schema. and the organization name (O).BusinessObjects Enterprise Security Concepts Security management components 11 Once you have mapped your LDAP users and groups. Other common attributes include the organizational unit name (OU). a member group may be located in a directory tree as follows: cn=BusinessObjects Enterprise Users. you can use LDAP authentication (along with Enterprise. a common. Each entry is identified by its corresponding distinguished name (DN) or common name (CN). ou=Enterprise Users A. LDAP is based on the X. and the LDAP server must also verify the client certificate before a connection can be established. o=Research. If desired. and Windows AD authentication). Before deploying LDAP authentication in conjunction with BusinessObjects BusinessObjects Enterprise Administrator’s Guide 239 . It also enables users to be authorized when attempting to access objects in BusinessObjects Enterprise. and use LDAP in your existing networked computer systems.

except for the Import Wizard. Note that in order to use the Windows AD security plug-in. see “Managing AD accounts” on page 275. the CMS needs to run under a user account that has the “Act as Part of the Operating System” right. For more information. it also enables BusinessObjects Enterprise to verify all logon requests that specify Windows AD Authentication. AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. all of the BusinessObjects Enterprise client tools support AD authentication. the security plug-in obtains 240 BusinessObjects Enterprise Administrator’s Guide . see RFC2251. see “Managing AD accounts” on page 275.html Windows AD security plug-in Windows AD security plug-in enables you to map user accounts and groups from your Windows 2000 Active Directory (AD) user database to BusinessObjects Enterprise.org/rfcs/rfc2251. AD authentication and aggregation is not functional without a network connection. In both scenarios. Single sign-on The Windows AD security plug-in supports single sign-on. thereby allowing authenticated AD users to log on to BusinessObjects Enterprise without explicitly entering their credentials. You can also create your own applications that support AD authentication. This plug-in is compatible with Windows 2000 Active Directory domains running in either native mode or mixed mode. ensure that you are familiar with the differences between these LDAP types. or over the Web. For information on mapping Windows AD users and groups to BusinessObjects Enterprise. see the developer documentation available on your product CD. The single sign-on requirements depend upon the way in which users access BusinessObjects Enterprise: either via a thick client. if the administrator changes his or her password or if the account becomes disabled). For details. For information on mapping Windows AD users and groups to BusinessObjects Enterprise.11 BusinessObjects Enterprise Security Concepts Security management components Enterprise. which is currently available at http:// www. See your Windows 2000 documentation for more information.faqs. Once you have mapped your AD users and groups. and have their membership in a mapped AD group verified before the Central Management Server grants them an active BusinessObjects Enterprise session. Note: • • • AD authentication only works for servers running on Windows systems. Users are authenticated against the Windows AD user database.

dynamically loaded libraries are referred to as dynamic-link libraries (. For information on AD single sign-on.so file extension). or Report Application Server). The developer writes a dynamically loaded library that intercepts view or schedule requests for a report (before the requests are processed by the Job Server. and the application must use the BusinessObjects Enterprise SDK. • To obtain single sign-on functionality over the Web. Note: BusinessObjects Enterprise provides its own form of “anonymous single sign-on. A typical example is a report-processing extension that enforces row-level security. the user must be running a Windows operating system. A processing extension is a dynamically loaded library of code that applies business logic to particular BusinessObjects Enterprise view or schedule requests before they are processed by the system. and grants the user an active BusinessObjects Enterprise session if the user is a member of a mapped AD group: • To obtain AD single sign-on functionality from a thick-client application (such as the Publishing Wizard). dynamically loaded libraries are often referred to as shared libraries (. the Windows AD security plug-in queries the operating system for the current user’s credentials when the client is launched. This type of security restricts data access by row within one or more database tables. Note: On Windows systems. as opposed to Windows AD authentication.dll file extension). see “Setting up AD single sign-on” on page 282.BusinessObjects Enterprise Security Concepts Security management components 11 the security context for the user from the authentication provider. Page Server. The developer’s code first determines the user who owns the processing job. You must include the file extension when you name your processing extensions. and the web server must be running Internet Information Server (IIS).” which uses Enterprise authentication. In this scenario. Through its support for processing extensions. Developers can then append selection formulas to the request before the report is processed. On UNIX systems. the user must be running Internet Explorer on a Windows operating system. Processing extensions BusinessObjects Enterprise offers you the ability to further secure your reporting environment through the use of customized processing extensions. Specifically. Design your own web applications accordingly (or modify InfoView) if you want to use AD single sign-on. the system must use Microsoft components only. BusinessObjects Enterprise Administrator’s Guide 241 . the BusinessObjects Enterprise administration SDK essentially exposes a “handle” that allows developers to intercept the request.

In this case. The CMC provides methods for registering your processing extensions with BusinessObjects Enterprise and for applying processing extensions to particular object. Included in the SDK is a fully documented API that developers can use to write processing extensions. you can also set and enforce rowlevel security through the use of Business Views. While maintaining security. a trust relationship between two domains is generally a connection that allows one domain accurately to recognize users who have been authenticated by the other domain. all other BusinessObjects Enterprise components can process the user’s requests and actions without prompting for credentials. As such. Note: In the current release. see “Applying processing extensions to reports” on page 443. Tip: When combined with single sign-on functionality. The code then generates and appends a record selection formula to the report in order to limit the data returned from the database. the active trust relationship allows users to access their BusinessObjects Enterprise resources without ever having to explicitly provide credentials to BusinessObjects Enterprise. For details. see the Business Views Administrator's Guide. By enabling processing extensions. you configure the appropriate BusinessObjects Enterprise server components to dynamically load your processing extensions at runtime. the trust relationship allows users to access resources in multiple domains without repeatedly having to provide their credentials. Once the user has been authenticated and granted an active session. 242 BusinessObjects Enterprise Administrator’s Guide . the active trust relationship provides the basis for BusinessObjects Enterprise’s distributed security.rpt) objects. Active trust relationship In a networked environment. Within the BusinessObjects Enterprise environment. see the developer documentation available on your product CD.11 BusinessObjects Enterprise Security Concepts Active trust relationship then it looks up the user’s data-access privileges in a third-party system. the processing extension serves as a way to incorporate customized row-level security into the BusinessObjects Enterprise environment. For more information. For more information. processing extensions can be applied only to Crystal report (. Tip: In BusinessObjects Enterprise XI. the active trust relationship works similarly to provide each user with seamless access to resources across the system.

BusinessObjects Enterprise Security Concepts Active trust relationship 11 When single sign-on functionality is combined third party ticket mechanisms. the ticket is referred to as the logon token. The logon token’s usage attributes are specified when the logon token is generated. BusinessObjects Enterprise Administrator’s Guide 243 . An enterprise system may require distributed security. for instance. such as Kerberos or SiteMinder. other BusinessObjects Enterprise components can read the logon token from the user’s web browser. This logon token is most commonly used over the Web. The CMS grants tickets that authorize components to perform actions on behalf of a particular user. stateless environments. When the user makes a new request. Logon tokens A logon token is an encoded string that defines its own usage attributes and contains a user’s session information. In BusinessObjects Enterprise. This use of the logon token provides the distributed security that is required for load balancing to be implemented in conjunction with effective fault-protection. Both attributes hinder malicious users from gaining unauthorized access to BusinessObjects Enterprise with logon tokens retrieved from legitimate users. The user’s web browser caches this logon token. BusinessObjects Enterprise addresses distributed security by implementing a ticket mechanism (one that is similar to the Kerberos ticket mechanism). The current logon token usage attributes are: • • Number of minutes This attribute restricts the lifetime of the logon token. the active trust relationship allows users to access BusinessObjects Enterprise and other network resources without ever having to explicitly provide credentials to the system. These attributes allow restrictions to be placed upon the logon token to reduce the chance of the logon token being used by malicious users. he or she receives a logon token from the CMS. When a user is first authenticated by BusinessObjects Enterprise. to support features such as load balancing. Number of logons This attribute restricts the number of times that the logon token can be used to log on to BusinessObjects Enterprise. Ticket mechanism for distributed security Enterprise systems dedicated to serving a large number of users typically require some form of distributed security. or transfer of trust (the ability to allow another component to act on behalf of the user).

the system automatically resumes its load balancing responsibilities by routing each subsequent request to the least used WCA. thus. Web sites and Web applications must somehow store the state of one session if they need to reuse its information in another. when the original WCA is brought back online. the user is prevented from unnecessarily consuming resources on both Web Component Adapters. its configuration. In this way. active session without prompting the user for his or her credentials. and the remaining WCA can authenticate the user and create a new. 244 BusinessObjects Enterprise Administrator’s Guide . consequently. in addition. BusinessObjects Enterprise uses two common methods to store session state: • Cookies—A cookie is a small text file that stores session state on the client side: the user’s web browser caches the cookie for later use.11 BusinessObjects Enterprise Security Concepts Sessions and session tracking The user’s active identity is stored as a session variable on the WCA that processed the request. For this reason. the user’s active identity is not immediately accessible by the other WCA. the nature of HTTP limits the duration of each session to a single page of information. By doing so. The client application logs the user on with the valid logon token. The remaining WCA can then authorize and carry out the user’s request. the logon token enables the system’s load-balancing and fault-tolerance mechanisms to maintain a secure environment without affecting the user’s experience. the logon token again serves a critical purpose. Sessions and session tracking In general. the user’s logon token is used to route all of the user’s requests to the WCA that is storing the user’s session. When you establish a client-server connection over the Web. the state of the first session is discarded and replaced with the state of the next session. A session’s state is a set of data that describes the session’s attributes. a session is a client-server connection that enables the exchange of information between the two computers. In this scenario. As soon as you move from one web page to another. security is maintained while providing optimal performance: the user’s identity is verified. The BusinessObjects Enterprise logon token is an example of this method. your web browser retains the state of each session in memory only for as long as any single Web page is displayed. If the WCA that is storing the user’s active session is taken offline. Consequently. InfoView and the CMC are designed such that the request is redirected to the remaining WCA. but the system does not have to repeatedly prompt the user for his or her credentials. or its content. If one WCA ceases to respond to a user’s requests.

to ensure security and to minimize resource usage. the WCA retains the session until the user explicitly logs off. so the CMS session is retained so long as the WCA session exists. the system should destroy the session variable as soon as the user has finished working on the system. which the CMS preserves until the user logs off. it can be difficult to know when users leave the system. the system should preserve the session variable while the user is active on the system. Note: If you are familiar with the SDK. If the WCA session fails to communicate with the CMS for a ten-minute time period. Note: • • If you are familiar with the SDK. When a user logs on. When BusinessObjects Enterprise grants a user an active identity on the system. By default. he or she is granted a CMS session. However. you should note that a CMS session is an instance of an EnterpriseSession object. WCA session tracking The WCA implements session tracking similarly to most web servers. The server-side script pages (Crystal Server Pages) programmatically save variables to the WCA session. BusinessObjects Enterprise Administrator’s Guide 245 . the system neither has to prompt the user for the information a second time nor has to repeat any task that is necessary for the completion of the next request. So long as the session is maintained. or until the WCA session variable is released. if they do not log off explicitly. information such as the user’s authentication type is stored in a session variable. The WCA session timeout can be programmatically configured in the server-side . because the interaction between a web browser and a web server can be stateless. the CMS destroys the CMS session. BusinessObjects Enterprise implements session tracking. And. Ideally. This handles scenarios where client-side components shut down irregularly. or until 20 minutes after the user’s last request (whichever occurs first).aspx pages to timeout earlier if the default of 20 minutes is not desired. To address this issue. you should note that a WCA session is an instance of an InfoStore object. The WCA session is designed to notify the CMS on a recurring basis that it is still active.BusinessObjects Enterprise Security Concepts Sessions and session tracking 11 • Session variables—A session variable is a portion of memory that stores session state on the server side. CMS session tracking The CMS implements a simple tracking algorithm.

see “Working with Firewalls” on page 181. or SOCKS proxy servers. 246 BusinessObjects Enterprise Administrator’s Guide . For details on securing client connections. Relevant security measures usually involve two general tasks: • • Ensuring that the communication of data is secure. they operate in an environment that can be difficult to secure. or application servers. refer to your web server documentation. For complete details on BusinessObjects Enterprise and firewall interaction. and it supports a multitude of configurations. These tasks are typically handled by web servers through various security mechanisms. Although the Internet and web-based systems are increasingly popular due to their flexibility and range of functionality. environment protection is divided into two areas of communication: • • Web browser to web server Web server to BusinessObjects Enterprise Web browser to web server When sensitive data is transmitted between the web browser and the web server. including the Secure Sockets Layer (SSL) protocol. Windows NT Challenge/Response authentication. When you deploy BusinessObjects Enterprise. Supported environments can involve multiple firewalls. Ensuring that only valid users retrieve information from the web server. some degree of security is usually required. You must secure communication between the web browser and the web server independently of BusinessObjects Enterprise. Web server to BusinessObjects Enterprise Firewalls are commonly used to secure the area of communication between the web server and the rest of the corporate intranet (including BusinessObjects Enterprise).11 BusinessObjects Enterprise Security Concepts Environment protection Environment protection Environment protection refers to the security of the overall environment in which client and server components communicate. BusinessObjects Enterprise supports firewalls that use IP filtering or static network address translation (NAT). and other such mechanisms. web servers.

Protection against malicious logon attempts No matter how secure a system is. numbers. lower case letters. or punctuation. BusinessObjects Enterprise implements several techniques to reduce the probability of a malicious user achieving access to the system. so you can easily report off the data or import it into other applications. IP address. you decrease a malicious user’s chances of simply guessing a valid user’s password. You can enable the following options: • Enforce mixed-case passwords This option ensures that passwords contain at least two of the following character classes: upper case letters. It is nearly impossible to protect this location completely. date. the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT. Generally. BusinessObjects Enterprise Administrator’s Guide 247 . The auditing data is logged to disk and stored in comma-delimited text files. because the process of simply guessing a valid user name and password remains a viable way to attempt to “crack” the system. The WCA allows you to select the web attributes—such as time. there is often at least one location that is vulnerable to attack: the location where users connect to the system. LDAP. The various restrictions listed below apply only to Enterprise accounts—that is.BusinessObjects Enterprise Security Concepts Auditing web activity 11 Auditing web activity BusinessObjects Enterprise provides insight into your system by recording web activity and allowing you to inspect and to monitor the details. port number. and so on—that you want to record. however. Password restrictions Password restrictions ensure that Enterprise users create passwords that are relatively complex. or Windows AD). your external system will enable you to place similar restrictions on the external accounts. • Must contain at least N characters By enforcing a minimum complexity for passwords.

the malicious user cannot easily determine when any particular password will change. Guest account restrictions The BusinessObjects Enterprise authentication provider supports anonymous single sign-on for the Guest account. BusinessObjects Enterprise provides several customizable options that you can use to reduce the risk of a dictionary attack: • • • Disable accounts after N failed attempts to log on Reset failed logon count after N minute(s) Re-enable account after N minute(s) User restrictions User restrictions ensure that Enterprise users create new passwords on a regular basis. Firstly. You can enable the following options: • • • Must change password every N day(s) Cannot reuse the N most recent password(s) Must wait N minute(s) to change password These options are useful in a number of ways.0 second) between logon attempts. Additionally. see “Disabling the Guest account” on page 44. For details. 248 BusinessObjects Enterprise Administrator’s Guide . any malicious user attempting a dictionary attack will have to recommence every time passwords change. the system logs them on automatically under the Guest account.5–1. even if a malicious user does guess or otherwise obtain another user’s credentials. With the speed of modern hardware. malicious programs can guess millions of passwords per minute. Thus. BusinessObjects Enterprise has an internal mechanism that enforces a time delay (0. because password changes are based on each user’s first logon time. you disable this default behavior.11 BusinessObjects Enterprise Security Concepts Protection against malicious logon attempts Logon restrictions Logon restrictions serve primarily to prevent dictionary attacks (a method whereby a malicious user obtains a valid user name and attempts to learn the corresponding password by trying every word in a dictionary). they are valid only for a limited time. To prevent dictionary attacks. In addition. And. or if you disable the Guest account entirely. If you assign a secure password to the Guest account. when users connect to BusinessObjects Enterprise without specifying a user name and password.

Managing User Accounts and Groups chapter .

12

Managing User Accounts and Groups What is account management?

What is account management?
Account management can be thought of as all of the tasks related to creating, mapping, changing, and organizing user and group information. The Users and Groups management areas of the Central Management Console (CMC) provide you with a central place to perform all of these tasks. In the Users area, you can specify everything required for a user to access BusinessObjects Enterprise. To create user accounts, specify the following:

• • • • • • •

Account name (required) Full name Email Description Password settings Connection type Group membership

In the Groups area, you can create groups that give a number of people access to the report or folder. This enables you to make changes in one place instead of modifying each user account individually. To create groups, specify the following:

• • • • •

Group name (required) Description Users who belong to the group Subgroups that belong to the group Group membership

After the user accounts and groups have been created, you can add report objects and specify rights to them. When the users log on, they can view the reports using InfoView or their custom web application. For more information on objects and rights, see “Controlling users’ access to objects” on page 317.

Default users and groups
This section lists and describes the different types of default users and groups that are found within BusinessObjects Enterprise.

Default users
For procedures on managing users, see “Managing Enterprise and general accounts” on page 253.

250

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Default users and groups

12

Administrator
The Administrator user belongs to the Administrators and Everyone groups. This user can perform all tasks in all BusinessObjects Enterprise applications (for example, the Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator is not assigned a password. For security reasons, it is highly recommended that you create a password for the Administrator user as soon as possible. See “Setting the Administrator password” on page 44. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

Guest
The Guest user is a member of the Everyone group. This user can view reports that are found within the Report Samples folder. Generally, the Guest user accesses reports through InfoView. This account is enabled by default. To disable this default setting, see “Disabling the Guest account” on page 261. By default, the Guest user is not assigned a password. If you assign it a password, the single sign-on to InfoView will be broken. Note: If users in multiple time zones use the Guest account, see “Supporting users in multiple time zones” on page 527.

Default groups
In addition to organizing users and simplifying administration, groups enable you to determine the functionality a user has access to. In BusinessObjects Enterprise, the following default groups are created. For procedures on managing groups, see “Managing Enterprise and general accounts” on page 253.

Administrators
Users who belong to the Administrators group are able to perform all tasks in all of the BusinessObjects Enterprise applications (Central Management Console, Central Configuration Manager, Publishing Wizard, and InfoView). By default, the Administrator group contains only the Administrator user. Note: To use the Central Configuration Manager, your operating system account may require certain rights on the local machine. For more information, see “Using the Central Configuration Manager” on page 42.

BusinessObjects Enterprise Administrator’s Guide

251

12

Managing User Accounts and Groups Available authentication types

BusinessObjects NT Users
When you install BusinessObjects Enterprise on Windows, BusinessObjects Enterprise creates a BusinessObjects NT Users group. This group is also added to Windows on the local machine and the user who installed BusinessObjects Enterprise is automatically added to this group. When NT authentication is enabled, BusinessObjects NT Users can use their NT accounts to log on to BusinessObjects Enterprise. By default, members of this group are able to view folders and reports.

Everyone
Each user is a member of the Everyone group. By default, the Everyone group allows access to all the reports that are found in the Report Samples folder.

Universe Designer Users
Users who belong to this group are granted access to the Universe Designer folder and the Connections folder. They can control who has access rights to the Designer application. You must add users to this group as needed. By default, no user belongs to this group.

Available authentication types
Before setting up user accounts and groups within BusinessObjects Enterprise, decide which type of authentication you want to use:

Enterprise authentication Use the system default Enterprise Authentication if you prefer to create distinct accounts and groups for use with BusinessObjects Enterprise, or if you have not already set up a hierarchy of users and groups in a Windows NT user database, an LDAP directory server, or a Windows AD server. See “Managing Enterprise and general accounts” on page 253.

Windows NT authentication If you are working in a Windows NT environment, you can use existing NT user accounts and groups in BusinessObjects Enterprise. When you map NT accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their NT user name and password. This can reduce the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing NT accounts” on page 284.

252

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

LDAP authentication If you set up an LDAP directory server, you can use existing LDAP user accounts and groups in BusinessObjects Enterprise. When you map LDAP accounts to BusinessObjects Enterprise, users are able to access BusinessObjects Enterprise applications with their LDAP user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing LDAP accounts” on page 262.

Windows AD authentication If you are working in a Windows 2000 environment, you can use existing AD user accounts and groups in BusinessObjects Enterprise. When you map AD accounts to BusinessObjects Enterprise, users are able to log on to BusinessObjects Enterprise applications with their AD user name and password. This eliminates the need to recreate individual user and group accounts within BusinessObjects Enterprise. For more information, see “Managing AD accounts” on page 275.

Note: You can use Enterprise Authentication in conjunction with either NT, LDAP, or AD authentication, or with all of the three authentication plug-ins.

Managing Enterprise and general accounts
Since Enterprise authentication is the default authentication method for BusinessObjects Enterprise, it is automatically enabled when you first install the system. When you add and manage users and groups, BusinessObjects Enterprise maintains the user and group information within its database. This section focuses on the following account management tasks:

• • • • • • • • • •

“Creating an Enterprise user account” on page 254 “Modifying a user account” on page 256 “Deleting a user account” on page 256 “Changing password settings” on page 257 “Creating a group” on page 258 “Modifying a group” on page 260 “Viewing group members” on page 261 “Deleting a group” on page 261 “Disabling the Guest account” on page 261 “Granting access to users and groups” on page 262

BusinessObjects Enterprise Administrator’s Guide

253

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Note: In many cases, these procedures also apply to NT, LDAP, and AD account management. For specific information on NT authentication, see “Managing NT accounts” on page 284. For specific information on LDAP authentication, see “Managing LDAP accounts” on page 262. For specific information on AD authentication, see “Managing AD accounts” on page 275.

Creating an Enterprise user account
When you create a new user, you specify the user’s properties and select the group or groups for the user. For information on setting rights for the user, see “Granting access to users and groups” on page 262. 1. 2. 3. 4. To create a user account Go to the Users management area of the CMC. Click New User. Select the Enterprise authentication type. Type the account name, full name, email, and description information. Use the description area to include extra information about the user or account. 5. Specify the password information and settings. Options include:

• • •

Password Enter the password and confirm. This is the initial password that you assign to the user. The maximum password length is 64 characters. Password never expires Select the check box. User must change password at next logon This check box is selected by default. If you do not want to force users to change the password the first time they log on, clear the check box.


6.

User cannot change password Select the check box.

Select the connection type.

Concurrent User Choose Concurrent user if this user belongs to a license agreement that states the number of users allowed to be connected at one time.

254

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Named User Choose Named user if this user belongs to a license agreement that associates a specific user with a license. Named user licenses are useful for people who require access to BusinessObjects Enterprise regardless of the number of other people who are currently connected.

7.

Click OK. The user is added to the system and is automatically added to the Everyone group. You can now add the user to a group or specify rights for the user. See “Adding a user to groups” on page 255, Chapter 13: Controlling User Access. An inbox is also automatically created for the user. The user is also automatically assigned an Enterprise alias, for example, secEnterprise:bsmith. For more information, see “Managing aliases” on page 294.

Adding a user to groups
Use the following procedure to add a user to one or more groups directly from the user page. Note: You can also add users to a group from the group page. See “Adding users to a group” on page 259. 1. 2. 3. To add a user to a group Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Click the Member of tab to specify the group or groups the user should belong to. Note: All BusinessObjects Enterprise users of the system are part of the Everyone group. 4. 5. Click the Member of button to view the available groups. In the Available groups area, select the group(s) that the new user should be a member of. Use SHIFT+click or CTRL+click to select multiple groups. 6. 7. Click the > arrow to add the group(s); click the < arrow to remove the group(s). Click OK. The “Member of” tab appears and lists the groups in which the user is a member.

BusinessObjects Enterprise Administrator’s Guide

255

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Modifying a user account
Use this procedure to modify a user’s properties or group membership. Note: The user will be affected if he or she is logged on when you are making the change. 1. 2. 3. To modify a user account Go to the Users management area of the CMC. Under Account Name, click the link to the user whose properties you want to change. Make the required changes, as necessary, in the available fields. In addition to all of the options that were available when you initially created the account, you now can disable the account by selecting the “Account is disabled” check box. You can also assign aliases. For more information, see “Managing aliases” on page 294. 4. Click Update.

Deleting a user account
Use this procedure to delete a user’s account. The user might receive an error if they are logged on when their account is deleted. When you delete a user account, the Favorites folder, personal categories, and inbox for that user are deleted as well. If you think the user might require access to the account again in the future, select the “Account is disabled” check box in the Properties page of the selected user, instead of deleting the account. See “Modifying a user account” on page 256. Note: Deleting a user account won’t necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. If the user account also exists in a third-party system, and if the account belongs to a third-party group that is mapped to BusinessObjects Enterprise, the user may still be able to log on. For details, see “Deleting an alias” on page 297 and “Disabling an aliases” on page 298.

256

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

1. 2. 3. 4.

To delete a user account Go to the Users management area of the CMC. Select the check box associated with the user you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK. The user account is deleted.

Changing password settings
Within the Central Management Console, you can change the password settings for a specific user or for all users in the system. For information, see “Protection against malicious logon attempts” on page 247. The various restrictions listed below apply only to Enterprise accounts—that is, the restrictions do not apply to accounts that you have mapped to an external user database (Windows NT, LDAP, or Windows AD). Generally, however, your external system will enable you to place similar restrictions on the external accounts. 1. 2. 3. To change user password settings Go to the Users management area of the CMC. Click the user whose password settings you want to change. The Properties tab appears. Select or clear the check box associated with the password setting you wish to change. The available options are:

• • •
4. 1. 2. 3.

Password never expires User must change password at next logon User cannot change password

Click Update. To change password settings Go to the Authentication management area of the CMC. Click the Enterprise tab. Select the check box and enter the value related to the password setting.

BusinessObjects Enterprise Administrator’s Guide

257

12

Managing User Accounts and Groups Managing Enterprise and general accounts

The table below identifies the minimum and maximum values for each of the settings you can configure: Recommended Maximum 100 days 100 passwords 100 minutes 100 failed 100 minutes 100 minutes

Password Setting Must contain at least N characters Must change password every N days Must wait N minutes to change password Disable account after N failed attempts to log on Reset failed logon count after N minutes Re-enable account after N minutes 4. Click Update.

Minimum 1 day 0 minutes 1 failed 1 minute 0 minutes

0 characters 64 characters

Cannot reuse the N most recent passwords 1 password

Creating a group
Groups are collections of users who share the same account privileges. For instance, you may create groups that are based on department, role, or location. Groups enable you to change the rights for users in one place (a group) instead of modifying the rights for each user account individually. Also, you can assign object rights to a group or groups. For information on object rights, see “Managing objects overview” on page 416. For information on granting users and groups administrative rights to other groups, see “Granting access to users and groups” on page 262. After creating a new group, you can add users, add subgroups, or specify group membership so that the new group is actually a subgroup. Because subgroups provide you with additional levels of organization, they are useful when you set object rights to control users’ access to your BusinessObjects Enterprise content. 1. 2. 3. 4. To create a new group Go to the Groups management area of the CMC. Click New Group. On the Properties tab, enter the group name and description. Click OK.

258

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Adding users to a group
Use the following procedure to add users to a group, directly from the group page. Note: You can also add a user to groups from the user page. See “Adding a user to groups” on page 255. 1. 2. 3. 4. To add users to a group In the Groups management area of the CMC, click the link for the group. Click the Users tab. Click Add Users. Select the users to add to the group; then click the > arrow. Tip:

• • •
5.

To select multiple users, use the SHIFT+click or CTRL+click combination. To search for a specific user, use the Look For field. If there are many users on your system, click the Previous and Next buttons to navigate through the list of users.

Click OK. The Users tab appears. It lists all of the users who belong to this group.

Adding subgroups
You can add an existing group as a subgroup to another group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. 5. To add subgroups In the Groups management area of the CMC, click the link for the group. Click the Subgroups tab. Click Add/Remove Subgroups. Select the groups that should be members of this new group; then click the > arrow. Click OK.

BusinessObjects Enterprise Administrator’s Guide

259

12

Managing User Accounts and Groups Managing Enterprise and general accounts

Specifying group membership
You can make a group a member of another group. The group that becomes a member is referred to as a subgroup. The group that you add the subgroup to is the parent group. A subgroup inherits the rights of the parent group. Note: Adding a subgroup is similar to specifying group membership. See “Specifying group membership” on page 260. 1. 2. 3. 4. To make a group a member of another group In the Groups management area of the CMC, click the link for the group. Click the Member of tab. Click the Member of button. Select the parent groups that this new group will be a member of; then click the > arrow. Any rights associated with the parent group will be inherited by the new group you have created. 5. Click OK.

Modifying a group
You can modify a group by making changes to any of the settings. Note: The users who belong to the group will be affected by the modification if they are logged on when you are making changes. 1. 2. 3. To modify a group In the Groups management area of the CMC, click the link for the group. Under the Group Name column, click the link to the group whose configuration you want to change. Make the necessary changes in one of the four tabs:

• • • •
4.

Properties Users Subgroups Member of

Depending on which tab you have selected, click OK or Update after you have made your changes.

260

BusinessObjects Enterprise Administrator’s Guide

Managing User Accounts and Groups Managing Enterprise and general accounts

12

Viewing group members
You can use this procedure to view the users who belong to a specific group. 1. 2. 3. To view group members In the Groups management area of the CMC, click the link for the group. Click Users. Click Refresh. Note: It may take a few minutes for your list to refresh if you have a large number of users in the group or if your group is mapped to an NT user database, LDAP user directory, or AD user directory.

Deleting a group
You can delete a group when that group is no longer required. You cannot delete the default groups Administrator and Everyone. Note: The users who belong to the deleted group will be affected by the change if they are logged on when the group is deleted. To delete a third-party authentication groups, such as the BusinessObjects NT Users group, use the Authentication management area in CMC. See “Unmapping LDAP groups” on page 272, “Unmapping AD groups” on page 280, and “Mapping NT accounts” on page 284. 1. 2. 3. 4. To delete a group Go to the Groups management area of the CMC. Select the check box associated with the group you want to delete. Click Delete. The delete confirmation dialog box appears. Click OK.

Disabling the Guest account
By disabling the Guest account, you ensure that no one can log on to BusinessObjects Enterprise with this account. By disabling the Guest account, you also disable the anonymous single sign-on functionality of BusinessObjects Enterprise, so users will be unable to access InfoView without providing a valid user name and password.

BusinessObjects Enterprise Administrator’s Guide

261

12

Managing User Accounts and Groups Managing LDAP accounts

1. 2. 3. 4. 5.

To disable the Guest account Go to the Users management area of the CMC. In the Account Name column, click Guest. On the Properties tab, select the Account is disabled check box. Click Update. If you are prompted for confirmation, click OK.

Granting access to users and groups
You can grant users and groups administrative access to other users and groups. Administrative rights include: viewing, editing, and deleting objects; viewing and deleting object instances; and pausing object instances. For example, for troubleshooting and system maintenance, you may want to grant your IT department access to edit and delete objects. For more information about granting rights to users and groups, see “Controlling access to users and groups” on page 352.

Managing LDAP accounts
To use LDAP authentication, you need to first ensure that you have your respective LDAP directory set up. For more information about LDAP, refer to your LDAP documentation. For more information on the LDAP security plugin, see “LDAP security plug-in” on page 238. Note: When you install BusinessObjects Enterprise, the LDAP authentication plug-in is installed automatically, but not enabled by default. This section describes tasks related to LDAP accounts in BusinessObjects Enterprise. In particular, it includes information on:

• • • • • • •

“Configuring LDAP authentication” on page 263 “Mapping LDAP groups” on page 269 “Unmapping LDAP groups” on page 272 “Viewing mapped LDAP users and groups” on page 272 “Changing LDAP connection parameters and member groups” on page 272 “Managing multiple LDAP hosts” on page 273 “Troubleshooting LDAP accounts” on page 274

262

BusinessObjects Enterprise Administrator’s Guide

2. “Configuring the Secure Socket Layer authentication for LDAP” on page 264. Click Show Attribute Mappings if you want to view or change any of the LDAP Server Attribute Mappings or the LDAP Default Search Attributes. then click Add. When you map an LDAP account. 3. For more information on multiple hosts. By default. BusinessObjects Enterprise supports LDAP authentication for user and group accounts. Configuring LDAP authentication includes the following main steps: • • • • “Configuring the LDAP host” on page 263. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. refer to “Managing multiple LDAP hosts” on page 273. Select your server type from the LDAP Server Type list. refer to your LDAP documentation. Click the LDAP tab. To configure the LDAP host Go to the Authentication management area of the CMC. “myserver:123”). Click Next. 5. BusinessObjects Enterprise Administrator’s Guide 263 . For more information. ensure that you have your LDAP directory set up. If you want to remove a host. Before users can use their LDAP user name and password to log on to BusinessObjects Enterprise. “Configuring LDAP mapping options” on page 267. step by step. Before setting up and enabling LDAP authentication. The LDAP Configuration Wizard will lead you through the setup of LDAP authentication. The first screen of the wizard asks for information about your LDAP host. “Configuring LDAP single sign-on with SiteMinder” on page 267. and then click “Start LDAP Configuration Wizard”.Managing User Accounts and Groups Managing LDAP accounts 12 Configuring LDAP authentication To simplify administration. highlight the host name and click Delete. you need to map their LDAP account to BusinessObjects Enterprise. Configuring the LDAP host 1. 4. Type your LDAP host and port information in the Add LDAP host (hostname:port) field (for example. Repeat this step to add more than one LDAP host of the same server type if you want to add hosts that can act as failover servers. each supported server type’s server attribute mappings and search attributes are already set.

8. o=SomeBase).com or your LDAP vendor documentation. 11. Click Next. • In the “LDAP Server Administration Credentials” area.techsupport.12 Managing User Accounts and Groups Managing LDAP accounts 6. In the Base LDAP Distinguished Name field. If your LDAP Server allows anonymous binding. Enter the credentials required by the LDAP hosts. If this field is set to zero. 7. Proceed with configuring the Secure Socket Layer. Configuring the Secure Socket Layer authentication for LDAP Note: This section describes the CMC related information for configuring SSL for LDAP only. Therefore if you have multiple referral hosts. you must create a user account on each host that uses the same distinguished name and password. 9. 10. only one set of referral credentials can be set. The host being referred to has been configured to not allow anonymous binding. Although groups can be mapped from multiple hosts. Enter the number of referral hops in the Maximum Referral Hops field. 12.businessobjects. no referrals will be followed. A group from the host being referred to will be mapped to BusinessObjects Enterprise. 264 BusinessObjects Enterprise Administrator’s Guide . leave this area blank—BusinessObjects Enterprise servers and clients will bind to the primary host via anonymous logon. • Enter another distinguished name and password in the “LDAP Referral Credentials” area if all of the following apply: • • • The primary host has been configured to refer to another directory server that handles queries for entries under a specified base. refer to http:// www. For additional information or for information on configuring the LDAP host server. type the distinguished name (for example. Click Next. type the distinguished name and password for a user account that is authorized to administer your LDAP server. Click Next.

it must receive and verify a security certificate sent to it by the LDAP host.net:389. Tip: Java applications (such as the Java version of InfoView) always use this option. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). Click the LDAP tab. BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database.crystald. it must receive and verify a security certificate sent to it by the LDAP host. it must receive a security certificate from the LDAP host. Click Next. Select the type of SSL authentication (Basic (no SSL). Click Next until the screen of the wizard asks for the Secure Socket Layer authentication information. choose one of the following options: 2. To configure the Secure Socket Layer authentication If necessary. Server Authentication. BusinessObjects Enterprise does not verify the certificate it receives. regardless of the setting you choose. To verify the certificate. go to the Authentication management area of the CMC again. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). 3. or Mutual Authentication) your LDAP hosts uses to establish a connection with BusinessObjects Enterprise. • Always accept server certificate This is the lowest security option. Before BusinessObjects Enterprise can establish an SSL connection with the LDAP host (to authenticate LDAP users and groups). • Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server This is the highest security option. • Accept server certificate if it comes from a trusted Certificate Authority This is a medium security option. skip to step 2. BusinessObjects Enterprise must find the Certificate Authority that issued the certificate in its certificate database. BusinessObjects Enterprise Administrator’s Guide 265 . Otherwise. It must also be able to confirm that the CN attribute on the server certificate exactly matches the host name of the LDAP host as you typed it in the “Add LDAP host” field in the first step of the wizard. To verify the certificate. That is.rd. using CN =ABALONE:389 in the certificate would not work. if you entered the LDAP host name as ABALONE.Managing User Accounts and Groups Managing LDAP accounts 12 1. and then click Start LDAP Configuration Wizard. If you selected Server Authentication or Mutual Authentication.

Then type your values for the path to the certificate and key database files. first clear the Use default value boxes. Type a nickname for the client certificate in the cert7. for any machine whose name you do not explicitly add to the list of SSL hosts. starting with the default host. Now configure the SSL settings for each SSL host in the list. the password for the key database. you must next add the host name of each machine in your BusinessObjects Enterprise system that uses the BusinessObjects Enterprise SDK. and then click Add. 266 BusinessObjects Enterprise Administrator’s Guide . • To select settings for the default host. select its name in the list on the left. Then type the appropriate values in the boxes on the right. In the SSL host box.db if you selected mutual authentication. To select settings for another host. 5.) Type the host name of each machine in the SSL Host box. (This includes the machine running your Central Management Server and the machine running your WCA. Therefore if you select this option you cannot use a failover LDAP host. 4. The settings for the default host are used: • • • for any setting (for any host) where you leave the “Use default value” box checked.12 Managing User Accounts and Groups Managing LDAP accounts Tip: The host name on the server security certificate is the name of the primary LDAP host.

skip to step 2. To configure LDAP mapping options If necessary. For each Policy Server Host. To configure LDAP for single sign-on with SiteMinder If necessary. BusinessObjects Enterprise Administrator’s Guide 267 . and then click Add. Select the type of single sign-on authentication (Basic (no SSO) or SiteMinder). Authentication and Authorization port numbers. Configuring LDAP single sign-on with SiteMinder SiteMinder is a third-party user access and authentication tool that you can use with the LDAP security plug-in to create single sign-on to BusinessObjects Enterprise. Otherwise. 1. type the name of each Policy Server. • • • 5. 3. The next screen of the wizard controls how BusinessObjects Enterprise maps LDAP users to BusinessObjects Enterprise users.Managing User Accounts and Groups Managing LDAP accounts 12 6. Configuring LDAP mapping options 1. Enter the name of the Web Agent and the Shared Secret. skip to step 2. Click Next until the screen of the wizard asks for the LDAP single sign-on authentication. Proceed with configuring LDAP for single sign-on. In the Policy Server Host box. For more information about SiteMinder and how to install it. In order to use SiteMinder. Click Next. go to the Authentication management area of the CMC again. 2. Click Next. Click the LDAP tab. go to the Authentication management area of the CMC again. you need to configure the single sign-on authentication for the LDAP plug-in. refer to the SiteMinder documentation. Otherwise. Click Next. 6. If you selected SiteMinder. and then click Start LDAP Configuration Wizard. Enter the shared secret again. configure the SiteMinder hosts: 2. Click the LDAP tab. Click Next until the screen of the wizard asks you to map the LDAP users to BusinessObjects Enterprise users. 7. 4. and then click Start LDAP Configuration Wizard. specify the Accounting. Proceed with configuring the LDAP options.

are added as new LDAP users. LDAP aliases will be assigned to existing users (auto alias creation is turned on). Users who do not have an existing Enterprise account.12 Managing User Accounts and Groups Managing LDAP accounts New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. but only a few of them will use BusinessObjects Enterprise. Instead. or who do not have the same name in their Enterprise and LDAP account. or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user. if required) only for users who log on to BusinessObjects Enterprise. Update Options allow you to specify if LDAP aliases are automatically created for all new users. it creates aliases (and accounts. 268 BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. 3. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. or for all users if you selected the “Create a new account for every added LDAP alias” option. New LDAP accounts are added for users without BusinessObjects Enterprise accounts. that is.

or 700 users. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. For example. 5. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. See “Configuring LDAP authentication” on page 263. If LDAP authorization is configured. The LDAP Server Summary page appears. You must have a named user license available for each user account created using this option. specify your LDAP group (either by common name or distinguished name) in the Add LDAP group (by cn or dn) field. the LDAP summary page appears. This type of licensing is very flexible because a small concurrent license can support a large user base. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. 1. depending on how often and how long users access BusinessObjects Enterprise. Click the LDAP tab. Mapping LDAP groups Once you have configured LDAP authentication using the LDAP configuration wizard. a 100 user concurrent license could support 250. To map LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. you can map LDAP groups to Enterprise groups. In the “Mapped LDAP Member Groups” area. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. Click Finish to save your LDAP settings.Managing User Accounts and Groups Managing LDAP accounts 12 4. 2. 3. Select either: • New users are created as named users New user accounts are configured to use named user licenses. BusinessObjects Enterprise Administrator’s Guide 269 . This provides named users with access to the system regardless of how many other people are connected. 500. click Add.

that is. are added as new LDAP users. LDAP aliases will be assigned to existing users (auto alias creation is turned on). 270 BusinessObjects Enterprise Administrator’s Guide . New Alias Options allow you to specify how LDAP aliases are mapped to Enterprise accounts. or who do not have the same name in their Enterprise and LDAP account. Users who do not have an existing Enterprise account. 4. highlight the LDAP group and click Delete.12 Managing User Accounts and Groups Managing LDAP accounts You can add more than one LDAP group by repeating this step. Select either: • Assign each added LDAP alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. To remove a group.

a 100 user concurrent license could support 250. New LDAP accounts are added for users without BusinessObjects Enterprise accounts. Update Options allow you to specify if LDAP aliases are automatically created for all new users. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to LDAP accounts. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every LDAP user mapped to BusinessObjects Enterprise. it creates aliases (and accounts. BusinessObjects Enterprise Administrator’s Guide 271 . BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. You must have a named user license available for each user account created using this option. This provides named users with access to the system regardless of how many other people are connected. or 700 users. or • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. Instead. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. 500. For example. or • No new aliases will be added and new users will not be created Use this option when the LDAP directory you are mapping contains many users.Managing User Accounts and Groups Managing LDAP accounts 12 or • Create a new account for every added LDAP alias Use this option when you want to create a new account for each user. depending on how often and how long users access BusinessObjects Enterprise. Select either: • New users are created as named users New user accounts are configured to use named user licenses. This type of licensing is very flexible because a small concurrent license can support a large user base. but only a few of them will use BusinessObjects Enterprise. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. if required) only for users who log on to BusinessObjects Enterprise. 6. 5. Click Update. or for all users if you selected the “Create a new account for every added LDAP alias” option. 7.

select the LDAP group you would like to remove. Changing LDAP connection parameters and member groups After you have configured LDAP authentication using the LDAP configuration wizard. For more information. you can change LDAP connection parameters and member groups using the LDAP Server Configuration Summary Page. disable or delete the user’s Enterprise account. it is possible to unmap groups using BusinessObjects Enterprise. 2. If LDAP authorization is configured. see “Managing Enterprise and general accounts” on page 253. To unmap LDAP groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. Click the LDAP tab. To restrict access. 3. Note: The only exceptions to this occur when a user has an alias to an Enterprise account.12 Managing User Accounts and Groups Managing LDAP accounts Unmapping LDAP groups Similar to mapping. see “Configuring LDAP authentication” on page 263. the LDAP summary page will appear. the Mapped LDAP Member Groups area displays the LDAP groups that have been mapped to BusinessObjects Enterprise. 1. For information on configuring LDAP authentication using the LDAP configuration wizard. 1. Click Delete. clear the “LDAP Authentication is enabled” check box and click Update. Tip: To deny LDAP Authentication for all groups. The users in this group will not be able to access BusinessObjects Enterprise. To change connection settings Go to the Authentication management area of the CMC. Viewing mapped LDAP users and groups You can view your LDAP mapped groups in BusinessObjects Enterprise by clicking the LDAP tab (located in the Authentication management area). In the “Mapped LDAP Member Groups” area. 272 BusinessObjects Enterprise Administrator’s Guide . 5. Click Update. 4. If LDAP authorization is configured.

Click Update. and each LDAP host must refer to all additional hosts from which you wish to map groups. enter all hosts when you configure LDAP using the LDAP configuration wizard (see “Configuring LDAP authentication” on page 263 for details. Delete currently mapped groups that will no longer be accessible under the new connection settings. go to the Authentication management area of the Central Management Console and click the LDAP tab. click the name of the LDAP host to open the page that enables you to add or delete hosts. Subsequent hosts are treated as failover hosts. If LDAP authorization is configured. BusinessObjects Enterprise Administrator’s Guide 273 . 6. 9. Note: • The order in which the hosts are communicated with matters. For more information about LDAP hosts and referrals. 10. 8. Click Update. you can add fault tolerance to your system by adding multiple LDAP hosts. Map your new LDAP member groups. the LDAP Server Configuration Summary page appears. You can also modify the Mapped LDAP Member Groups area. see your LDAP documentation. The primary LDAP host and all failover hosts must be configured in exactly the same way. BusinessObjects Enterprise uses the first host that you add as the primary LDAP host. Click the LDAP tab.) Or if you have already configured LDAP. On this page you can change any of the connection parameter areas or fields. 3.Managing User Accounts and Groups Managing LDAP accounts 12 2. 7. Change your connection settings. Managing multiple LDAP hosts Using LDAP and BusinessObjects Enterprise. followed by the remaining failover hosts. To add multiple LDAP Hosts. Click Update. so ensure that you add the primary host first. Click Update. 4. 5. In the LDAP Server Configuration Summary area. Change your Alias and New User options.

see “Configuring LDAP authentication” on page 263. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. For more information. • Creating a new LDAP group account • If you create a new LDAP group account. If you create a new LDAP user account. However. For more information. you cannot use the highest level of SSL security (that is. • Disabling an LDAP user account If you disable an LDAP user account. the user can still access BusinessObjects Enterprise using that account. refresh the group list. see “Configuring LDAP authentication” on page 263. and that LDAP user account is mapped to BusinessObjects Enterprise. see “Viewing mapped LDAP users and groups” on page 272. refresh the user list. add it to BusinessObjects Enterprise.”) For more information. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. if the user also has an account that uses Enterprise authentication. see “Configuring LDAP authentication” on page 263. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise. If you create a new LDAP group account. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. either map the group to BusinessObjects Enterprise. 274 BusinessObjects Enterprise Administrator’s Guide . For more information. or add the new LDAP user account to a group that is already mapped to BusinessObjects Enterprise. you cannot select “Accept server certificate if it comes from a trusted Certificate Authority and the CN attribute of the certificate matches the DNS hostname of the server. see “Viewing mapped LDAP users and groups” on page 272. the user will not be able to log on to BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing LDAP accounts • If you use failover LDAP hosts. For more information. Troubleshooting LDAP accounts Creating a new LDAP user account • If you create a new LDAP user account.

For information on how AD authentication works in conjunction with BusinessObjects Enterprise. see the developer documentation available on your product CD. all of the BusinessObjects Enterprise client tools support AD authentication. Once you have mapped your AD users and groups.Managing User Accounts and Groups Managing AD accounts 12 Disabling an LDAP group account If you disable an LDAP group account. Note: • • • • AD authentication only works for servers running on Windows systems. and that LDAP group account is mapped to BusinessObjects Enterprise. except for the Import Wizard. You can also create your own applications that support AD authentication. Managing AD accounts This section provides an overview of AD authentication and the tasks related to managing it. see “Windows AD security plug-in” on page 240. “Mapping AD accounts” on page 276 “Unmapping AD groups” on page 280 “Viewing mapped AD users and groups” on page 280 “Troubleshooting AD accounts” on page 281 “Setting up AD single sign-on” on page 282 Managing AD accounts includes the following tasks: • • • • • BusinessObjects Enterprise Administrator’s Guide 275 . the user can still access BusinessObjects Enterprise using that account. Users cannot log on to BusinessObjects Enterprise using AD authentication via the Java SDK. if the administrator changes his or her password or if the account becomes disabled). For more information. AD authentication and aggregation may not continue to function if the administration credentials become invalid (for example. AD authentication and aggregation is not functional without a network connection. the users who belong to that group will not be able to log on to BusinessObjects Enterprise. However. if the user also has an account that uses Enterprise authentication.

Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. Click the Windows AD tab. select the Single Sign On is enabled check box. If you will be using single sign-on.12 Managing User Accounts and Groups Managing AD accounts Mapping AD accounts To simplify administration. BusinessObjects Enterprise supports AD authentication for user and group accounts. 2. Note: If you select this option. In the “AD Administration Credentials” area. Ensure that the Windows Active Directory Authentication is enabled check box is selected. However. you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. before users can use their AD user name and password to log on to BusinessObjects Enterprise. 1. 276 BusinessObjects Enterprise Administrator’s Guide . you must also configure the IIS for single sign-on. Go to the Authentication management area of the CMC. you must have created a domain user account on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. When you map an AD account. 4. see “Setting up AD single sign-on” on page 282. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. To map AD users and groups Before starting this procedure. For details. 5. enter the name and password of the domain user account you’ve set up on your AD server for BusinessObjects Enterprise to use when authenticating AD users and groups. ensure that you have the appropriate AD domain and group information. As well. their AD user account needs to be mapped to BusinessObjects Enterprise. 3.

Managing User Accounts and Groups Managing AD accounts 12 BusinessObjects Enterprise Administrator’s Guide 277 .

8. 9. Note: • • 7.... dc=DomainName. map groups. Windows AD does not support local users.. that is. The group is added to the list. In the “Mapped AD Member Groups” area. you can use only the NT name format (\\ServerName\GroupName).. dc=com) Note: If you want to map a local group.12 Managing User Accounts and Groups Managing AD accounts Administration credentials can use one of the following formats: • • NT name (DomainName\UserName) UPN (user@DNS_domain_name) Administration credentials must be entered to enable AD authentication. enter the AD domain\group in the Add AD Group (Domain\Group) field. 278 BusinessObjects Enterprise Administrator’s Guide . . 6. and so on. By entering the Default AD Domain name. Select either: • Assign each added AD alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name. Complete the Default AD Domain field.. users from the default domain do not have to specify the AD domain name when they log on to BusinessObjects Enterprise via AD authentication. Groups can be mapped using one of the following formats: • • NT name (DomainName\GroupName) DN (cn=GroupName. Groups from the default domain can be mapped without specifying the domain name prefix. AD aliases will be assigned to existing users (auto alias creation is turned on). are added as new AD users. Users who do not have an existing Enterprise account. Click Add. New Alias Options allow you to specify how AD aliases are mapped to Enterprise accounts. or • Create a new account for every added AD alias Use this option when you want to create a new account for each user. check rights. or who do not have the same name in their Enterprise and AD account. Therefore they will not be able to access BusinessObjects Enterprise. This means that local users who belong to a mapped local group will not be mapped to BusinessObjects Enterprise.

or for all users if you selected the “Create a new account for every added AD alias” option. 11. Update Options allow you to specify if AD aliases are automatically created for all new users. You must have a named user license available for each user account created using this option. For details. a 100 user concurrent license could support 250. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to AD accounts. 500. This provides named users with access to the system regardless of how many other people are connected. Select either: • New users are created as named users New user accounts are configured to use named user licenses. depending on how often and how long users access BusinessObjects Enterprise. Instead. or • No new aliases will be added and new users will not be created Use this option when the AD directory you are mapping contains many users. see “Creating a user and a third-party alias” on page 294. For example. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. if required) only for users who log on to BusinessObjects Enterprise. but only a few of them will use BusinessObjects Enterprise. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every AD user mapped to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 279 . or 700 users. Note: You can also add AD users individually by adding them as a new user in BusinessObjects Enterprise and selecting Windows AD authentication. This type of licensing is very flexible because a small concurrent license can support a large user base. New AD accounts are added for users without BusinessObjects Enterprise accounts. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses.Managing User Accounts and Groups Managing AD accounts 12 10. it creates aliases (and accounts.

clear the “Windows Active Directory Authentication is enabled” check box and click Update. Note: You can view the groups by clicking the Windows AD tab from the Authentication management area and then viewing the “Mapped AD Member Groups” area. A message appears stating that it will take several seconds to update the member groups. To restrict access. In the “Mapped AD Member Groups” area. Click the Windows AD tab. Click Update. see “Managing Enterprise and general accounts” on page 253.12 Managing User Accounts and Groups Managing AD accounts 12. Click Delete. it is possible to unmap groups using BusinessObjects Enterprise. Under Group Name. Viewing mapped AD users and groups 1. For more information. disable or delete the user’s Enterprise account. Unmapping AD groups Similar to mapping. Go to the Groups management area of the CMC. 1. 2. select the AD group you would like to remove. Tip: To deny AD authentication for all users. Click Update. 5. 2. 3. To unmap AD groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. users cannot be viewed from the Windows AD tab. 280 BusinessObjects Enterprise Administrator’s Guide . Note: The only exceptions to this occur when a user has an alias other than the one assigned for AD authentication. 13. 3. The users in the deleted group will no longer be able to access BusinessObjects Enterprise. 4. Click OK. click the hyperlink to a Windows AD group Click the Users tab.

you need to click Update in the Windows AD tab (found in the Authentication management area). there are three ways you can get the new AD account into BusinessObjects Enterprise. but the user won’t be added until he or she logs on to BusinessObjects Enterprise. ensure that you update the user list by clicking Update in the Windows AD tab found in the Authentication management area. You can go to the Windows AD tab in the Authentication management area and select the option to add all new aliases and create all new users. Choose the method that works best for your situation: When the new AD user logs on to BusinessObjects Enterprise and selects AD authentication. Note: The nested AD group will not get mapped to BusinessObjects Enterprise by this operation. You can add the new user to BusinessObjects Enterprise and select Windows AD authentication. • When you have added a new account in AD. see “Mapping AD accounts” on • • • BusinessObjects Enterprise Administrator’s Guide 281 . and you would like the users of this nested group to get imported into BusinessObjects Enterprise. User accounts are automatically created for AD users who are added to an AD group when these users successfully log on to BusinessObjects Enterprise. This is the simplest method and it doesn’t require any extra steps. Note that you must click Update to ensure that new users are imported properly. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. See “Creating a user and a third-party alias” on page 294. and the AD group to which the account belongs is already mapped to BusinessObjects Enterprise. see “Viewing mapped AD users and groups” on page 280. and then click Update. For details. The user is added and is automatically assigned a Windows AD alias. the system will add the user to BusinessObjects Enterprise. For information on viewing AD users and groups. • Adding an AD group account to a mapped AD group • When you add an AD group account to an AD group that was previously mapped to BusinessObjects Enterprise. In this case all AD users will be added to BusinessObjects Enterprise.Managing User Accounts and Groups Managing AD accounts 12 Troubleshooting AD accounts Creating a new AD user account • If you create a new AD user account.

12 Managing User Accounts and Groups Managing AD accounts page 276. However. if the AD group contains many users who don’t require access to BusinessObjects Enterprise. see “Enabling AD single sign-on in CMC” on page 283. For details. see “Configuring Kerberos single sign-on” on page 299. Note: • • • • • AD single sign-on is not supported on client machines running on Windows 98. Note: You must also enable AD single sign-on in the CMC.config file for AD single sign-on” on page 283 Note: For information on how to set up end-to-end single sign on with AD and Kerberos. you have to configure the IIS Business Objects virtual directory. Setting up AD single sign-on Installation of the Active Directory plug-in for BusinessObjects Enterprise enables you to use AD single sign-on. Modify the web.config file. By default. you may want to add the user individually instead.config file for AD single sign-on” on page 283. 3. Configuring IIS for AD single sign-on 1. AD single sign-on is not enabled. To configure the IIS web server for AD single sign-on Using the documentation included with your IIS server. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282. 282 BusinessObjects Enterprise Administrator’s Guide . for AD single sign-on to work. 2. Restart your IIS server. Setting up AD single sign-on to BusinessObjects Enterprise includes the following tasks: “Configuring IIS for AD single sign-on” on page 282 “Enabling AD single sign-on in CMC” on page 283 “Modifying the web. Note: For AD single sign-on to function correctly. See “Modifying the web. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. However. Ensure that Integrated Windows authentication check box is selected.

4. To modify the web.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. 2. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. Click the Windows AD tab. 3.<remove name=“WindowsAuthentication”/> --> Note: For AD single sign-on to function correctly. see “Configuring IIS for AD single sign-on” on page 282.config file for AD single sign-on Make the following modifications to the web. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282.config file as shown: <!-.config file: • • 2.config file to make sure Windows authentication is enabled. <identity impersonate="true" /> <Authentication mode="Windows" /> Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. Note: For AD single sign-on to function correctly. you must also configure the IIS for single sign-on. Modifying the web. Select the Single sign-on is enabled check box. Note: If you select this option.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web. Click Update. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. BusinessObjects Enterprise Administrator’s Guide 283 .config file: • • 3. To enable the Windows AD plug-in for single sign-on in CMC Go to the Authentication management area of the CMC. make sure you complete all tasks listed in “Setting up AD single sign-on” on page 282. For details.config file for AD single sign-on Add the following lines to the <system. 1.Managing User Accounts and Groups Managing AD accounts 12 Enabling AD single sign-on in CMC 1.

you can choose to create a new BusinessObjects Enterprise account or link to an existing BusinessObjects Enterprise account. 2000. before users can use their NT user name and password to log on to BusinessObjects Enterprise. For information on how NT authentication works in conjunction with BusinessObjects Enterprise. or 2003 machine. or 2003 accounts. “Mapping NT accounts” on page 284 “Unmapping NT groups” on page 288 “Viewing mapped NT users and groups” on page 289 “Troubleshooting NT accounts” on page 290 “Setting up NT single sign-on” on page 292 Managing NT accounts includes the following tasks: Mapping NT accounts To simplify administration. When you map an NT account. or through the CMC. click User Manager. 2. 2000. see “Windows NT security plugin” on page 236. by using the User Manager in Windows NT or Computer Management in Windows 2000. Select the BusinessObjects NT Users group. NT authentication is installed and enabled by default. BusinessObjects Enterprise supports user and group accounts that are created using Windows NT. If you install BusinessObjects Enterprise on a Windows NT. Note: • • • • • • • NT authentication only works for servers running on Windows systems. Note: NT accounts refer to both Windows NT and 2000 accounts. 284 BusinessObjects Enterprise Administrator’s Guide . However. their NT user account needs to be mapped to BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing NT accounts Managing NT accounts This section provides an overview of NT authentication and the tasks related to managing it. Note: Ensure that you have selected the domain that contains the BusinessObjects NT Users group. To map NT users and groups using Windows NT From the Windows Administrative Tools program group. NT accounts refer to Windows NT. You can map NT accounts to BusinessObjects Enterprise through Windows. 1.

Click OK to complete the process. 7. 6. click Properties. 1. 7. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Click Add. 6.Managing User Accounts and Groups Managing NT accounts 12 Note: The BusinessObjects NT Users group is created automatically in Windows NT when you install BusinessObjects Enterprise on Windows NT. 3. Click OK or Apply (and then Close) to complete the process. Click the Groups folder. 4. To map NT users and groups using Windows 2000 From the Windows Administrative Tools program group. From the User menu. 4. Select the group(s) and/or user(s). Click OK to add the group(s) and/or user(s). select Properties. Click Add. ensure you have the NT domain and group information. 5. then click Add. then click Add. Tip: Users will now be able to log on to InfoView using their NT account if they use the following format: \\NTDomainName\NTusername or NTMachineName\LocalUserName Users do not have to specify the NT Domain Name if it is specified in the “Default NT Domain” field on the Windows NT tab. Go to the Authentication management area of the CMC. select Local Users and Groups. click Computer Management. Select the group(s) and/or user(s). To map NT users and groups using BusinessObjects Enterprise Before starting this procedure. Select the BusinessObjects NT Users and from the Action menu. BusinessObjects Enterprise Administrator’s Guide 285 . 1. Under System Tools. 5. 8. 3. 2. Click OK to add the group(s) and/or user(s).

you don’t have to specify the NT domain name when you map groups.12 Managing User Accounts and Groups Managing NT accounts 2. 286 BusinessObjects Enterprise Administrator’s Guide . Note: By typing the default NT Domain Name. To change the Default NT domain. Note: If you select this option. Click the Windows NT tab. 3. you must also configure the IIS for single sign-on. see “Setting up NT single sign-on” on page 292. Complete the Default NT Domain field. because users who use one of the web applications would automatically have the same access privileges as the IIS machine account. For details. 4. If you will be using single sign-on. Also. click the domain name. select the Single Sign On is enabled check box. 5. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. users do not have to specify the NT Domain Name when they log on to BusinessObjects Enterprise via NT authentication. Ensure that the NT Authentication is enabled check box is selected.

if required) only for users who log on to BusinessObjects Enterprise. The group is added to the list. 9. are added as new NT users. Note: If you want to map a local NT group. or who do not have the same name in their Enterprise and NT account. enter the NT domain\group in the Add NT Group (NT Domain\Group) field. NT aliases will be assigned to existing users (auto alias creation is turned on). Select either: • Assign each added NT alias to an account with the same name Use this option when you know users have an existing Enterprise account with the same name.Managing User Accounts and Groups Managing NT accounts 12 6. 7. In the Mapped NT Member Groups area. New NT accounts are added for users without BusinessObjects Enterprise accounts. or • Create a new account for every added NT alias Use this option when you want the system to create a new account for each user. New Alias Options allow you to specify how NT aliases are mapped to Enterprise accounts. you must type \\NTmachinename\groupname. that is. BusinessObjects Enterprise does not automatically create aliases and Enterprise accounts for all users. The system ensures that the users are created with unique names. it creates aliases (and accounts. BusinessObjects Enterprise Administrator’s Guide 287 . Users who do not have an existing Enterprise account. Update Options allow you to specify if NT aliases are automatically created for all new users. Click Add. Instead. or for all users if you selected the “Create a new account for every added NT alias” option. but only a few of them will use BusinessObjects Enterprise. or • No new aliases will be added and new users will not be created Use this option when the NT directory you are mapping contains many users. Select either: • New aliases will be added and new users will be created Use this option to automatically create a new alias for every NT user mapped to BusinessObjects Enterprise. the new user will be bsmith01. if BusinessObjects Enterprise user bsmith already exists and an NT user with the same is added. For example. 8.

click Properties. For example. 3. 5. Click OK. New User Options allow you to specify properties of the new Enterprise accounts that are created to map to NT accounts. From the User menu. For more information. 11. disable or delete the user’s Enterprise account. The user or group will no longer be able to access BusinessObjects Enterprise. Select either: • New users are created as named users New user accounts are configured to use named user licenses. Select the user(s) or group(s). 2. Select BusinessObjects NT Users. or 700 users. 288 BusinessObjects Enterprise Administrator’s Guide . 1. or BusinessObjects Enterprise. This provides named users with access to the system regardless of how many other people are connected. • New users are created as concurrent users New user accounts are configured to use concurrent user licenses. a 100 user concurrent license could support 250. 500. Click Update. You must have a named user license available for each user account created using this option. see “Managing Enterprise and general accounts” on page 253. 4. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. Click OK. Named user licenses are associated with specific users and allow people to access the system based on their user name and password. To unmap NT users and groups using Windows NT From the Administrative Tools program group. Unmapping NT groups Similar to mapping. click User Manager. A message appears stating that it will take several seconds to update the member groups.12 Managing User Accounts and Groups Managing NT accounts 10. it is possible to unmap groups using the administrative tool in Windows NT/2000. then click Remove. To restrict access. 12. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. This type of licensing is very flexible because a small concurrent license can support a large user base. depending on how often and how long users access BusinessObjects Enterprise.

disable or delete the user’s Enterprise account. 4. Click Delete. click Properties. clear the “NT Authentication is enabled” check box and click Update.Managing User Accounts and Groups Managing NT accounts 12 1. The users in this group will not be able to access BusinessObjects Enterprise. 3. 1. Click Update. Viewing mapped NT users and groups There are two methods to view mapped users and groups in BusinessObjects Enterprise. Click the Groups folder. Under System Tools. Click the Windows NT tab. 4. 2. 2. Select BusinessObjects NT Users. see “Managing Enterprise and general accounts” on page 253. Select the user(s) or group(s). click Computer Management. select Local Users and Groups. To unmap NT groups using BusinessObjects Enterprise Go to the Authentication management area of the CMC. For more information. From the Action menu. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. 5. 3. see “Managing Enterprise and general accounts” on page 253. 5. disable or delete the user’s Enterprise account. The method you use depends on the way the groups and users have been mapped. For more information. 7. select the NT group you would like to remove. To restrict access. then click Remove. To restrict access. Click OK or Apply (and then Close) to complete the process. Tip: To deny NT Authentication for all groups. To unmap NT users and groups using Windows 2000 From the Administrative Tools program group. The user or group will no longer be able to access BusinessObjects Enterprise. Note: The only exceptions to this occur when a user has an alias to an Enterprise account. 6. In the Mapped NT Member Groups area. BusinessObjects Enterprise Administrator’s Guide 289 .

Note: You can view the groups and users by selecting the appropriate group from the Groups management area and then clicking the Users tab. then click BusinessObjects NT Users. Click the Windows NT tab. For more information. and the account does not belong to a group account that is mapped to BusinessObjects Enterprise. Go to the Authentication management area of the CMC. refresh the user list. 2. Click Refresh. For more information. see “Mapping NT accounts” on page 284. 6. If you create a new NT user account. To view users and groups that have been added using BusinessObjects Enterprise 1. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. Go to the Groups management area of the CMC. • 290 BusinessObjects Enterprise Administrator’s Guide . Troubleshooting NT accounts Creating a new NT user account • If you create a new NT user account. 2. If you added users and groups through Windows NT/2000. 5. 4. see “Viewing mapped NT users and groups” on page 289. Click OK. Click the Users tab. 3. The “Mapped NT Member Groups” area displays the groups that have been mapped to BusinessObjects Enterprise. add it to BusinessObjects Enterprise. If you added users and groups through the CMC. Click OK to the message which states that accessing the user list may take several seconds.12 Managing User Accounts and Groups Managing NT accounts To view users and groups that have been added using Windows NT/ 2000 or BusinessObjects Enterprise 1. then select the appropriate group.

• • Creating a new NT group account • If you create a new NT group account. In this case all NT users will be added to BusinessObjects Enterprise. the user will not be able to log on to BusinessObjects Enterprise using the mapped NT account. there are three ways you can get the new NT account into BusinessObjects Enterprise. For more information. However. This is the simplest method and it doesn’t require any extra steps. but the user won’t be added until he or she logs on to BusinessObjects Enterprise. and then click Update. and the NT group to which the account belongs is already mapped to BusinessObjects Enterprise. BusinessObjects Enterprise Administrator’s Guide 291 . the user can still access BusinessObjects Enterprise using that account. if the user also has an account that uses Enterprise authentication. and the group account does not belong to a group account that is mapped to BusinessObjects Enterprise. The user is added and is automatically assigned a Windows NT alias. For more information. and the account belongs to a group account that is mapped to BusinessObjects Enterprise. see “Viewing mapped NT users and groups” on page 289. you may want to add the user individually instead.Managing User Accounts and Groups Managing NT accounts 12 Adding an NT account to a mapped NT group When you have added a new account in NT. You can add the new user to BusinessObjects Enterprise and select Windows NT authentication. • Disabling an NT user account • If you disable an NT user account (using Windows Administrative Tools). For details. If you create a new NT group account. see “Mapping NT accounts” on page 284. See “Creating a user and a third-party alias” on page 294. the system will add the user to BusinessObjects Enterprise. refresh the group list. see “Mapping NT accounts” on page 284. Choose the method that works best for your situation: • When the new NT user logs on to BusinessObjects Enterprise and selects NT authentication. However. if the NT group contains many users who don’t require access to BusinessObjects Enterprise. add it to BusinessObjects Enterprise. You can go to the Windows NT tab in the Authentication management area and select the option to add all new aliases and create all new users.

For information on how to set up end-to-end single sign on with AD and Kerberos. see “Configuring Kerberos single sign-on” on page 299. In the developer documentation. he or she can log on using the Guest account (Enterprise authentication). when you launch the CMC. You are not required to enter any additional information. BusinessObjects Enterprise provides its own form of “anonymous single signon. change the access and authentication settings for the Enterprise virtual directory as follows: • • Deselect the Anonymous access and Basic authentication check boxes. When a user launches InfoView. even when you disable the Guest account.12 Managing User Accounts and Groups Managing NT accounts Setting up NT single sign-on You can configure BusinessObjects Enterprise to allow users to use various BusinessObjects Enterprise applications without being prompted to log on. refer to the tutorial for an example on creating a web application that uses single sign-on. Setting up NT single sign-on to BusinessObjects Enterprise includes the following tasks: • • • “Configuring IIS for NT single sign-on” on page 292 “Enabling NT single sign-on in CMC” on page 293 “Modifying the web. BusinessObjects Enterprise is designed to display a logon page. See the Platforms.” which uses Enterprise authentication. Configuring IIS for NT single sign-on 1. NT authentication occurs in the background. To configure the IIS web server for NT single sign-on Using the documentation included with your IIS server. Note: This feature is available if you are using a Microsoft Internet Information Server (IIS) web server and users are using Internet Explorer as their web browser.config file for NT single sign-on” on page 293 Note: BusinessObjects Enterprise does not support the Kerberos protocol for Windows NT. For instance. the user can select Windows NT from the Authentication list and click Log On without entering his or her user name or password. Users need only to enter their NT user name and password information once at the beginning of the NT session. Ensure that the Integrated Windows authentication check box is selected. With single sign-on enabled. 292 BusinessObjects Enterprise Administrator’s Guide . However. Design your own web applications accordingly (or modify InfoView) if you want to use NT single sign-on. see “Disabling the Guest account” on page 261. You can disable this feature—for more information.txt file included with your product distribution for a complete list of version requirements. as opposed to Windows NT authentication. if you have set up NT single sign-on.

Click Update. 3. See “Modifying the web.config file to make sure Windows authentication is enabled. Click the Windows NT tab. For details. Modify the web.config file: • • 2. Note: For NT single sign-on to function correctly. see “Configuring IIS for NT single sign-on” on page 292. because when users access one of the web applications they would automatically have the same access privileges as the IIS machine account.config file for NT single sign-on Add the following lines to the <system. To modify the web. Select the Single Sign On is enabled check box. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. To enable the Windows NT plug-in for single sign-on in CMC Go to the Authentication management area of the CMC. Modifying the web.Managing User Accounts and Groups Managing NT accounts 12 2. Note: If you select this option.config file: • • <identity impersonate="true" /> <Authentication mode="Windows" /> BusinessObjects Enterprise Administrator’s Guide 293 .web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. 3.config file for NT single sign-on Make the following modifications to the web.config file for NT single sign-on” on page 293.config file. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. 4. Enabling NT single sign-on in CMC 1.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web. Failing to configure IIS could compromise your system security if the account that IIS runs under belongs to a mapped group. 1. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292. Restart your IIS server. you must also configure the IIS for single sign-on. 2. Note: For NT single sign-on to function correctly.

<remove name=”WindowsAuthentication”/> --> Note: For NT single sign-on to function correctly. Managing aliases If a user has multiple accounts in BusinessObjects Enterprise. the alias information is displayed at the bottom of the properties page for a user. an alias enables a user to log on via more than one authentication type. 294 BusinessObjects Enterprise Administrator’s Guide . the system creates the new user in BusinessObjects Enterprise and creates a third-party alias for the user. after you map your third-party accounts to BusinessObjects Enterprise. Comment out the following line in the <httpModules> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web. In CMC. you can link the accounts using the assign alias feature. the user can log on using either a third-party user name and password or an Enterprise user name and password. LDAP. You can also reassign an alias in BusinessObjects Enterprise.12 Managing User Accounts and Groups Managing aliases 3. By assigning an alias to the user. This is useful when a user has a third-party account that is mapped to Enterprise and an Enterprise account. Managing aliases includes: • • • • • • “Creating a user and a third-party alias” on page 294 “Creating an alias for an existing user” on page 296 “Assigning an alias” on page 296 “Reassigning an alias” on page 297 “Deleting an alias” on page 297 “Disabling an aliases” on page 298 Creating a user and a third-party alias When you create a user and select an authentication type other than Enterprise. or NT aliases.config file as shown: <!-. AD. you can use the Reassign Alias feature to reassign an alias to a different a user. For example. A user can have any combination of BusinessObjects Enterprise. Thus. make sure you complete all tasks listed in “Setting up NT single sign-on” on page 292.

and it must belong to a group that is already mapped to BusinessObjects Enterprise. secWindowsNT:ENTERPRISE:bsmith. 1. for example. The New User Properties page appears. BusinessObjects Enterprise Administrator’s Guide 295 . Click OK. 2. The format of the account name must agree with the format required for the authentication type. If required. The user is added to BusinessObjects Enterprise and is assigned an alias for the authentication type you selected. bsmith. 4. Type in the third-party account name for the user. and reassign aliases to user. 6. Windows NT. 3. for example. Click New User. 5. The New User Properties page appears. you can add. assign.Managing User Accounts and Groups Managing aliases 12 Note: For the system to create the third-party alias. The user account must exist in the third-party authentication tool. for example. Select the authentication type for the user. Select the connection type for the user. To create a user and add a third-party alias Go to the Users management area of the CMC. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC.

Type in the account name for the user. 296 BusinessObjects Enterprise Administrator’s Guide . To assign an alias from another user Go to the Users management area of the CMC. The Assign Alias page appears. 4. Note: For the system to create the third-party alias. The user account must exist in the third-party authentication tool. Click the link for the user that you want to add an alias to. The alias can be an Enterprise alias. Windows NT. Note: If a user has only one alias and you assign that last alias to another user. 6. the one that was already assigned to the user and the one you just created. for example. 5.12 Managing User Accounts and Groups Managing aliases Creating an alias for an existing user You can create aliases for existing BusinessObjects Enterprise users. Click Assign Alias. Click the link for the user you want to assign an alias to. An alias is created for the user. The New Alias page appears. the system will delete the user account. at least two aliases are shown. and it must belong to a group that is mapped to BusinessObjects Enterprise. Assigning an alias When you assign an alias to a user. Select the authentication type for the user. and inbox for that account. When you view the user in CMC. personal categories. 1. 3. Click OK. The format of the account name must agree with the format required for the authentication type. 2. 3. Click New Alias. the following criteria must be met: • • • The authentication tool needs to have been enabled in CMC. and the Favorites folder. 1. or an alias for a third-party authentication tool. You cannot assign or reassign Enterprise aliases. 2. To create a new alias for a user Go to the Users management area of the CMC. you move a third-party alias from another user to the user you are currently viewing.

for example. Click the Reassign Alias button for the alias. 1. In the list. the system will delete the user account. You cannot assign or reassign Enterprise aliases. for example. and inbox for that account.Managing User Accounts and Groups Managing aliases 12 4. personal categories. and the Favorites folder. 2. Click OK. Tip: • • 6. Select the alias you want in the list of available aliases. bsmith. and inbox for that account. personal categories. Click the link for the user whose alias you want to reassign. you move a third-party alias from the user that you are currently viewing to another user. To search for a specific alias. click the name of the user that you want to assign the alias to. If a user has only one alias and you delete that alias. The user jbrown can now log on using the third-party user account and authentication method. To select multiple aliases. BusinessObjects Enterprise Administrator’s Guide 297 . To reassign an alias to another user Go to the Users management area of the CMC. 5. 4. Deleting an alias When you delete an alias. and the Properties page for user jbrown is displayed. use the Look For field. The alias for bsmith has now been assigned to the user jbrown. the system automatically deletes the user account and the Favorites folder. Note: If a user has only one alias and you reassign that alias to another user. Reassigning an alias When you reassign an alias. Click the > arrow. 5. The Reassign Alias page appears. use the SHIFT+click or CTRL+click combination. The user bsmith can no longer use this alias. 3. jbrown. the alias is removed from the system. Click OK.

12 Managing User Accounts and Groups Managing aliases 1. 2. To delete an alias Go to the Users management area of the CMC. it is best to disable the alias. Click the name of the user whose alias you want to disable. Click the Delete Alias button for the alias. Note: Deleting a user from BusinessObjects Enterprise does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. To prevent a user from accessing BusinessObjects Enterprise altogether. 3. Note: Deleting a user’s alias does not necessarily prevent the user from being able to log on to BusinessObjects Enterprise again. Click the link for the user whose alias you want to delete. Repeat this step for each alias you want to disable. disable all aliases for that user. 3. and if the account belongs to a group that is mapped to BusinessObjects Enterprise. If the user account still exists in the third-party system. then BusinessObjects Enterprise will still allow the user to log on. 4. and if the account belongs to a group that is mapped to BusinessObjects Enterprise. In the Alias area on the Properties page. Click Update. Whether the system creates a new user or assigns the alias to an existing user. Disabling an aliases You can prevent a user from logging on to BusinessObjects Enterprise using a particular authentication method by disabling the user’s alias associated with that method. 298 BusinessObjects Enterprise Administrator’s Guide . See also “Deleting an alias” on page 297. 1. The alias is deleted from the system. depends on which Update Options you have selected for the authentication tool in the Authentication management area of CMC. 2. If the user account still exists in the third-party system. To ensure a user can no longer use one of his or her aliases to log on to BusinessObjects Enterprise. The user can no longer log on using the type of authentication that you just disabled. then BusinessObjects Enterprise will still allow the user to log on. clear the Enabled check box for the alias you want disable. To disable an alias Go to the Users management area of the CMC.

BusinessObjects Enterprise Administrator’s Guide 299 . it is recommended you use a service account. see “About single sign-on” on page 232. It requires a Microsoft Internet Information Services (IIS) web server and users require Internet Explorer (IE) as their web browser. This must be a domain account that has been trusted for delegation.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring Kerberos single sign-on This section tells you how to set up end-to-end single sign-on to your BusinessObjects Enterprise system and its back-end databases by using Kerberos and Windows AD authentication. You can either create a new domain account or use an existing domain account. 6. Note: Instead of a service account. “Configuring the servers” on page 300 “Configuring the Windows AD plug-in for Kerberos authentication” on page 301 “Configuring the IIS and browsers” on page 303 “Configuring IIS for end-to-end single sign-on” on page 305 “Configuring BusinessObjects Enterprise web applications” on page 312 “Configuring the databases for single sign-on” on page 313 Setting up a service account To configure BusinessObjects Enterprise for end-to-end single sign-on using Kerberos and Windows AD authentication. 3. before you can proceed you must have set up the service account. 2. For general information about the levels of single sign-on that are supported in BusinessObjects Enterprise. you could use a user or computer domain account. 4. However. BusinessObjects Enterprise currently supports single sign-on to the database with Windows AD using Kerberos for the Windows platform only. See the Platforms. Configuration process overview Configuring end-to-end single sign-on using Kerberos includes the following main steps: 1. 7. However.txt file included with your product distribution for a complete list of version requirements. you require a service account. “Setting up a service account” on page 299 Note: The order in which you complete these steps is not important. 5. The service account will be used to run the BusinessObjects Enterprise servers.

300 BusinessObjects Enterprise Administrator’s Guide . 5. 3. This must be done on each machine running the following servers: • • • • CMS Page Server Report Application Server Web Intelligence Report Server To configure the server machines Note: To complete this procedure. Double-click Act as part of the operating system. refer to http://msdn. Double-click the service account.microsoft. 4. 2. depending on whether you are using Windows 2000 or Windows 2003: • • In Windows 2000. Click Add. set up the domain service account. Configuring the servers Configuring the BusinessObjects Enterprise servers includes: • • “Configuring the server machines” on page 300 “Configuring the servers to use the service account” on page 301 Configuring the server machines In order to support end-to-end single sign-on. In Windows 2003.com. For detailed instructions. Note: The procedure for setting up a domain service account varies. you must grant the service account the right to act as part of the operating system.12 Managing User Accounts and Groups Configuring Kerberos single sign-on To set up the service account On the domain controller. and then click OK. Click Start > Administrative Tools > Local Security Policy. you require a service account that has been trusted for delegation. you may have to first add a service principal name (SPN) for the domain account. ensure that the Account is trusted for delegation option has been selected for the account. then click User Rights Assignment. 1. ensure that the following two options have been selected for the account: • • Trust this user for delegation to specified service only Use Kerberos only If you are using Windows 2003. See “Setting up a service account” on page 299. Click Local Policies.

On the Properties tab: a. 4. For detailed instructions. the CMS server. Start the CCM. Click Apply. This includes: • Ensuring Windows AD authentication is enabled.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 6. and then click OK. c. In the Log On As area. Double-click the server you want to configure. Configuring the Windows AD plug-in for Kerberos authentication In order to support Kerberos single sign-on. The Properties dialog box is displayed. you have to configure the Windows AD security plug-in in the CMC to use Kerberos authentication. 7. 3. 1. you require a service account that has been trusted for delegation. see “Controlling users’ access to objects” on page 317. Repeat steps 2 through 5 for each BusinessObjects server that has to be configured. 6. and then click OK. Stop the server you want to configure. you must use CCM and configure the following servers to log on as the service account: • • • • CMS server Page Server Report Application Server Web Intelligence Report Server To configure a server Note: To complete this procedure. for example. See “Setting up a service account” on page 299. Start the server again. Repeat the above steps on each machine running a BusinessObjects Enterprise server. deselect the System Account check box. 5. b. Configuring the servers to use the service account In order to support Kerberos single sign-on. BusinessObjects Enterprise Administrator’s Guide 301 . 2. Enter the user name and password for the service account. Ensure that the Local Policy Setting check box is selected.

Note: The AD Administrator account requires read access to Active Directory only. In the “Mapped AD Member Group” area. Click the Windows AD tab. map the AD group for the AD users who require access to BusinessObjects Enterprise via AD authentication and single sign-on. Enabling Kerberos single sign-on and setting the service principal name (SPN) to use a service account.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • Setting up an AD Administrator account. Click Update. • • • Select the Use Kerberos authentication check box. Click AD Administrator Name. Under Authentication Options select the following: 7. enter the service principal name of the service account. it does not require any other rights. In the Service Principal Name box. Click Update. 1. 6. See “Mapping AD accounts” on page 276. b. Note: This must be the same account that you use to run the BusinessObjects Enterprise servers. Select the Cache Security context (required for SSO to database) check box. Enter the name and password for the account and the default AD Domain. see “Managing AD accounts” on page 275. it does not require any other rights. Ensure that the Windows Active Directory Authentication is enabled check box is selected. c. This account requires read access to Active Directory only. Set up the AD administrator account: a. 3. 302 BusinessObjects Enterprise Administrator’s Guide . 8. 2. 5. Select the Single sign-on is enabled check box. Note: For related information about configuring the Windows AD plug-in. 4. See “Setting up a service account” on page 299. To configure the Windows AD security plug-in Go to the Authentication management area of the CMC.

Click the Single Sign-On tab.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring the cache expiry When the system is using AD and Kerberos single sign-on. 3. If the CMS cache expiry is less than that of the ticket. If the CMS cache expiry is zero. the system renews the ticket until the CMS cache expiry is reached. To configure the servers in CMC Go to the Servers management area of the CMC. Use the following procedure to change these settings when needed. Configuring the IIS and browsers In order to support Kerberos end-to-end single sign-on. Page Server. you have to configure the BusinessObjects Enterprise clients. This applies to the CMS. 5. the ticket will expire when the CMS cache expiry is reached. 2. Report Application Server. Click the link for the server. 1. The CMS uses the cache expiry as follows: • • • If the CMS cache expiry is greater than that of the ticket. you can control the cache expiry for each instance individually. The system comes configured with default values for the server cache expiry. and Web Intelligence Report Server. Click Update. This includes: • • “Configuring the BusinessObjects Enterprise clients on the IIS” on page 304 “Configuring the Internet Explorer browser on a client machine” on page 304 BusinessObjects Enterprise Administrator’s Guide 303 . it uses the cache expiry for certain BusinessObjects Enterprise servers to determine whether a logon ticket is still valid. The other servers use either their cache expiry or the ticket expiry. the system will use the globally set ticket expiry. the ticket will expire when the lowest expiry value is reached. 4. Regardless of whether the cache expiry for the server is greater or less than that of the ticket. whichever has the lowest value. Type in a new cache expiry value. Note: If you are running multiple instances of a server.

3. 2. c. 7. Turn off Anonymous Access. The Internet Options dialog box appears. 1. This includes: • • Setting up the client machines for integrated Windows authentication. open an Internet Explorer browser window. 6. Configuring the Internet Explorer browser on a client machine To support Kerberos end-to-end single sign-on. you have to configure the Internet Explorer (IE) browser on the BusinessObjects Enterprise client machines. you have to configure the BusinessObjects clients on the IIS to use integrated Windows authentication. Enable integrated windows authentication: a. For details. 5. Turn on Integrated Windows Authentication. To configure the clients for Windows authentication On the IIS. Click the Advanced tab. in the Internet Information Services window. 304 BusinessObjects Enterprise Administrator’s Guide . 1. refer to you Windows documentation. 2. To configure the IE browser on the client machines On the client machine. you do not need to configure the browser for single sign-on. Right-click businessobjects and select Properties. 4. Click OK. and then click OK again. d. On the Directory Security tab. Note: You can automate the following steps through a registry key. b. Repeat the above for crystalreportviewer. Click Tools > Internet Options. Click the Enable integrated windows authentication option. click Edit. See also “Configuring IIS for single sign-on to databases only” on page 309. Navigate to the Security settings. expand the tree on the left and go to businessobjects under Default Web Site. and then click Apply. Adding the IIS to the trusted sites.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring the BusinessObjects Enterprise clients on the IIS To support Kerberos single sign-on. Note: If configuring the IIS for single sign-on to the database only.

Type in the web site for the IIS. for example. Repeat the above steps on each BusinessObjects Enterprise client machine. Click Advanced. You can enter the full domain name of the site: a. see: • • “Configuring IIS for single sign-on to databases only” on page 309 “Configuring web applications for single sign-on to the databases” on page 313. if you don’t want to run the IIS worker processes under an account that has been trusted for delegation. Add the IIS to the Trusted sites. b. f. e. Configuring IIS for end-to-end single sign-on To support Kerberos end-to-end single sign-on.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3. you have to set the IIS and the Aspnet_wp. depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for Kerberos end-to-end single sign-on” on page 305 “Configuring IIS6 for Kerberos end-to-end single sign-on” on page 307 Note: Instead of configuring the IIS worker processes for end-to-end single sign-on you can configure them to use single sign-on to the database only. Click Tools > Internet Options.exe worker process to run as a domain account that has been trusted for delegation. Click Sites. and then click OK twice more to close the Internet Options dialog box. Click OK. c. the worker processes of the IIS have to run under a domain account that is trusted for delegation. 5. and then click Add. For more information. Close the Internet Explorer browser windows and then open them again for the changes to take effect. The Internet Options dialog box appears. You may want to do this. d. BusinessObjects Enterprise Administrator’s Guide 305 . 4. Click the Security tab. Refer to either of the following procedures. Configuring IIS5 for Kerberos end-to-end single sign-on To support Kerberos end-to-end single sign-on.

which would result in an error condition.com but the machine name is web. Note: For security reasons. the password will be automatically generated and won’t expire.domainname. If the machine name for the web server is different from the name that is used to access it. To do this. • • userName="SYSTEM" Password="AutoGenerate" In the above path name.NET\Framework\version\CONFIG\machine. For complete information about security risks associated with system or user domain accounts.exe to run as a machine domain account. config file: 1. Set the Aspnet_wp. refer to the Microsoft web site: www. Which approach you use. If you use a user domain account you have more control over the rights for the account. depending on whether you want to use a machine or user domain account: • • “To run the IIS5 worker process under the machine domain account” on page 306 “To run the IIS5 worker process under a user domain account” on page 307 To run the IIS5 worker process under the machine domain account On the domain controller. Changing this property can take several minutes to propagate. Note: Configuring the Aspnet_wp. version represents the software version. Each approach has advantages and disadvantages: • • If you use a machine domain account. but the password could be exposed or modified. nor can it be exposed or modified.microsoft. 2. depends on how you want to manage your system security. make sure that the account which the IIS helper processes run under does not belong to a mapped group. 3.com serverhost For example. 306 BusinessObjects Enterprise Administrator’s Guide . Refer to either of the following procedures.com. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost.domainname.12 Managing User Accounts and Groups Configuring Kerberos single sign-on You can run the IIS either under the machine domain account or under a user domain account.NET web applications on the web server to run as privileged system accounts. set the domain account of the IIS machine to be trusted for delegation. and it may expire.exe account to run as a machine domain account will cause all ASP.domainname. if access is via www.com.

domainname.exe worker process to run as an account that has been trusted for delegation. depends on how you want to manage your system security.domainname.com. Note: For security reasons. version represents the software version.microsoft.com but the machine name is web. To run the IIS5 worker process under a user domain account Set the Aspnet_wp. If you use a user domain account you have more control over the rights for the account. Configuring IIS6 for Kerberos end-to-end single sign-on To support Kerberos for end-to-end single sign-on.com serverhost For example. but the password could be exposed or modified.domainname. and password is the password for the domain account. depending on whether you want to use a machine or user domain account: BusinessObjects Enterprise Administrator’s Guide 307 . To do this. You can run the IIS either under the machine domain account or under user domain account.exe to run as a user domain account that has been trusted for delegation. change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. 2. the password will be automatically generated and won’t expire. nor can it be exposed or modified. Which approach you use.config file: • • userName="domainaccount" Password="password" Where domainaccount is a domain account that you have set to be trusted for delegation.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1. For complete information about security risks associated with system or user domain accounts. Refer to either of the following procedures. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. Each approach has advantages and disadvantages: • • If you use a machine domain account. if access is via www. and it may expire. refer to the Microsoft web site: www. If the machine name for the web server is different from the name that is used to access it.com. In the above path name. which would result in an error condition.NET\Framework\ version\CONFIG\machine. you have to set the IIS and w3wp. make sure that the account which IIS helper processes run under does not belong to a mapped group.

exe account to run as a LocalSystem account will cause all ASP. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. d. Note: For security reasons. Type in a name for the application pool. On the Identity tab select LocalSystem from the list.exe worker process: a.com. 2. e. g.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • • “To run the IIS6 worker process under the machine domain account” on page 308 “To run the IIS6 worker process under a user domain account” on page 309 To run the IIS6 worker process under the machine domain account On the domain controller. 308 BusinessObjects Enterprise Administrator’s Guide . and then click Apply. and then click Apply. skip step 1. Configure the account for the w3wp. f. right-click the machine name and select Application Pool > New. expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX. Right-click InfoView and select Properties. Note: Configuring the w3wp.NET web applications on the web server to run as privileged system accounts. set account of the IIS machine to be trusted for delegation. Right-click the application pool you created. 3.domainname. See also “Configuring IIS for single sign-on to databases only” on page 309. In the Internet Service Manager window.com but the machine name is web. On the Directory tab select the new application pool name from the list. and select Properties. Changing this property can take several minutes to propagate! If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database.domainname. make sure that the account which the IIS worked processes run under does not belong to a mapped group.com serverhost For example. In the tree panel on the left. if access is via www.domainname. 1. b. If the machine name for the web server is different from the name that is used to access it. c.

change the following parameters in the <processModel> block in the \WINDOWS\Microsoft. skip step 1.Microsoft. or whether you want users to provide their logon credentials when they log in to BusinessObjects Enterprise. To do this. 1. the system generates a logon token to provide single sign-on access to the databases. See also “Configuring IIS for single sign-on to databases only” on page 309. To run the IIS6 worker process under a user domain account Set the w3wp. If the machine name for the web server is different from the name that is used to access it. Refer to either of the following procedures. Note: If you don’t want to use end-to-end single sign-on but want to provide single sign-on to the database. depending on whether you are using IIS5 or IIS6: • • “Configuring IIS5 for single sign-on to database only” on page 310 “Configuring IIS6 for single sign-on to database only” on page 311 BusinessObjects Enterprise Administrator’s Guide 309 . but the account does not have to be trusted for delegation. 2. Add the domain account to the IIS_WPG local group. if access is via www.com. Where domainaccount is a domain account that you have set to be trusted for delegation. and password is the password for the domain account. Configuring IIS for single sign-on to databases only When using Kerberos with Windows AD.com but the machine name is web. version represents the software version.domainname.exe to run as a user domain account that has been trusted for delegation. For example. To use single sign-on to the databases only Configure the IIS worker processes to run as a domain account in order for the network to recognize their accounts.domainname. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost.config file: • • userName="domainaccount" Password="password" In the above path name.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 1. make sure that the account which the IIS worker processes run under does not belong to a mapped group. For more information.domainname. When users log on to BusinessObjects Enterprise.com serverhost 3. For security reasons. and give it the relevant rights to access the needed files. see http://msdn.com. you can choose whether you want to provide end-to-end single sign-on.NET\Framework\ version\CONFIG\machine.

NET web applications on the web server to run as privileged system accounts.exe to run as a machine domain account. and it may expire. See “Configuring web applications for single sign-on to the databases” on page 313. the password will be automatically generated and won’t expire. For security reasons. Each approach has advantages and disadvantages: • • If you use a machine domain account.12 Managing User Accounts and Groups Configuring Kerberos single sign-on 2. To configure the IIS5 for single sign-on to databases only Make sure IIS is running as a domain account Set the Aspnet_wp.NET\Framework\version\CONFIG\machine. For complete information about security risks associated with system or user domain accounts. config file: • • userName="SYSTEM" Password:="AutoGenerate" In the above path name. 3. Clear the Single Sign On is enabled check box on the Windows AD page in the Authentication management area in CMC. To do this. You can run the IIS worker process either under the machine domain account or under a user domain account. If you use a user domain account you have more control over the rights for the account.com. See “Configuring the Internet Explorer browser on a client machine” on page 304. 310 BusinessObjects Enterprise Administrator’s Guide .exe account to run as a machine domain account will cause all ASP. 1. but the account does not have to be trusted for delegation. you do not need to configure the browser for single sign-on. depends on how you want to manage your system security. Configuring IIS5 for single sign-on to database only To support single sign-on to the database only. change the following parameters to the <processModel> block in the \WINDOWS\Microsoft. you have to set the Aspnet_wp. Which approach you use. Configure the web applications for single sign-on to the database instead of end-to-end single sign-on. 2. which would result in an error condition. Note: If configuring the IIS for single sign-on to the database only. make sure that the account which IIS runs under does not belong to a mapped group. refer to the Microsoft web site: www. version represents the software version.exe worker process to run as a domain account. nor can it be exposed or modified. Note: • • Configuring the Aspnet_wp.microsoft. but the password could be exposed or modified.

On the Directory tab select the new application pool name from the list. Configuring IIS6 for single sign-on to database only To support single sign-on to the database only. but the password could be exposed or modified. Note: • BusinessObjects Enterprise Administrator’s Guide 311 . nor can it be exposed or modified. Type in a name for the application pool. depends on how you want to manage your system security. c. g.domainname.com. On the Identity tab select LocalSystem from the list. For complete information about security risks associated with system or user domain accounts. expand machine name > Web Site > Default Web Site > businessobjects > EnterpriseXX. If you use a user domain account you have more control over the rights for the account. d.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 3.NET web applications on the web server to run as privileged system accounts. and then click Apply. and select Properties. Configure the account for the w3wp. and then click Apply. If the machine name for the web server is different from the name that is used to access it.microsoft. 1.domainname.exe worker process to run as a machine or user domain account. the password will be automatically generated and won’t expire. f. you have to set the w3wp. Right-click the application pool you created. refer to the Microsoft web site: www. if access is via www. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. In the Internet Service Manager window. e.exe account to run as a machine domain account will cause all ASP. and it may expire. which would result in an error condition. In the tree panel on the left. b. right-click the machine name and select Application Pool > New.domainname. Which approach you use.exe worker process: a.com but the machine name is web. Right-click InfoView and select Properties. but the account does not have to be trusted for delegation. To configure the IIS6 for single sign-on to databases only Make sure IIS is running as a domain account. You can run the IIS worker process either under the machine domain account or under a user domain account.com.com serverhost For example. Each approach has advantages and disadvantages: • • If you use a machine domain account. 2. Configuring the w3wp.

Configuring web applications for end-to-end single sign-on In order to use up end-to-end single sign-on. <identity impersonate="true" /> <Authentication mode="Windows" /> Enable Windows authentication by commenting out the following line in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise 11\InfoView\Web. if access is via www. 1. See “Configuring web applications for single sign-on to the databases” on page 313. add an SPN for HTTP access on the web server machine: setspn -A HTTP/serverhost. For security reasons.domainname.<remove name=”WindowsAuthentication”/> --> 312 BusinessObjects Enterprise Administrator’s Guide . you have to set the BusinessObjects Enterprise web applications to not impersonate a user.com but the machine name is web. edit the respective Web.domainname. Configuring BusinessObjects Enterprise web applications In order for the end-to-end single sign on to work.12 Managing User Accounts and Groups Configuring Kerberos single sign-on • 3. <identity impersonate="true" /> <Authentication mode="Windows" /> Add the following lines to the <system. you have to configure the BusinessObjects Enterprise web applications to impersonate the user.com.com serverhost For example.config as shown: <!-.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\WebAdmin\Web.config file: • • 3. you have to set both the CMC and InfoView web applications to impersonate the user.web> block in the C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Web Content\Enterprise11\InfoView\Web. Note: If you want to use single sign-on to the databases instead of end-toend single sign-on.config file: • • 2. If the machine name for the web server is different from the name that is used to access it. To configure the web applications for full single sign-on Add the following lines to the <system.config files on the IIS as follows. make sure that the account which IIS runs under does not belong to a mapped group. To do this. See “Configuring web applications for end-to-end single sign-on” on page 312.domainname.

Note: For security reasons.Managing User Accounts and Groups Configuring Kerberos single sign-on 12 Configuring web applications for single sign-on to the databases If you want to use single sign-on to the databases instead of end-to-end single sign-on. Users will now be able to log on to BusinessObjects Enterprise by providing their logon credentials in the InfoView or CMC logon dialog box and selecting Windows AD authentication.txt file included with your product distribution for a complete list of tested database software and version requirements. you must map the groups containing the AD users that are to have access to BusinessObjects Enterprise to a BusinessObjects Enterprise group. refer to the database vendors support documentation. Once they are logged on. you have to set BusinessObjects Enterprise web applications to not impersonate the user. For general information and for information about single sign-on to other supported databases.config file: • • <identity impersonate="false" /> <Authentication mode="Windows" /> Note: Make sure you set identity impersonate to false. Mapping AD accounts for Kerberos single sign-on In order for the Kerberos single sign-on to work. edit their Web. Configuring the databases for single sign-on This section provides information that is specific to setting up single sign-on to SQL Server databases. See “Mapping AD accounts” on page 276. BusinessObjects Enterprise Administrator’s Guide 313 . To configure the web applications for single sign-on to the databases Set the CMC to not impersonate the user by adding the following lines to the <system. To do this. the users will have single sign-on access to the databases associated with BusinessObjects Enterprise. ensure that the mapped groups do not contain the domain account that the IIS is running under.config files on the IIS as follows. Note: If you want to use single sign-on to the database only. See the Platforms.config file: • • 2. <identity impersonate="false" /> <Authentication mode="Windows" /> Set InfoView to not impersonate the users. see also “Configuring IIS for single sign-on to databases only” on page 309.web> block in the Web Content\Enterprise 11\WebAdmin\Web. by adding the following lines to the <system.web> block in the Web Content\Enterprise 11\InfoView\Web. 1.

Add an SPN for the service account of the SQL Server: setspn -A MSSQLSvc/host:port serviceaccount Where host:port is the name of the machine running SQL Server and the port that. you have to configure to be trusted for delegation. and serviceaccount is the name of the SQL Server service account. no additional configuration is required. 3. the system automatically un-registers the SPNs for the LocalSystem account. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. ensure that the following two options have been selected for the account: Trust this user for delegation to specified service only and Use Kerberos only. In Windows 2003. To run SQL Server under a service account In Active Directory. • • In Windows 2000. depending on whether SQL Server has been configured to run under the LocalSystem account or under a service account: • If SQL Server is running under the LocalSystem account. Right-click the domain account and select Properties. b. 2. How to set up security delegation varies. you may have to first add a service principal name (SPN) for the domain account.12 Managing User Accounts and Groups Configuring Kerberos single sign-on Configuring SQL Server for single sign-on In order for Kerberos single sign-on to work. c. set up the SQL Server service account for security delegation: a. and then click OK. the machines running SQL Server database must be trusted for delegation. If SQL Server is running under a service account. SQL Server registers itself when it starts and the system registers the SPN. make sure the following options are selected: • 1. If you are using Windows 2003. On the Accounts tab. 314 BusinessObjects Enterprise Administrator’s Guide . Computer is trusted for delegation Click Apply. Set the machine running SQL Server as follows: • a. ensure that the Account is trusted for delegation option has been selected for the account. When SQL Server shuts down.

Controlling User Access chapter .

316 BusinessObjects Enterprise Administrator’s Guide . Whether or not you use access levels. users. applications. the right is denied by default. user. Rights allow you to control access to your BusinessObjects Enterprise content.13 Controlling User Access Controlling user access overview Controlling user access overview Rights are the base units for controlling users’ access to objects. see “Setting common access levels” on page 320. For more information. you can set security levels that affect individual users and groups. because they can greatly reduce the complexity of your object security model. For details. each right provides a user or group with permission to perform a particular action. if contradictory settings result in a right being both granted and denied to a user or group. and to provide your IT people with administrative access to servers and server groups. It is recommended that you use the predefined access levels whenever possible. to delegate user and group management to different departments. This “denial based” design assists in ensuring that users and groups do not automatically acquire rights that are not explicitly granted. users. When granted. and other features in BusinessObjects Enterprise. you can also take advantage of the inheritance patterns recognized by BusinessObjects Enterprise: users can inherit rights as the result of group membership. and so on). servers. To facilitate administration and maintenance. subgroups can inherit rights from parent groups. Using rights. if a right is left “not specified. Each right can be Explicitly Granted. schedule reports. the Advanced Rights pages allow you to choose from the complete set of available object rights. and both users and groups can inherit rights from parent folders.” the right is denied by default. BusinessObjects Enterprise includes a set of predefined access levels that allow you to set common security levels quickly. Additionally. see “Object rights for the Report Application Server” on page 568. Explicitly Denied. Most importantly. Users require specific licensing and rights to create or modify reports through the Report Application Server (RAS). or groups. or Inherited. Each access level grants a set of rights that combine to allow users to accomplish common tasks (such as view reports. you first locate the object. or server and then you specify the rights for different users and groups. To set rights within the Central Management Console (CMC). The BusinessObjects Enterprise security model is designed such that. When you need to disable inheritance or to customize security levels for particular objects. the advanced object rights allow you to explicitly deny any user or group the right to perform a particular task.

BusinessObjects Enterprise includes a set of predefined rights (“access modes”) that allow you to set common security levels quickly. you can also set user and group rights at the folder level. see “Customizing a ‘top-down’ inheritance model” on page 331. For example. program objects. see “Controlling users’ access to objects” on page 317. you can control users’ access to specific content. You can set rights for folders. You control which folders. For objects that can be scheduled. BusinessObjects Enterprise Administrator’s Guide 317 . You set security settings at the object level. and other objects users and groups can access using BusinessObjects Enterprise. and other BusinessObjects Enterprise objects. report objects. To facilitate administration. Tip: For detailed tutorials that walk you through sample implementations of object rights. you can use rights to make sure that you are the only one who can access your reports. These include the following: • • • • • • • Inherited Rights No Access View Schedule View On Demand Full Control Advanced In addition to setting user and group rights for report objects from the Objects management area. these limits will be in effect for all objects that inherit rights from the folder (including any objects found within the subfolders). When you set rights at the folder level. For detailed information on the different “access modes” for object rights and information on inherited rights. you can set rights for each object.Controlling User Access Controlling users’ access to objects 13 Controlling users’ access to objects To secure the content that you publish to BusinessObjects Enterprise. reports. You can ensure that confidential employee records can be accessed only by the human resources department. you can grant or deny access to users and groups in your system. the security settings are also reflected in the object instances object. Setting object rights for users and groups Object rights enable you to set access levels for your users and groups. For each object. By setting object rights.

7. 318 BusinessObjects Enterprise Administrator’s Guide . click the < arrow to remove the group(s) or user(s). The Rights tab appears. To add groups or users to an object’s rights settings In the Objects management area of the CMC. 5. 2.13 Controlling User Access Controlling users’ access to objects 1. 4. 6. Click Add/Remove. select an object by clicking its link. Select an option in the Select Operation list. 2. The Rights tab appears. 1. 3. Click the Rights tab. To change a group or user’s report rights In the Objects management area of the CMC. Click the Rights tab. Click the > arrow to add the group(s) or user(s). select an object by clicking its link. Click OK. Select the group(s) or user(s) you would like to add or remove.

see “Setting advanced object rights” on page 322. The Access Level column shows how each user’s or group’s rights are determined. If you select Advanced from the list. users have been divided into two groups—Everyone and Administrators—which have been granted rights to the folder object. You can change the rights for either group by selecting a predefined access level (or by selecting Advanced) from the list in the Access Level column. Click the link that corresponds to the folder or other object whose rights you want to see. then click the object’s Rights tab. click Update to effect your changes.Controlling User Access Controlling users’ access to objects 13 3. The Net Access column displays the net effect of whatever is selected in the Access Level column. you grant or deny granular rights from the Advanced Rights page. In this case. both groups possess Inherited Rights. For more information. In this example. The Net Access column is BusinessObjects Enterprise Administrator’s Guide 319 . report. users have not been specified individually. or go to the Objects management area in the CMC to view a list of all the objects on the system. the Net Access column shows the effective rights that each user or group has to the object. Viewing object rights settings Use the CMC to view the object rights that a user or group has to any folder. then click Update. For more information. see “Setting common access levels” on page 320. A page similar to the following appears: This example shows the rights for the Report Samples folder. Go to the Folders management area in the CMC to browse your folder hierarchy for an object. Click Add/Remove to add or remove a user or group to this object. or other BusinessObjects Enterprise object. When you change an entry in the Access Level column. This section shows how to locate the rights for any object and briefly explains the information displayed on the Rights tab. The Name column lists all users and groups who have been given rights to the object. The Object column shows whether the entry is a User or a Group. instead. You can locate any given object in several ways. That is. Change the access level for a group or user by selecting a right from the appropriate list in the Access Level column.

see “Setting advanced object rights” on page 322. The available predefined access levels are No Access. When you assign an access level directly to a user. In other words. each access level builds upon the rights granted by the previous level. you prevent the user from inheriting rights that he or she may have otherwise acquired by virtue of group membership. For more information. For detailed tutorials that walk you through sample implementations of object rights. Schedule. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. they do not explicitly deny any object rights. Tip: If you want to view the individual object rights that make up a user’s (or group’s) Net Access. the Everyone group inherits rights from a parent folder—one that is not displayed on this screen. Click Cancel to exit without making changes.” The system then denies the “not specified” rights by default. then he or she inherits the combination of each group’s rights. For example. Tip: By default. • 320 BusinessObjects Enterprise Administrator’s Guide . View. This is important. and Full Control. see “Access levels” on page 565. see “Customizing a ‘top-down’ inheritance model” on page 331. because it allows users to inherit the greatest rights when they belong to multiple groups: • When you assign an access level to a group. The Net Access column shows that the rights inherited from the parent folder are equivalent to the Schedule access level. you ensure that the user has only that level of access to the object. the Schedule access level includes and adds to the rights that are granted by the View access level. If the user is a member of multiple groups. click the corresponding Access Level list and select Advanced. Consequently. the best strategy is to set the appropriate rights for users and groups at the folder level first. Setting common access levels An access level is essentially a predefined set of object rights.13 Controlling User Access Controlling users’ access to objects particularly useful when you are working with inheritance. he or she inherits the greatest possible rights. Thus. when a user is a member of multiple groups. Then publish objects to that folder. View On Demand. Access levels are based on a model of increasing rights: beginning with No Access and ending with Full Control. Although access levels grant predefined sets of object rights. In this example. The Advanced Rights page displays the user’s full array of object rights that have been specified explicitly and/or inherited. Instead. each access level grants some rights and leaves the other rights “not specified. BusinessObjects Enterprise provides a set of access levels that allow you to set common object security levels quickly. For a complete listing of the object rights that make up each access level. each user in the group will have at least that level of access to the object.

and copy the object or folder. and remove content as required. • • View On Demand In addition to the rights provided by the Schedule access level. and all generated instances of the object. the user or group is able to view the folder. InfoView. • View If this access level is set at the folder level. see “Setting advanced object rights” on page 322. pick servers to process jobs. the objects contained within the folder. the user gains the right to refresh data “on demand” against the data source. Full Control This access level grants all of the available advanced rights. For more information. • Schedule The user or group is able to view the object or folder and its contents. delete. They can also schedule to different formats and destinations. this access level is designed to provide a user or group with administrative control over one or more folders or objects. and instances).Controlling User Access Controlling users’ access to objects 13 This list provides a brief description of each access level: • No Access The user or group is not able to access the object or folder. schedule the object or refresh it against its data source. It is the only access level that allows users to delete objects (folders. • Advanced This access level does not include a predefined set of object rights. The user or group can view. add contents to the folder. edit. the history of the object. without being members of the actual Administrators group. and the CMC enforce this right by ensuring that the object is not visible to the user. BusinessObjects Enterprise Administrator’s Guide 321 . it allows you to customize a user’s or group’s access to an object by selecting from the complete range of available object rights. set parameters and database logon information. objects. the user can view the object. This access level also allows users to modify all of the object’s properties. however. including the object rights that are set on the folder or object. the Publishing Wizard. Users can then log on to the CMC and add. Basically. If this access level is set at the object level. and all generated instances of each object. The user cannot. and pause the scheduling of instances that they own. and to generate instances by scheduling the object to run against the specified data source once or on a recurring basis. Instead.

Tip: By default. If the user or group is not listed. in the future. access levels are referred to as roles. Click Update. Consequently. View. View On Demand. For details. To set an access level for a user or group Go to the Objects or Folders management area of the CMC. In the Name column.13 Controlling User Access Controlling users’ access to objects Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS). select the access level (No Access. Schedule. The result is an increased flexibility as you define security levels for objects that you have published to BusinessObjects Enterprise. 5. click Add/Remove. Then publish objects to that folder. Setting advanced object rights To provide you with full control over object security. 2. You are returned to the object’s Rights tab. These Advanced settings enable you to choose from a complete set of granular object rights. Locate the object whose rights you want to modify. for instance. 3. 4. and then click its Rights tab. locate the user or group whose rights you want to specify. Add the appropriate user or group and click OK. see “Rights and Access Levels” on page 563. see “Customizing a ‘top-down’ inheritance model” on page 331. Note: In the developer documentation. the best strategy is to set the appropriate rights for users and groups at the folder level first. Most importantly. the CMC allows you to make Advanced object rights settings for any user or group. In the Access Level column. use advanced rights to explicitly deny a user or group any right that should not be permitted to change when. 6. 322 BusinessObjects Enterprise Administrator’s Guide . 1. you make changes to group memberships or folder security levels. or Full Control) that is appropriate for the user or group. if you need to customize a user’s or group’s rights to a particular object or set of objects. see “Object rights for the Report Application Server” on page 568. Click the link to the object. For a detailed listing of the object rights that make up each access level. or if you want to customize the default inheritance patterns. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. Tip: For detailed tutorials that walk you through sample implementations of object rights. Use advanced rights.

4. Add the appropriate user or group and click OK. click the Advanced link in the Net Access column. If the user or group is not listed. You are returned to the object’s Rights tab. click Add/Remove. and then click its Rights tab. The available object rights are displayed in the Advanced Rights page. 1. 3. In the Name column. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. locate the user or group whose rights you want to specify. Locate the object whose rights you want to modify. If the Access Level is already set to Advanced. To view or set advanced rights Go to the Objects or Folders management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 323 .Controlling User Access Controlling users’ access to objects 13 Note: Because of the relative priorities assigned by BusinessObjects Enterprise to granted and denied rights. For complete details. click the list and select Advanced. 2. see “Priorities affecting advanced inheritance settings” on page 330. Click the link to the object. you must disable inheritance entirely when you need to explicitly grant a right that has been denied elsewhere to the user or group. This example shows advanced rights being applied to the Guest user for an Employee Profile report. 5.

The Inherited column serves as an indicator to show how inherited rights affect the Guest user’s effective rights to this report object. BusinessObjects Enterprise treats it as having been denied. In this example. A user or group can be granted or denied a right by virtue of inheritance. Again.” “Schedule the document to run. this demonstrates how you can use explicit rights to override a group’s rights for a particular group member. you can explicitly grant or deny any given right.” and so on). But. so the rights are denied by default. it is recommended that you leave as many rights as possible inherited. In addition. This demonstrates how inheritance can facilitate future changes to the overall security model.) In this example. Because group inheritance is disabled. (And if the right is later granted for a parent group or object. an explicitly denied right always prevents a user from performing the associated action.13 Controlling User Access Controlling users’ access to objects The first two options specify which types of inheritance affect the Guest user’s rights to this object. The Guest user is currently granted eleven rights to this report (the right to “View objects. This demonstrates how you can use explicit rights to override a group’s rights for a particular group member. However. In this example. the Guest user has been explicitly denied eleven rights (the right to “Add objects to the folder. if the Guest user’s rights should change on the report’s parent folder. Regardless of any future changes to the user’s group membership. Tip: For scalability and manageability. 324 BusinessObjects Enterprise Administrator’s Guide . If an inherited right is labelled as “Not Specified”. some rights may remain “not specified”—that is. these rights are not specified. The Explicitly Denied column works similarly to the Explicitly Granted column. the Guest user cannot inherit rights by virtue of group membership. To customize the overall security levels. even if its group membership is modified or changed completely. the rights will also change for this report object.” “Edit objects.” and so on). the Guest user may inherit any rights that he or she has been granted to this report’s parent folder. the user or group will automatically inherit the right at this level. Currently. The Explicitly Granted column shows which actions the Guest user is allowed to perform on this report. or you can specify that you want certain rights to be inherited. click OK. When you have made your changes on the Advanced Rights page. the Guest user has two inherited rights (the right to “View document instances that the user owns” and to “Pause and Resume document instances that the user owns”). because the system automatically updates those rights as you modify and update your security settings throughout the folder and group hierarchies. the Guest user will retain these rights. they are neither granted nor denied. The remainder of the Advanced Rights page lists all available object rights and shows how each right applies to the Guest user.

For example. you can set up BusinessObjects Enterprise such that you can integrate new users and new content quickly and easily. each type of object provides an additional set of rights that apply only to that object type. On the Advanced Rights pages. Using inheritance to your advantage In regards to object rights. see “Group and folder inheritance” on page 326. Base rights and available rights The BusinessObjects Enterprise system defines a set of base rights that apply to all objects in the system. The Central Management Server (CMS) is the component that keeps track of available rights. these rights may apply to objects that inherit rights from the folder. so that you can set object security at the folder level (rather than repeating the same settings for every object in the folder). By taking advantage of the ways in which object rights are inherited. the “View objects” right is a base right: it applies equally well to folders. you will find that all of the available rights are displayed for every object on the system. BusinessObjects Enterprise recognizes two types of inheritance: group inheritance and folder inheritance. and Web Intelligence Document. such as Crystal report objects. When you are setting rights for folders.Controlling User Access Controlling users’ access to objects 13 Tip: For detailed tutorials that walk you through sample implementations of object rights. In other words. Although certain object-specific rights do not strictly apply to the folder object itself. For more information. to reports. Additionally. these groups make it easier to see where the rights will be applied. In addition to these base rights. the “Refresh the report’s data” right applies only to report objects. These rights are grouped based on what type of file they apply to. see “Customizing a ‘top-down’ inheritance model” on page 331. the object-specific right “Refresh the report’s data” appears in the Report folder because it only applies to report objects. you can reduce the amount of time it takes to secure the content that you have published to BusinessObjects Enterprise. For example. Note: This is only one type of object inheritance. The list of available rights includes the base rights and all other object-specific rights that have been provided by particular object types. and to other BusinessObjects Enterprise objects. the “Refresh the report’s data” right is displayed for the folder object so that you can grant a user the right to refresh the data in all reports for which the user inherits rights from this folder. Report. Text. BusinessObjects Enterprise Administrator’s Guide 325 . For example. however. The four groups are General. Available rights are displayed for every object on the system for purposes of inheritance.

if you create a user called Sample User. see “Customizing a ‘top-down’ inheritance model” on page 331. and the user is denied any right that remains completely “not specified”. users or groups who have rights to a folder will inherit the same rights for any object that you subsequently publish to that folder. Note: If you need to disable or modify inheritance patterns for a particular folder or object within your folder hierarchy. the rights of both groups are considered when the system checks credentials. Additionally. For detailed tutorials that walk you through sample implementations of object rights. Tip: By default. 326 BusinessObjects Enterprise Administrator’s Guide . The user is denied any right that is explicitly denied in any group. Group inheritance proves especially powerful when you organize all of your users into groups that coincide with your organization’s current security conventions. suppose that you create a folder called Sales Reports. Folder inheritance allows users to inherit any rights that they have been granted on an object’s parent folder. Then publish objects to that folder. Consequently. and you provide your Sales group with View On Demand access to this folder. the user is granted only those rights that are granted in one or more groups (explicitly or through access levels) and never explicitly denied. then Sample User will automatically inherit the appropriate rights for each of the reports and folders that the Sales group has been added to. By default. and you need only set the object rights once. the Sales group will have View On Demand access to all of the reports. Folder inheritance proves especially powerful when you organize BusinessObjects Enterprise content into a folder hierarchy that reflects your organization’s current security conventions. When group inheritance is enabled for a user who belongs to more than one group. Consequently. every user that has rights to the Sales Reports folder will inherit the same rights to the reports that you subsequently publish to this folder. it is recommended that you make your initial settings at the top-level BusinessObjects Enterprise folder and disable inheritance only when necessary. For example. Group and folder inheritance Group inheritance allows users to inherit rights as the result of group membership.13 Controlling User Access Controlling users’ access to objects To facilitate administration. For example. you can do so with access levels or with advanced rights. thus. at the folder level. and add it to an existing group called Sales. the best strategy is to set the appropriate rights for users and groups at the folder level first. it is recommended that you enable and disable inheritance with access levels whenever possible (instead of with advanced rights).

If the user or group is not listed. You are returned to the object’s Rights tab. When applied to a group. View On Demand. Click Update. For details. 1. BusinessObjects Enterprise Administrator’s Guide 327 . you can enable or disable group inheritance. If the user is not listed. the Net Access entry equals the Access Level entry. folder inheritance. In the Name column. For details. see “Setting advanced object rights” on page 322. and then click its Rights tab. In the Access Level column. Add the appropriate user and click OK. Locate the object whose rights you want to modify. 2. 4. The Net Access column now displays the effective rights that the user has to the object. Locate the object whose rights you want to modify. View. 3. 5. 1. this procedure does not prevent group members from inheriting rights by virtue of membership in other groups.Controlling User Access Controlling users’ access to objects 13 Enabling and disabling inheritance with access levels With access levels. In the Access Level column. You can alternatively enable one or both types of inheritance with Advanced rights settings. To enable inheritance with an access level Go to the Objects or Folders management area of the CMC. or Full Control) that is appropriate for the user. see “Inheritance with advanced rights” on page 328. Schedule. The Net Access column now displays the effective rights that the user or group has inherited for this object. Click the link to the object. 4. 5. select the access level (No Access. 2. and then click its Rights tab. In the Name column. To disable inheritance with an access level Note: This procedure disables group and folder inheritance for a user account. or both. Click Update. locate the user or group whose rights you want to specify. Note: If the entry displayed in the Net Access column is Advanced. Click the link to the object. ensure that both types of inheritance are enabled in the parent folder’s advanced rights settings. locate the user whose rights you want to specify. select Inherited Rights for the user or group. Go to the Objects or Folders management area of the CMC. 3. Add the appropriate user or group and click OK. You are returned to the object’s Rights tab. Because you have disabled all inheritance. click Add/Remove. 6. 6. click Add/Remove.

Tip: If an individual user’s account has not been assigned any rights to the object. keep in mind that you can always assign a user a specific set of rights. If folder inheritance is enabled for the user. If the user possesses sufficient rights. there are several ways to keep your object security model clear. and its various possible outcomes. but also the ways in which a user’s effective rights are calculated by the CMS. For more information on the two types of inheritance. consistent. this option does not appear if you are setting rights for a group. This sequence of steps. Although the calculations performed by the CMS can become quite complex. is provided for administrators and/or system architects who prefer to know exactly how the CMS calculates the rights a user has to any object. the CMS determines the user’s rights to that object. the CMS determines the rights that the user has to the object’s parent folder. For complete details on setting up a system that makes sense for your BusinessObjects Enterprise system. On the Advanced Rights pages. the CMS follows a complex algorithm. To calculate the user’s effective rights. The CMS determines 328 BusinessObjects Enterprise Administrator’s Guide . and easy to maintain. the settings for inheriting rights from parent folders or groups serve as powerful tools that allow you to customize inheritance patterns in many ways. Tip: When modifying inheritance patterns with Advanced rights settings. Calculating a user’s effective rights When a user attempts to perform an action on a BusinessObjects Enterprise object. The CMS immediately denies any right that is explicitly denied.13 Controlling User Access Controlling users’ access to objects Inheritance with advanced rights When you apply an Advanced set of object rights to a user or group for a particular object. The CMS checks the rights that have been directly granted or denied to the user’s account. the CMS permits the user to perform the requested action. see “Customizing a ‘topdown’ inheritance model” on page 331. you can make all your object rights settings at the group level to save administrative effort. either by explicitly applying a predefined access level. it is useful to understand not only the types of inheritance that are available. To take full advantage of inheritance patterns and Advanced rights settings. 2. or by explicitly applying an Advanced setting in which both types of inheritance are disabled. The algorithm is described here and then illustrated in a different way using pseudocode: 1. see “Group and folder inheritance” on page 326. then group inheritance is enabled by default. Note: You see the “Username will inherit rights from its parent groups” option if you are setting rights for a user. you can enable or disable group and folder inheritance together or individually. As the result.

When you disable folder inheritance for a user. 2. you reduce this algorithm to three different steps (1. the CMS grants the user only those rights that he or she has been explicitly granted. The CMS denies any right that is explicitly denied (even if the right had already been explicitly granted).Controlling User Access Controlling users’ access to objects 13 3. In both cases. The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). when both types of inheritance are enabled. If group inheritance is enabled for the user. you reduce this algorithm to three steps (1. As the result. and 5). and 5). then the CMS determines the rights that the group has to the parent folder. This pseudocode is provided as another way to illustrate and describe the algorithm that the CMS follows in order to determine whether a user is authorized to perform an action on a particular object: IF { (User granted right to object = True) OR [ (Inherit Parent Folder Rights = True) AND (User granted right to parent folder = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to object = True) ] OR [ (Inherit Group Rights = True) AND (Group granted right to parent folder = True) ] } BusinessObjects Enterprise Administrator’s Guide 329 . This provides you with the least complicated way of ensuring that a user has only those rights that you have explicitly granted to him or her for a particular object. The CMS completes the algorithm by denying any rights that remain “Not Specified. The CMS denies any right that is explicitly denied in any group (even if the right had already been explicitly granted). these rights by ascending the inheritance tree to the level at which the inherited rights begin to take effect. When you disable group inheritance for a user.” 4. 5. 3. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied. the CMS grants the user only those rights that are explicitly granted in one or more locations and never explicitly denied. Thus. When you disable both types of inheritance for a user. you reduce this algorithm to two steps (1 and 5). the CMS determines the rights specified on the object for each of the groups that the user belongs to. If group inheritance is enabled for the user. and folder inheritance is enabled for a group that the user belongs to.

these considerations appear elsewhere in this chapter. there are several important considerations to keep in mind. you could clear the “Respect current security by inheriting rights from parent groups” check box on the Advanced Rights page for the Manager user. 330 BusinessObjects Enterprise Administrator’s Guide . and the “Respect current security by inheriting rights from parent groups” check box is selected. so long as the user account inherits rights from its parent group (Sales).13 Controlling User Access Controlling users’ access to objects AND { (User denied right to object = False) AND [ (Inherit Parent Folder Rights = False) OR ((Inherit Parent Folder Rights = True) AND (User denied right to parent folder = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to object = False)) ] AND [ (Inherit Group Rights = False) OR ((Inherit Group Rights = True) AND (Group denied right to parent folder = False)) ] } THEN { User action authorized = True } ELSE { User action authorized = False } Priorities affecting advanced inheritance settings When you modify inheritance patterns with advanced rights. This can cause seemingly contradictory results when inheritance is enabled. Denied rights take precedence over granted rights. In this scenario. the Manager user is effectively denied the ability to see the folder. Because denied rights take precedence. or you could remove the Manager user from the Sales group. For the same folder. The Manager user is a member of the Sales group. the Manager user is both granted and denied the “See object” right to the folder. To remedy this situation. They have been summarized here for reference. Suppose that the “View objects” right is explicitly denied to a Sales group for a particular folder of reports. the “View objects” right has been explicitly granted to a Manager user. Where relevant.

NT. Customizing a ‘top-down’ inheritance model With the flexibility offered by object rights. By making all of your security settings at the group and folder levels. After finishing each tutorial. To this purpose. you can customize your object-level security environment in many ways. see “Creating groups for the tutorials” on page 332. This section recommends two general ways of setting up object security such that you achieve the desired security levels without complicating future administrative tasks. However. in order to secure particular BusinessObjects Enterprise content. in order to grant access to particular BusinessObjects Enterprise content. as required. As you add folders and subfolders to the system. as the complexity of any security system increases. you may decide to add users to each group and to publish objects to each folder. BusinessObjects Enterprise Administrator’s Guide 331 . users and groups cannot access any objects on the system. You can use your own Enterprise. To prevent possible security breaches. so too can that system become more difficult and time-consuming to maintain. BusinessObjects Enterprise automatically denies rights that are not specified. inheritance. or you can create new groups that correspond to those used in the tutorial. For details on setting up these groups and subgroups.” This entry denotes rights that are neither granted nor denied by inheritance. you increase the rights of users and groups.Controlling User Access Controlling users’ access to objects 13 Rights that are not specified are denied by default. you decrease the rights of users and groups. • “Setting up a closed system of increasing rights” on page 346 This shorter tutorial creates the basis for closed security model. As you add folders and subfolders to the system. In each tutorial. On the Advanced Rights page for any object. you will specify the object rights that particular groups have to certain folders on the system. or LDAP groups when following along with these tutorials. If you do so. all users and groups are first granted rights to all objects on the system. By default. this section provides two tutorials that shows how to set up object security from the top-level folder (the root folder) down: • “Setting up an open system of decreasing rights” on page 334 This detailed tutorial creates an open security model. you reduce the administrative efforts now and later. and advanced rights. as required. each user will inherit the appropriate rights for every folder and object on the system. the Inherited Rights column may label certain rights as “Not Specified. By default.

Sales Managers. The Marketing group is added to the system and the page is refreshed. To create the Sales and Marketing groups Go to the Groups management area of the CMC. Repeat steps 1 to 5 to create another group called Sales. In the Description field. In the Group Name field. The new group’s Properties tab appears. 332 BusinessObjects Enterprise Administrator’s Guide . Sales Japan.13 Controlling User Access Controlling users’ access to objects Creating groups for the tutorials The object security tutorials make use of eight Enterprise groups. Sales Japan. 5. 6. Sales. The Administrators and Everyone groups are created by default when you install BusinessObjects Enterprise. Note: For the shorter tutorial entitled “Setting up a closed system of increasing rights” on page 346. Tip: Click the Users tab if you want to add your own users to this group. Use this description for the group: This group contains all users who work in Sales (worldwide). 3. 2. 4. type Marketing. The Sales group has four additional subgroups: Sales USA. and Marketing. Everyone. Click OK. type This group contains all users who work in Marketing. and Sales Managers subgroups. The four primary groups are named Administrators. Click New Group. and Sales Report Designers. so these two procedures show only how to create the remaining groups for the tutorials. 1. you need only create the Sales group and its Sales USA.

In the Group Name field. Click the Member of tab. Click OK. type Sales USA In the Description field. 3. then click the > arrow. as displayed here: BusinessObjects Enterprise Administrator’s Guide 333 . Tip: Click the Users tab if you want to add your own users to this group. 5. The Sales USA group is added to the system and the page is refreshed. The Modify Member of page appears. 4.Controlling User Access Controlling users’ access to objects 13 1. 7. select Sales. In the Available groups list. type This group contains all users who work in Sales in the USA. 6. then click the Member of button. The Sales group is added to the “Sales USA is a member of” list. To create the Sales subgroups Go to the Groups management area of the CMC. Click New Group. 2.

As you add folders and subfolders to the system. 9. Sales Report Designers This group contains all users who design and publish reports for the Sales teams.13 Controlling User Access Controlling users’ access to objects 8. If you now return to the Groups management area of the CMC. Setting up an open system of decreasing rights This tutorial shows how to create an open security model. “Setting up a closed system of increasing rights” on page 346. The Sales USA group is now a member (or subgroup) of the Sales group. Use the following values for the Group Name and Description fields: Group Name Sales Japan Description This group contains all users who work in Sales in Japan. You are returned to the “Member of” tab. as required. Sales Managers This group contains all users who manage a Sales team. Repeat steps 1 to 8 to create the remaining Sales subgroups for the tutorials. Click OK. 334 BusinessObjects Enterprise Administrator’s Guide . all of the new groups are displayed as follows: You are now ready to proceed to either of the object security tutorials: • • “Setting up an open system of decreasing rights” on page 334. you decrease the rights of users and groups. wherein groups of users are first granted rights to all objects on the system by default. in order to secure particular BusinessObjects Enterprise content.

If the staff member is also a Manager. BusinessObjects Enterprise Administrator’s Guide 335 . For a shorter. and management reports: • • • • All Sales staff can view worldwide reports. Sales Managers are allowed to refresh most reports against the database to view the most recent data. Sales Managers require Full Control access to the management reports. Administrators require Full Control access to all folders and objects on the system. see “Setting up a closed system of increasing rights” on page 346. Administrators require Full Control access to all folders and objects on the system. less detailed tutorial. report. Each subfolder. or other object that you add to this top-level folder will by default inherit rights from this folder. So. The Sales groups need a hierarchy of folders containing worldwide reports. This folder serves as the root for all other folders and objects that you add to the system. Sales Managers are allowed to refresh most reports against the database to view the most recent data. regional reports. Because some groups plan to add their own reports later. These are your security requirements for each folder: • • • • • Everyone must be able to view the majority of your reports. Changing default rights on the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder. you are creating folders for several groups within your organization. The Marketing group needs Full Control access to its own set of folders that no other user can access (other than Administrators). you minimize the need to repeatedly customize object rights throughout your folder hierarchy. You have some reports that you want to add to the system immediately. by setting rights here first.Controlling User Access Controlling users’ access to objects 13 In this scenario. Sales Report Designers require custom administrative privileges to all Sales folders. you set security on the top-level folder in order to meet your first three security requirements: • • • Everyone must be able to view the majority of your reports. With this procedure. he or she can view and refresh reports from all regions. Sales staff can also view reports for their own regions. you also need to give some users the ability to add subfolders and to publish reports.

The Everyone. By default. In the Available groups list. 6. 8. You now need to reduce the rights of the Everyone group and to increase the rights of the Sales Managers. Click Add/Remove. 5. The rights for the Everyone group are reduced and the View access level is now displayed in the Net Access column. Now that you have created an open basis for your object security model. 3. This provides the Sales Managers group with sufficient rights to refresh reports. 2. 4. purchasing order reports. Now you will customize the top-level rights for the Sales Managers group. subfolders. You might. Decreasing rights to a private folder Another security requirement for this tutorial is that the Marketing group needs Full Control access to their own set of folders that no other user can access. and Sales Managers groups will initially inherit these rights for any folders. or reports that you subsequently publish to BusinessObjects Enterprise. Ensure that you grant the Sales Managers group View On Demand access. 7. for instance. you will create a private folder called Marketing Only and ensure that only the appropriate group of users has access to its contents. Administrators. Click the Access Level list that corresponds to the Everyone group. To accomplish this. change the Access Level list and click Update. you will proceed to restricting access to certain folders within the system. the Everyone and the Administrators groups are granted access to this folder. 336 BusinessObjects Enterprise Administrator’s Guide . In the Select Operation list. You are returned to the Rights tab on the Settings page. and select View. click Add/Remove Groups.13 Controlling User Access Controlling users’ access to objects 1. customer list reports. your system meets your first three security requirements. Click the Rights tab. If necessary. Now. create folders for all of your generally accessible inventory reports. To change the rights on the top-level folder Go to the Settings management area of the CMC. then click OK. Click Update. select Sales Managers. The Add/Remove page appears. and so on. Click the > arrow.

in the Folder Name field. Before setting the rights for each group. They can add and delete reports. type Marketing Only In the Description field. schedule. Click the > arrow. 9. 4. Next. In the Select Operation list. Click the Rights tab. In the Available groups list. 10. and select Full Control. The Net Access column shows that you have granted the Marketing group Full Control access to this folder. Click Update. 7. The Net Access column shows that you have secured this folder from all users other than Administrators. 5. You are returned to the Rights tab. 6. BusinessObjects Enterprise Administrator’s Guide 337 . Click Add/Remove. In the Access Level column. Click New Folder. 13. To decrease rights to a private folder Go to the Folders management area of the CMC. Click OK. Members of this group now have the ability to perform all tasks in this folder. 14. You need to change the default setting to grant them Full Control access. you need to customize the rights that various Sales groups have to a hierarchical set of Sales folders. you will grant the Marketing group Full Control access to this folder. you will see how to create multiple folders quickly when you publish a set of reports to BusinessObjects Enterprise. select Marketing. 12.Controlling User Access Controlling users’ access to objects 13 1. 11. click Add/Remove Groups. folders. Administrators: (Inherited Rights) Everyone: No Access Sales Managers: No Access Click Update. type This folder is accessible only to Marketing. then click OK. Click the Access Level list that corresponds to the Marketing group. and export reports to all available destinations and formats. 3. 2. On the Properties tab. select the following rights for each group: • • • 8. and subfolders. The Marketing group is granted access to the folder. The Add/Remove page appears. To complete this tutorial. and they can view.

en. However. 338 BusinessObjects Enterprise Administrator’s Guide . the Publishing Wizard will not create the appropriate directories on the BusinessObjects Enterprise system. you will first create a set of folders that places the most general content at the top of the directory tree. use some of the sample reports included with BusinessObjects Enterprise. you must place at least one report file in each of the folders that you have created on your local hard drive. The regional reports will go in subfolders that are accessible only to users who belong to the appropriate regional Sales group. In this case. fr. If you do not have any of your own reports. de. You could create this set of folders using the CMC. To create a set of folders while publishing reports On your local hard drive. all Sales staff can view the worldwide reports. so the folder for those reports requires the lowest level of security. and management reports. They require a hierarchy of folders containing worldwide reports.rpt files) in the new folders on your local hard drive. the Sales folders are named and arranged hierarchically as follows: 2. Because this tutorial sets up a system of decreasing rights. create a set of folders that correspond to the folders you want to add to BusinessObjects Enterprise. if you already have a set of reports. as in the earlier sections of this tutorial. depending upon your version of BusinessObjects Enterprise). the Publishing Wizard provides the quickest way to add content and create folders at the same time. The sample reports are typically installed to C:\Program Files\Business Objects\BusinessObjects Enterprise 11\Samples\language \Reports (replace language with.13 Controlling User Access Controlling users’ access to objects Publishing a set of folders and reports The final security requirements for this tutorial are related to the Sales group and its subgroups. or jp. The management reports will be located in subfolders of each of the regional folders. 1. regional reports. for example. For this tutorial. Arrange your reports (. Note: To complete this procedure. Otherwise.

BusinessObjects Enterprise Administrator’s Guide 339 . 9. 10. In the System field. The Select A File dialog box appears. 4.Controlling User Access Controlling users’ access to objects 13 3. From the Authentication list. Select the Include subfolders check box. In the User Name and Password fields. Select the top level Worldwide Sales folder that you created on your local hard drive. when it appears. From the BusinessObjects Enterprise XI Programs group. type your BusinessObjects Enterprise credentials. Click Next. Click Add Folders. 6. 8. 5. type the name of the CMS to which you want to add objects. and then click OK. click Next. select the appropriate authentication type. 7. start the Publishing Wizard and.

as shown here: 340 BusinessObjects Enterprise Administrator’s Guide . Name the folder Worldwide Sales and ensure that it is located at the top of the directory tree. 11.13 Controlling User Access Controlling users’ access to objects You are returned to the Select A File dialog box. All of the reports are added to the list. Click Next. In the Specify Location dialog box. 13. The Specify Location dialog box appears. click New Folder. 12.

The actual report files are arranged in the appropriate folders. see “Publishing with the Publishing Wizard” on page 376. Click Finish to close the Publishing Wizard. and the Managers Only folders will be created as additional subfolders. 15. then click Next. 17. Proceed through the rest of the Publishing Wizard and make any desired changes to your reports.Controlling User Access Controlling users’ access to objects 13 14. BusinessObjects Enterprise Administrator’s Guide 341 . click Next to accept all the default values. The Specify Folder Hierarchy dialog box appears. The Confirm Location dialog box appears. 16. it displays a summary: 18. You can see here that the Regional Sales folders will be created below the Worldwide Sales folder. When the Publishing Wizard has added the reports and folders to the system. For more information on the rest of the Publishing Wizard. Select Duplicate the folder hierarchy to duplicate the local folder hierarchy on the BusinessObjects Enterprise system. Click Next. Tip: If you are publishing sample reports for the purpose of this tutorial. Click Next.

13 Controlling User Access Controlling users’ access to objects You are now ready to set each Sales group’s object rights for the new set of Sales folders. You are returned to the Rights tab. then click OK. On the folder’s Rights tab. 342 BusinessObjects Enterprise Administrator’s Guide . If the staff member is also a Manager. select Sales and Sales Report Designers. 4. Sales staff can also view reports for their own regions. Tip: Use CTRL+click to select multiple groups. Sales Report Designers require custom administrative privileges to all Sales folders. Click the link to the Worldwide Sales folder. The security requirements are as follows: • • • • All Sales staff can view worldwide reports. click Add/Remove Groups. 2. 1. 3. click Add/Remove. In the Available groups list. In the Select Operation list. you are ready to set the object rights for each level of reporting content. Click the > arrow. 6. To set the base rights on the Worldwide Sales folder Go to the Folders management area of the CMC. Sales Managers require Full Control access to the management reports. Setting the base rights on the Sales folders Now that you have used the Publishing Wizard to add reports and create the appropriate folders and subfolders. he or she can view and refresh reports from all regions. 5.

In the Explicitly Denied column. 2. In the Access Level column. The Advanced Rights page appears. you will not let any group member delete objects that have been added to a Sales folder. the advanced rights that you specify will be the only rights that group members have to the folder. 8. 5. select the following rights for each group: • • • • • Administrators: Inherited Rights Everyone: No Access Sales: View Sales Managers: Inherited Rights Sales Report Designers: This group requires additional rights to publish content to this folder. clear the “Worldwide Sales” will inherit rights from its parent folders check box. Creating a group of folder administrators This section of the tutorial shows how to provide a particular group of users with a customized level of administrative control over a set of folders. In the Access Level list for the Sales Report Designers group. Now that you have disabled all rights inheritance. select Advanced. You now need to grant the Sales Report Designers group a set of advanced rights. The Net Access column is updated to show your new security settings. To ensure that you completely break all inheritance patterns. select the following rights: 4. You will use advanced rights to make these changes in the next procedure. However. however. Click Apply. 1. leave the Access Level list with the default settings. uses advanced rights to grant the Sales Report Designers group a particular set of administrative privileges to all Sales folders. 3. you can accomplish this with the Full Control access level. For now. Click Update. To create a group of Sales folder administrators If you are not already there. In general. go to the Rights tab of the Worldwide Sales folder. • • Modify the rights users have to objects Delete objects BusinessObjects Enterprise Administrator’s Guide 343 . This example.Controlling User Access Controlling users’ access to objects 13 7. You will use this page to grant group members a high level of control over the folder and its contents. so group members can administer all the Sales folders.

to prevent these folder administrators from copying confidential reports to public folders. you could deny the “Define server groups to process jobs” right. you could deny the “Copy objects to another folder” right. Click the > arrow. You are returned to the Rights tab for the Worldwide Sales folder. select Sales Japan. Click Add/Remove.13 Controlling User Access Controlling users’ access to objects Tip: You may choose to explicitly deny additional rights to suit your needs. 3. 1. 4. In the Available groups list. you will proceed to decrease rights as you descend the folder hierarchy. 6. Now that you have set object rights on the uppermost Sales folder. The Net Access column now shows that the Sales Report Designers group has Advanced rights to this folder.JP folder. 6. click Add/Remove Groups. 2. Tip: Click the Advanced link in the Net Access column when you need to review or modify a set of advanced rights that have already been applied to a user or group. For instance. 7. select all remaining rights. In the Select Operation list. then click OK. Click OK. You are returned to the Rights tab of the Regional Sales . select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: No Access 344 BusinessObjects Enterprise Administrator’s Guide . In the Access Level column. he or she can view and refresh reports from all regions. if you prefer to retain all administrative control over report-processing servers. 5.JP folder and click its Rights tab. If the staff member is also a Manager. You will use the various Sales groups to decrease rights appropriately for each Regional Sales folder. To decrease rights to the regional Sales folders Go to the Regional Sales . In the Explicitly Granted column. Or. Decreasing rights to the Sales subfolders Recall that the security requirements for the regional sales reports are as follows: • • Sales staff can view reports for their own region and can refresh these reports against the database to view the most recent data.

Sales Japan: View On Demand Sales Managers: Inherited Rights Sales Report Designers: Inherited Rights Click Update. which allows them to refresh reports against the database to view the latest data.Controlling User Access Controlling users’ access to objects 13 • • • 7.USA folder and click its Subfolders tab. Sales Managers. but grant View On Demand access to the Sales USA group (instead of to the Sales Japan group). The Sales Report Designers retain their advanced rights. The Net Access column shows your new security settings. select the following rights for each group: • • • Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights BusinessObjects Enterprise Administrator’s Guide 345 . As required. Click the link to the Managers Only folder and click its Rights tab. 8. You are now ready to complete the tutorial by customizing security for the final level of Sales folders—the Managers Only folders. To decrease rights to the Managers Only folders Go to the Regional Sales . 6. 5. 1. the Sales Japan and the Sales Managers groups have View On Demand access. 2. and all other users are prevented from accessing the folder (except for Administrators). Go to the Regional Sales . Click the link to the Managers Only folder and click its Rights tab.USA folder. Members who do not belong to one of these groups are completely restricted from the folder. select the following rights for each group: • • • • • • 4. In the Access Level column. Repeat steps 1 to 6 for the Regional Sales . 3. The Rights tab of this Managers Only folder now shows that the Administrators. Administrators: Inherited Rights Everyone: Inherited Rights Sales: Inherited Rights Sales Japan: No Access Sales Managers: Full Control Sales Report Designers: Inherited Rights Click Update. In the Access Level column. 7.JP folder and click its Subfolders tab. and Sales Report Designers groups all have Full Control access to the folder.

The closed security model works best when you deploy a web desktop or other application that provides users with a list of all reports and/or folders to which they have access. you are creating folders for several groups within your organization. and then gradually increases access to subfolders further down the folder hierarchy. The sample Report Thumbnail Client and the Inframe Client applications provide examples that are compatible with a closed security model. by contrast. Members who do not belong to one of these groups are completely restricted from the folder. The Sales groups need a hierarchy of folders containing management reports and regional reports: • • Only the Sales Managers can view the management reports and all regional reports. InfoView. adheres to a hierarchical view of the system’s folder structure. These are your security requirements for each folder: • • • The majority of your reports should be inaccessible to most users. Sales Managers. Setting up a closed system of increasing rights This tutorial shows how to set up the basis for a closed security model. Because this scenario first completely restricts access to the top-level folders. you increase the rights of users and groups. so they can access their BusinessObjects Enterprise content. they have no way of browsing its subfolders (even if they have Full Control over those subfolders 346 BusinessObjects Enterprise Administrator’s Guide . if users cannot access a top-level folder. as required. wherein groups of users are first denied rights to all objects on the system by default. In this scenario. You have now reached the end of this tutorial.13 Controlling User Access Controlling users’ access to objects • • • 8. and Sales Report Designers groups all have Full Control access to the folder. Administrators require Full Control access to all folders and objects on the system. You can access these applications from the Client Samples area of the Crystal Enterprise Launchpad. Sales Managers: Full Control Sales Report Designers: Inherited Rights Sales USA: No Access Click Update. As you add folders and subfolders to the system. Sales staff can only view reports for their own region. the results are essentially incompatible with the design of InfoView. The Rights tab of this Managers Only folder shows again that the Administrators. Thus.

see “Setting up an open system of decreasing rights” on page 334. Each subfolder. Do not use advanced rights to explicitly deny rights to the Everyone group (or any other group) at the top-level folder of your BusinessObjects Enterprise system. however. you set security on the top-level folder in order to meet your first two security requirements: • • The majority of your reports should be inaccessible to most users. If you implement this closed security model in conjunction with InfoView. Click the Rights tab. and select No Access. Click Update. With this procedure. Restricting access from the top-level folder The first step is to set object rights on the top-level BusinessObjects Enterprise folder. 4. 2. be able to search for reports by name or description. This procedure gives the Everyone group No Access to all published content. users will need to search for specific reports by name or description. report. you have to break all inheritance patterns in order to grant the same right further down the folder hierarchy. BusinessObjects Enterprise Administrator’s Guide 347 . Administrators require Full Control access to all folders and objects on the system. So. because once a right has been explicitly denied. 3. This is how you set the basis for a closed security model. they will be unable to browse subfolders once you make this initial security setting. by setting rights here first. 1. This folder serves as the root for all other folders and objects that you add to the system. Note: If users access reports through BusinessObjects Enterprise. you minimize the need to repeatedly customize object rights throughout your folder hierarchy.Controlling User Access Controlling users’ access to objects 13 and their contents). Click the Access Level list that corresponds to the Everyone group. For a lengthier. or other object that you add to this top-level folder will inherit rights from this folder by default. You need only reduce the rights of the Everyone group. To change the rights on the top-level folder Go to the Settings management area of the CMC. more detailed tutorial. The rights for the Everyone group are reduced and No Access is displayed in the Net Access column. Users will.

select Sales Managers. 8. type Management Reports Click OK. Click the Access Level list for the Sales Managers group. In the Available Groups list. They require a hierarchy of folders containing management reports and regional reports. you will increase access to certain folders within the system. 6. You are returned to the Rights tab of the Management Reports folder. 7. With these procedures. you create the folder hierarchy and set access levels in order to meet the remaining security requirements: • • 1. your system meets your first two security requirements. in the Folder Name field. 2. 10. Because this tutorial sets up a system of increasing rights. To provide minimal access to the management reports Go to the Folders management area of the CMC. The Everyone group is prevented from seeing all subsequently published content. and select View. In the Select Operation list. The Rights tab now shows that the Sales Managers group has View access to this folder and to any objects that you subsequently publish to it. 4. 5. the Everyone and Administrators groups have inherited the rights that you set on the top-level BusinessObjects Enterprise folder. 348 BusinessObjects Enterprise Administrator’s Guide . the most secure content will be stored at the top of the directory tree. Click Update. Only the Sales Managers can view the management reports and all regional reports. Now that you have created a closed basis for your object security model. On the Properties tab. 3. and the Administrators group retains Full Control in order to maintain the system. Click the > arrow. The new folder is created and the page is refreshed. Click New Folder. click Add/Remove Groups. Sales staff can only view reports for their own region. click Add/Remove. Increasing access by descending the folder hierarchy The remaining security requirements for this tutorial are related to the Sales group and its subgroups. then click OK.13 Controlling User Access Controlling users’ access to objects Now. On the Rights tab. 9. As required.

10. 1. type Regional Reports . On the Subfolders tab. On the Rights tab. Everyone. click Add/Remove. 2.Controlling User Access Controlling access to applications 13 Now you need only create folders for the regional reports and grant access to the appropriate regional Sales groups. To provide selective access to the regional reports If you are not already there. The Administrators. click Add/Remove Groups. You can grant or deny users access to the Central Management Console. You have now reached the end of this tutorial. The new folder is created and the page is refreshed. 3. The Rights tab now shows that the Sales Japan group has View access to this folder and to any objects that you subsequently publish to it. When you finish. select View. On the Properties tab. 5. Click Update. In the Available Groups list. 8. In the Access Level list for the Sales Japan group. Controlling access to applications You can use rights to control users’ access to certain features in BusinessObjects Enterprise applications. click New Folder. the Rights tab of the Regional Reports . For InfoView. go to the Management Reports folder. 4.USA folder shows that you have set the rights as required for this tutorial. select Sales Japan. In the Select Operation list. you can grant users or groups the ability to: • • • change their preferences organize folders search BusinessObjects Enterprise Administrator’s Guide 349 .JP Click OK. then click OK. You are returned to the Rights tab of the Management Reports folder. Repeat this procedure to create a subfolder called Regional Reports USA and to provide the Sales USA group with View access to the folder. in the Folder Name field. 9. and Sales Managers groups automatically inherit the appropriate rights for this folder. 7. Click the > arrow. 11. 6.

5. To grant access to a Business Objects application’s features Go to the BusinessObjects Enterprise Applications management area of the CMC. 6. Tip: If you have many users on your system. click Advanced. 8. Click the Rights tab. 3. On the Rights tab. Click OK. you may want to deny your users the ability to organize their own folders. Select the user or group you want to grant access to the features. Add Users. select Add/ Remove Groups. Note: By default. 2. 1. in the Select Operation list. all users have access to these features. if you have already created your users’ folders using a standard naming convention. select the Add Users operation. On the Add/Remove page. or Remove Users.13 Controlling User Access Controlling access to applications • • filter object listings by object type view the Favorites folder For example. 4. Click the link for the application whose access rights you want to change. then use the “Look for” field to search for a particular account. 350 BusinessObjects Enterprise Administrator’s Guide . 7. Click Add/Remove to add users or groups you want to give access to the features.

Or you may have one administrator who handles high-level management of BusinessObjects Enterprise. you can use rights to divide administrative tasks between functional groups within your organization. it can be very helpful to delegate responsibility to other managers and groups. For each feature. make sure you grant access to the Allows interactive HTML viewing option in order for users to be able use the Interactive view format and use the Query HTML panel. you may want people from different departments to manage their own BusinessObjects Enterprise users and groups. Note: For the Web Intelligence application. With all of the tasks facing a BusinessObjects Enterprise administrator. groups. servers. Explicitly Granted. The user can select this view format and report panel option in the Web Intelligence Document Preferences tab in InfoView. choose Inherited. but you want all server management to be handled by people in your IT department. Click OK. For example. BusinessObjects Enterprise Administrator’s Guide 351 . or Explicitly Denied for the user or group. 10. Controlling administrative access In addition to controlling access to objects and settings.Controlling User Access Controlling administrative access 13 9. This section describes how to grant rights for managing users. and server groups.

or Remove Users.13 Controlling User Access Controlling administrative access Controlling access to users and groups You can delegate user and group administration to the appropriate people in your organization by granting specific access rights. User inboxes can serve as destinations for scheduled reports. To choose specific rights. On the Rights tab. as required. By default. 1. then use the “Look for” field to search for a particular account. select the Add Users operation. change the Access Level for each user or group. You can also send existing report objects or instances to a user’s inbox by using the “Send to” feature. only the user and the administrator have the right to access a user’s inbox. 9. the system automatically creates an inbox for that user. 6. see “Rights and Access Levels” on page 563. When scheduling a report. Click the Rights tab. see “Selecting a destination” on page 481. 3. Add Users. Select the user or group you want to grant access to. choose Advanced. 2. Controlling access to user inboxes When you add a user. The inbox has the same name as the user. and “Sending an object or instance” on page 420. Click Update. Select the user or group you want to grant access to the specified user or group. 352 BusinessObjects Enterprise Administrator’s Guide . For more information. Click OK. Note: For complete details on the predefined access levels and advanced rights. Use the following procedure to change the access rights to a user’s inbox as needed. you can specify that you want the system to store the report instances in the inbox of one or more users. 7. The Add/Remove page appears. select Add/Remove Groups. To grant access to a user or group Go to the Users or Groups management area of the CMC. 8. Click Add/Remove to add users or groups that you want to give access to the selected user or group. 10. 5. Tip: If you have many users on your system. In the Select Operation list. 4.

4. To choose specific rights. Add Users. 6.Controlling User Access Controlling administrative access 13 1. Or you may want different groups within your organization to have control over their own server management. Select the server or server group you want to grant access to. 3. In the Select Operation list. On the Rights tab. 5. 2. you may need to provide access to other people using those servers. change the Access Level for each user or group. 1. Many organizations have a group of IT professionals dedicated to server management. Select the inbox you want to grant access to. Controlling access to servers and server groups You can use rights to grant people access to servers and server groups. BusinessObjects Enterprise Administrator’s Guide 353 . 8. Click Add/Remove to add users or groups that you want to give access to the selected user or group. 10. or Remove Users. If your server team needs to perform regular server maintenance tasks that require them to shut down and start up servers. see “Rights and Access Levels” on page 563. 3. Note: For complete details on the predefined access levels and advanced rights. 9. as required. 2. Click the Rights tab. However. you may want to limit server management to the BusinessObjects Enterprise administrator. 7. You may also want to delegate BusinessObjects Enterprise server administration tasks to other people. select Add/Remove Groups. Click Update. To grant access to a server or server group Go to the Servers or Server Groups management area of the CMC. Depending on your system configuration and security concerns. To grant a user access to another user’s inbox Go to the Inbox management area of the CMC. Click the Rights tab. you need to grant them rights to the servers. Select the user or group you want to grant access to the specified inbox. choose Advanced. The Add/Remove page appears. Click OK. allowing them to perform tasks such as starting and stopping servers.

Note: For complete details on the predefined access levels and advanced rights. locate the user or group whose rights you want to specify. select Add/Remove Groups. Add Users. To control who has access to a universe Go to the Universes management area of the CMC. 5. as required. 5. Click the link for the universe. You are returned to the object’s Rights tab. If the user or group is not listed. then use the “Look for” field to search for a particular account. 354 BusinessObjects Enterprise Administrator’s Guide . or Remove Users. change the Access Level for each user or group. 4. select the Add Users operation. Controlling access to universes You can use rights to grant people access to universes. Select the user or group you want to grant access to the specified server or server group. 2. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. The Add/Remove page appears. On the Rights tab. 8. To choose specific rights.13 Controlling User Access Controlling administrative access 4. click Add/Remove. 7. Click Add/Remove to add users or groups that you want to give access to the selected server or server group. Tip: If you have many users on your system. allowing them to create and view Web Intelligence documents that use universes and connections. Click the Rights tab. Add the appropriate user or group and click OK. 9. In the Select Operation list. choose Advanced. click the list and select Advanced. see “Rights and Access Levels” on page 563. In the Name column. Click Update. Click OK. 1. click the Advanced link in the Net Access column. 6. If the Access Level is already set to Advanced. 3.

Add the appropriate user or group and click OK. 2. locate the user or group whose rights you want to specify. 4. locate the user or group whose rights you want to specify. If the user or group is not listed. allowing them to create and view Web Intelligence documents that use universes and universe connections. click the list and select Advanced. click the list and select Advanced. You can either set the rights to all universes by using the Rights button on the Universe Connections page. In the Name column. click the Advanced link in the Net Access column. click Add/Remove. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. In the Name column. Click the Rights tab. You are returned to the object’s Rights tab. 3. To view or set the access levels for all universe connections Go to the Universe Connections management area of the CMC. click the Advanced link in the Net Access column. Add the appropriate user or group and click OK. If the Access Level is already set to Advanced. 2. If the user or group is not listed. The next step depends upon the entry that already appears in the Access Level list for this user or group: • • If the Access Level is not already set to Advanced. 4. If the Access Level is already set to Advanced. or you can set the rights to individual universe connections. 1. 3. Click the Rights button. BusinessObjects Enterprise Administrator’s Guide 355 . 1. Click the link for the connection. To view or set who has access to a specific universe connection Go to the Connections management area of the CMC. You are returned to the object’s Rights tab.Controlling User Access Controlling administrative access 13 Controlling access to universe connections You can use rights to grant people access to universe connections. 5. click Add/Remove.

13 Controlling User Access Controlling administrative access 356 BusinessObjects Enterprise Administrator’s Guide .

Organizing Objects chapter .

such as managers or VPs. go to the Folders management area to create new folders and to add subfolders to the existing hierarchy of folder objects. Then use categories to set up an alternate system of organization. Working with folders Folders are objects used to organize documents. You can use folders to separate content into logical groups. By default. or even your database table structure. About folders and categories Folders and categories provide you with the ability to organize and facilitate content administration. because you can set object rights and limits once at the folder or category level. They are useful when there are a number of reports that a department or area requires frequent access to. For example. Creating and deleting folders There are several ways to create new folders in BusinessObjects Enterprise. Because you can set security at the folder level. you can organize data according to multiple criteria and improve both security and navigation. 358 BusinessObjects Enterprise Administrator’s Guide . This organizational model allows you set security on groups of documents based on department or job role. such as departments.14 Organizing Objects Organizing objects overview Organizing objects overview Creating an intuitive and logical organizational structure is the key to ensuring that your users can find the information they need quickly and easily. rather than setting them for each report or object. By combining folders and categories. and then use categories to create an alternate filing system that divides content according to different roles in your organization. BusinessObjects Enterprise provides two methods for organizing content: folders and categories. regions. you could organize your content into departmental folders. new objects that you add to a folder or category inherit the object rights that are specified for the folder or category. and setting appropriate rights for them. you can use folders as a tool for controlling access to information. In the Central Management Console (CMC). It’s good practice to set up folders that represent a structure that already exists in your organization.

description. you can duplicate your local directory structure on the BusinessObjects Enterprise system. Click OK. Limits. type the name. and keywords of the new folder. This example creates a new Marketing folder: 4. 3. subfolders of the top-level (or root) BusinessObjects Enterprise folder. Folders created in this way are. Go to the Folders management area of the CMC. On the Properties tab. see “Publishing with the Publishing Wizard” on page 376. 1. in effect. 2. Subfolders. Click New Folder.Organizing Objects Working with folders 14 Tip: When you publish local directories and subdirectories of reports with the Publishing Wizard. Creating a new folder This procedure shows how to create a new folder at the top of your folder hierarchy. BusinessObjects Enterprise Administrator’s Guide 359 . and its Properties tab is refreshed. and Rights tabs to add objects and to change settings for this folder. You can now use the Objects. The new folder is added to the system. This method provides you with an efficient way of creating multiple folders and subfolders at the same time. For details.

and Rights tabs to add objects and to change settings for this folder. type the name and description of the new folder. 360 BusinessObjects Enterprise Administrator’s Guide . Click the Subfolders tab. Go to the Folders management area of the CMC. Click OK. The new folder is added to the system. and its Properties tab is refreshed. 6. Click New Folder. When you have found the right parent folder. 4.14 Organizing Objects Working with folders Creating a new subfolder at any level 1. You can now use the Objects. 5. Limits. go to its Subfolders tab. click the link to the folder where you want to add a subfolder. In the Title column. 2. 3. The initial level of folders is displayed. Tip: You can browse through existing subfolders to add a new folder elsewhere in the folder hierarchy. On the Properties tab. The Subfolders tab appears. Subfolders.

For instance. if you copy a private Sales folder into a Public folder. To copy or move a folder Go to the Folders management area of the CMC. 2. all of the folder’s object rights are retained. To delete folders Go to the Folders management area of the CMC. Click Delete. Tip: Select multiple check boxes to delete several folders from their parent folder. locate its parent folder. reports. For instance. Copying and moving folders When you copy or move a folder. Select the check box associated with the folder that you want to copy or move. BusinessObjects Enterprise Administrator’s Guide 361 . • 1. if you move a private Sales folder into a publicly accessible folder. all subfolders. Select the check box associated with the folder you want to delete. and click OK to confirm. Tip: Select multiple check boxes to copy or move several folders from their parent folder to a different folder. the Sales folder will remain inaccessible to most users.Organizing Objects Working with folders 14 Deleting folders When you delete a folder. Then make your selection on the parent folder’s Subfolders tab. the objects contained within it are also copied or moved. 1. BusinessObjects Enterprise treats the folder’s object rights differently. 3. If the folder you want to copy or move is not at the top level. Then make your selection on the parent folder’s Subfolders tab. the newly created folder does not retain the object rights of the original. and other objects contained within it are removed entirely from the system. 2. If the folder you want to delete is not at the top level. the copy inherits the object rights that are set on its new parent folder. the contents of the new Sales folder will be accessible to all users who have rights to the Public folder. When you move a folder. depending upon whether you copy or move the folder: • When you copy a folder. locate its parent folder. Instead.

362 BusinessObjects Enterprise Administrator’s Guide . as requested. 6. to the new destination. Select the action to perform: • • 5. Copy to: Makes a copy of the folder. or click Previous.14 Organizing Objects Working with folders 3. Next. The folder you selected is copied or moved. The Copy/Move Folder page appears. see “Publishing overview” on page 374. Select the Destination folder from the list. and Show Subfolders to browse the folder hierarchy. Click Copy/Move. Move to: Moves the folder. Click OK. Follow this procedure to add a report to a new folder that you have just created. For complete information on publishing reports and other objects. Tip: If there are many folders on your system. 4. use the “Look for” field to search. Adding a report to a new folder You can add objects individually to any folder in a number of ways.

4. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. On the Report tab. BusinessObjects Enterprise Administrator’s Guide 363 . 3. Click New Object. Preview the first page of the report and save your changes. click Browse to perform a search. 2. To add a report to a new folder Once you’ve created the new folder. If you do not know the path. click its Objects tab. type the full path to the report. The New Object page appears. Tip: To display thumbnails for a report.Organizing Objects Working with folders 14 1. clear the Generate thumbnail for the report check box. open the report in Crystal Reports and click Summary Info on the File menu. Select the “Save preview picture” check box and click OK. in the File name field.

2. The report is published to BusinessObjects Enterprise. For details about setting up the BusinessObjects Enterprise Repository. 1. Click Add/Remove to add groups or users to this folder. 7. Specifying folder rights Follow this procedure to change the object rights for a new folder that you have just created. Tip: If there are many folders on your system. For complete information on object rights. To specify rights for a new folder Once you’ve created the new folder. 364 BusinessObjects Enterprise Administrator’s Guide . see “BusinessObjects Enterprise Repository overview” on page 174. 6. Click OK. Ensure that the correct folder name appears in the Destination field. select the Use Object Repository when refreshing report check box to update these objects now. see “Controlling users’ access to objects” on page 317. click its Rights tab. Next. If the report references objects in your BusinessObjects Enterprise Repository. new objects that you add to a folder inherit the object rights that are specified for the folder. or click Previous. and Show Subfolders to browse the folder hierarchy. use the “Look for” field to search. By default.14 Organizing Objects Working with folders 5. The Add/Remove page appears.

Setting limits for folders. BusinessObjects Enterprise Administrator’s Guide 365 . Note: For complete details on the predefined access levels and advanced rights. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. Add Users. In the Select Operation list. as required. see “Setting instance limits for an object” on page 498. For more information on limits. 6. 7. Click Update. select Add/Remove Groups. select the Add Users operation. users. At the folder level. you can limit the number of instances that remain on the system for each object or for each user or group. 4. You are returned to the Rights tab.Organizing Objects Working with folders 14 3. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the folder. The page is refreshed and displays options that depend upon whether you are working with users or with groups. Limits that you set on a folder affect all objects that are contained within the folder. The example above shows the options that are available when you are working with groups. Tip: If you have many users on your system. 5. Change the Access Level for each user or group. Follow this procedure to enforce default limits on a folder that you have just created. Click OK. then use the “Look for” field to search for a particular account. or Remove Users. and groups Limits allow you to delete report instances on a regular basis. you can also limit the number of days that an instance remains on the system for a user or group. see “Controlling users’ access to objects” on page 317.

and click Update after each change. click Add/Remove in this area.) • Delete excess instances for the following users/groups To limit the number of instances per user or group.) 366 BusinessObjects Enterprise Administrator’s Guide . click Add/Remove in this area. 2. Then type the maximum number of instances that you want to remain on the system. (The default value is 100. (The default value is 100. Then type the maximum number of instances in the Instance Limit column. Select from the available users and groups and click OK.) • Delete instances after N days for the following users/groups To limit the age of instances per user or group. click its Limits tab. The available settings are: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object. To limit instances at the folder level Once you’ve created the new folder. Select from the available users and groups and click OK. select this check box. Then type the maximum age of instances in the Maximum Days column. Modify the available settings according to the types of instance limits that you want to implement.14 Organizing Objects Working with folders 1. (The default value is 100.

When a user logs on to BusinessObjects Enterprise. he or she is redirected immediately to his or her Favorites folder. To view the User Folders Go to the Folders management area of the CMC. Unless you have View access (or greater) to a subfolder. and to keep a maximum of 25 instances that belong to any member of the Administrators group. two settings have been combined to keep a maximum of 50 instances of any object in the folder. By default. These folders are organized within the CMC as User Folders. If it is not already displayed. 2.Organizing Objects Working with folders 14 In this example. Each subfolder corresponds to a user account on the system. click the Subfolders tab. 3. When you log on to the CMC and view the list of User Folders. Within InfoView. BusinessObjects Enterprise Administrator’s Guide 367 . you will see only those folders to which you have View access (or greater). Managing User Folders BusinessObjects Enterprise creates a folder for each user on the system. Click the User Folders link.) 1. (Users can change this default behavior my modifying their Preferences. it will not appear in the list. A list of subfolders appears. these folders are referred to as the Favorites folders. there are User Folders for the Administrator and Guest accounts.

The new category is added to the system. Personal categories can be created by each user to organize their own personal documents. In the Title column. The initial level of categories is displayed. Note: For information about importing existing categories.x” on page 390. Go to the Categories management area of the CMC. Creating and deleting categories There are several ways to create new categories in BusinessObjects Enterprise. and you can create subcategories within categories. Go to the Categories management area of the CMC. 4. 368 BusinessObjects Enterprise Administrator’s Guide . Creating a new category 1. Subcategories. Click New Category. BusinessObjects Enterprise provides two types of categories: • • Administrative (or corporate) categories are created by the administrator. If you have the appropriate rights. 2. you can create administrative categories. and its Properties tab is refreshed. Creating a new subcategory at any level 1. or other users who have been granted access to these categories. categories are objects used to organize documents. You can now use the Documents. In the Central Management Console (CMC). Click Update. type the name and description of the new category. go to the Categories management area to create new categories and to add subcategories to the existing hierarchy of category objects. 2.14 Organizing Objects Working with categories Working with categories Like folders. 3. and Rights tabs to add objects and to change settings for this category. click the link for the category where you want to add a subcategory. On the Properties tab. see “Importing information from BusinessObjects Enterprise 6. You can associate documents with multiple categories.

Moving categories When you move a category. locate its parent category. and click OK to confirm. locate its parent category. You can now use the Documents. Click Delete. Then make your selection on the parent category’s Subcategories tab. All of the category’s object rights are retained. Click New Category. 4. and Rights tabs to add objects and to change settings for this category. 2. To move a category Go to the Categories management area of the CMC. Unlike folder deletion. If the category you want to delete is not at the top level. On the Properties tab. Subcategories. BusinessObjects Enterprise Administrator’s Guide 369 .Organizing Objects Working with categories 14 3. Click Update. 6. Select the check box associated with the category you want to delete. type the name and description of the new folder. Tip: You can browse through existing subcategories to add a new category elsewhere in the hierarchy. When you have found the right parent category. and its Properties tab is refreshed. 5. Then make your selection on the parent category’s Subcategories tab. Deleting categories When you delete a category. To delete categories Go to the Categories management area of the CMC. the Sales category will remain inaccessible to most users. 1. 1. the reports and other objects contained within the category are not deleted from the system. Select the check box associated with the category that you want move. For instance. 2. Click the Subcategories tab. any object assigned to the category maintains its association with it. If the category you want to move is not at the top level. if you move a private Sales category into a publicly accessible category. 3. all subcategories within it are remove entirely from the system. go to its Subcategories tab. Tip: Select multiple check boxes to delete several categories from their parent category. The new category is added to the system.

3. 4. or click Previous. 1.14 Organizing Objects Working with categories Tip: Select multiple check boxes to copy or move several categories from their parent category to a different category. Click Move. For complete information on publishing reports and other objects. use the “Look for” field to search. 2. The category you selected is moved to the new destination. click its Documents tab. Follow this procedure to add a report to a new category that you have just created. When you delete an object. Removing or deleting objects from a category You can either remove or delete objects from a category. To remove or delete objects from a category Go to the Categories or Personal Categories management area of the CMC. The New Document page appears. you remove it from the category only. 370 BusinessObjects Enterprise Administrator’s Guide . Select the check box for the object or objects you want to remove or delete. you remove it from the category and also delete it from the system. see “Publishing overview” on page 374. Click the Objects tab. Tip: If there are many categories on your system. The Move page appears. Next. and Show Subcategories to browse the category hierarchy. 5. 3. Click the link for the category from which you want to remove or delete an object. Adding an object to a new category You can add objects individually to any category in a number of ways. Click New Document. Click OK. To add a report to a new category Once you’ve created the category. 1. 4. When you remove an object. 2. Select the Destination category from the list.

Add Users. the object continues to exist in the system. 3. The Add/Remove page appears. see “Controlling users’ access to objects” on page 317. 1. select Add/Remove Groups. click its Rights tab. 4. Specifying category rights Follow this procedure to change the object rights for a new category that you have just created. Tip: If you have many users on your system. By default. In the Select Operation list. Note: For complete details on the predefined access levels and advanced rights. select the Add Users operation. 6. You are returned to the Rights tab. The example above shows the options that are available when you are working with groups. Select the user/group whose rights you want to specify and click the arrows to specify whether the user/group does or does not have access to the category. new objects that you add to a category inherit the object rights that are specified for the category. Click Add/Remove to add groups or users to this category. as required. For complete information on object rights. or Remove Users. depending on what you want to do: • • Click Remove to remove the object from the category only. Click OK. 7. Click either of the following buttons. The page is refreshed and displays options that depend upon whether you are working with users or with groups. Change the Access Level for each user or group. Click Update. 5.Organizing Objects Working with categories 14 5. then use the “Look for” field to search for a particular account. Click Delete to remove the object from the category and at the same time delete it from the system. To specify rights for a new category Once you’ve created the category. In this case. 2. see “Controlling users’ access to objects” on page 317. BusinessObjects Enterprise Administrator’s Guide 371 .

For more information. edit. and delete users’ personal categories. 2. you can view. 372 BusinessObjects Enterprise Administrator’s Guide . see “Managing User Accounts and Groups” on page 249. Click the user account whose personal categories you want to view. To view the Personal Categories Go to the Personal Categories management area of the CMC.14 Organizing Objects Working with categories Managing personal categories If you are granted the appropriate rights. 1. A list of the user’s personal categories appears.

Publishing Objects to BusinessObjects Enterprise chapter .

an entry is made in the Central Management Server (CMS) database. which consist of report and/or program objects. as well as object packages. text files. Using the OLAP Intelligence Application Designer. For details. only these three types of objects have instances.15 Publishing Objects to BusinessObjects Enterprise Publishing overview Publishing overview Publishing is the process of adding objects such as reports to the BusinessObjects Enterprise environment and making them available to authorized users. the appropriate server component then retrieves and processes the object file from the Input File Repository. Adobe Acrobat PDFs. programs. rich text format files. Save directly to your Enterprise folders when you are: • • • Designing reports with Crystal Reports. Thus. programs. Microsoft Excel files. Note: Only reports. see “Publishing with the Publishing Wizard” on page 376. 374 BusinessObjects Enterprise Administrator’s Guide . and hyperlinks. and Web Intelligence). The processed instance is stored by the Output File Repository Server below the \Enterprise\FileStore\Output\data\ directory. Creating other objects with BusinessObjects Enterprise plug-in components. Microsoft PowerPoint files. Are adding multiple objects or an entire directory. When a user schedules an instance of any object. The Input File Repository Server stores the new object below the \Enterprise\FileStore\Input\ data\ directory. For details. BusinessObjects Enterprise queries the CMS for the location of the object file. see “Publishing with the Central Management Console” on page 385. When you publish an object to BusinessObjects Enterprise. You can publish objects to BusinessObjects Enterprise in three ways: • Use the Publishing Wizard when you: • • • Have access to the locally installed application. Taking care of other administrative tasks. Use the Central Management Console (CMC) when you are: • • • • Publishing a single object. see “Saving objects directly to the CMS” on page 387. and object packages can be scheduled. There are several types of objects that you can publish to BusinessObjects Enterprise: reports (from Crystal Reports. Performing tasks remotely. OLAP Intelligence. For details. Microsoft Word files.

Publishing options During the publishing process. and displayed in version XI format. or have frequent data changes. allowing multiple users to access the report at the same time. Drawbacks BusinessObjects Enterprise Administrator’s Guide 375 . this affects when data is refreshed and what data users see. processed. Drawbacks • • Allowing users to update the data in the report (on demand) This option is recommended for smaller reports that use parameters and selection formulas. reducing the number of times the database is hit (and thus system resources are used more effectively). you specify how often an object is run. or you can choose to let users set the schedule themselves (on demand). You can choose to set a schedule (recurring). reports are saved. Once published to BusinessObjects Enterprise. Benefits • • • Users are able to determine the frequency in which the data in the report is updated. For RPT report files. The report instance the users see is based on the selection criteria (parameters and record selection formulas) and schedule set by the administrator.) Each publishing option has potential benefits and drawbacks: • Specifying the data that users see (recurring) This option is recommended for objects that are accessed by a large number of people and that do not require separate database logon credentials. each of them being generated by hitting the Page Server and database.Publishing Objects to BusinessObjects Enterprise Publishing overview 15 Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. Each unique report page is cached separately. Benefits • • Users view the same instance of the report. (You cannot schedule OLAP Intelligence reports (CAR files). require separate database logon credentials. Multiple users generating reports at the same time increases the load on the system and the number of times the database is hit. The report instance is static (contains saved data) and is stored on the Cache Server. It’s possible that the Cache Server can contain many copies of the cached report.

For example. 376 BusinessObjects Enterprise Administrator’s Guide . 2. In the User Name and Password fields. you can choose to also add its subfolders by selecting the Include Subfolders check box. Adding objects 1. In the System field. Click Next. 32-bit Windows application. the settings for parameters and schedule format do not appear when you publish OLAP Intelligence applications. select the appropriate authentication type. The Select Files dialog box appears. From the BusinessObjects Enterprise XI program group. it will appear in the folder you specified in InfoView (or other web desktop) and in the Objects management area of the CMC. click Publishing Wizard. depending on the type of object you are adding. type your BusinessObjects Enterprise credentials. Tip: Ensure the appropriate file type is listed in the Files of type field. type the name of the CMS to which you want to add objects. In the Select Files dialog box. 2. 3. 4. Logging on to BusinessObjects Enterprise 1. If you are adding a folder. Once the object has been published. Only the screens applicable to the objects or folders you are publishing appear. The wizard is made up of a series of screens.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Publishing with the Publishing Wizard The Publishing Wizard is a locally installed. This section of the guide features a series of procedures to help you through the Publishing Wizard.rpt). 3. From the Authentication list. Repeat steps 1 and 2 for each of the objects you want to add. 6. Note: Depending on the rights assigned by your BusinessObjects Enterprise administrator. 4. Navigate to and select the object you want to add. by default this value is set to Report (*. click either Add Files or Add Folders. 5. Click Next. Click Next. you may not be able to publish objects using the Publishing Wizard.

In the Specify Location dialog box. To add a new object package to the CMS. 1. (New folders are green. see “Duplicating the folder structure” on page 378. existing folders are yellow. then click Next. BusinessObjects Enterprise Administrator’s Guide 377 . Creating and selecting a folder on the CMS To add the selected objects. To add a new folder to the CMS. select a parent folder and then click the New Object Package button. choose a file type for each unrecognized object. The Confirm Location dialog box appears. Click + to the left of the folder to view the subfolders.) If you are adding multiple objects and want to place them in separate directories. Click Next. click the folder you want to add the objects to. select the item and click the Delete button. The new folder appears and can be renamed. 2. select a parent folder and then click the New Folder button.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 Note: If the Specify Object Type dialog box appears. Only the folders that you have full control access to will appear. The new object package appears and can be renamed. you can delete only new folders and object packages. To delete a folder or object package. you must create or select a folder on the host CMS. The Specify Location dialog box appears. Note: From the wizard.

select Put the files in the same location. select it and click the Delete button. By default. In the Specify Folder Hierarchy dialog box. You can drag-and-drop objects to place them where you want. And you can right-click objects to rename them. To delete a folder or object packages. The Specify Categories dialog box appears. choose a folder hierarchy option. In the Confirm Location dialog box. 2. move objects to the desired folders by selecting each object and then clicking Move Up or Move Down.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Moving objects between folders 1. objects are displayed using their titles. You can also add folders and object packages by selecting a parent folder and clicking the New Folder or New Object Package button. 1. Duplicating the folder structure If you are adding multiple objects from a directory and its subdirectories. To place all of the objects in a single folder. Click Next when you are finished. 378 BusinessObjects Enterprise Administrator’s Guide . you are asked if you want to duplicate the existing folder hierarchy on the CMS. You can display the objects’ local file names by clicking the “Show file names” button.

Note: This dialog box appears only for objects that can be scheduled. and/or object package that you are publishing to run at specific intervals. The object is not run again until you reschedule it. select the object you want to schedule. select a parent category and then click the New Category button.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 To recreate all of the folders and subfolders on the CMS as they appear on your hard drive. you can create or select a category on the host CMS. then click the Insert File button. Click Next. BusinessObjects Enterprise Administrator’s Guide 379 . Click Next. To delete a category or to remove an object from a category. Click + to the left of the folder to view the subfolders. select the item and click the Delete button. you can delete only new categories.) 3. choose the object that you want to add to the category. Adding objects to a category If you want to add the selected objects to a category. 2. In the Specify Schedule dialog box. existing categories are blue. Changing scheduling options The Specify Schedule dialog box allows you to schedule each report. Select one of three intervals: • Run once only Selecting the “Run once only” option provides two more sets of options: • when finished this wizard This option runs the object once when you’ve finished publishing it. (New categories are green. To add a new category to the CMS. select Duplicate the folder hierarchy. The new category appears and can be renamed. In the File list. The Specify Schedule dialog box appears. 1. Note: From the wizard. 2. In the Specify Categories dialog box. click the category you want to add the objects to. 2. 1. Choose the topmost folder that you want to include in the folder hierarchy. The Confirm Location dialog box appears. program.

select a report. see “BusinessObjects Enterprise Repository overview” on page 174. You can choose to refresh an object’s repository fields if the object references the repository. see “What are report objects and instances?” on page 425. Instead. universes. Let users update the object This option does not schedule the object. Refreshing repository fields The BusinessObjects Enterprise Repository is a central location which stores shared elements such as text objects. In the Specify Repository Refresh dialog box. Note: The Specify Repository Refresh dialog box appears only when you publish report objects. custom functions. To complete this task. click the Disable All button if you want to refresh none of the objects. and then select the Use Object Repository when refreshing report check box if you want to refresh it against the repository. bitmaps. The object is not run again until you reschedule it. For details. Click Next after you have set the schedule for each object you are publishing. Run on a recurring schedule Once you have selected this option. The options in this dialog box allow you to choose when and how often the object runs. For details about program objects and program object types. Tip: Click the Enable All button if you want to refresh all objects that reference the repository. and custom SQL commands. 380 BusinessObjects Enterprise Administrator’s Guide . Selecting a program type The Program Type dialog box appears only when you publish program objects. 3. 1.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard • • • at the specified date and time This option runs the object once at a date and time you specify. The “Pick a recurrence schedule” dialog box appears. it leaves the task of scheduling up to the user. 2. click the Set Recurrence button to set the scheduling options. Click Next when you are finished. Select the appropriate options and click the OK button. the Publishing Wizard needs to connect to your BusinessObjects Enterprise Repository database from the local machine.

exe. click Next. You can publish any executable program that can be run from the command line on the machine where the Program Job Server is running.jar file extension. In the User Name and Password fields. 2. The Program Credentials dialog box appears. your object may not schedule properly if the database logon information is not correct. specify the user credentials for the account for the program to run as. They generally have a . select a program. . Changing default values You can publish objects without changing any of the default properties. Specifying program credentials 1. Once you have specified the user credentials for each program to run as. BusinessObjects Enterprise Administrator’s Guide 381 . Note: If you use the default values. The Change Default Values dialog box appears. or if the parameter values are invalid.bat. To publish objects without making modifications Select Publish without modifying properties. 2. 2.com. In the Program Type dialog box. Click Next through the wizard’s remaining dialog boxes. or you can go through the remaining screens and make changes. . Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. batch files. Script Script program objects are JScript and VBScript scripts.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 1. • • 3. In the Program Credentials dialog box.sh. click Next. select a program. 1. Specify one of three program types: • Binary/Batch Binary/Batch programs are executables such as binary files. They generally have file extensions such as: . 3. The rights of the program are limited to those of the account that it runs as. Once you have specified the type of each program you are adding. or shell scripts. .

Select the Generate thumbnail image check box if you want users to see a thumbnail of a report object before they open it. The Review Object Properties dialog box appears. 2. Changing object properties 1. Click Next. Preview the first page of the report and save your changes. 382 BusinessObjects Enterprise Administrator’s Guide . In the Review Object Properties dialog box. To display thumbnails for a report. Enter a new title or description. If objects you are adding are of this type. 1. follow these steps. 2. Entering database logon information Some objects use data sources that require logon information. or click + to the left of the object to expose the database. open the report in Crystal Reports and click Summary Info on the File menu. 4. Tip: The “Generate thumbnail image” check box is available only if the object is an RPT file and was saved appropriately. double-click the object.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 1. 3. To review or modify objects before publishing Select Review or modify properties. select the object you want to modify. In the Specify Database Credentials dialog box. The Specify Database Credentials dialog box appears if it is needed. Select the “Save preview picture” check box and click OK. Click Next.

Setting the schedule output format You can choose an output format for each scheduled report that you publish. if you select Paginated Text.Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard 15 2. Click Next. For some of the formats. Click Edit Prompt to change the value of a prompt. enter the number of lines per page. In the Set Report Parameters dialog box. different dialog boxes appear. Note: Enter user name and password information carefully. click Next. Before such an object can be scheduled. leave the fields blank. 2. 4. For example. Click Next after you have finished editing the prompts for each object. BusinessObjects Enterprise Administrator’s Guide 383 . select the object whose schedule format you want to change. Select the database and change the logon information in the appropriate fields. select the object whose prompts you want to change. you must set the parameters in order to determine the default prompts. the object cannot retrieve data from the database. then click Set Prompts to NULL. you can customize the schedule format options. 3. 3. 1. Select a format from the list (Crystal Report. and so on). If you want to set the prompts to contain a null value (where possible). Microsoft Excel. Depending on the type of parameter you have chosen. 2. The Specify Format dialog box appears. Adobe Acrobat. If the database does not require a user name or password. The object’s prompts and default values appear in a list on the right-hand side of the screen. In the Specify Format dialog box. Where applicable. 3. customize the schedule format options. Setting parameters Some objects contain parameters for data selection. The Set Report Parameters dialog box appears if it is needed. If it is entered incorrectly. Once you have completed the logon information for each object using a different database. 1. Microsoft Word.

15 Publishing Objects to BusinessObjects Enterprise Publishing with the Publishing Wizard Adding extra files for programs Some programs require access to other files in order to run. Once you have added all necessary extra files for each program. After ensuring all the objects you want to publish have been added to the list. and run as specified. 3. scheduled. type the command-line arguments for your program. They are passed directly to the command-line interface. 1. Select a program. Select a program. using the same format you would use at the command line itself. click Next. click Next. 384 BusinessObjects Enterprise Administrator’s Guide . the Publishing Wizard displays a final list of the objects that it is going to publish. Click Finish to close the wizard. In the Command line area. you are returned to the final screen of the Publishing Wizard. click Next. select it from the list. 2. 1. Finalizing the objects to be added After you have provided all of required information for the objects. Once you have specified all necessary command-line arguments for each program. 2. Specifying command line arguments For each program. The Command line for Program dialog box appears. you can specify any command-line arguments supported by your program’s command-line interface. Click Add to navigate to and select the necessary file. 1. 3. 3. 2. When the processing is done. without parsing. The objects are added to the CMS. To view the details for an object.

To add an object with the CMC Go to the Objects management area of the CMC. BusinessObjects Enterprise Administrator’s Guide 385 . 1. 4. Click New Object. Enter the object’s properties. The New Object page appears. you can publish objects over the Web from within the CMC. 3. with the Report properties displayed.Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console 15 Publishing with the Central Management Console If you have administrative rights to BusinessObjects Enterprise. On the left side of the page. 2. click the type of object you want to add.

Hyperlink Report Description Type the full path to the object. Run all other programs as Executable program objects. Type a description of the object. Microsoft PowerPoint. Java. Use Object Report Repository when refreshing report Program Type Program Select this option to automatically refresh an object's repository fields against the repository each time the report runs. Text. clear the “Generate thumbnail for the report” check box. open the report in Crystal Reports and click Summary Info on the File menu. Title Description Generate thumbnail for the report Type the name of the object. Preview the first page of the report and save your changes. Run JScript and VBScript programs as Script program objects. Hyperlink Object Package. Select the “Save preview picture” check box and click OK. Microsoft Excel. If you do not want the user to see a thumbnail preview of the report in BusinessObjects Enterprise. or Script. Microsoft Word. 386 BusinessObjects Enterprise Administrator’s Guide . Adobe Acrobat. Tip: • • • URL Hyperlink Run Java programs as Java program objects.15 Publishing Objects to BusinessObjects Enterprise Publishing with the Central Management Console The properties that appear vary according to the type of object you are adding: Property File name Object Types Report. Select Executable. Program. Tip: To display thumbnails for a report. or click Browse to perform a search. Type the URL address of the page you want the hyperlink object to link to. Rich Text Object Package.

such as its title and description. To search for a specific folder or object package. If you want to place the object in a category. scheduling information. the CMC displays the Properties screen. then. In the Save As dialog box. Click OK. Specify the folder where you want to save the report and click Save. log on to the Central Management Server (CMS).Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 15 5. BusinessObjects Enterprise Administrator’s Guide 387 . select the category from the list. select it and click Show Subfolders. 7. use the Look For field. such as Crystal Reports or OLAP Intelligence. Tip: • • To expand a folder. you can use the Save As command to add objects to BusinessObjects Enterprise from within the designer itself. If necessary. 6. you can now modify the object’s properties. user rights. click Save As on the File menu. after designing a report in OLAP Intelligence. Ensure that the correct folder or object package name appears in the Destination field. when prompted. and so on. Saving objects directly to the CMS If you have installed one of the Business Objects designer components. Note: Only report and program objects can be published to object packages. the database logon information. For instance. click Enterprise Folders. When the object has been added to the system.

15 Publishing Objects to BusinessObjects Enterprise Saving objects directly to the CMS 388 BusinessObjects Enterprise Administrator’s Guide .

Importing Objects to BusinessObjects Enterprise chapter .

x” on page 390 “Importing information from Crystal Enterprise” on page 396 “Importing information from Crystal Info” on page 400. universes. see “Importing with the Import Wizard” on page 402. 390 BusinessObjects Enterprise Administrator’s Guide . and third-party documents to BusinessObjects Enterprise XI. But a user-level “must change password at next log on” restriction is imported with the user account. use the Import Wizard to import existing user accounts.x. but you can use it to import information from a source environment that is running on Windows or UNIX to a new BusinessObjects Enterprise system that is running on Windows or on UNIX. see the section for the product from which you are importing information: • • • “Importing information from BusinessObjects Enterprise 6. Importing information from BusinessObjects Enterprise 6. the Import Wizard imports settings that are specific to each object. Web Intelligence documents. For details. depending upon the product from which you are importing information. You can import information from any of these products: • • • • • • • BusinessObjects Enterprise XI BusinessObjects Enterprise 6.16 Importing Objects to BusinessObjects Enterprise Importing information Importing information The Import Wizard is a locally installed Windows application that allows you to import existing user accounts. a global “minimum number of characters” password restriction is not imported. folders. connection objects. categories. groups. groups.5 Crystal Enterprise 8 Crystal Info 7. rather than global system settings.x If you have upgraded from BusinessObjects Enterprise 6. and reports to your new BusinessObjects Enterprise system. universe restriction sets. For procedural details. In general.x Crystal Enterprise 10 Crystal Enterprise 9 Crystal Enterprise 8.5 The functionality provided by the Import Wizard varies. The Import Wizard runs only on Windows. For instance.

Start the following servers in the BusinessObjects Enterprise XI deployment: • • Central Management Server Input File Repository Server and Output File Repository Server BusinessObjects Enterprise Administrator’s Guide 391 . you will need to restore them from your backup copies. If you are importing from a BusinessObjects Enterprise 6.x Before you use the Import Wizard to import data into the new BusinessObjects Enterprise XI system. create data sources on the destination machine for every domain that is part of the source deployment.x repositories to make them consistent with version 6.x source environment. Back up all repositories in the source deployment.key files. installdir/nodes/<name of node>/mycluster/user Map this folder if you are importing personal documents and categories. you need to perform the following steps: • • Make sure the Import Wizard is deployed on a Windows machine. • • Stop all servers in the source deployment. If you need to access the repositories from a 6. Use the Custom installation if you want to install only the Import Wizard on a machine. Note: The Import Wizard modifies BusinessObjects Enterprise 6.x deployment. • • • • • installdir/nodes/<name of node>/mycluster/locdata Map this folder for access to the . On the machine that is running the Import Wizard.x 16 Before importing from BusinessObjects Enterprise 6. installdir/nodes/<name of node>/mycluster/mail Map this folder if you are importing the content of users’ Inbox folders. map drives to the following folders (where installdir represents the BusinessObjects Enterprise 6. The name and configuration details for the data sources must match the data sources in the source deployment.x installation directory).Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6.5 format before importing data into BusinessObjects Enterprise XI.

x into BusinessObjects Enterprise XI.x Importing objects from BusinessObjects Enterprise 6. When you import a universe from a domain. When you import connection objects from BusinessObjects Enterprise 6.x.16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. ensure that the Import Wizard can access the database the same way that the BusinessObjects Enterprise 6. this option imports only the objects used by the Web Intelligence documents that you are importing. Known as document dependency. the Import Wizard imports the object if it is an object type that is supported by BusinessObjects Enterprise XI. connections. connections. When you import a universe. the Import Wizard also imports connection objects associated with the universe. Universes You can import universes into the BusinessObjects Enterprise repository. When you select a Web Intelligence document to import. They are converted into connection objects. the associated connections are imported automatically. • • 392 BusinessObjects Enterprise Administrator’s Guide . Import only universes. Generally. This may involve installing database drivers or configuring connection settings on the machine. You cannot select individual universes or connections to import.x universe domain. When you import BusinessObjects Enterprise 6. it is placed in the corresponding domain folder. and associated objects. By default. There are two ways to import the universes: • • Import all universes.x accesses it. Note: • Universe domains are converted into folders under the Universe folder. You must import all the universes in one batch.x The following sections describe what happens to objects that have been imported from BusinessObjects Enterprise 6. an imported object will not overwrite an object with the same name that is already stored in the BusinessObjects Enterprise XI CMS database.x universes. the Import Wizard automatically selects the associated universe for import. You can also use this option if you want to import a subset of selected universes and their dependencies. You can select additional universes for import. Each universe folder will be named after the corresponding Business Objects 6. It also imports universe restriction sets associated with the universe (if the restriction sets are associated with users or groups that are being imported). and objects that are associated with the documents you are importing.

x are mapped to default groups in BusinessObjects Enterprise XI as follows: BusinessObjects Enterprise 6. Universe restriction sets The Import Wizard automatically migrates all universe restriction sets that are associated with the imported universes for any of the selected users and groups being imported. • • If a selected universe is a derived universe. Users are imported into the BusinessObjects Enterprise repository.x user profile BusinessObjects Enterprise XI default group Added to the Everyone group. they are converted into objects. • • All user profiles General Supervisor BusinessObjects Enterprise Administrator’s Guide 393 . if you import SQL Server connection objects from a BusinessObjects Enterprise 6.x source environment.x 16 For example. and an Inbox folder.x users and groups can be migrated to BusinessObjects Enterprise XI.x user.Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. If no principal users or groups are selected for import.x and BusinessObjects Enterprise XI (and how they handle rights aggregation). Users and groups All existing BusinessObjects Enterprise 6. For each BusinessObjects Enterprise 6. BusinessObjects Enterprise XI creates a user folder. When restriction sets are migrated. Added to the Administrators group. User profiles from BusinessObjects Enterprise 6. a personal category. For more information about importing universes. no restriction sets are imported. Universe restriction sets are migrated using both object names and object IDs to identify universe components. you must configure the connections on the destination machine via the Control Panel before you import the connection objects. Because of the differences between restriction sets in BusinessObjects Enterprise 6. the Import Wizard may create additional restriction sets on the destination deployment in order to preserve the restriction sets for all imported users. then all relevant core universes and their connections will also be imported. They remain connected to the universes that they were connected to on your existing installation. You must use the exact same name and settings as the connection used on the source machine when you created the domain key. see “Selecting information to import” on page 405.

and categories Universe and document domains are converted to folders named after the respective domains. If a BusinessObjects Enterprise 6. the right will not be granted to the user. domains.x security settings are preserved in BusinessObjects Enterprise XI. 394 BusinessObjects Enterprise Administrator’s Guide .16 Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. the Import Wizard sets the effective rights as determined by aggregation rules in the source deployment for the principal user or group on the object in the destination deployment. The “Enforce rights fidelity” option ensures that the effective rights match between the source and destination environments. see the BusinessObjects Enterprise Installation Guide. BusinessObjects Enterprise XI creates folders for Categories and Personal Categories and preserves the hierarchy of subcategories. For each imported user. but not added to the Administrators group.x user profile BusinessObjects Enterprise XI default group Granted appropriate rights on all imported objects. Objects corresponding to the universes and documents contained in these domains are imported to these folders. Added to the Everyone group. Added to the Universe Designer Users group. Added to the Universe Designer Users group. Folders. If effective rights in the source and destination environments do not match for a principal on an object. select all users and groups that are principals on the selected object and ensure that you select the “Enforce rights fidelity” option in the Import Wizard. Corporate (or administrative) categories are imported as categories under the Categories folder.x right does not map exactly to a BusinessObjects Enterprise XI right. for example).x BusinessObjects Enterprise 6. BusinessObjects Enterprise 6. • • • • Supervisor Designer Supervisor-Designer User/Versatile If you want to preserve security settings that are assigned to an imported object. Whenever possible. By default. selected personal categories are imported to a new subfolder (named after the user) under the Personal Categories folder. For more information about the migration of security settings. Note: • • The Import Wizard migrates external users and groups (LDAP or Windows AD users and groups.

Importing Objects to BusinessObjects Enterprise Importing information from BusinessObjects Enterprise 6. Documents (and universes) cannot be imported without importing the domain.rep) documents BusinessObjects (.x Inbox documents are migrated to the user’s Inbox folder in BusinessObjects Enterprise.rep documents to . it may require significant processing time. When you select a document.x Personal documents to BusinessObjects Enterprise.wid) format—in a separate procedure—before migrating the system. you can use the Report Migration Utility. also known as “full-client” documents. These documents are added to the user’s Favorites folder. Note: If you import a large number of Web Intelligence documents from your existing BusinessObjects Enterprise 6. Instructions are in the Report Migration Utility guide. Inbox rights • • • Everyone [Add Document] Administrators [Full Control] Owner [Full Control] Personal Documents You can import BusinessObjects Enterprise 6. the document's domain is also imported. the user must be granted access to the document in BusinessObjects Enterprise 6.rep) documents.x suite.x 16 Personal categories can be imported only as part of a batch import.x deployment. you must migrate your . Documents To have access to a Web Intelligence document from the Import Wizard.rep documents to Web Intelligence (. and the user must be a member of the group to which the document is assigned. Therefore. are not supported in BusinessObjects Enterprise XI. BusinessObjects (.wid format. BusinessObjects Enterprise Administrator’s Guide 395 . Inbox documents Version 6. To migrate . You can select individual corporate categories and import Web Intelligence documents grouped by corporate category.x. delivered with the BusinessObjects 6. You can select which domains or documents you want to import into BusinessObjects Enterprise.

and Excel. When doing so. you have the additional option of importing calendars. use the Import Wizard to import existing user accounts. User A owns an object and has Full Control rights while User C has View rights on the same object. even if the user already exists in the destination system. if a user has Full Control rights on an object.txt documents. Timestamps Timestamps are not migrated from BusinessObjects Enterprise 6. more involved example. Importing information from Crystal Enterprise If you have upgraded from Crystal Enterprise. and server groups. all rights information for that user is discarded. the wizard makes appropriate modifications to the object (in most cases. If User D runs the Import Wizard and brings the object across along with User C. RTF. if any of an object’s dependencies are not imported. folders.5 or 9 installation. the dependency is removed). When using the Import Wizard. Word. As another. and *. the Full Control right for that user is discarded when the object is imported. Events and server groups can also be imported from a version 8. events. If the user is not brought across. You can also use the Import Wizard to import information from an existing version XI installation to a new version XI installation. For example. the object becomes owned by the Administrator: User A loses Full Control rights. 396 BusinessObjects Enterprise Administrator’s Guide . the Administrator becomes the new owner of the objects. repository objects. groups. the Import Wizard maps all rights for the user on the source system to the existing user on the destination system. Supported formats are: Adobe Acrobat PDF. but the user is not imported. but User C still has View rights on the object.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise Third-party documents BusinessObjects Enterprise 6. If the user already exists. and report instances to BusinessObjects Enterprise XI. In the case of objects brought across without their owners. report objects. Microsoft PowerPoint.x supports third-party (agnostic) documents.x to BusinessObjects Enterprise XI. but not User A. Note: Always import users if you want to bring across the associated rights for an object. The Import Wizard migrates these documents into BusinessObjects Enterprise XI if the format is supported.

Users and groups The Import Wizard imports users and groups and their hierarchical relationships. Active Directory authentication must also be enabled on the destination system. the group is migrated to the destination BusinessObjects Enterprise XI environment. if the source environment uses Named User licensing. Windows AD When importing users that employ Windows Active Directory authentication. the list of group members is updated with any additional users who were members of the group in the source environment. However. For more information about licensing. If the source environment uses Concurrent licensing. the destination user keeps all aliases. the wizard first checks the number of Named User license keys in the destination environment. BusinessObjects Enterprise Administrator’s Guide 397 . then the Import Wizard imports the object. the wizard imports all users as Named Users. if your Crystal Enterprise source environment includes users that belong to the New Sign-Up group. These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. A user or group is imported only if it does not exist already by name. the wizard imports all users as Concurrent Users. Note: BusinessObjects Enterprise XI does not include a New Sign-Up feature. see “Licensing overview” on page 530. If there are enough Named User licenses in the destination environment. Generally. If there are not enough Named User licenses in the destination environment. If you import a group that already exists in the destination environment. Aliases If a user in the destination system has an alias that is identical to a user who is being imported. the wizard imports all users as Concurrent Users. and the imported user loses that particular alias. if the object will not overwrite an object that is already in the BusinessObjects Enterprise system.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 Importing objects from Crystal Enterprise The following sections describe what happens to the objects that are imported from a Crystal Enterprise 8.x system. However. ensure that the administrative credentials are the same on both the source and destination systems. User licensing can affect the behavior of the Import Wizard.

When you import content from one deployment to another. If the user or group is not imported at the same time. whether or not they exist already in the destination environment. suppose that you import a report that explicitly grants View On Demand rights to the Everyone group in the source environment—but you do not import the Everyone group. Supported reports are always imported with their parent folders. the object rights are discarded. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. the Host list and Base LDAP name need to be the same on both the source and destination systems. When this option is selected.” option in the “Please choose an import scenario” dialog box. If you don’t import the user account.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise LDAP When importing users that employ LDAP authentication. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). You can import the report instances for each report object. OLAP data sources. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. so as not to overwrite existing folders. LDAP authentication must also be enabled on the destination system. or Business Views. 398 BusinessObjects Enterprise Administrator’s Guide . In the SDK. For example. Rights When you import folders and reports from one BusinessObjects Enterprise system to another. whether or not they exist already in the destination environment. make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system. For instance. ownership is reflected by an object’s SI_OWNERID property and by a scheduled instances’s SI_SUBMITTERID properties. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. Crystal Info Views. you can ensure that a particular user account retains ownership of its objects and scheduled instances by importing the user along with the content. ODBC data sources. if you import a folder called Sales Reports when a folder called Sales Reports already exists. the ownership properties of its objects and instances are reset to your current administrative account. and the scheduling patterns that you have set up in the source environment are imported automatically. To ensure that existing folders are not overwritten. Folders Folders are imported. the associated object rights are imported for every user or group who is imported at the same time. However.

you have the additional option to import events and server groups from the source environment. If you have jobs scheduled or pending on a server or server group that you are importing. the event. if a report is scheduled to run only under server group A and that server group is not imported. If you do import the appropriate user or group. So the newly imported report in the destination environment will explicitly grant the View On Demand right to the Everyone group. Instead. see the BusinessObjects Enterprise Administrator’s Guide. You need to import the server group at the same time as the objects that use it to keep the relationship between them. if the server group exists on the destination system. Otherwise. Note: • If Event A is being imported from the source system but there is already an Event A on the destination system. the wizard does not bring across the servers that belong to that group. then the corresponding object rights are imported and applied to the existing user or group. you might notice odd behavior on the destination system with the individual jobs involved until they run or time out. modifying the example above. the report inherits any rights that have been set on its parent folder. you need to import the event at the same time as the object. In this case. the report loses that restriction and will run under any server group. For more information about how to do this. and it is a different type (for BusinessObjects Enterprise Administrator’s Guide 399 . the Import Wizard imports the object rights along with the report. Objects that have server group restrictions lose the restrictions if the objects are imported and the server group is not. You need to manually add servers to the imported group in the Central Management Console (CMC). or triggers. suppose that you import the report and the Everyone group. For example. When importing server groups. the object is imported without the dependency and no longer waits for. Events and server groups When you use the Import Wizard to import information from a Crystal Enterprise 8. Note: • • When importing report objects associated with a server group. The same logic applies for events: if an object is set up to wait for an event or to trigger an event.5 or later system. the report objects are added to the existing group and the source system’s server group is not imported.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Enterprise 16 In this case. and it already exists by name in the destination environment. the newly imported report in the destination environment will not grant the same explicit rights to the Everyone group. For instance.

For more information about licensing. If the source environment uses Concurrent licensing. A user or group is added to BusinessObjects Enterprise only if it does not exist already by name. Note: Users who are accessing your Crystal Info implementation when you are importing objects to BusinessObjects Enterprise might experience a delay. Users and groups The Import Wizard imports users and groups and their hierarchical relationships as they exist in Crystal Info. then the Import Wizard imports the object. the event should work as expected. if the source environment uses Named User licensing. 400 BusinessObjects Enterprise Administrator’s Guide . These additional users are added to BusinessObjects Enterprise if their accounts do not exist already. the list of group members is updated with additional users who were members of the Crystal Info group.16 Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info example. see “Licensing overview” on page 530. a File event instead of a Custom event). the wizard removes the dependency on Event A from the object when it is imported. you need to manually reset the event server and file name information on the event in the destination system. Importing information from Crystal Info Importing objects from Crystal Info The following sections describe what happens to objects that have been imported from Crystal Info to BusinessObjects Enterprise. User licensing can affect the behavior of the Import Wizard. Once this is set. the wizard imports all users as Concurrent Users. the wizard first checks the number of Named User license keys in the destination environment. if the Crystal Info object is of a type that is supported within BusinessObjects Enterprise. If there are not enough Named User licenses in the destination environment. the wizard imports all users as Named Users. If you import a group that already exists in BusinessObjects Enterprise. since servers are not imported. • Events are based on Event Servers and. and if the Crystal Info object will not overwrite an object that is already in the BusinessObjects Enterprise system. Generally. the wizard imports all users as Concurrent Users. If there are enough Named User licenses in the destination environment. However.

the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. if you import a folder called Sales Reports. When you import reports based on a Crystal Info View. so as not to overwrite existing folders. which differ from the user rights used within Crystal Info. Rights BusinessObjects Enterprise enforces security through object rights. you are prompted to save the report files. whether or not they exist already in BusinessObjects Enterprise. Consequently. However. only the ownership. Supported reports are always imported with their parent folders. If you transfer reports from Crystal Info to BusinessObjects Enterprise. Report objects The Import Wizard can import Crystal report objects only if they are based on native drivers. Recurrence patterns that cannot be automatically recreated within BusinessObjects Enterprise are written to the log file created by the Import Wizard. If the owner of a report is the Administrators group. When this option is selected. then the imported folder is added to BusinessObjects Enterprise with the name Sales Reports(2). make sure you choose the “Automatically rename top-level folders that match top-level folders on the destination system” option in the “Please choose an import scenario” dialog box. Choose a specific folder where you want to save these reports. BusinessObjects Enterprise Administrator’s Guide 401 . when a folder called Sales Reports already exists in BusinessObjects Enterprise. To ensure that existing folders are not overwritten. the Administrators group will have Full Control access to it. the report will be transferred and the View On Demand access mode will be associated with the report. whether or not they exist already in the destination environment. If the owner of the report is not an administrator. After converting the reports. the Import Wizard does not import any of the folder security that is set up within the Crystal Info environment. you can publish them to BusinessObjects Enterprise with the Publishing Wizard. For example. ODBC data sources. You can then run a conversion utility on all reports in that folder to convert them to use metadata.Importing Objects to BusinessObjects Enterprise Importing information from Crystal Info 16 Folders Folders are imported. or OLAP data sources. the Import Wizard appends a number to the end of any duplicated folder names to indicate the number of copies. the rights associated with the report are not transferred. The Import Wizard can import successful instances and some recurring instances from Crystal Info systems.

Such objects include report packages. Before starting this procedure.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Other objects The Import Wizard cannot import Crystal Info objects that are not supported by BusinessObjects Enterprise. Holos Applications. You then select the information that you want to import. ensure that you have the Administrator account credentials for both the source and the destination environment. The screens that appear depend on the source environment and the types of information that you choose to import. You can choose to merge the contents of the source repository into the destination repository. groups. The overall process is divided into the following procedures: • • • • • • “Specifying the source and destination environments” on page 402 “Selecting information to import” on page 405 “Importing objects with rights” on page 407 “Choosing an import scenario” on page 407 “Importing specific objects” on page 409 “Finalizing the import” on page 414 Specifying the source and destination environments This procedure shows how to specify a source environment and a destination environment using the initial screens of the Import Wizard. query objects. and the Import Wizard copies the requested information from the source to the destination. you first connect to the Central Management Server (CMS) of your existing installation (the source environment) and specify the CMS of your new BusinessObjects Enterprise system (the destination environment). 1. and reports. Info cubes. folders. 402 BusinessObjects Enterprise Administrator’s Guide . Open OLAP cubes. 2. and Crystal reports based on query files. When you import information. Click Next. Importing with the Import Wizard The Import Wizard provides a series of screens that guide you through the process of importing user accounts. To specify the source and destination environments From the BusinessObjects Enterprise program group. click Import Wizard. or you can update the destination with the contents of the source CMS.

The fields that appear depend on the type of source environment you chose. select the product from which you want to import information. or BusinessObjects Enterprise XI: • • In the CMS Name field.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 The “Specify source environment” dialog box appears. 4. In the Source list. Type the User Name and Password that provide you with administrative rights to the source environment. Crystal Enterprise 10 or earlier.x BusinessObjects Enterprise XI You are prompted for administrative account information. BusinessObjects Enterprise Administrator’s Guide 403 . This example imports information from BusinessObjects Enterprise XI. type the name of the source environment’s CMS (Central Management Server). 3. The available options are: • • • • • • • Crystal Info 7. If your source environment is Crystal Info.5 Crystal Enterprise 8 Crystal Enterprise 8.5 Crystal Enterprise 9 Crystal Enterprise 10 BusinessObjects Enterprise 6.

Type the User Name and Password that provide you with administrative rights to the source environment. 8. 404 BusinessObjects Enterprise Administrator’s Guide . The “Choose objects to import” dialog box appears.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 5. 7. type the name of the destination environment’s Central Management Server. If your source environment is BusinessObjects Enterprise 6. In the Domain key file field. or click the browse button to select the domain file. Type the User Name and Password of an Enterprise account that provides you with administrative rights to the BusinessObjects Enterprise system. provide the full path of the domain file for the BusinessObjects Enterprise system. Note: You must have the General Supervisor profile.x: • • 6. The “Specify destination environment” dialog box appears. In the CMS Name field. then click Next. Click Next.

see “Specifying the source and destination environments” on page 402. 2. If you have not already started the Import Wizard. and reports that you want to import. select the check box (or boxes) corresponding to the information you want to import: • Import users and user groups • • • • • • • • • • • • • Import inbox documents Import personal categories Import personal Web Intelligence documents Import favorite folders for selected users Import application rights Import corporate categories Import corporate Web Intelligence documents Import folders and objects • Import discussions associated with the selected reports Import events Import server groups Import repository objects Import calendars Import universes Note: The options available depend on the version of the source environment. If the “Import personal documents and inbox documents” dialog box appears.x. Click Next.5 or later. Note: You do not need to provide a path for corporate documents because they are stored in the repository. Repository objects and calendars can be imported from Crystal Enterprise 10. To choose which objects to import In the “Choose objects to import” dialog box. All object can be imported from BusinessObjects Enterprise XI. Events and server groups can be imported from Crystal Enterprise 8. Universes.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Selecting information to import This procedure shows how to select the users. provide the paths for your personal and/or inbox documents. choose an import option: BusinessObjects Enterprise Administrator’s Guide 405 . categories. groups. folders. 4. and Web Intelligence documents can be imported from BusinessObjects Enterprise 6. If the “Import universe and connection objects” options dialog box appears. 3. 1.

16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • • Import all universes. You cannot select individual universes or connections to import. Import only the universes and connection objects that are associated with the documents you are importing. connections. this option imports only the objects used by the Web Intelligence documents that you are importing. Click Next. The “Import Object Principals Option” dialog box appears. 406 BusinessObjects Enterprise Administrator’s Guide . You can also use this option if you want to import a subset of selected universes and their dependencies. 5. This option imports all universes from the source environment in one batch. Known as document dependency. and associated objects.

BusinessObjects Enterprise Administrator’s Guide 407 . only the update option is available. you need to import the users and groups that have been granted these rights. the rights on the destination system will closely match those on the source system. The setting also affects how the system handles duplicate objects. If you do not enable rights fidelity. The “Please choose an import scenario” dialog box appears. 2. the Import Wizard prompts you to either merge or update users and groups that have the same name on both the source and destination systems. If you enable rights fidelity. Proceed to “Choosing an import scenario” on page 407. enable the rights fidelity setting in the Import Wizard. or you can add the source system’s information to the destination system without merging. Choosing an import scenario You can merge the source and destination systems. To preserve the rights from the source system. If you enable rights fidelity. If you enable rights fidelity. select the “Enforce rights fidelity” option. users and groups from the source system overwrite users and groups that have the same name on the destination system. 1. To enable rights fidelity In the “Import Object Principals Option” dialog box.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 Importing objects with rights If you import objects that already have rights assigned to them. Click Next.

all objects from the source system with a unique title are copied to the destination system. choose the type of import you want. Updating the destination system You can add the source system’s information to the destination system without merging. choose “I want to update the destination system by using the source system as a reference.” To add the source system’s information to the destination system without merging. see “Importing data from a Crystal Enterprise 10 or BusinessObjects Enterprise XI CMS” on page 174. All of the objects in the destination system are preserved. To choose an import scenario In the “Please choose an import scenario” dialog box. 1. If an object in the source system has the same unique identifier as an object in the destination. When you update the contents of the destination system using the source system as a reference. the object in the destination is overwritten. you add all objects in the source system to the destination CMS. Also. Note: This is the safest import option.” 408 BusinessObjects Enterprise Administrator’s Guide . For more information about merging and updating systems.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Merging systems If you merge the source and destination systems. the Import Wizard adds all objects from the source system into the destination CMS without overwriting objects in the destination. To merge the source and destination systems. at a minimum. choose “I want to merge the source system into the destination system.

select specific members of any group. Click Next. If the “Import Groups Option” dialog box appears.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 2. In the Groups list. 3. Click Next. or repository objects. This example imports all but one of the users in the Administrators group. BusinessObjects Enterprise Administrator’s Guide 409 . 1. Web Intelligence documents. proceed to “Finalizing the import” on page 414. universes. 4. the “Select Users and Groups” dialog box appears. and click Next. 2. To select users and groups If you chose to import users and groups. choose how you want to map third-party groups. In the Subgroups and Users list. categories. select the groups that you want to import. you are prompted to choose the specific objects you want to import. proceed to “Importing specific objects” on page 409. You can import all of the objects or select individual objects. domains. If you are prompted to select specific objects for import. If the “Information collection complete” dialog box appears. folders. groups. Importing specific objects If you chose to import users. Note: • Ensure that the third party authentication is configured the same way on both the source and destination environments.

you need to determine how these users will be handled upon import into BusinessObjects Enterprise XI. • To select domains and Web Intelligence documents If you chose to import Web Intelligence documents. the “Select Domains and Web Intelligence documents” dialog box appears. Select the check boxes for domains or individual documents that you want to import. • To select categories If you chose to import categories. see “Managing User Accounts and Groups” on page 249. then click Next. For information about setting alias creation and assignment for LDAP and Active Directory users. then click Next. the “Select categories” dialog box appears. The Import Wizard imports the selected categories and the objects that belong to the categories. Select the check boxes for the categories that you want to import. 410 BusinessObjects Enterprise Administrator’s Guide .16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard • If you are importing third-party (or external) users and groups from BusinessObjects Enterprise 6.x.

then click Next.x. To select universes or universe folders If you chose to import a subset of the universes from the source environment.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 1. its connection objects are imported automatically. Note: When you import a universe. ensure that the Import Wizard can access the database the same way that the source environment BusinessObjects Enterprise Administrator’s Guide 411 . Select the check boxes for the universes that you want to import. the “Select Universe Folder and Universes” dialog box appears. Before you can import connection objects from BusinessObjects Enterprise 6.

and click Next. and if SSO is not enabled. provide your connection information. This may involve installing database drivers or configuring connection settings on the machine.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard accesses it. 2. You must use the exact same name and settings as the connection used on the source machine when you created the domain key. the “Connection SSO Option” dialog box appears. If your database supports Kerberos authentication. You can enable SSO only for connections that support Kerberos SSO in BusinessObjects Enterprise XI. Tip: You can also choose to “Import all instances of each selected report and object package. Select the check boxes for the folders and reports that you want to import. the “Select Folders and Objects” dialog box appears. these credentials will also be used for access when viewing Web Intelligence documents or designing universes. but you do not need to provide SSO information for described connections. you can specify logon credentials for database access during scheduling. you must configure the connections on the destination machine via the Control Panel before you import the connection objects. You can specify logon credentials for access when scheduling. and you can enable Single Sign-On for database access during viewing and designing. Then click Next. 412 BusinessObjects Enterprise Administrator’s Guide .x source environment. For example. Note: • • • • SSO can be enabled. If the universe uses a connection object that is associated with a secure connection that was created with the “Use Business Objects username and password” option selected.” This example imports the Report Samples folder and a subset of its contents. Select the connection object. To select folders and objects If you chose to import folders and objects. if you import SQL Server connection objects from a BusinessObjects Enterprise 6.

then click Next. Choose an importing option for repository objects.Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard 16 • To select repository objects If you chose to import repository objects. the “Import repository objects options” dialog box appears. BusinessObjects Enterprise Administrator’s Guide 413 .

and a field that describes the action and the reason why it was taken. The “Import Progress” dialog box displays status information and creates an Import Summary while the Import Wizard completes its tasks. click Finish to begin importing the information. If the import summary shows that some information was not imported successfully.16 Importing Objects to BusinessObjects Enterprise Importing with the Import Wizard Finalizing the import 1. click Done. a title that describes the imported information. 414 BusinessObjects Enterprise Administrator’s Guide . 2. this directory is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ The log file includes a system-generated ID number. Otherwise. which you will find in the directory from which the Import Wizard was run.log. click View Detail Log for a description of the problem. Note: The information that appears in the Detail Log is also written to a text file called ImportWiz. By default. When the “Information collection complete” dialog box appears.

Managing Objects chapter .

After publishing objects to BusinessObjects Enterprise. programs. Additionally. “General object management” on page 417 This section describes general object management concepts that apply to all objects. and how to manage them through the Central Management Console (CMC). and working with hyperlinked reports. as well as object packages.17 Managing Objects Managing objects overview Managing objects overview There are several types of objects that can exist in BusinessObjects Enterprise: reports. Managing report objects includes applying processing extensions. specifying alert notification. Additionally. and deleting objects. Microsoft Word files. such as moving. 416 BusinessObjects Enterprise Administrator’s Guide . and hyperlinks. This chapter is broken up into four sections: • • “Report object management” on page 425 This section explains report objects and instances. and how to manage them through the Central Management Console (CMC). this section covers type-specific program object configuration. and how to manage them through the Central Management Console (CMC). Microsoft PowerPoint files. It also describes how to search for objects. how to modify object properties. you manage them through the Central Management Console (CMC) by going to the Objects management area. copying. Microsoft Excel files. which consist of report and/or program objects. Tip: • • Go to the Object management area by clicking the Objects link on the CMC Home page. text files. Use folders to organize and facilitate object administration for you and your users. Web Intelligence documents. and security considerations for program objects. • “Object package management” on page 459 This section explains object packages and instances. rich text format files. • “Program object management” on page 451 This section explains program objects and instances. changing database information. and how to set object rights for users and groups. this section explains how to create an object package and how to add objects to an object package. using filters. Adobe Acrobat PDFs. see “Managing User Folders” on page 367. For more information. updating parameters.

The shortcut inherits object rights from its parent folder. BusinessObjects Enterprise Administrator’s Guide 417 . See “Scheduling objects using object packages” on page 471. See Chapter 14: Organizing Objects. For example. Copying. to copy the objects to the package. see “Setting object rights for users and groups” on page 317. moving. or creating a shortcut for an object” on page 417 “Deleting an object” on page 419 “Searching for an object” on page 419 “Sending an object or instance” on page 420 “Changing properties of an object” on page 422 “Assigning an object to categories” on page 424 Tip: You can also manage an object by going to the Folders management area in the CMC. • • “Move” changes the location of the object from one folder to another. they are not able to schedule that report even through a shortcut that allows them full rights. for example. if a user does not have rights to schedule a report. The object retains its original set of object rights. However. “Create shortcut” enables you to create an alternate. or to create a shortcut to an object within BusinessObjects Enterprise: • “Copy” creates another copy of the object in a different location. when scheduling objects by using an object package. It includes the following sections: • • • • • • “Copying. The new copy of the object inherits all object rights from its new parent folder. access route for an object. the shortcut object rights do not override the rights of the original object. or creating a shortcut for an object Use this procedure to copy or move an object. more convenient. selecting a folder (and any subfolders) by clicking the appropriate link(s). moving. You use copy. Note: For information setting the rights for an object. You can also create a shortcut to give users access to the object when you don’t want them to access the folder that the actual object is located in.Managing Objects General object management 17 General object management This section describes general tasks related to managing objects and their instances. and selecting the object that is located under the Object Title column.

move. Click Copy/Move/Shortcut. Tip: • • To expand a folder. 4. Select the check boxes associated with the object(s) you want to copy. 2. then click OK. use the Look For field. see “Specifying folder rights” on page 364. Select one of the following options: • • • Copy to Move to Create shortcut in Tip: You may want to create a shortcut if you want to give someone access to an object without giving that user access to the entire folder that the object is located in. select it and click Show Subfolders.17 Managing Objects General object management 1. users who have access to the folder where the shortcut is located can access this object and its instances. To search for a specific folder or object package. move. or create a shortcut for an object Go to the Objects management area of the CMC. 418 BusinessObjects Enterprise Administrator’s Guide . For more information on folder rights. or create a shortcut for. The Copy/Move/Create Shortcut page appears. Select the appropriate destination folder. After you create the shortcut. 3. 5. To copy.

Click Search. 1. BusinessObjects Enterprise Administrator’s Guide 419 . In the Text field. all of its existing instances and scheduled instances will be deleted. see “Managing and viewing the history of instances” on page 495. Click Delete. Note: When you delete an object. Select the check boxes associated with the object(s).Managing Objects General object management 17 Deleting an object This procedure explains how to delete either a single object or multiple objects. Click OK. 1. You can also delete a folder (by selecting a folder and clicking Delete in the Folders management area). 3. To search for an object or objects Go to the Objects management area of the CMC. you have the option of deleting object instances. type the text to search for. does not contain). To delete an object Go to the Objects management area of the CMC. is not. rather than the object itself. Specify the search criteria. 3. which deletes all of the objects and instances that are stored in that folder. contains. As well. Searching for an object The search feature enables you to search for specific text within object titles or descriptions. 2. For more information. specify the object field to search (title or description) and the matching method to use (is. 2. In the “Search for” fields. 4.

nor does it refresh the data for a report instance. 2. Not all types of objects can be sent to all destinations. To send an object or an instance to a destination Go to the Objects management area of the CMC. The “Send to” function handles existing objects or instances only. You can send an object. Click the History tab. To send an instance of the object. Select only instances with a status of Success or Failed. or a shortcut to the object or instance. You can send either a copy of an object or instance. Select the check boxes for the objects that you want to send. a report instance. for example. click the link for the object. Instances with a status or Recurring or Pending are scheduled and do not contain any data yet. for example. a Word or Excel file. 420 BusinessObjects Enterprise Administrator’s Guide . or you can send instances of an object. see See also “Available destinations by object type” on page 421.17 Managing Objects General object management Sending an object or instance You can use the “Send to” feature to send existing objects or instances of an object to different destinations. You can also select the destination. for example. and then select the check boxes for the instances you want to send. 3. Click Send to. 1. The Send to page appears. It does not cause the system to run the object and create new instances. For details about which types of objects can be sent to which destinations. FTP or Inbox.

By default. you can the temporary instances that are created when you send an object or instance. The system sends the selected objects or instances to the specified destinations. If you select this option. but there are some exceptions. this option is selected and the system deletes any temporary objects or instances after they have been sent. The system will update the destination information for the object when you click Send. 6. DIsk Yes Yes Email (SMTP) FTP Yes Yes File Yes Yes Link Yes Yes Inbox File Yes Yes Yes Link Yes Yes Yes Object type Report Object Package Program BusinessObjects Enterprise Administrator’s Guide 421 . Unm. select the Set this destination as the selected object’s scheduling destination option. In some cases recipients must have access to the BusinessObjects Enterprise system to be able to open the object. Available destinations by object type Most destinations can be used for most types of objects. For example. If you want to keep these 5. Click Send. The following table summarizes which objects cannot use certain destinations. A new destination for all selected objects Allows you to specify a destination. If you want. Note: Send Web Intelligence documents to the “Inbox” destination only. If you want the destination to become the default destination for the object. deselect Clean up temporary objects created after objects have been sent. See “Available destinations by object type” on page 421 and “Selecting a destination” on page 481.Managing Objects General object management 17 4. for a Web Intelligence document you cannot specify an unmanaged disk destination. or to an Email destination within BusinessObjects Enterprise. Select the destination option you want: • • Each selected object’s scheduling destination Sends the objects or instances to the destination specified on the Destination pages for the objects. you must specify additional parameters for the destination information.

and Rich Text objects. Microsoft Excel. 1. its location. Provided that you have the appropriate software installed on your browser machine. you can modify an object’s title and description. Microsoft PowerPoint. change any of the properties as required. select an object by clicking its link. For objects that can be scheduled (reports. programs. View button For Microsoft Word. Adobe Acrobat. On the Properties page. Note that once you have clicked Update. you can click the View button to open and view the object. As well. and the date it was created. a View button appears on the Properties page. 3. Click Update. 422 BusinessObjects Enterprise Administrator’s Guide . DIsk Yes Yes Yes Yes Yes Yes - Email (SMTP) FTP Yes Yes Yes Yes Yes Yes File Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Inbox File Yes Yes Yes Yes Yes Yes Yes Yes Link Yes Yes Yes Yes Yes Yes Yes Yes Changing properties of an object In the Properties page of an object.17 Managing Objects General object management Object type Web Intelligence document Excel file Word file PDF file Text file RTF file PowerPoint file Hyperlink Unm. and object packages). 2. To change the properties of an object In the Objects management area of the CMC. Text. you can see the last times the object was modified and/or run. you cannot click Reset to undo changes. you can view its file name.

If the original report does not contain a thumbnail.) By default. the “Show report thumbnail” check box is selected by default. clear the Show report thumbnail check box. (To preview a report with saved data. The Preview button enables you to view a report on demand with all of your current report settings. Show report thumbnail option For reports. BusinessObjects Enterprise connects to the report’s data source(s) if no cached pages are available. then a thumbnail will not be stored on BusinessObjects Enterprise. If you do not want a thumbnail preview of this report to be available in InfoView or another web application. Note: A thumbnail is a graphical representation of the first page of a report. To use the Preview function. administrators have rights at the Full Control level (the highest rights setting) for all report objects. BusinessObjects Enterprise Administrator’s Guide 423 . for report objects and Web Intelligence documents.Managing Objects General object management 17 Preview button Similarly. a Preview button appears. For details about object rights. the user will need to have rights at the Schedule level or higher. the user will need to have rights at the View level or higher. see “Report object management” on page 425. The Show report thumbnail checkbox does not apply to Web Intelligence document objects.

To assign an object to a personal category. 5. To assign an object to a category In the Object management area of the CMC.) This means that if one of objects in a package fails. 424 BusinessObjects Enterprise Administrator’s Guide . A category can be a corporate or a personal category. 4. Otherwise. the “Scheduled package fails upon individual component failure” check box is selected by default. Click the Categories tab. For complete information. You can also assign objects to a category by using the categories page. select the category that you want the object to belong to and use the arrow buttons to move to the Assigned Categories list. See “Adding an object to a new category” on page 370. categories are objects used to organize documents. click the Personal link. If you do not want the object package instance to fail if one of the objects fails.17 Managing Objects General object management Scheduled package fails upon individual component failure option For object packages. 1. see “Removing or deleting objects from a category” on page 370. Assigning an object to categories Like folders. Note: To remove an object from a category. 2. (A component is an object in an object package. Click OK. see Chapter 14: Organizing Objects. Use the following procedure to assign an object to a category by using the objects page. Click Assign Categories. You can associate objects with multiple categories. clear the “Scheduled package fails upon individual component failure” check box. or subcategories within categories. 6. the object package instance in the History will appear as Failed. In the Available Categories list. select an object by clicking its link. skip this step. Repeat this step for each category that you want the object to be assigned to. The Available Categories list includes all corporate or personal categories and their subcategories. 3. The Assign Corporate Categories page appears.

see Chapter 18: Scheduling Objects. and how to manage them through the Central Management Console (CMC). A report object or Web Intelligence document object can be made available to everyone or to individuals in selected user groups. Both types of objects can also contain saved data. report objects are designed such that you can create several instances with varying characteristics. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. such as InfoView or a custom web application. A scheduled instance contains object and schedule information. even though both instances originate from the same report object. BusinessObjects Enterprise Administrator’s Guide 425 . For more information about scheduling.Managing Objects Report object management 17 Report object management This section explains report objects and instances. the system creates a scheduled instance for the object. For example. A Web Intelligence document object Web Intelligence is created using the Report panel and HTML Query panel in InfoView. It includes the following sections: • • • • • “What are report objects and instances?” on page 425 “Setting report refresh options” on page 426 “Setting report processing options” on page 428 “Applying processing extensions to reports” on page 443 “Working with hyperlinked reports” on page 447 Note: Most information in this section also applies to Web Intelligence document objects. It does not contain any data yet. Typically. Both types of objects contain report information (such as database fields). Any exceptions have been identified. if you run a report object with parameters. you can schedule one instance that contains report data that is specific to one department and schedule another instance that contains information that is specific to another department. You can schedule objects either from CMC or by using a BusinessObjects Enterprise application. Scheduled instances When you schedule an object. What are report objects and instances? A report object is an object that is created using a Business Objects designer component (such as Crystal Reports or OLAP Intelligence).

then BusinessObjects Enterprise updates the default value of the prompt in the report object. and displayed in version XI format. reports are saved.rpt file stored in the Input File Repository Server. Once published to BusinessObjects Enterprise. This holds true no matter which report refresh options you select. if a prompt appears only in the source . It appears on the History page of the object and has a status of Success or Failed. When you refresh a report object. Note: BusinessObjects Enterprise supports reports created in versions 6 through XI of Crystal Reports. Any changes that you have made to the default value of the parameter in BusinessObjects Enterprise are overwritten. the report refresh settings allow you to control which settings in the report object are updated with values from the source . For example. You can set report refresh options that determine which settings of a report object are updated when you refresh it in BusinessObjects Enterprise. 426 BusinessObjects Enterprise Administrator’s Guide .rpt and the report object and you have selected the “Prompt Values” option. Making changes to an object Any changes you make to the an object (by making the changes and then clicking Update) affect the default settings for the object only. overwriting any changes you’ve made in BusinessObjects Enterprise.rpt file. BusinessObjects Enterprise deletes or adds report elements in the report object to make it match the . You can then change these settings as needed for the scheduled instance you want to create. The instance contains actual data from the database. If a prompt appears in both the source . The next time you schedule the object. whether you use CMC or an application such as InfoView. then refreshing the report adds the prompt to the report object.rpt file.17 Managing Objects Report object management Object instances At the specified time. the new default settings are displayed. Setting report refresh options Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise compares the report object stored in BusinessObjects Enterprise with the original . the system runs the object and creates an object instance. Where report elements are the same in the source report and the report object. processed. Those changes do not affect any existing scheduled instances or object instances.rpt file.

1. click the Refresh Options link. clear the appropriate report refresh option. Note: • • • If you select Prompt Values. BusinessObjects Enterprise ensures that changes to either the default value of a prompt or to the current value of a prompt are updated in the report object when the report is refreshed. 2. Viewing the universes for a Web Intelligence document You build queries for Web Intelligence documents using objects in a universe. To view the universes for a Web Intelligence document In the Objects management area of the CMC. select a report object by clicking its link. listing the universes that are used by the document. A universe is a representation of the information available in the database. 1. BusinessObjects Enterprise Administrator’s Guide 427 . click the Universes link. For more information. Choose the report elements that you want to refresh from the source report file. If you select Prompt Options. BusinessObjects Enterprise ensures that changes to the metadata describing a prompt is updated in the report object. In CMC you can view which universes are used by a Web Intelligence document. On the Properties page. On the Properties page. If you select “Use Object Repository when refreshing report”. Click Refresh Report. For example. The Universes page appears. see “Refreshing repository objects in published reports” on page 179. repository objects in the report object will be refreshed against the repository. To set a report object’s refresh options In the Objects management area of the CMC.Managing Objects Report object management 17 To preserve your changes to the values of report elements when you refresh a report. 3. 2. “Can be null” is a prompt option. select a Web Intelligence document object by clicking its link. 4.

17

Managing Objects Report object management

Setting report processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the report processing options includes the following tasks:

• • • • • • • •

“Setting report viewing options” on page 428 “Specifying servers for scheduling” on page 430 “Specifying servers for viewing and modification” on page 432 “Changing database information” on page 434 “Updating parameters” on page 437 “Using filters” on page 439 “Setting printer and page layout options” on page 441 “Applying processing extensions to reports” on page 443

Setting report viewing options
Note: This feature does not apply to Web Intelligence document objects. The report viewing options available in BusinessObjects Enterprise allow you to balance users’ need for up-to-date information with the need to optimize data retrieval times and overall system performance. BusinessObjects Enterprise allows you to enable data sharing, which permits different users accessing the same report object to use the same data when viewing or refreshing a report. Enabling data sharing reduces the number of database calls, thereby reducing the time needed to generate a report instance for subsequent users of the same report, while greatly improving overall system performance under load. You can control data sharing settings on either a per-report or a per-server basis:

If you specify which servers a report uses for viewing, you can use perserver settings to standardize data sharing settings for groups of reports, and centrally administer these settings. (See “Specifying servers for viewing and modification” on page 432.) Per-report settings permit you to specify that particular reports will not share data. They also allow you to tailor the data sharing interval for each report to meet the needs of that report’s users. In addition, per-report settings enable you to decide on a report-by-report basis whether it is appropriate to allow users to access the database whenever they refresh reports.

428

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Data sharing may not be ideal for all organizations, or for all reports. To get full value from data sharing, you must permit data to be reused for some period of time. This means that some users may see “old” data when they view a report on demand, or refresh a report instance that they are viewing. The default report viewing options for BusinessObjects Enterprise emphasize data freshness and integrity. By default, when you add a report to BusinessObjects Enterprise it is configured to use per-server settings for report sharing. The default server settings ensure that users always receive up-to-date information when they refresh a report, and guarantee that the oldest data given to any user is 0 minutes old. If you choose to enable perreport settings, the default settings allow data sharing, allow a viewer refresh to retrieve fresh data from the database, and ensure that the oldest data given to a client is 5 minutes old. Tip: Disabling the sharing of report data between clients is not the same as setting the “Oldest on-demand data given to a client” to 0 minutes. Under high load, your system may receive more than one request for the same report instance at the same time. In this case, if the data sharing interval is set to 0 but the “Share report data between clients” option is enabled, BusinessObjects Enterprise shares data between the client requests. If it is important that data not be shared between different clients (for example, because the report uses a User Function Library (UFL) that is personalized for each user), disable data sharing for that report. For details on setting report viewing options on a per-server basis, see:

• • • •

“Modifying Cache Server performance settings” on page 112 “Modifying Page Server performance settings” on page 115 “Modifying performance settings for the RAS” on page 120 “Configuring the Web Intelligence Report Server” on page 122

For more information on configuring BusinessObjects Enterprise to optimize report viewing in your system, see the planning chapter in the BusinessObjects Enterprise Installation Guide. Note: This feature does not apply to Web Intelligence document objects. 1. 2. 3. 4. To set report viewing options for a report In the Objects management area of the CMC, select a report by clicking its link. Click the Process tab. In the “Data Refresh for Viewing” area, click “Use report specific viewing settings.” Then select the options that you want to set for this report. Click Update.

BusinessObjects Enterprise Administrator’s Guide

429

17

Managing Objects Report object management

Specifying servers for scheduling
You can specify the default servers that BusinessObjects Enterprise will use to run an object, and to schedule and process instances. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Report Job Server. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Also, you can balance the load of your scheduling, because specific objects can be processed by specific job servers. You must first create server groups by using the Server Groups management area in the CMC, before you can select servers that belong to a selected group. You can also set the maximum number of jobs that a job server will accept. For more information, see “Modifying performance settings for job servers” on page 121. Note:

If you choose the “Use the first available server” option, the Central Management Server (CMS) will check the job servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each job server. If all of the job servers have the same load percentage, then the CMS will randomly pick a job server. If you are scheduling a program object that requires access to files stored locally on a Program Job Server, but you have multiple Program Job Servers, you must specify which server to use to run the program. See “Specifying servers for viewing and modification” on page 432 for information on specifying the servers used to view or modify an object. To specify the servers to use for an object In the Objects management area of the CMC, select an object by clicking its link.

• •

1.

430

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

2.

Click the Process tab.

3.

In the “Default Servers To Use For Scheduling” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of scheduling. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

BusinessObjects Enterprise Administrator’s Guide

431

17

Managing Objects Report object management

4. 5.

Click Update. In the “Default Servers To Use For Viewing” area, repeat the activities from steps 3 and 4. Note: “Default Servers To Use For Viewing” applies only to report objects.

Specifying servers for viewing and modification
You can specify the default servers that BusinessObjects Enterprise will use when a user views or modifies a report or Web Intelligence document. When specifying your servers, you have three options:

• • • • •

Use the first available server. Use the servers that belong to a selected group first (and, if the servers from that group aren’t available, use any available server). Use only servers that belong to a specific group.

Depending on the type of object, BusinessObjects Enterprise uses the following servers: Crystal reports are run on the Cache Server and Page Server, or the Report Application Server, depending on which viewer is used. Web Intelligence documents are run on the Web Intelligence Report Server.

By selecting a particular server or server group, you can balance the load of your viewing, as specific reports can be processed using specific servers. You must first create server groups by going to the Server Groups management area in the CMC before you are able to select servers that belong to a selected group. You can also set the maximum number of jobs a server will accept. For more information, see “Modifying Cache Server performance settings” on page 112, “Modifying Page Server performance settings” on page 115, or “Modifying performance settings for the RAS” on page 120.

432

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Note:

If you choose the “Use the first available server” option, the Central Management Server(CMS) will check the servers to see which one has the lowest load. The CMS does this by checking the percentage of the maximum load on each server. If all of the servers have the same load percentage, then the CMS will randomly pick a server. See “Specifying servers for scheduling” on page 430 for information on specifying Job Servers used to schedule an object. To specify the servers to use for a report object In the Objects management area of the CMC, select an object by clicking its link. Click the Process tab.

1. 2.

BusinessObjects Enterprise Administrator’s Guide

433

17

Managing Objects Report object management

3.

In the “Default Servers To Use For Viewing” area, choose from one of the three options:

• •

Use the first available server BusinessObjects Enterprise will use the server that has the most resources free at the time of viewing. Give preference to servers belonging to the selected group Select a server group from the list. This option will attempt to process the object from the servers that are found within your server group. If the specified servers are not available, then the object will be processed on the next available server.

Only use servers belonging to the selected group This option ensures that BusinessObjects Enterprise will only use the specified servers that are found within the selected server group. If all of the servers in the server group are unavailable, then the object will not be processed.

4.

Click Update.

Changing database information
Note: This feature does not apply to Web Intelligence document objects. You can select your database type and set the default database logon information on the Database page for a report. The Database page displays the data source or data sources for your report object and its instances. You can choose to prompt the user for a logon name and password when he or she views a report instance. 1. 2. To change database settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the database link.

434

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

The Database page appears.

BusinessObjects Enterprise Administrator’s Guide

435

17

Managing Objects Report object management

3. 4.

In the Data Source(s) list, select the data source. Select Use original database logon information from the report or Use custom database logon information specified here. If you select the first option, you can specify a user name and password to be used with the original report database. If you select the second option, you can specify a server name (or a DSN in the case of an ODBC data source), a database name, a user name, and a password for a number of predefined database drivers, or for a custom database driver that you’ve specified. If you’ve changed the default table prefix in your database, specify a custom table prefix here. For a complete list of supported databases and drivers, refer to the
platform.txt file included with your installation.

5.

Select the database logon option you want.

Prompt the user for database logon The system will prompt users for a password when they refresh a report. Note: This option has no effect on a scheduled instance. Also, BusinessObjects Enterprise only prompts users when they first refresh a report; that is, if they refresh the report a second time, they will not be prompted.

Use SSO context for database logon The system will use the user’s security context, that is, the user’s logon and password, to log on to the database. Note: For this option to work, you must have your system configured for end-to-end single sign-on, or for single sign-on to the database. For more information, see “Configuring Kerberos single sign-on” on page 299.

Use same database logon as when report is run The system will use the same database logon information as was used when the report was run on the job server.

6.

Click Update.

436

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Updating parameters
Note: This feature does not apply to Web Intelligence document objects. Parameter fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default parameter value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users are either able to use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Parameters link is available only if the report object contains parameters. 1. 2. To view parameter settings In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Parameters link.

3.

Under the Value column, select the value associated with the parameter you want to change. A page opens that allows you to change the parameter value. Depending on the parameter value type, you either type a value in the field or choose a value from a list. If there is a list, you can also click Edit to type a new value.

BusinessObjects Enterprise Administrator’s Guide

437

17

Managing Objects Report object management

4. 5.

Select the Clear the current parameter value(s) check box if you want to clear the current value that is set for the specified parameter. Select the Prompt the user for new value(s) when viewing check box if you want your users to be prompted when they view a report instance through a BusinessObjects Enterprise application such as InfoView. Click Update.

6.

Updating prompts for Web Intelligence document objects
Note: This feature does not apply to Crystal reports objects. See “Updating parameters” on page 437 instead. Prompt fields (with preset values) enable users to view and to specify the data that they want to see. If a report contains parameters, you can set the default prompt value for each field or fields (which is used whenever a report instance is generated). Through a BusinessObjects Enterprise application such as InfoView, your users can either use the report with the preset default value(s) or choose another value or values. If you do not specify a default value, users will have to choose a value when they schedule the report. Note: The Prompts link is available only if the Web Intelligence document object contains prompts.

438

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2. 3. 4.

To update the prompts for a Web Intelligence document object In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Prompts link. The Prompts page appears, showing a dialog box with prompts. Select the prompt and enter a value for the prompt. Repeat this step for every prompt whose you want to change. Click Update.

Using filters
Note: This feature does not apply to Web Intelligence document objects. In the Filters page, you set the default selection formulas for the report. Selection formulas are similar to parameter fields in that they are used to filter results so that only the required information is displayed. Unlike parameters, end users will not be prompted for selection formula values when they view or refresh the report. When users schedule reports through a web-based client such as InfoView, they can choose to modify the selection formulas for the reports. By default, if any formulas are set in the CMC, they will be used by the web-based client. For more information on selection formulas, see the Crystal Reports User’s Guide. In addition to changing selection formulas, if you have developed your own processing extensions, you can select the processing extensions that you want to apply to your report. For more information, see “Applying processing extensions to reports” on page 443. When you use filters in conjunction with processing extensions, a subset of the processed data is returned. Selection formulas and processing extensions act as filters for the report. 1. 2. To use filters In the Objects management area of the CMC, select a report object by clicking its link. Click the Process tab, and then click the Filters link. The Filters page appears.

BusinessObjects Enterprise Administrator’s Guide

439

17

Managing Objects Report object management

440

BusinessObjects Enterprise Administrator’s Guide

By selecting the Printer destination. BusinessObjects Enterprise Administrator’s Guide 441 . Repeat this step until you have selected the processing extensions you want. report instances are always printed in Crystal Reports format. • Group Selection Formula Use the Group Selection Formulas to create or edit a group selection formula or formulas that limit the groups used when you or a user schedules a report. and move it to the Use these Processing Extensions list. and the page range.Managing Objects Report object management 17 3. the number of copies. You can choose to print a report (each time it runs) using the Job Server’s default printer or a different printer. 5. Click Update. The Print Setup page contains two areas: the first area specifies whether or not a report instance is printed. Note: The Job Server must run under an account that has sufficient privileges to access the printer you specify. • Record Selection Formula Use the Record Selection Formula to create or edit a record selection formula or formulas that limit the records used when you or a user schedules a report. and if printed. You can choose to print a report instance when scheduling it. See “Changing the server user account” on page 146 for information on changing the user account. When printing a report. Specifying a printer Note: This feature does not apply to Web Intelligence document objects. 4. the second area specifies custom layout settings for changing the page size and orientation (regardless of whether the report instance is printed or not). Update or add new selection formulas. BusinessObjects Enterprise prints your report after it is processed. the printer to use. you can set the number of copies and the page range. In the processing extensions area. select a processing extension you want from the Available Processing Extensions list. Setting printer and page layout options Note: This feature does not apply to Web Intelligence document objects.

Specifying page layout Note: This feature does not apply to Web Intelligence document objects. The settings you choose in this section of the Print Setup page affect how you’ll see a report instance when displaying it. select the number of copies. Select Print in Crystal Reports format using the selected printer when scheduling if you want report instances to be sent directly to a printer. On the Process tab. and printername is the name of your printer.17 Managing Objects Report object management 1. If your job server is using Windows. otherwise. the font metrics and other layout settings of the display and/or the printer). This does not interfere with the format selected when scheduling the report. in the “Specify a printer” field.” 6. and so on. Click Update. 2. click the Print Setup link. in the “Specify a printer” field. page size. but also to the overall look of the report. Note: Page layout settings are not specifically related only to scheduling a report to a printer. and choose the print page range. type the print command that you normally use. The Print Setup page appears. Enter a printer’s path and name. you can first specify page layout criteria such as page orientation. The report instances are automatically sent to the printer in Crystal Reports format. 4. select a report object by clicking its link. The overall look is affected by the properties of the device for which the report is displayed in (that is. 3. If your job server is running on UNIX. 5. type: \\printserver\printername Where printserver is the name of your printer server. select Specify a printer. To assign a printer In the Objects management area of the CMC. For instance. Leave Default printer selected if you want to print to the Job Server’s default printer. When viewing or scheduling a report instance to any format. type: lp -d printername Note: Ensure that the printer you are using (on UNIX) is “shown” and not “hidden. 442 BusinessObjects Enterprise Administrator’s Guide .

Managing Objects Report object management

17

1. 2.

To set a report’s page layout In the Objects management area of the CMC, select a report object by clicking its link. On the Process tab, click the Print Setup link. The Print Setup page appears.

3.

Make your settings according to the type of layout you want. The options are as follows:

• •

Report file default Choose this option if you want the page layout to conform to the settings that were chosen for the report in Crystal Reports. Specified printer settings Choose this option if you want the page layout to conform to the settings of a specified printer. You can choose the Job Server’s default printer or another printer. For information about specifying another printer, see “Specifying a printer” on page 441. When you choose this option, you can print scheduled report instances only to the printer you specify in the “Specified printer settings” area. In other words, you cannot set your report to display with one printer’s setting and then print to a different printer.

Custom settings Choose this option if you want to customize all page layout settings. You can choose page orientation, page size, measurement units (inches or millimeters), page width, and page height.

4.

Click Update.

Applying processing extensions to reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports the use of customized processing extensions. A processing extension is a dynamically loaded library of code that applies your business logic to particular BusinessObjects Enterprise view or

BusinessObjects Enterprise Administrator’s Guide

443

17

Managing Objects Report object management

schedule requests before they are processed by the system. This section shows how to register your processing extension with BusinessObjects Enterprise, and how to apply an available processing extension to a particular report object. For general information about processing extensions and how you can use them to customize report processing and security, see “Processing extensions” on page 241. For information on writing your own processing extensions with the Processing Extension API, see the developer documentation available on your product CD. Note: On Windows systems, dynamically loaded libraries are referred to as dynamic-link libraries (.dll file extension). On UNIX systems, dynamically loaded libraries are often referred to as shared libraries (.so file extension). You must include the file extension when you name your processing extensions. Also, file names cannot include the \ or / characters.

Registering processing extensions with the system
Note: This feature does not apply to Web Intelligence document objects. Before you can apply your processing extensions to particular objects, you must make your library of code available to each machine that will process the relevant schedule or view requests. The BusinessObjects Enterprise installation creates a default directory for your processing extensions on each Job Server, Page Server, and Report Application Server (RAS). It is recommended that you copy your processing extensions to the default directory on each server. On Windows, the default directory is C:\Program
Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\ProcessExt. On UNIX, it is the bobje/processext

directory. Tip: It is possible to share a processing extension file. For details, see “Sharing processing extensions between multiple servers” on page 447. Depending upon the functionality that you have written into the extension, copy the library onto the following machines:

• • •

If your processing extension intercepts schedule requests only, copy your library onto each machine that is running as a Job Server. If your processing extension intercepts view requests only, copy your library onto each machine that is running as a Page Server or RAS. If your processing extension intercepts schedule and view requests, copy your library onto each machine that is running as a Job Server, Page Server, or RAS.

Note: If the processing extension is required only for schedule/view requests made to a particular Server Group, you need only copy the library onto each processing server in the group.

444

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

1. 2.

To register a processing extension with the system Go to the Objects management area of the CMC. Click Object Settings.

3. 4.

In the Name field, type a display name for your processing extension. In the Location field, type the file name of your processing extension along with any additional path information:

• •

If you copied your processing extension into the default directory on each of the appropriate machines, just type the file name (but not the file extension). If you copied your processing extension to a subfolder below the default directory, type the location as: subfolder/filename

Note: Although the actual file name must include the .dll or .so extension (as appropriate to the server’s operating system), you must not include the file extension in the Location field. 5. 6. Use the Description field to add information about your processing extension. Click Add. You can now select this processing extension to apply its logic to particular objects. For details, see “Selecting a processing extension for a report” on page 445. Tip: To delete a processing extension, select its check box and click Delete. (Make sure that no recurring jobs are based on this processing extension because any future jobs based on this processing extension will fail.)

Selecting a processing extension for a report
Note: This feature does not apply to Web Intelligence document objects. 1. 2. To select a processing extension for a report Go to the Objects management area of the CMC. Click the link to the report object that you want to apply your processing extension to.

BusinessObjects Enterprise Administrator’s Guide

445

17

Managing Objects Report object management

3.

Click the Process tab, and then click the Filters link.

4.

Select your processing extension in the Available Processing Extensions list. Note: Your processing extensions appear in this list only after you have registered them with the system. For details, see “Registering processing extensions with the system” on page 444. Tip: You may apply more than one processing extension to a report object. Repeat steps 4 and 5 for each processing extension; then use the up and down arrows to specify the order in which the processing extensions should be used.

5.

Click Update. Your processing extension is now enabled for this report object.

446

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

Sharing processing extensions between multiple servers
Note: This feature does not apply to Web Intelligence document objects. If you want to put all processing extensions in a single location, you can override the default processing extensions directory for each Job Server, Page Server, and RAS. First, copy your processing extensions to a shared directory on a network drive that is accessible to all of the servers. Map (or mount) the network drive from each server’s machine. Note: Mapped drives on Windows are valid only until you reboot the machine. For details, see “Ensuring that server resources are available on local drives” on page 526. If you are running servers on both Windows and on UNIX, you must copy a .dll and an .so version of every processing extension into the shared directory. In addition, the shared network drive must be visible to Windows and to UNIX machines (through Samba or some other file-sharing system). Finally, change each server’s command line to modify the default processing extensions directory. Do this by adding “-report_ProcessExtPath <absolute path>” to the command line. Replace <absolute path> with the path to the new folder, using whichever path convention is appropriate for the operating system that the server is running on (for example, M:\code\extensions, /home/shared/code/extensions, and so on). The procedure for making this modification depends upon your operating system:

• •

On Windows, use the CCM to stop the server. Then open the server’s Properties to modify the command line. Start the server again when you have finished. On UNIX, run ccm.sh to stop the Job Server/Page Server. Then edit ccm.config to modify the server’s command line. Start the server again when you have finished. For reference, see “ccm.sh” on page 598.

Working with hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. Crystal Reports lets you use hyperlinks to navigate from one report object to another. You can move to a Report Part within the report itself, to other report objects or their parts, or to specific instances of reports or Report Parts. This navigation is available only in the new script-based DHTML viewers (zeroclient, server-side viewers) included in BusinessObjects Enterprise XI. By linking directly from one object to another, the required data context is passed automatically so that you navigate to the object and data that is relevant.

BusinessObjects Enterprise Administrator’s Guide

447

17

Managing Objects Report object management

Initially, when you add hyperlinks between reports in Crystal Reports, you create a link from one file directly to another. However, when you publish linked report files simultaneously to the same object package, the links are modified to point to managed report objects. (Each link is changed, so that it references the appropriate destination report by Enterprise ID, rather than by file path.) Also, the modified links become relative inside the object package. When you schedule the object package, BusinessObjects Enterprise processes its reports, and again modifies hyperlinks within each report instance: hyperlinks between report objects in an object package are converted to hyperlinks between report instances in a specific instance of the object package. For more information on object packages, see “Scheduling objects using object packages” on page 471. To view hyperlinked reports, you must publish both the home and destination reports to the same BusinessObjects Enterprise system. (A home report is one that contains a hyperlink to another report: the destination report.) Note: For information about how to create hyperlinks between report objects, see the Crystal Reports Online Help.

Publishing and hyperlinking reports
Note: This feature does not apply to Web Intelligence document objects. To avoid breaking hyperlinks between reports, it is best to publish the reports first and then to create the hyperlinks. 1. 2. 3. 4. To publish and then hyperlink reports Create the reports, without hyperlinks, in Crystal Reports. Publish them to BusinessObjects Enterprise. Use Crystal Reports to log on to your BusinessObjects Enterprise system. Create the hyperlinks between the home and destination reports. See the Crystal Reports Online Help.

Crystal Reports automatically determines what type of link—relative or absolute—to establish between the reports. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances.

Publishing reports with existing hyperlinks
Note: This feature does not apply to Web Intelligence document objects. The recommended method for creating hyperlinked reports is first to publish the individual reports, then create hyperlinks between them. See “Publishing and hyperlinking reports” on page 448.) However, because this is not always

448

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Report object management

17

possible, use the following procedure to publish reports after they have been hyperlinked. When you publish reports this way, the hyperlinks are converted to relative links.

BusinessObjects Enterprise Administrator’s Guide

449

17

Managing Objects Report object management

To publish reports with existing hyperlinks Using the Publishing Wizard, publish the reports (that are linked to each other) to the same object package. Note: If you publish hyperlinked reports independently of each other, rather than publishing them simultaneously to the same object package, all hyperlinks between the reports will break. You must re-establish the links using Crystal Reports and save the report back to BusinessObjects Enterprise. (For more information, see the Crystal Reports Online Help.)

Viewing hyperlinks in a report
Note: This feature does not apply to Web Intelligence document objects. You can view a list of the links in a report by clicking the Links link on the report’s Properties page. The links are listed as either relative or absolute. In BusinessObjects Enterprise, relative links are those between reports in the same object package, and absolute links are links to specific report objects or instances. 1. 2. To view a list of links in a report object In the Objects management area of the CMC, select the report object by clicking its link. Click the Properties tab, and then click the Links link. The Links page appears.

Viewing hyperlinked reports
Note: This feature does not apply to Web Intelligence document objects. BusinessObjects Enterprise supports navigation between hyperlinked reports only with script-based viewers, specifically the DHTML and Advanced DHTML viewers in InfoView. To change your preferred viewer in the CMC, click the Preferences button in the upper-right corner of the CMC, and select the appropriate viewer from the Viewer list. For information on how to change your preferred viewer, see the BusinessObjects Enterprise User’s Guide. Parameter information is not carried over between the home and destination reports. That is, when you view a destination report by clicking a hyperlink in a home report, you are prompted to enter any parameters that the destination report requires.

450

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Security considerations
To view hyperlinked reports through BusinessObjects Enterprise, you must have the appropriate rights both in BusinessObjects Enterprise and at the database level. In BusinessObjects Enterprise, to view a destination report through a hyperlink in a home report, you must have View rights to the destination report. When the hyperlink points to a report object, you must have View On Demand rights to be able to refresh the data against the data source. For information about setting the levels of access to objects, see “Setting common access levels” on page 320. Database logon information is carried over between hyperlinked reports. If the credentials you specified to view the home report are not valid for the destination report, you are prompted for a valid set of database logon credentials for the destination report.

Program object management
This section explains program objects and instances, and how to manage them through the Central Management Console (CMC). It includes the following sections:

• •

“What are program objects and instances?” on page 451 “Setting program processing options” on page 453

What are program objects and instances?
A program object is an object in BusinessObjects Enterprise that represents an application. Publishing a program object to BusinessObjects Enterprise allows you to use BusinessObjects Enterprise to schedule and run the program object and to manage user rights in relation to the program object. For information about publishing program objects, see “Publishing overview” on page 374. When you publish a program object or its associated files to BusinessObjects Enterprise, they are stored in the Input File Repository Server (FRS). Each time a BusinessObjects Enterprise program runs, the program and files are passed to the Program Job Server, and BusinessObjects Enterprise creates a program instance. Unlike report instances, which you can view in their completed format, program instances exist as records in the object history. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. This file appears when you click a program instance in the object History.

BusinessObjects Enterprise Administrator’s Guide

451

17

Managing Objects Program object management

Program types Three types of applications can be published to BusinessObjects Enterprise as program objects:

Executable Executable programs are binary files, batch files, or shell scripts. They generally have file extensions such as: .com, .exe, .bat, .sh. You can publish any executable program that can be run from the command line on the machine that runs the Program Job Server.

Java You can publish any Java program to BusinessObjects Enterprise as a Java program object. For Java program objects to have access to Java SDK objects, your class must implement the IProgramBase interface from the BusinessObjects Enterprise Java SDK (com.businessobjects.sdk.plugin.desktop.program.IProgramBase). For details, see the BusinessObjects Enterprise Java SDK Guide.

Script Script program objects are JScript and VBScript scripts. They are run on Windows using an embedded COM object and can—once published— reference the BusinessObjects Enterprise SDK objects. For details, see the BusinessObjects Enterprise COM SDK Guide. Note: Script program objects are not supported on UNIX.

Note: As the administrator, you can choose to enable or disable any of the types of program objects. For details, see “Authentication and program objects” on page 458. Once you have published a program object to BusinessObjects Enterprise, you can configure it in the Objects management area of the CMC. For each type of program object (Executable, Java, or Script) you can choose to specify command-line arguments and a working directory. For executable and Java programs, there are additional ways, both required and optional, to configure the program objects and provide them with access to other files. Tip: Program objects allow you to write, publish, and schedule scripts or Java programs that run against BusinessObjects Enterprise, and perform maintenance tasks, such as deleting instances from the history. Furthermore, you can design these scripts and Java programs to access BusinessObjects Enterprise session information. This ensures that the scheduled program objects retain the security rights or restrictions of the user who scheduled the job. (Your scripts or java programs require access to the BusinessObjects Enterprise SDK. For details, see the BusinessObjects Enterprise COM SDK Guide or the BusinessObjects Enterprise Java SDK Guide.)

452

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Setting program processing options
For each object you can set several processing options. These options appear on the Process page for the object. Setting the program processing options includes the following tasks:

• • • • •

“Specifying command-line arguments” on page 453 “Setting a working directory for a program object” on page 454 “Configuring executable programs” on page 455 “Configuring Java programs” on page 456 “Authentication and program objects” on page 458

Specifying command-line arguments
For each program object you can specify command-line arguments on the Parameters page for the object. You can specify any argument that is supported by the command-line interface for your program. Arguments are passed directly to the command-line interface, without parsing. 1. 2. To specify command-line arguments In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears.

3.

In the Arguments field, type the command-line arguments for your program, using the same format you would use at the command line itself. For example, if your program has a loops option, to set the loops value to 100, you might type -loops 100

4.

Click Update.

BusinessObjects Enterprise Administrator’s Guide

453

17

Managing Objects Program object management

Setting a working directory for a program object
By default, when a program object runs, BusinessObjects Enterprise creates a temporary subdirectory in the Program Job Server’s working directory, and uses this subdirectory as the working directory for the program. The subdirectory is automatically deleted when the program finishes running. You can specify an alternative working directory for the program object by modifying the Working Directory field on the Parameters page of the object. Or, you can modify the default setting for the working directory for the Program Job Server. Note: The account under which the program runs must have appropriate rights to the folder that you set as the working directory. The level of file permissions required depend on what the program does; however, the program’s account generally needs read, write, and execute permissions to the working directory. For information about setting credentials for an account under which a program object will run, see “Authentication and program objects” on page 458 1. 2. 3. To set a working directory for a program object In the Objects management area of the CMC, select the program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the Working Directory field, type the full path to the directory that you want to set as the program object’s working directory. For example, on Widows, if you created a working directory named working_directory, type C:\working_directory On UNIX, type /working_directory 4. 1. 2. 3. 4. Click Update. To modify the default working directory for the Program Job Server Go to the Servers management area of the CMC. Click the link for Program Job Server. The Properties page appears. In the Temp Directory field, type the full path to the directory you want to set as the working directory for the Program Job Server. Click Update.

454

BusinessObjects Enterprise Administrator’s Guide

Managing Objects Program object management

17

Configuring executable programs
When you publish an executable program object to the CMC, you can:

• •

Configure the object to have access to external or auxiliary files. See “Providing Java programs with access to other files” on page 457. Customize environment variables for the shell in which BusinessObjects Enterprise runs the program. See “Specifying environment variables” on page 456.

Providing executable programs with access to other files
Some binary files, batch files, and shell scripts require access to external or auxiliary files to run. Aside from setting a working directory for the program object, there are two ways to provide access to these files:

• •

If a required file is on the same machine as the Program Job Server, you can specify the full path to the file. Alternatively, if the file is not located on the Program Job Server, you can upload the file to the File Repository Server, which will pass the files to the Program Job Server as necessary. To specify paths to required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Parameters link. The Parameters page appears. In the External Dependencies field, type the full path to the required file and click Add. Repeat step 3 for each file required. Click Update.

1. 2. 3. 4. 5.

Tip: To edit or remove external dependencies that you have specified, select the file path (in the list of external dependencies on the Parameters page) and click the appropriate button, either Edit or Remove. 1. 2. 3. 4. 5. To upload required files In the Objects management area of the CMC, select the executable program object by clicking its link. Click the Process tab, then click the Auxiliary Files link. The Auxiliary Files page appears. Click Browse to navigate to the required file, then click Add File. Repeat step 3 for each required file. Click Update.

BusinessObjects Enterprise Administrator’s Guide

455

Tip: To edit or remove environment variables that you have specified. then click the Parameters link. all name values on UNIX must be typed in upper-case. To add an environment variable In the Objects management area of the CMC. type the environment variables you want to set. For example. you can set the path variable to append a user’s bin directory to the existing path: • • On Windows. 2. The Parameters page appears. and use the appropriate case. 4. In the Environment Variables field. 456 BusinessObjects Enterprise Administrator’s Guide .c:\usr\bin On UNIX. Click the Process tab. However. click the link for the program object. See “Providing Java programs with access to other files” on page 457. and you can specify Java Virtual Machine options. you can configure your program by adding or modifying environment variables. 3. you must specify the required parameters for the program object. Configuring Java programs To successfully schedule and run Java programs in BusinessObjects Enterprise. Click Update. you might type:PATH=$PATH:/usr/bin Note: BusinessObjects Enterprise sets your environment variables using the syntax that is appropriate for your operating system. on UNIX you must follow convention. Any changes you make to environment variables exist only in the temporary shell in which BusinessObjects Enterprise runs the program. select the file(s) (in the list of external dependencies on the Parameters page) and click Remove File(s). either Edit or Remove.17 Managing Objects Program object management Tip: To remove auxiliary files that you have specified. 1. Use the form name=value. For example. Modifications to an existing environment variable override this variable. and click the appropriate button. rather than append to it. the environment variables are destroyed. you might type: path=%path%. select the variable (in the list of environment variables on the Parameters page). See “Setting required parameters for Java programs” on page 457. Thus. when the program exits. Specifying environment variables In the CMC. Additionally. you can provide the Java program with access to other files located on the Program Job Servers. where name is the environment variable name and value is the value for the environment variable.

Click Update. Click the Parameters tab. Providing Java programs with access to other files You can provide Java programs with access to files. type the base name of the .desktop. 2. For example.program.sdk. The Parameters page appears. 3.class.class file that implements the IProgramBase from the BusinessObjects Enterprise Java SDK (com. you must provide BusinessObjects Enterprise with the base name of the . 1. To provide Java programs with access to other files In the Objects management area of the CMC. In the Classpath field. You must separate multiple paths with the classpath separator that is appropriate to your operating system: a semi-colon for Windows. The Parameters page appears.plugin. 1. click the link for the Java program object. 4. To specify required parameters for Java programs In the Objects management area of the CMC. Click the Process tab. and stored on the Program Job Server. click the link for the Java program object. then click the Parameters link. Note: The Java Runtime Environment must be installed on each machine that is running a Program Job Server.class file that implements the IProgramBase interface from the BusinessObjects Enterprise Java SDK. BusinessObjects Enterprise Administrator’s Guide 457 .IProgramBase). type the full paths to the locations of any Java library files that are required by the Java program.Managing Objects Program object management 17 Setting required parameters for Java programs To successfully schedule and run a Java program. In the Class to run field. Click Update. if the file name is Arius. 2. a colon for UNIX. such as Java libraries. 3. located on the Program Job Server. type Arius 4.businessobjects.

Thus. the program can make to files. 4. you must specify credentials for the account under which the program runs. Alternatively. to give the program access to the system. 1. to have the program object run as that account. Note: By default. click the link for the program object. Click the Program Objects tab. to set up a specific user account for the program. and assign it appropriate rights. Select the type or types of program objects you want users to run. then click the Program Objects tab. The level of file permissions for the account under which a program object runs will determine what modifications. If you choose not to specify a user account for a program object. Enabling or disabling a type of program object As a first level of security. and you can configure the credentials required to run program objects. You can control the types of program objects users can run. The Logon page appears.17 Managing Objects Program object management Authentication and program objects Be aware of the potential security risks associated with the publication of program objects. you can configure the types of program objects available for use. click Object Settings. and the rights of the program will be limited to those of the user. which generally has rights locally but not across the network. 3. users who publish program objects to BusinessObjects Enterprise can assign their own credentials to a program object. if any. click Object Settings in the Objects management area. the program will run under that user account. Click the Process tab. Click Update. As the administrator. For details. This feature allows you. then click the Logon link. the administrator. To provide default credentials. 2. it runs under the default system account. when you schedule a program object. you must protect the system against abuse. Click “Schedule with the following operating system credentials” and provide a default user name and password. To specify a user account for a program object In the Objects management area of the CMC. 2. the job fails if credentials are not specified. 1. To enable or disable a type of program object In the Objects management area of the CMC. see “Controlling users’ access to objects” on page 317. 458 BusinessObjects Enterprise Administrator’s Guide . Authentication on all platforms In the Objects management area of the CMC.

and how to manage them through the Central Management Console (CMC). By default. For example. 4.Managing Objects Object package management 17 3. The Java Policy Tool has two code base entries. components. and instances?” on page 460 “Creating an object package” on page 460 “Adding objects to an object package” on page 461 “Configuring object packages and their objects” on page 462 “Authentication and object packages” on page 463 BusinessObjects Enterprise Administrator’s Guide 459 .policy Object package management This section explains object packages and instances. The first entry points to the BusinessObjects Enterprise Java SDK and allows program objects full rights to all BusinessObjects Enterprise JAR files. The second code base entry applies to all local files. It uses the same security settings for unsecure code as the Java default for unsecure code. type the credentials for the user account under which the program should run. BusinessObjects Enterprise forces the use of a Java Policy File.. Authentication for Java programs BusinessObjects Enterprise allows you to set security for all program objects. to suit your specific needs. which has a default setting that is consistent with the Java default for unsecure code. For Java programs. Use the Java Policy Tool (available with the Java Development Kit) to modify the Java Policy File. a typical location on Windows is: C:\Program Files\Business Objects\BusinessObjects Enterprise 11\conf\crystal-program. It includes: • • • • • “What are object packages.policy On UNIX. In the User Name and Password fields. Note: • • The settings for the Java Policy are universal for all Program Job Servers running on the same machine. the Java Policy File is installed to the Java SDK directory in the BusinessObjects Enterprise install root directory.. Click Update. a typical location is ./solaris_install/bobje/enterprise11/JavaSDK/crystalprogram.

components. and instances? Object packages function as distinct objects in BusinessObjects Enterprise. along with all of their contents. then click the Object Package tab. if you run an object package. Rather. you can only view them by opening their object package. and thereby create an instance. however. and Hyperlink objects. type the name of the object package you want to create. rather than to component objects. The object package instance contains individual instances of each of its component objects. see “Working with hyperlinked reports” on page 447. For details about hyperlinked reports. 2. Text. the hyperlinks point to the other report instances in the same object package instance. Component objects are not autonomous. BusinessObjects Enterprise creates an object package instance each time it runs an object package. select it and click Show Subfolders. In the Description field. BusinessObjects Enterprise Administrator’s Guide . They have more limited configuration options than other objects. Acrobat. Tip: • 460 To expand a folder. Object packages can be composed of any combination of report and program objects that are published to the BusinessObjects Enterprise system. PowerPoint. The Object Package tab appears. the existing object package instance does not change. 3. then remove a report object from the object package. Component instances are tied to object package instances. For hyperlinked report instances in object package instances. cannot be added to object packages. Think of them as folders you can schedule. For example. In the Title field. Rich Text. type a description of the object package. it still contains the report instance from the report object that you removed. such as Excel. 4. For reports.17 Managing Objects Object package management What are object packages. (NonBusinessObjects Enterprise objects. Word. object packages allow users to view synchronized data across reports. Ensure the correct folder name appears in the Destination field. Future instances of the object package. will reflect the change. Click New Object. Note: You cannot place object packages in the top level folder or inside other object packages. This field is optional. and they do not appear in the list of all objects on the first page of the Objects management area of the CMC.) Placing multiple objects in a single object package allows you to schedule them simultaneously. Creating an object package 1. Go to the Objects management area of the CMC. 5.

For programs. after you have created an object package. view an object package by clicking its link. moving. 5. see “Publishing with the Publishing Wizard” on page 376. You can now modify the properties. For details. and whether to use the Object Repository when refreshing the report. 6. Click OK. set whether to generate a thumbnail for the report. You can only move copies of existing objects into the object package. you can add report and/or program component objects to it. Changes in one object are not reflected in the other. Note that you can add only report objects or program objects to an object. 3. set the program type: Executable. 2. Set the appropriate properties. A list of object tabs appears. When you copy an object into an object package. BusinessObjects Enterprise Administrator’s Guide 461 . and notification for the object package. the CMC displays the Properties page. contents. you cannot move the existing objects themselves. • • 7. Click OK. or Script. Note: You publish objects to new or existing object package using the Publishing Wizard.Managing Objects Object package management 17 • 6. Note: When the object package has been added to the system. For details on copying objects. Report or Program. 1. user rights. or click browse to navigate to the object you want to publish. To publish a new object directly to an object package In the Objects management area of the CMC. Specify the file name or. see “Copying. Java. Click the Objects tab. To search for a specific folder. object settings. or creating a shortcut for an object” on page 417. You can add previously unpublished objects directly to the object package. once you create the copy of the original object inside the object package. then click the New Object button. Adding objects to an object package In the CMC. destination. the component and the original are separate entities. 4. use the Look For field. scheduling information. For reports. or between object packages. or you can copy existing objects into the object package. However. the component object retains the same settings as the original object. Click the appropriate tab.

the changes you make will not affect the objects outside the object package. that is. and some at the object level.17 Managing Objects Object package management Configuring object packages and their objects Object packages are intended to save you time scheduling objects that have similar scheduling requirements. but you cannot specify destinations for the individual objects in the package. The parameters are identified by tab or link. The following table indicates which configuration parameters you can modify for an object package or for individual objects in a package. you configure some parameters at the object package level. see: • • • • “General object management” on page 417 “Report object management” on page 425 “Program object management” on page 451 Chapter 18: Scheduling Objects Configure for an object package yes --yes Scheduling server ----yes --Configure for individual objects in a package yes yes yes -View & Modify server yes yes yes yes -yes yes Configuration tabs and links Properties tab Refresh Options Links History tab Process tab Database Parameters Filters Print Setup Schedule tab Notification Alert Notification 462 BusinessObjects Enterprise Administrator’s Guide . Note: Because the objects in an object package are copies of objects that exist outside the package. you have to specify the destination for an object package. For example. As a result. it will save the output instances to the destination you specified for the object package. for the individual objects in the object package. When the system runs the object package. For information on how to set or modify these parameters.

If you attempt to schedule a package that contains one or more component objects to which you do not have schedule rights. You enter your Enterprise authentication only once to schedule the object package.) BusinessObjects Enterprise Administrator’s Guide 463 . it initially inherits the database logon information of the original report. Consequently. including all of its component objects. the component instance(s) fail(s). (If you copied the report into the object package. For database authentication.Managing Objects Object package management 17 Configuration tabs and links Format Destination Schedule For Categories tab Corporate Personal Rights tab Configure for an object package -yes yes n/a yes yes yes Configure for individual objects in a package yes --n/a yes yes -- Authentication and object packages Object packages simplifies both Enterprise and database authentication. you specify database logon information for each report component object in the object package. you must have scheduling rights for each of the objects inside the object package.

17 Managing Objects Object package management 464 BusinessObjects Enterprise Administrator’s Guide .

Scheduling Objects chapter .

see “Authentication and program objects” on page 458. In order for a program object to be successfully scheduled and run. “Managing instances” on page 495 This section describes how to manage instances for an object. it creates an output instance for the object. Web Intelligence documents. the system creates a scheduled instance for the object. Scheduling objects When you schedule an object. for example. A program instance is a text file that contains the standard out and standard error produced when the program object was run. a report or program instance. “Setting the scheduling options” on page 476 This section describes the options on the different Schedule pages for an object. When you schedule an object. For details about object types and object management. For details. the system creates a scheduled instance for the object. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. It does not contain any data yet. It does not contain any data yet. program objects. you must provide logon information for the account that the program object will run as. see Chapter 17: Managing Objects. Scheduled instances use the settings that are presently configured for the object in CMC.18 Scheduling Objects Scheduling objects overview Scheduling objects overview Scheduling an object lets you run it automatically at specified times. A scheduled instance contains object and schedule information. Output instances also appear on the History page of an object and have a status of Success or Failed. such as Notification. A report instance contains actual data from the database. Scheduled instances appear on the History page of the respective object and have a status of Recurring or Pending. 466 BusinessObjects Enterprise Administrator’s Guide . This chapter contains the following sections: • • • “Scheduling objects” on page 466 This section provides information on how to schedule objects. When the system runs the object. and object packages. A scheduled instance contains object and schedule information. You can schedule report objects. or Destination.

For a list and descriptions of the recurrence patterns. For details. For example. The new settings on the Schedule tab for the object are saved. Specify the Run option and parameters that you want. See also “Managing and viewing the history of instances” on page 495. For a list and descriptions of the Run options and parameters. see “Setting the scheduling options” on page 476. Wednesday. 3. 6. click Update. because running the document at scheduled times will not reduce the number of database hits. it may not be advantageous to schedule Web Intelligence documents that are set to “refresh on open”. 5. select Weekly. Click the Schedule tab. select an object by clicking its link. InfoView is designed primarily to schedule objects and view reports. Friday. To schedule an object In the Objects management area of the CMC. For details. For example. see “Scheduling an object with events” on page 473. Therefore. see “Run options and parameters” on page 469. Many scheduling options allow you to schedule an instance with events. Click Schedule. 2. 4. The system creates a scheduled instance and it will run the instance according to the schedule information you just specified. see “Recurrence patterns” on page 469. Note: If a Web Intelligence document has been set to “refresh on open” then the system will access the database to obtain the latest information each time a user views the document. select “Every week on” and then specify Monday. Set any of the other schedule options and parameters as required. whereas CMC enables you to manage and administer objects in addition to scheduling objects and viewing reports. showing the default settings for the object. You can view the scheduled instance on the History page for the object. Select the recurrence pattern you want. they must use a web-based client such as InfoView or a custom web application. Note: To save the schedule settings as the new default setting for the object. The Schedule page appears. BusinessObjects Enterprise Administrator’s Guide 467 . 1.Scheduling Objects Scheduling objects 18 For end users to schedule and run objects.

18 Scheduling Objects Scheduling objects About the scheduling options and parameters When you schedule an object. You then specify additional parameters to control exactly when and how often the object will be run. The recurrence patterns appear on the left of the Schedule page. you choose the recurrence pattern that you want. The Run options list and related parameters appear to the right of the recurrence patterns. and then the run option (for example. “Every week on”). For example. 468 BusinessObjects Enterprise Administrator’s Guide . you select Daily or Weekly.

You can specify what time as well as a start and end date. Monthly—The object will be run every month or every several months. and a start and end date you want it to run. but when they apply. you can select to run the object “On the Nth day of the month” or “On the first Monday of the month. The calendar must have been previously created. In many case the same parameters appear. their function is the same. You can specify on which days of the month. You can specify which days. and fields are generally self explanatory.” To see all the Run options for a recurrence pattern. It can be run now or in the future. such as start and end dates. Run This list always appears. refer to the software. Run options and parameters This section describes the Run parameters for scheduling an object. but for a complete description.Scheduling Objects Scheduling objects 18 Which run options and parameters are available depends on the recurrence pattern you selected. Weekly—The object will be run every week. Once—The object will be run only once. It can be run once or several times a day. you can select to run the object “Once each day” or “Every X day(s). but the options vary depending on which recurrence pattern you select. See Chapter 19: Managing Calendars. if you select Daily.” If you select Monthly. Not all parameters apply in all cases. Calendar—The object will be run on the dates specified in a calendar. BusinessObjects Enterprise Administrator’s Guide 469 . Daily—The object will be run every day. you can choose from the following recurrence patterns: • • • • • • On demand—The object will only be run when a user request it to be run. what time. options. It can be run once a week or several times a week. what time. see: • • “Recurrence patterns” on page 469 “Run options and parameters” on page 469 Recurrence patterns When scheduling an object. For example. You can specify which calendar. and a start and end date. The names of the recurrence patterns. or when a specified event has occurred.

Once the End Date has passed. the system no longer runs the object. You can select one or several events. The period. even if all the other criteria are met. You can then changes these values as needed. N minute(s)” Run option.” Select an event and click the Add button to move it to the “Events to wait for” box. See also “Scheduling an object with events” on page 473. Available Events Applies to all Run options that include “with events. the system won’t run the object until the start date has passed. You can select one or several events. End Date Applies to most. The system will run the object according to the schedule that you specified. if you specify a start date that is three months into the future. This list of events contains schedule events only. and Chapter 20: Managing Events. the system will run the report at the specified time. For example. You cannot trigger file or custom events. The number of times the system attempts to process an object if the first attempt is not successful. The default is the current date and time. recurrence patterns and Run options. The system will run the object only when those events have been successfully completed. By default. Start Date Applies to most. after the Start Date has passed. When you select a Run option that contains these variables. If you don’t change the X or N value. After that. but not all. Available Schedule Events Applies to all Run options that include “with events. Retry interval in seconds Always applies. For example. to ensure an object will be run indefinitely. See also “Scheduling an object with events” on page 473. 470 BusinessObjects Enterprise Administrator’s Guide . but not all recurrence patterns and Run options. as soon as it can. you could specify to run the report every 4 (X) hours and 30 (N) minutes. The default is the current time and a date in the distant future. in seconds. the system will run the report every hour.18 Scheduling Objects Scheduling objects X and N variables Applies to certain Daily and Monthly recurrence patterns only. A successful run of the object will trigger the events that you specified. that the system will wait before it attempts to process the object again if the first attempt is unsuccessful.” Select an event and click the Add button to move it to the “Events to trigger on completion” box. the number is zero. Number of retries allowed Always applies. the system displays their default values. Specify a different End Date if required. if you select the “Daily” recurrence pattern and the “Every X hour(s).

e. and Web Intelligence documents. If you want. Click OK. For details on configuring object packages. f. c. They can contain any combination of objects that can be scheduled. it allows users to view synchronized data across instances. assign the object package to a category. First you publish an object package. Then. Otherwise: a. Click New Object. if you want a report object in an object package to print when scheduled. d. Select a destination for the object package. • 1. see “Working with hyperlinked reports” on page 447. 2. b. and then you can schedule that object packages as you would any object. For details on publishing directly to an object package. see “Publishing overview” on page 374. Note: • You must configure the processing information of each of the components of an object package individually. BusinessObjects Enterprise Administrator’s Guide 471 . See also “Publishing with the Central Management Console” on page 385. In terms of reports and Web Intelligence document. you copy existing objects into the object package. Type the package name and a description. skip this step. If the object package already exist. This procedure describes how to use the CMC to schedule objects by using object packages. you can publish objects directly to an object package. Finally. you must configure it through the Print Setup link available on the report object’s Process tab. and then click the Object Package tab. such as report and program objects. see “Managing Objects” on page 415. For information about publishing hyperlinked report objects. see “Object package management” on page 459. To schedule objects using object packages Go to the Objects management area of the CMC. Using object packages simplifies authentication. Object packages function as distinct objects in BusinessObjects Enterprise. Alternatively. For example. For more information about configuring objects. Go to the Objects management area of the CMC again.Scheduling Objects Scheduling objects 18 Scheduling objects using object packages You can schedule objects in batches using the object packages feature. you schedule the object package as you would any object.

Object packages are indicated by [square brackets]. they must be copied to the object package. use the Look For field. Tip: • • • 7. 472 BusinessObjects Enterprise Administrator’s Guide . 4.18 Scheduling Objects Scheduling objects 3. Select Copy to. See “Scheduling objects” on page 466. Select the object package you created as the Destination for the objects. To search for a specific folder or object package. Select the check boxes associated with each object you want to place in the object package. Note: Existing objects cannot be moved into an object packages. Click Copy/Move/Shortcut. The Copy/Move/Create Shortcut page appears. 5. select it and click Show Subfolders. and then click OK. 6. Schedule the object package. To expand a folder.

For example. When the object is run. You can tell an object to wait for any.Scheduling Objects Scheduling objects 18 Scheduling an object with events When you schedule an object with events. Click the Schedule tab. If you want a scheduled object to trigger an event. A custom-based event is triggered manually. and schedule-based. if the event is based on the instance being run successfully. If the event is triggered before the start date of the object. Note: To schedule an object with events. and only when the rest of the schedule conditions are met. select Weekly. 2. 1. BusinessObjects Enterprise will trigger the specified event. custom-based. BusinessObjects Enterprise Administrator’s Guide 473 . first ensure that you have created the event. For a sample scenario on when you would use a schedule-based event. The event must be triggered within this specified time for the object to run. if the event is triggered outside of the 24-hour period. the event won’t be triggered if the instance fails. A schedule-based event is triggered by another object being run. Scheduling objects based on an event When you schedule an object that waits for a specified event. Scheduling objects to trigger an event You can also schedule an object which triggers a schedule-based event upon completion of the object being run. you must choose a schedule-based event. and if the event is not triggered before the end date occurs. the object will run only when the event is triggered. the object will be run only when the additional condition (that is. see “Recurrence patterns” on page 469. the event) occurs. the object will not run. see “Schedule-based events” on page 512. the object will not run because not all of the conditions will have been met. or all of the three event types: file-based. the event must be triggered within the 24-hour period on Monday. For a list and descriptions of the recurrence patterns. For a schedule-based event. if you choose a weekly. Select the recurrence pattern you want. If you have specified an end date for this object. then the report will not run. for example. To schedule an object to run based on events In the Objects management area of the CMC. Note: A file-based event is triggered upon the existence of a specified file. the object will have a specified time frame in which it can be processed. 3. Also. monthly. For example. See “Managing events overview” on page 510. select an object by clicking its link. or calendar schedule. if you schedule a weekly report object that runs every Monday.

For a list and descriptions of the Run options and parameters. click Update. In the Run list. “with events. If you don’t click Update. In the Available Events area. 6. see “Run options and parameters” on page 469. To update the default scheduling information. 474 BusinessObjects Enterprise Administrator’s Guide . and so on). Start Date. Select and complete the schedule parameters for your object (scheduling option. End Date. any changes you made to the scheduling information are not saved. select a run option that contains the words. For example. select from the list of events and click Add.” 5.18 Scheduling Objects Scheduling objects 4. Click the Schedule button to schedule the object. 7. 8. the report object above is set to wait for a Custom-based event to occur before the report is processed.

or by Calendar. End Date. and so on). 4. From the list on the left of the page. select a run option that contains the words.” Select and complete the schedule parameters for your object (scheduling option. 6. select an object by clicking its link. In the Available Schedule Events area. In the Run list. To schedule an object to trigger an event In the Objects management area of the CMC. Monthly. 2. BusinessObjects Enterprise Administrator’s Guide 475 . see “Recurrence patterns” on page 469. select a recurrence pattern: Once.Scheduling Objects Scheduling objects 18 1. select from the list of events and click Add. “with events. Start Date. Click the Schedule tab. Weekly. Daily. 5. For a list and descriptions of the recurrence patterns. 3.

To update the default scheduling information. Setting the scheduling options includes the following tasks: • • • • • • “Scheduling objects” on page 466 “Setting notification for an object’s success or failure” on page 476 “Specifying alert notification” on page 479 “Selecting a destination” on page 481 “Choosing a format” on page 491 “Scheduling an object for a user or group” on page 493 Setting notification for an object’s success or failure You can set scheduling options that automatically send notification when an object instance succeeds or fails. 8. and you can automatically inform users when new report instances run successfully. any changes you made to the scheduling information are not saved. You need to check each instance to make sure it ran properly. 7. and provide different notification settings for successful and failed instances. For example. click Update. you can set each object to automatically notify you when the report fails to run properly. 476 BusinessObjects Enterprise Administrator’s Guide . and then send out emails to the users who need to know that the new report is available. If you don’t click Update.18 Scheduling Objects Setting the scheduling options For example. the report object above is set to trigger a Schedule-based event only if the report is successfully processed. Note: You can only select schedule-based events in this list. Using notification settings in BusinessObjects Enterprise. You can also combine multiple notification methods. With thousands of reports. you may have a large number of reports that run every day. it would take too much time to manually check the reports and contact the users who need the information. Click the Schedule button to schedule the object. Setting the scheduling options BusinessObjects Enterprise allows you to control the process and schedule settings for an object. You can send notification using audit or email notification.

the program must run in order to succeed. but you can set any type of notification for the individual objects in the object package. To monitor object successes and failures from a more general perspective. but does not perform the tasks it is supposed to. If the program runs. click the object package’s Properties tab and clear the “Scheduled package fails upon individual component failure” option. You can also schedule object packages with events on the Schedule tab. A report instance may fail if the user does not provide the correct parameters or logon information. the instance is considered a failure. then the notification fails and the object instance is recorded as a failure in the object’s history. • Program objects For program objects. The conditions required for an instance’s success or failure depend on the type of object you schedule: • Report and Web Intelligence document objects A report instance runs successfully if it doesn’t encounter any errors while processing the report object or accessing the database. For example. For more information about events. it is still considered a successful instance because the program object ran. • Object packages An object package may fail if one of its components fails. if an email notification sends a message to an invalid email address. the scheduled instance either succeeds or fails. You can also set scheduling options for individual objects within an object package. then the object instance fails. which will trigger an event based on success or failure of the object package. see “Schedule-based events” on page 512. If notification fails. BusinessObjects Enterprise does not monitor problems with the program object’s code. To change this setting. You can select unique notification options for each object.Scheduling Objects Setting the scheduling options 18 Determining an object’s success or failure When you schedule an object. If the program does not run. use the auditing functionality within BusinessObjects Enterprise. Note: You cannot set audit or email notification for object packages. sending different types of notification for different conditions. For object packages. About notification You can set notification at the object level. You can choose to notify using: BusinessObjects Enterprise Administrator’s Guide 477 . you can set only event notification.

18 Scheduling Objects Setting the scheduling options • Audit notification To use audit notification. see “Managing Auditing” on page 203. 3. it will be labelled “Not in use”. Click the notification type (or types) you want to use. You can choose the sender and recipients of the email message. See “Configuring the destinations for job servers” on page 125 Note: Notification of a scheduled object’s success or failure is not the same as alert notification. If you use auditing to monitor your BusinessObjects Enterprise system. Note: To enable email notification. you must configure the auditing database and enable auditing for the servers. To set notification for an instance’s success or failure Select a object in the Objects management area of the CMC. For example. 1.it’s just about whether or not the report object instance has failed or succeeded. When you select audit notification. then click the Notification link. when it fails to run. You can choose to have a notification sent to the auditing database when the job runs successfully. 4. Alert notification must be built into the design of the report. alert notification can send an email to you whenever a specific value in the report exceeds $1000000. the notification has nothing to do with the contents of the report . you must have the Email SMTP destination enabled and configured on the job servers. Note: If the notification type is already being used. Note: For the job servers you can also set audit notification on the Auditing tab. Click the Schedule tab. it will be labelled “Enabled”. • Email notification You can send an email as a notification of an object instance’s success or failure. but when the report succeeds you can automatically send a notification to everyone who needs the report to let them know it is now available. Choose the specific settings for the notification. 478 BusinessObjects Enterprise Administrator’s Guide . 2. you could send your administrator an email if the report fails. For more information about configuring the auditing database and enabling auditing. or both. You can send an email when the instance fails and when it succeeds. If not. For example. you can use audit notification. In this case. information about the scheduled object is written to the auditing database.

If the alert condition (as defined in Crystal Reports) is true.” To send a record when the job fails. created in Crystal Reports. Note: • • • The Alert Notification link is available only if the report object contains alerts. See “Configuring the destinations for job servers” on page 125.” and “From” fields for the email. the alert is triggered and its message is displayed. you can choose to send alert notification when scheduling a report. You can configure email delivery options. If you enable alert notification. set a URL for the viewer you want the email recipient to use. and set the maximum number of alert records to send.” Email notification Choose whether you want to send a notification when the job fails or when it succeeds. the notification is sent to the server’s default email destination. that appear when certain conditions are met by data in a report. Alerts may indicate action to be taken by the user or information about report data. Alerts are triggered in the report object even if you disable alert notification. BusinessObjects Enterprise Administrator’s Guide 479 . Click Update. messages are sent through an SMTP server. Alerts are custom messages. For details on how to change the default email settings. specify the “To. you must have the Email SMTP destination enabled and configured on the job servers. Note: By default. select “A job has been run successfully. and the message. the email subject line. To specify the contents and recipients of the email notification. 5.” “Cc. select “Set the vales to be used here” and provide the From and To email addresses. Specifying alert notification Note: This feature does not apply to Web Intelligence document objects. In BusinessObjects Enterprise. select “A job has failed to run. To enable alert notification. add subject and message information.Scheduling Objects Setting the scheduling options 18 Audit notification To send a record to the auditing database when the job succeeds. see “Email (SMTP) destination properties” on page 128.

Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. The Alert Notification page appears. 480 BusinessObjects Enterprise Administrator’s Guide . Clear the Enable alert notification check box if you do not want to send an alert notification. see “Configuring the destinations for job servers” on page 125. To set alert notification In the Objects management area of the CMC. 4. 3. For more information. 2. You can change these settings in the Servers management area. BusinessObjects Enterprise will deliver the alert notification using the Job Server’s default settings. and then click the Alert Notification link. select a report object by clicking its link. Click the Schedule tab.18 Scheduling Objects Setting the scheduling options 1. If you select the first option.

Message Type a short message. When the system runs an object. see http://www. For more information. To Type the addresses or distribution list that you wish to send the report to.org/ 6. For more information. BusinessObjects Enterprise Administrator’s Guide 481 . if required. see the developer documentation available on your product CD. Note: You must use World Wide Web Consortium (W3C) URL encoding when typing the viewer URL. The hyperlink in the alert notification displays a report page that contains the records that triggered the alert. Tip: The Alert Name and Status fields are set in Crystal Reports. Type the maximum number of alert records to be included in the alert notification.Scheduling Objects Setting the scheduling options 18 If you select the second option. Click Update.w3. The viewer URL appears in the hyperlink that is sent in the alert notification email. Alternatively. it always stores the output instance on the Output FRS. You can set the default URL by clicking Object Settings on the main page of the objects management area of the CMC. you can configure an object or instance for output to a destination other than the default Output File Repository Server (FRS). replace spaces in the path with %20. Selecting a destination Using BusinessObjects Enterprise. Note: Separate multiple addresses or distribution lists using semicolons. you can select the default viewer by clicking Use default. you can specify the email settings: • • • • • From Type a return address or distribution list. Cc Type the addresses or distribution list that you wish to send a copy of the alert notification to. Being able to choose an additional destination gives you the flexibility to deliver instances across your enterprise system or to destinations outside your enterprise system. 7. 5. Use this field to limit the number of records displayed. Type the URL for the viewer in which you want the email recipient to view the report. Subject Complete the subject field. For example.

name or title of the object. owner information. When you specify the destination settings through the CMC. because the recipients must have access to the BusinessObjects Enterprise system to be able to open these types of objects. To generate a file name.18 Scheduling Objects Setting the scheduling options For example. you can set an object to have its output automatically delivered by email to other users. For example. these settings are also reflected in the default scheduling settings for InfoView. For program and report objects you can specify any of the available destinations. Object type Report Object Package Program Web Intelligence document Unm. However. See “Setting printer and page layout options” on page 441. you cannot specify Unmanaged Disk as a destination for a Web Intelligence document.” BusinessObjects Enterprise generates a unique name for the output file or files. Note: You can also configure object instances to be printed after they have been run. The following destinations are available: • • • • • “Default destination support” on page 483 “Unmanaged Disk destination support” on page 483 “FTP support” on page 485 “Email (SMTP) support” on page 487 “Inbox support” on page 490 Note: You can change the destination setting for an object or instance either in the Central Management Console (CMC) or in InfoView. you can use a combination of ID. The following table summarizes which destinations you can configure for which types of objects. DIsk No No Email (SMTP) FTP No No File No No Link No Inbox File Link - 482 BusinessObjects Enterprise Administrator’s Guide . or the date and time information. for object packages and Web Intelligence documents you cannot do this. When you specify a destination other then “Default.

Click the Schedule tab. select an object by clicking its link. Click the Schedule tab. In that case. 1. The Destination page appears. If the object is a Web Intelligence document or an object package. Unmanaged Disk destination support When scheduling objects. then click the Destination link. To set your destination to unmanaged disk In the Objects management area of the CMC. Click Update. 2. the location can also be a Universal Naming Convention (UNC) path. The location must be a local or mapped directory on the processing server. If you want to save instances to the FRS only and not to any other destinations. Note: • • • 1. the system will save an output instance to both the Output File Repository Server and the specified destination. However. BusinessObjects Enterprise Administrator’s Guide 483 . See “Configuring the destinations for job servers” on page 125. Select Default from the Destination list. The processing server must have sufficient rights to the specified location. select that option. For servers using Windows. The Destination page appears. 2. object instances are saved to the Output File Repository Server (FRS). for an object package you can configure the individual objects in the object package for output to Unmanaged Disk. To set your destination to default In the Objects management area of the CMC. you cannot specify Unmanaged Disk as a destination.Scheduling Objects Setting the scheduling options 18 Default destination support By default. 3. you must have the destination enabled and configured on the job servers. To use a destination. you can configure the objects for output to an unmanaged disk. 4. then click the Destination link. select an object by clicking its link.

the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. If you select the first option. If you select the second option. 484 BusinessObjects Enterprise Administrator’s Guide . For more information. You can change these settings in the Servers management area. mapped location. When that option is selected. or a UNC path. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. select the Clean up instance after scheduling option. see “Configuring the destinations for job servers” on page 125. 3.18 Scheduling Objects Setting the scheduling options Select Unmanaged Disk from the Destination list. 4. If you want. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. you can set the file name properties and enter user information: • Destination Directory Enter a local location.

Click Update. you can configure the objects for output to a File Transfer Protocol (FTP) server. To connect to the FTP server.If you specify an FTP destination.Scheduling Objects Setting the scheduling options 18 • • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. if you add the variable “Owner. To add a variable. for an object package you can configure the individual objects in the object package for output to FTP. Specified File Name Select this option if you want to specify a file name—you can also add a variable to the file name. 1. 5. If the object is a Web Intelligence document or an object package. 2.” when you schedule an object. When the instance is run. choose a placeholder for a variable property from the list and click Add. the variable will be replaced with the specified information from the instance. BusinessObjects Enterprise Administrator’s Guide 485 . you cannot specify FTP as a destination. Click the Schedule tab. To set an FTP server as the destination In the Objects management area of the CMC. then click the Destination link. you must have the destination enabled and configured on the job servers. select an object by clicking its link. For example. FTP support When scheduling objects. However. Password Type the password for the user. its file name will include the object owner’s name. • • User Name Specify a user who has permission to write files to the destination directory. Note: To use a destination. the system will save an output instance to both the Output File Repository Server and the specified destination. Note: You can specify a user name and password only for servers using Windows. The Destination tab appears. you must specify a user who has the necessary rights to upload files to the server. See “Configuring the destinations for job servers” on page 125.

486 BusinessObjects Enterprise Administrator’s Guide . If you want. 4. You can change these settings in the Servers management area. When that option is selected. 5. Select FTP from the Destination list. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings.18 Scheduling Objects Setting the scheduling options 3. If you select the first option. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. For more information see “Configuring the destinations for job servers” on page 125. select the Clean up instance after scheduling option.

BusinessObjects Enterprise Administrator’s Guide 487 . After it has run the object. you can choose to send the instances of an object. Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name. Account is part of the standard FTP protocol. choose a placeholder for a variable property from the list and click Add. the system will send a copy of the output instance as an attachment to the email addresses you specified. Port Enter the FTP port number (the default is 21). 6. To add a variable. Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. When you select the Email (SMTP) destination. if required. to one or more email destinations. for example. • • • Destination Directory Enter the FTP directory that you want the object to be saved to. you can set the FTP and file name properties: • • • • • Host Enter the FTP host information. Email (SMTP) support With Simple Mail Transfer Protocol (SMTP) mail support. FTP Password Enter the user’s password. a report instance. the system will save the instance to the Output File Repository Server as well as email it to the specified destinations.Scheduling Objects Setting the scheduling options 18 If you select the second option. Click Update. Account Enter the FTP account information. but it is rarely implemented. BusinessObjects Enterprise supports Multipurpose Internet Mail Extensions (MIME) encoding. Provide the appropriate account only if your FTP server requires it. FTP User Name Specify a user who has the necessary rights to upload an object to the FTP server.

select an object by clicking its link. Select Email (SMTP) from the Destination list 4. 3. you cannot specify Email (SMTP) as a destination. Note: If the object is a Web Intelligence document. you must have the destination enabled and configured on the job servers. select the Clean up instance after scheduling option. Click the Schedule tab. To send an object by email In the Objects management area of the CMC. 1. If you want. The Destination page appears. then click the Destination link. See “Configuring the destinations for job servers” on page 125. 2.18 Scheduling Objects Setting the scheduling options Note: To use a destination. 488 BusinessObjects Enterprise Administrator’s Guide .

• Cc Enter an address or addresses that you wish to send a carbon copy of the object to. choose a placeholder for a variable property from the list and click Add. To add a variable. Separate multiple addresses with semicolons. If you select the first option. • Subject Complete the subject field. see “Configuring the destinations for job servers” on page 125. 6. If you select the second option. • Message Type a short message. • Add viewer hyperlink to message body Click Add if you want to add the URL for the viewer in which you want the email recipient to view the object. You can set the default URL by clicking Object Settings on the main page of the Objects management area of the CMC. • To Enter an address or addresses that you wish to send the object to. you can specify the email settings and the file name properties: • From Enter a return address. • Attach object instance to email message Clear this check box if you do not want a copy of the instance attached to the email. For more information. Click Update. When that option is selected. • Default File Name (randomly generated) Select this option if you want BusinessObjects Enterprise to generate a random file name. You can change these settings in the Servers management area. if required. BusinessObjects Enterprise Administrator’s Guide 489 . • Specified File Name Select this option if you want to enter a file name—you can also add a variable to the file name.Scheduling Objects Setting the scheduling options 18 5. BusinessObjects Enterprise will schedule an object using the Job Server’s default settings. Select either Use the Job Server’s defaults or Set the values to be used at schedule time here. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum.

In this case. Instead of sending the actual file to the inboxes. then click the Destination link. 490 BusinessObjects Enterprise Administrator’s Guide . select an object by clicking its link. you can choose to send a shortcut. 3. To send an object to inboxes In the Objects management area of the CMC. you must have the destination enabled and configured on the job servers. 1. The Destination tab appears. See “Configuring the destinations for job servers” on page 125. Note: To use a destination. you can configure objects for output to the inboxes of users. 2. Click the Schedule tab.18 Scheduling Objects Setting the scheduling options Inbox support When scheduling objects. the system will save the instance to both the Output File Repository Server and the inboxes you specified. Select Inbox from the Destination list.

You can select from the following formats: • • • WebIntelligence Microsoft Excel Adobe Acrobat BusinessObjects Enterprise Administrator’s Guide 491 . see “Selecting a destination” on page 481. For more information. select the Clean up instance after scheduling option. Send List Operation Specify who must receive the report instance.” set the parameters for that option. otherwise skip this step: Send Document as • • • • 7. If you selected “Set the values to be used at schedule time here. Select the processing option that you want: • Use the Job Server’s defaults BusinessObjects Enterprise will schedule the object with the job server’s default settings. Choosing a format Web Intelligence document formats For Web Intelligence documents. You can select individual users or user groups. Look for Use this feature to search for a specific user or users group. Shortcut The system will send a shortcut to the instance. For more information on destinations. This format will be saved to the destination you have selected. rather than send a copy of the instance itself. the system automatically deletes the report or program instance from the Output File Repository Server to keep the number of instances on the server to a minimum. When that option is selected. Type the name and then click Find now. Click Update. you can select the format that the document will be saved in when it is generated. If you want.Scheduling Objects Setting the scheduling options 18 4. • Set the values to be used at schedule time here BusinessObjects Enterprise will schedule the object with the parameters you specify. see “Configuring the destinations for job servers” on page 125. Copy The system will send a copy of the instance. 6. 5.

see “Selecting a destination” on page 481. Paginated Text. This format will be saved to the destination you have selected for the report object and its instances. Tab-separated Values. the report instance is automatically sent to the printer in Crystal Reports format. The Tab-separated Values format places a tab character between values.18 Scheduling Objects Setting the scheduling options Crystal report formats For Crystal report objects. if you select Character-separated Values. This does not conflict with the format you select when scheduling the report.” Note: • If you choose to print the report when it is scheduled (by checking the “Print in Crystal Reports format using the selected printer when scheduling” check box on the Print Setup page). Each of these two formats produce data lists. while Excel (Data only) saves only the data. You can select from the following formats: • • • • • • • • • • • • Crystal Report Microsoft Excel Microsoft Excel (Data Only) Microsoft Word (RTF) Adobe Acrobat Rich Text Editable Rich Text Plain Text Paginated Text Tab-Separated Text Tab-Separated Values Character-separated Values For Excel. The difference between Excel and Excel (Data only) is that Excel attempts to preserve the look and feel of your original report. you can enter characters for the separator and delimiter. In contrast. you can also select the two check boxes: “Same number formats as in report” and “Same date formats as in report. you specify certain formatting properties for the report. the Tab-separated Text format attempts to preserve the formatting of the report. the Character-separated Values format places a specified character between values. For more information on destinations. and Character-separated Values. • • 492 BusinessObjects Enterprise Administrator’s Guide . For example. you can select the format that a report instance will be saved in when it is generated by BusinessObjects Enterprise. with each cell representing a field.

Scheduling Objects Setting the scheduling options 18 1. the format you specified on the Schedule tab for the object must be WebInteligence. To select a format for the report In the Objects management area of the CMC. If you don’t select a cache format. It is intended to be used for either of the following types of objects: • • Crystal reports that are based on Business Views Web Intelligence documents that use Universes BusinessObjects Enterprise Administrator’s Guide 493 . Complete any fields that appear below the list and select (where appropriate) the check boxes that appear. On the Schedule tab. Select the format you want. click the Caching Options link. Select a format from the Format list. Click Update. In addition. Selecting cache options for Web Intelligence documents When the system runs a scheduled Web Intelligence document it stores the the instance it generates on the Output File Repository Server. 2. select a report object by clicking its link. Click Update. To select a cache format for Web Intelligence documents In the Objects management area of the CMC. The Format page appears. Note: To select a cache option. 3. you can choose to have the system cache the report on the Web Intelligence Report Server by selecting a cache format for the document. The Caching Options page appears. click the Format link. select Web Intelligence object by clicking its link. 4. 1. 4. On the Schedule tab. the Cache Options link is disabled for the object. 5. Scheduling an object for a user or group The Schedule For feature allows you to generate reports that contain data for specific users only. 3. 2. then the system won’t cache the document when it runs the document. If you select a different format.

For example. Otherwise. The system will run the object and generate multiple instances of the report or document. 3. Each instance will contain data that is relevant to the individual user only. On the Schedule tab. 2. click the Schedule For link. Schedule only for myself Schedule for specified users and user groups If you selected Schedule for specified users and user groups. 494 BusinessObjects Enterprise Administrator’s Guide . 5.18 Scheduling Objects Setting the scheduling options Using the Schedule For feature you can schedule an object and specify for which users you want the system to run the object. you can schedule a sales report and on the Schedule For page you can specify the users names for all your sales representatives. select a report object by clicking its link. Each instance would contain sales information for the individual sales representative only. To change the Schedule For settings for an object In the Objects management area of the CMC. 1. The Schedule For page appears. At the specified time. Select who you want to schedule the object for. skip this step. • • 4. select one or more users or groups and add them to the “Groups to be added to the scheduling list” by using the arrow buttons. Click Update. the system runs the report object and generates the individual report instances.

A program instance stores the program’s standard out and standard error in a text output file. For report objects. the Format column displays which format the report is. and refresh instances. BusinessObjects Enterprise creates a program instance each time that a program object is scheduled and run by the Program Job Server. The system has not yet run these instances.Scheduling Objects Managing instances 18 Managing instances To view or manage instances. To manage storage space. or to provide a time limit for the instances. BusinessObjects Enterprise creates instances from objects. the Arguments column lists the command-line options that were or will be passed to the command line interface for each instance. pause. or will be stored in and the Parameters column indicates what parameters were or will be used for each instance. which can be viewed in their completed format. The Instance Time column displays the title of the instances and the date of the last update for each instance. The Run By column indicates which user scheduled the instance. will have a status of Success or Failed. a report instance is created when a report object is scheduled and run by the Job Server. Unlike report instances. run. Each instance contains data that is current at the time the report is processed. Essentially. See “Setting instance limits for an object” on page 498. Output instances. For program objects. you can also choose to delete. From the History page. actual report or program instances. that is. That page lists the scheduled instances and the output instances for an object: • • Scheduled instances will have a status of Recurring or Pending. it is good practice to limit the number of possible instances for an object. which indicate whether they were run successfully: • • A report instance contains actual report data. You can view specific report instances on the History page of the report object. The Status column displays the status of each instance. and the instances do not contain any data yet. go to the History page for the object. program BusinessObjects Enterprise Administrator’s Guide 495 . That is. a report instance is a report object that contains report data that is retrieved from one or more databases. Managing and viewing the history of instances The History page displays all of the instances for a selected object. See “Managing and viewing the history of instances” on page 495.

If you click Run Now. Send to. To select all instances. the system schedules the object to be run immediately. Select an instance or instances by selecting the appropriate check boxes. To view an instance Select a object in the Objects management area of the CMC. Resume. 496 BusinessObjects Enterprise Administrator’s Guide . 3. see “Sending an object or instance” on page 420. Click the History tab. Pause. Click either Run Now. This file appears when you click a program instance in the object History. 2. “Viewing an instance” on page 496 “Pausing or resuming an instance” on page 497 “Deleting an instance” on page 498 “Sending an object or instance” on page 420 To manage instances In the Objects management area of the CMC. In this case you don’t need to select an instance first. 2. or Delete. select an object by clicking its link. For information about the Send to button. Viewing an instance 1. Note: To refresh the list. click the check box in the column heading. The scheduled job will have a status of Pending.18 Scheduling Objects Managing instances instances exist as records in the object history. 4. The History tab appears. Click the History tab. BusinessObjects Enterprise stores the program’s standard out and standard error in a text output file. Managing instances includes the following tasks: • • • • 1. click Refresh.

To pause and resume an instance Go to the History page for an object. you can resume the scheduled object. 2.Scheduling Objects Managing instances 18 The History page appears. In the Instance Time column. You can also use the Instance Manager tool to view a list of instances by status or by user. if a job server is down for maintenance reasons. Click Resume. 1. Click Pause. 1. 3. For example. To resume an instance after pausing it Go to the History page for an object. you may want to pause a scheduled instance. Pausing or resuming an instance You can pause and then resume an instance as needed. Access the Instance Manager by clicking its link in the Administrative Tools area of the BusinessObjects Enterprise Administration Launchpad. and the object from failing because the job server is not running. BusinessObjects Enterprise Administrator’s Guide 497 . When the job server is running again. 3. Pause and resume can be applied to scheduled instances only. instances that have a status of Recurring or Pending. 3. This prevents the system from running the object. that is. 2. Select the check box for the scheduled instance you want to pause. Select the check box for the scheduled instance you want to resume. click the instance you want to view.

click the Limits link. To delete an instance Go to the History page for an object. At the object level. select an object by clicking its link. you can also limit the number of days that an instance remains on the system for a user or group. which have a status of success of failed. 2. you can also set limits at the folder level.18 Scheduling Objects Managing instances Deleting an instance You can delete instances from an object as needed. and report or program instances. On the History tab. see “Setting limits for folders. Click Delete. To set limits for instances In the Objects management area of the CMC. Select the check box for the instance or instances you want to delete. you can limit the number of instances that remain on the system for the object or for each user or group. and groups” on page 365. When you set limits at the folder level. the object will not inherit the limits of the folder. You can delete both scheduled instances. 2. you can set the limits for the selected object and its instances. In addition to setting the limits for the objects from the Objects management area. Note: When you set the limits at the object level. these limits will be in effect for all objects that reside within the folder (including any objects found within the subfolders). users. the object limits will override the limits set for the folder. You set limits to automate regular clean-ups of old BusinessObjects Enterprise content. For information on setting folder limits. that is. Setting instance limits for an object In the Limits page. 1. which have a status of recurring or pending. 1. 498 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide 499 . click Add/ Remove in this area.) • Delete excess instances for the following users/groups To limit the number of instances for users or groups. (The default value is 100.) 4. click Add/Remove in this area. The options are as follows: • Delete excess instances when there are more than N instances of an object To limit the number of instances per object.Scheduling Objects Managing instances 18 The Limits page appears. Select from the available users and groups and click OK. Then type the maximum number of instances that you want to remain on the system. Make your settings according to the types of limits you want to set for your instances. (The default value is 100. Then type the maximum number of instances in the Instance Limit column. 3. Click Update. (The default value is 100.) • Delete instances after N days for the following users/groups To limit the number of days that instances are saved for users or groups. select this check box. Select from the available users and groups and click OK. Then type the maximum age of instances in the Maximum Days column.

18 Scheduling Objects Managing instances 500 BusinessObjects Enterprise Administrator’s Guide .

Managing Calendars chapter .

They can copy this template calendar and modify it as necessary. you can create a calendar with the holidays marked as “non-run” days. When you apply the calendar to a job. you can create more complex processing schedules than you can with the standard scheduling options. Calendars are particularly useful when you want to run a recurring job on an irregular schedule. or if you want to provide users with sets of regular scheduling dates to choose from. You can set up as many calendars as you want in BusinessObjects Enterprise. you need to provide a name and description. program objects. runs the job on the run dates as scheduled. go to the Calendars management area to create new calendars and to modify existing calendars. Calendars you create appear in the Calendar selection list available when you choose to schedule an object using a calendar. Calendars also allow you to create more complex processing schedules. on which the report object cannot be run. and object packages. including report objects. you can add run dates to it using the Dates tab. A calendar is a customized list of run dates for scheduled jobs.19 Managing Calendars Overview Overview Calendars make it easy for you to schedule complex recurring jobs efficiently. if you want a report object to run every business day except for your country’s statutory holidays. For example. When users schedule objects. combining unique scheduling dates with recurring ones. By providing calendars for your users. they can use a calendar to run the job on a predefined set of dates. Managing calendars includes: • • • • “Creating calendars” on page 502 “Adding dates to a calendar” on page 503 “Deleting calendars” on page 507 “Specifying calendar rights” on page 508 Creating calendars In the Central Management Console (CMC). For example. 502 BusinessObjects Enterprise Administrator’s Guide . BusinessObjects Enterprise will run the job every day you have specified as a “run” day in your calendar. Tip: It is good practice to create a calendar for users to use as a template for creating new calendars. You can apply calendars to any object that can be scheduled. To create a calendar. you can create a default Weekdays calendar that includes all days as run dates except weekends and company holidays. When the calendar is created.

2. The new calendar is added to the system. You can choose specific dates using a yearly. 2. BusinessObjects Enterprise Administrator’s Guide 503 . or you can choose recurring dates using general formats based on the day of the month or week.Managing Calendars Adding dates to a calendar 19 1. You can now use the Dates tab to add run dates to this calendar. See “Recurring dates” on page 506. Click New Calendar. 1. 3. To add dates to a calendar Go to the Calendars management area of the CMC. Adding dates to a calendar You can add dates to a calendar using a number of different formats. 4. On the Properties tab. and its Properties tab is refreshed. This example creates a calendar for Canadian employees that schedules an object on all weekdays except statutory Canadian holidays. see “Adding dates to a calendar” on page 503. type the name and description of the new calendar. For details. Click the Dates tab. To create a calendar Go to the Calendars management area of the CMC. quarterly. Click Update. or monthly view of the calendar. 3. Click the link for the calendar you want to change.

by Day of Month allows you to add general recurring dates based on the day of the month. Click the days of the month that you want to include as run days for the calendar. click the day again. See also “Specific dates” on page 505 and “Recurring dates” on page 506. click a month to open it in Monthly format. it only allows you to add new dates and update the schedule. Note that this format does not display the currently selected dates from the calendar. This format allows you to add new dates and update the schedule. To remove a run day. choose from one of the five calendar format options: • Yearly Yearly displays the calendar’s run dates for the year. 504 BusinessObjects Enterprise Administrator’s Guide . You can change the displayed month using the Previous Month and Next Month buttons. click a month to open it in Monthly format. where you can add run dates to specific days. by Day of Week allows you to add general recurring dates based on the day of the week. Week 1 starts on the Sunday of the week of the Start Date you specify. • Generic Monthly. • Generic Monthly. you can click the Previous Year and Next Year buttons. 6. To add a date from the Quarterly format. • Monthly Monthly displays the calendar’s run dates for the current month. You can change the displayed quarter using the Previous Quarter and Next Quarter buttons. click Update. 5. where you can add run dates to specific days. To change the year displayed. by Day of Week formats. by Day of Week Generic Monthly. it does not display currently selected dates from the calendar. To add a date from the Yearly format. Tip: For the Monthly and Generic Monthly. In the “Select a calendar displaying format” list. The dates are applied to the months specified between the Start and End Dates. • Quarterly Quarterly displays the calendar’s run dates for the current calendar quarter. you can select multiple dates at once by clicking the row or column headings. by Day of Month Generic Monthly. To add the new dates to the calendar.19 Managing Calendars Adding dates to a calendar 4. The dates are applied to the months specified between the Start and End Dates.

use the Yearly.Managing Calendars Adding dates to a calendar 19 If you added dates using a generic format. You can also view the Monthly format for the calendar. The Quarterly format displays the run dates for the current quarter. and Monthly formats to add dates to the calendars. You can add specific dates in the Monthly calendar format. Note: When you change an existing calendar. To add dates for the Yearly and Quarterly calendar formats. BusinessObjects Enterprise Administrator’s Guide 505 . Objects that use the edited calendar are automatically updated to run on the revised date schedule. Specific dates To add a specific date to a calendar. the Yearly format will automatically appear. you can create a list of these dates in a “Shipping dates” calendar. click a month to open it in the Monthly format. where you can select specific days as run dates. For example. The Shipping department can now check the inventory after each shipment by scheduling a report that uses the calendar to run at the end of each shipping day. BusinessObjects Enterprise checks all currently scheduled instances in your system. if your company ships products according to an irregular schedule that cannot be defined using the daily or weekly settings. you can change the displayed time range by clicking the previous and next buttons. The Yearly format displays the run schedule for the entire year. which displays the run dates for the current month. In all three formats. displaying the new dates. Quarterly.

To add every second and fourth Friday to the calendar. You can add the generic dates based on the day of the week or the day of the month. you must use the Yearly. use the Generic Monthly.19 Managing Calendars Adding dates to a calendar Recurring dates To create a recurring pattern of monthly run dates. Although you can set a recurring schedule using the standard scheduling options. by Day of Week format. use the Generic Monthly. to schedule a report object to run on the first four days of every month. and on the second and fourth Friday of every month. by Day of Month format to add the first four days of the month to this calendar. use the generic Monthly formats. To view existing run dates. the Yearly format appears with the new run dates. 506 BusinessObjects Enterprise Administrator’s Guide . For example. first create a new calendar object and name it. calendars allow you to specify several different recurring run patterns at once. Quarterly. the generic formats are used to add dates to the calendar. or Monthly format. You can also run instances on dates that do not follow the pattern by adding individual days to a calendar. When you update the calendar. Then.

3. and click OK to confirm. To ensure the objects continue to be run. because the calendar no longer exists. Click Delete. 2. Select the check box associated with the calendar you want to delete.Managing Calendars Deleting calendars 19 Deleting calendars When you delete a calendar. Tip: Select multiple check boxes to delete several calendars. After that. To delete a calendar Go to the Calendars management area of the CMC. any objects that are scheduled according to the deleted calendar will be run one more time by the system. 1. BusinessObjects Enterprise Administrator’s Guide 507 . See “Scheduling objects” on page 466. change the scheduling information for the objects either by selecting a different calendar or a different recurrence pattern. the system won’t be able to schedule the objects again.

you may have specific sets of dates that you want to be available only for certain employees or departments. Click Update. choose Advanced. On the Rights tab. as required. Users will only be able to see the calendars they have the rights to see. Select the calendar you want to grant access to. 508 BusinessObjects Enterprise Administrator’s Guide . 10. calendars are based on current security settings. your finance team may use a series of financial tracking dates that aren’t useful for other departments. Click OK. Follow this procedure to change the rights for a calendar. so you can use rights to hide calendars that aren’t applicable to a particular group. Click the Rights tab. For complete details on the predefined access levels and advanced rights. Depending how you organize your calendars. 2. select Add/Remove Groups. change the Access Level for each user or group. Click Add/Remove to add users or groups that you want to give access to the selected calendar. 8. 4.19 Managing Calendars Specifying calendar rights Specifying calendar rights You can grant or deny users and groups access to calendars. inheriting rights from the users’ parent folders. For example. select the Add Users operation. or Remove Users. By default. To choose specific rights. 5. Add Users. In the Select Operation list. 3. The Add/Remove page appears. 6. 7. 1. If you have many users on your system. see “Rights and Access Levels” on page 563. Select the user or group you want to grant access to the specified calendar. 9. To grant access to a calendar Go to the Calendars management area of the CMC. then use the “Look for” field to search for a particular account.

Managing Events chapter .

• Schedule events When you define a schedule-based event. That is. For details. 510 BusinessObjects Enterprise Administrator’s Guide . You can create three kinds of events: • File events When you define a file-based event. The scheduled job is then processed only when the event occurs. For instance. • Custom events When you create a custom event. For instance. you can select it as a dependency when you schedule an object. you might want certain large reports to run sequentially. schedule-based events allow you to set up contingencies or conditions between scheduled objects. your custom event occurs only when you or another administrator clicks the corresponding “Trigger this event” button in the CMC. When the file appears.20 Managing Events Managing events overview Managing events overview Event-based scheduling provides you with additional control over scheduling objects: you can set up events so that objects are processed only after a specified event occurs. Working with events consists of two steps: creating an event and scheduling an object with events. you create a shortcut for triggering an event manually. the Event Server triggers the event. you might want to make some reports dependent upon the regular file output of other programs or scripts. you specify a filename that the Event Server should monitor for a particular file. Basically. For details. you select an object whose existing recurrence schedule will serve as the trigger for your event. see “Schedule-based events” on page 512. This chapter shows how to create events in the Events management area of the Central Management Console (CMC). For details. see “File-based events” on page 511. see “Custom events” on page 514. In this way. once you create an event. or you might want a particular sales summary report to run only when a detailed sales report runs successfully.

To do this. the event is triggered and the reports are processed. and then schedule your daily reports with this event as a dependency. For more information on scheduling an object with events. Then you can schedule the object and select this event. the event is not triggered. Before scheduling an object that waits for a file-based event to occur. at most. For instance. keep in mind that an object’s recurrence schedule still determines how frequently the object runs. Note: If the file already exists prior to the creation of the event. In this case.Managing Events File-based events 20 When working with events. File-based events are monitored by the Event Server. see “Scheduling an object with events” on page 473. the event must occur within the time frame established when you actually schedule the event-based report. If you want an event to be triggered multiple times. you must remove and recreate the file each time. see “Scheduling an object with events” on page 473. Click New Event. The New Event page appears. In addition. once a day (so long as the file that you specify appears every day). the event is triggered only when the file is removed and then recreated. you must first create the file-based event in the Events management area of the CMC. For instance. When the file that you specify appears. the Event Server triggers the event. BusinessObjects Enterprise Administrator’s Guide 511 . a daily report that is dependent upon a file-based event will run. you specify the log file in your file-based event. suppose that you want your daily reports to run after your database analysis program has finished and written its automatic log file. To create a file-based event Go to the Events management area of the CMC. Note: For information on scheduling an event-based object in the Objects management area of the CMC. 2. When the log file appears. File-based events File-based events wait for a particular file (the trigger) to appear before the event occurs. 1. The Central Management Server (CMS) then releases any schedule requests that are dependent on the event.

8. it can be based on the success or failure of a scheduled object. 6. The second object is 512 BusinessObjects Enterprise Administrator’s Guide . Ideally. Most importantly. Type a name for the event in the Event Name field. 4. That is. Note: Type the absolute path to the file that the Event Server should look for (for example. you must associate your schedule-based event with at least two scheduled objects. The drive and directory that you specify must be visible to the Event Server. select File. Type a filename in the Filename field. or it can be based simply on the completion of the job.20 Managing Events Schedule-based events 3. Schedule-based events Schedule-based events are dependent upon scheduled objects. a schedule-based event is triggered when a particular object has been processed. the directory should be on a local drive. or /home/folder/filename). When you create this type of event. the event occurs. 5. select the Event Server that will monitor the specified file. Complete the Description field. The first object serves as the trigger for the event: when the object is processed. In the Server list. Click OK. 7. C:\folder\filename. In the Type list.

see “Scheduling an object with events” on page 473. The New Event page appears. which means that the event is triggered only when program P1 runs successfully. To do this. and reports R1 and R2 are subsequently processed. Now. For more information on scheduling objects with events. BusinessObjects Enterprise Administrator’s Guide 513 . 4. and select your new schedule-based event as the dependency. 3. Schedule program P1 with events. this second object runs. To create a schedule-based event Go to the Events management area of the CMC. 5. you create a schedule-based event in the Events management area. Then.Managing Events Schedule-based events 20 dependent upon the event: when the event occurs. the schedulebased event is triggered. suppose that you want report objects R1 and R2 to run after program object P1 runs. You specify the “Success” option for the event. For instance. select Schedule. In the Type list. Complete the Description field. when program P1 runs successfully. and set program P1 to trigger the schedule-based event upon successful completion. you schedule reports R1 and R2 with events. Click New Event. 1. 2. Type a name for the event in the Event Name field.

you may have a scenario where you want to schedule a number of reports. For example. In the “Event based on” area. When you first trigger the related custom event in the morning. when clicked. both sets of programs run at that time.20 Managing Events Custom events 6. but you want to run them after you have updated information in your database. Click OK. BusinessObjects Enterprise then runs the reports. you can trigger Custom events from within your own code. Custom events are useful because they allow you to set up a shortcut that. see the developer documentation available on your product CD. As with all other events. Note: You can trigger a custom event multiple times. 7. Custom events A custom event occurs only when you explicitly click its “Trigger this event” button. one set of programs is run. an object based on a custom event runs only when the event is triggered within the time frame established by the object’s schedule parameters. For more information. the remaining set of programs is run. triggers any dependent schedule requests. create a new custom event. 514 BusinessObjects Enterprise Administrator’s Guide . and schedule the reports with that event. regardless of whether that object was processed successfully or not. Success or Failure The event is triggered upon completion of a specified object. If you neglect to trigger the event in the morning and trigger it only in the afternoon. For more information on event-based scheduling. Failure The event is triggered only upon non-successful completion of a specified object. as required. when you trigger the event again in the afternoon. For instance. and one set runs in the afternoon. see “Scheduling an object with events” on page 473. Tip: When developing your own web applications. return to the event in the CMC and trigger it manually. select from three options: • • • Success The event is triggered only upon successful completion of a specified object. you might schedule two sets of event-based program objects to run daily—one set runs in the morning. When you update the data in the database and you need to run the reports. To do this.

3. To trigger a custom event Go to the Events management area of the CMC. 6. 3. Select the event you want to grant access to. A message appears: “This event has been triggered.Managing Events Specifying event rights 20 1. 3. so you can use rights to hide events that aren’t applicable to a particular group. BusinessObjects Enterprise Administrator’s Guide 515 . For example. Click OK. you may want certain events to be triggered only by management or IT. Users will only be able to see events they have the rights to see. schedule an object that is dependent upon this event. those events won’t appear for a user from the HRadmin group. inheriting rights from the users’ parent folders. Click New Event. 2. Depending how you organize your events. To create a custom event Go to the Events management area of the CMC. select a custom event by clicking its link. you may have specific events that you want to be available only for certain employees or departments. select Custom. by granting only the ITadmin group access to IT-related events. In the Type list. 4. Click the Rights tab. 5.” Specifying event rights You can grant or deny users and groups access to events. For example. Complete the Description field. 2. Note: Before you trigger this custom event. events are based on current security settings. 1. Click Trigger this event. 1. Type a name for the event in the Event Name field. To grant access to an event Go to the Events management area of the CMC. In the Event Name column. this makes the event list easier for the HRadmin group to navigate. By default. Follow this procedure to change the rights for an event. 2.

8. Select the user or group you want to grant access to the specified event. Add Users. or Remove Users. Click Update. 5. 10. select the Add Users operation. 11. Click Add/Remove to add users or groups that you want to give access to the event. 7. To choose specific rights. Click OK. 6. On the Rights tab. Note: For complete details on the predefined access levels and advanced rights. select Add/Remove Groups. In the Select Operation list. choose Advanced. 516 BusinessObjects Enterprise Administrator’s Guide . The Add/Remove page appears. If you have many users on your system. then use the “Look for” field to search for a particular account. change the Access Level for each user or group.20 Managing Events Specifying event rights 4. as required. see “Rights and Access Levels” on page 563. 9.

General Troubleshooting chapter .

check that BusinessObjects Enterprise is integrated properly with your web environment. • • Determine whether the problem is isolated to one machine or is occurring on multiple machines. network and firewall configurations. For details. On Windows. patch levels. • • 518 BusinessObjects Enterprise Administrator’s Guide . For instance. and general network integration. database servers.21 General Troubleshooting Troubleshooting overview Troubleshooting overview BusinessObjects Enterprise is designed to integrate with a multitude of different operating systems. Thus. If the Job or Page Servers are running on Windows. open the report in Crystal Reports on the server machine and check that you can refresh the report against the database. see “Documentation resources” on page 519. verify your database connectivity and functionality from each of the affected machines. Verify that the problem is reproducible. In general. if a report fails to run on one processing server. and appropriate server software. For details. database servers. This chapter includes general troubleshooting steps along with solutions to some specific configuration issues. and take note of the exact steps that cause the problem to recur. and reporting environments. any troubleshooting that you may need to undertake will likely reflect the particularities of your deployment environment. For details. use the sample reports and sample data included with the product to confirm whether or not the same problem exists. • If the problem relates to connectivity or functionality over the Web. If the problem relates to report viewing or report processing. web servers. Look for solutions in the documentation included with your product. consider the following key points when troubleshooting: • Ensure that client and server machines are running supported operating systems. consult the Platforms. see “Report viewing and processing issues” on page 521. For details. included with your product distribution.txt file. see BusinessObjects Enterprise Installation Guide and “Web accessibility issues” on page 519. If the problem is isolated to one machine. database clients. pay close attention to any configuration differences in the two machines. see if it runs on another. including operating system versions. Use Crystal Reports to verify that the report can be viewed properly.

the BusinessObjects Enterprise installation creates virtual directories on the Internet Information Server (IIS) “Default Web Site. BusinessObjects Enterprise Administrator’s Guide 519 . BusinessObjects Enterprise also includes a number of manuals.” If you are using a web site other than the default. CHM and PDF files are located in the doc directory of your product distribution. For more information. see BusinessObjects Enterprise Installation Guide. These documents list supported third-party software along with any known issues or implementation-specific configuration details. as is the Platforms.txt file. Additional Compiled HTML Help (CHM) files are provided with the following client tools: • • • • • Central Configuration Manager Publishing Wizard Repository Migration Wizard Import Wizard Crystal Report Offline Viewer Press F1 or click Help to launch the online help from within these applications. Access the HTML versions from the BusinessObjects Enterprise Administrator Launchpad. files and updates.com/ Documentation resources The BusinessObjects Enterprise Release Notes are provided in the root directory of your product distribution. and Knowledge Base articles: http://support. These can be viewed and copied from the default web site to the web site you are using. Web accessibility issues Using an IIS web site other than the default On Windows. or from within the CMC or InfoView. Restart the web server once you have made these changes.businessobjects. user forums. BusinessObjects Enterprise also sets up several application mappings on the default site. you must copy the virtual directory configuration from the default web site to the web site you are using.General Troubleshooting Documentation resources 21 • Check out the Business Objects Customer Support technical support web site for white papers.

It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS. the following error occurs: NT Authentication could not log you on. then users must use Microsoft Internet Explorer. Use the CCM to start the CMS. If Windows NT Integrated security (NT Challenge/Response) is enabled in Internet Information Services (IIS) and in the Web Component Adapter (WCA). (If the CMS was already started. verify that the authentication type is set to Windows NT Authentication and not Enterprise. Investigate these common solutions: • Ensure that the specified authentication type corresponds to the user name and password provided on the log on page.21 General Troubleshooting Web accessibility issues Unable to connect to CMS when logging on to the CMC If you attempt to log on to the CMC while the Central Management Server (CMS) is not running. If your account is in any domain other than "DOMAIN NAME" you must enter your user name as DomainName\UserName. users must log on to the client machine with a valid NT domain user account before logging on to BusinessObjects Enterprise. In addition. Microsoft Internet Explorer users must provide a valid Windows NT user name. Netscape users must provide a valid Windows NT user name in the form of Domain\User. The web server and all BusinessObjects Enterprise components must be running on Windows NT/2000 for Windows NT authentication to work. the following error message appears: Unable to connect to CMS (<servername>) to retrieve cluster members. use the CCM to restart it. It must be in the form of Domain\User if the user account does not reside in the default domain of the CMS. To log on with a Windows NT user name. Logon can not continue.) Windows NT authentication cannot log you on When you attempt to log on to the Central Management Console (CMC) or to InfoView. This error may occur for various reasons. Please make sure your logon information is correct. Users must log on to BusinessObjects Enterprise with a valid Windows NT user name. • • • • 520 BusinessObjects Enterprise Administrator’s Guide .

If the report database server is on a remote machine. but runs successfully when scheduled. including operating system versions. the drivers and versions. refresh. or save the report. If the report fails when viewed on demand. If you follow these steps and the problem persists. Page Server. BusinessObjects Enterprise Administrator’s Guide 521 . it is especially useful to determine whether the problem is isolated to one machine or is occurring on multiple machines. 1. In particular. the DSN configurations. change the Page Server or Job Server to use a valid domain account with enough rights to view or process the report. the database server version that you are connecting to. If the reports are based off ODBC data sources. contact Business Objects technical support. you use Crystal Reports to simulate the steps that are performed by the BusinessObjects Enterprise processing servers when a scheduled report is processed. To troubleshoot a report Start Crystal Reports on the appropriate machine: • • If the report runs successfully on demand. if a report fails to run on one processing server.General Troubleshooting Report viewing and processing issues 21 Report viewing and processing issues When troubleshooting reports. If the problem is isolated to one machine. and general network integration. patch levels. and the accounts under which the processing servers are running. see if it runs on another. and the versions of the MDAC layer. compare the ODBC driver versions. and the driver name and version that you are using to connect. or when a report is viewed on demand over the Web. Before you call. Troubleshooting reports with Crystal Reports On Windows. For instance. you may be able to locate the source of the problem. By locating the step where Crystal Reports is unable to open. depending on your version of Crystal Reports. you can install Crystal Reports on all Job Server. In this way. but fails when scheduled. take note of the database client and version you are running. start Crystal Reports on the Job Server. pay close attention to any configuration differences in the two machines. Note: The exact steps and menu options may differ. start Crystal Reports on the Page Server. Check to see if the Page Server or Job Server is running under an account that has the appropriate access rights to the report database server. and RAS machines in order to speed up the troubleshooting of reports and database connectivity. check the database client configurations.

21 General Troubleshooting Report viewing and processing issues • • If the report fails when viewed on demand with the Advanced DHTML viewer. On the File menu. the CMS. and then save the report. If the values are invalid. 8. click Log On/Off Server. Crystal Reports will report an error. Crystal Reports will report any errors that it encounters within the report (such as formulas. then verify whether or not the problem is resolved on all processing servers. change the parameter values or record selection formula accordingly. If not. Verify resource allocation in case the machine is running out of memory or disk space. On the Database menu. ensure that the database credentials provide READ rights to all tables in the report. repeat the steps on a different processing server. Verify that the tables used in the report match the tables in the database. check the configuration of the database client software and ensure that the report contains a valid database user name and password. If the database credentials are valid. 6. 522 BusinessObjects Enterprise Administrator’s Guide . Go to the last page of the report. the temporary files increase in size. Click Enterprise Folders and log on to your CMS. Correct any issues reported by Crystal Reports. click Verify Database. the report’s SQL statement is evaluated at this time. If you cannot log on to the database server. if current data is not returned from the database. On the File menu. and other objects). click Open. clear the “Save Data with Report” check box. Test your database connection and authentication. Check the join information. As this happens. If the SQL statement is valid. Open the report from the CMS. 4. and the Input File Repository Server. subreports. Export the report to Crystal Reports format (or any other desired format). data begins to return to Crystal Reports. Note any ODBC errors that are produced. If the report fails in all cases. verify network connectivity between the server you are working on. start Crystal Reports on the RAS. 5. If the report’s parameters or record selection need to be modified by BusinessObjects Enterprise users when they schedule or view the report. 3. Refresh the report and. If you cannot open the report. check these possible causes: • • • If the report fails. first complete these troubleshooting steps on one processing server. 7. On the Database menu. 2.

BusinessObjects Enterprise servers require access to various local and/ or remote resources and to the database server. the report will not display. see “Configuring Windows processing servers for your data source” on page 132. Experience shows that running the Page Server. 3. 9. To change a server’s logon account. Tip: Running a background application under an Administrator account does not inadvertently grant administrative privileges to another user. test database connectivity by opening the report in Crystal Reports on the server. Verify the server’s access to ODBC Data Source Names (DSNs). 2. 1. Job Server. 10. save it back to the CMS. BusinessObjects Enterprise Administrator’s Guide 523 . Troubleshooting reports and looping database logon prompts A common issue when viewing reports over the Web is a persistent database logon prompt that is displayed repeatedly by the user’s browser. Repeat the activity that caused the original report to fail: view the report on demand over the Web. Regardless of the credentials provided by the user. Job Server. Change the server’s logon account. or schedule the report for processing. If the report now refreshes successfully. or RAS machine. because users cannot impersonate services. This section provides a series of troubleshooting steps that should resolve this problem and others that are specific to reports and database connectivity.General Troubleshooting Report viewing and processing issues 21 This step ensures that Crystal Reports is able to create temporary files that are required in order to complete the processing of a report. To troubleshoot reports and looping database logon prompts Verify the report with Crystal Reports. Use Crystal Reports to verify the report. Close the report. If you have the Crystal Reports Designer installed on the Page Server. This problem is typically caused by the configuration of the Page Server or the Report Application Server (RAS). 11. Close Crystal Reports. see “Troubleshooting reports with Crystal Reports” on page 521. For details. 12. and Web Component Adapter (WCA) under a Domain Administrator account allows them to access the components necessary to connect successfully to data sources. RAS.

524 BusinessObjects Enterprise Administrator’s Guide . 4.INI Consult your Windows documentation for information about working with the registry. (In this scenario. If you are not using ODBC. the processing server must have permission to access the corresponding DSN configuration. Page Server. This information is stored in the Windows registry. If the report is based off an ODBC data source. depending upon the database that you are reporting off of. As in step 2. see “Configuring NTFS Permissions” on page 569. see “Configuring Windows processing servers for your data source” on page 132. and set up each System DSN identically on every Job Server. the BusinessObjects Enterprise services cannot use the database client software to communicate with the database. For details.21 General Troubleshooting Report viewing and processing issues Base reports off System DSNs (and not File or User DSNs). Insufficient NTFS rights on the server may cause a number of problems to arise when you view reports over the Web. the database client software must be installed on each machine that will process reports. and RAS require Full Control or Special Access to the ODBC registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC. and RAS machine that will process the report. Check whether or not NT authentication is performed by the database. Determine the configuration of the database client software. Page Server. On Windows. Sybase. BusinessObjects Enterprise does not pass endusers’ NT tokens through to the database server. the Job Server. For the minimum set of NTFS permissions required by BusinessObjects Enterprise. you can instead change each ODBC DSN so that it implements SQL Server Login instead of NT authentication. Verify the NTFS permissions granted to the Job Server. many database clients store their configuration in the registry below HKEY_LOCAL_MACHINE. Additional configuration may be required. each server’s logon account determines the level of access it is granted by the database. 6. changing each server’s logon account to that of a Domain Administrator account should resolve such problems. Page Server. Page Server. and RAS. 5. If your database client stores its configuration below HKEY_CURRENT_USER.) To retain the access control levels that are set up within the database. and RAS must run under a Windows NT/2000 domain user account that has access to the appropriate database tables. and so on). If you report against a database that uses NT authentication for access control (Microsoft SQL Server. The Job Server.

General Troubleshooting Report viewing and processing issues 21 7. 11. BusinessObjects Enterprise servers are generally most affected by the TMP and TEMP environment variables. see “Ensuring that server resources are available on local drives” on page 526. ensure that the report references its data source with the appropriate UNC path. instead of through mapped drives. the BusinessObjects Enterprise servers are unable to retrieve data from the database. Because the servers are run as services. 12. it is recommended that you create System Environment variables if they do not already exist. A list of these thread-safe drivers is available in the Crystal Reports Release Notes. the database may not service another request until the connection has been closed. If all database client licenses are in use. you may need to perform additional configuration. Check for problems with particular data sources. If a database connection is not closed quickly. To decrease the “Minutes Before an Idle Job is Closed” setting. Environment variables are used by the operating system to govern and manage system files for particular users. BusinessObjects Enterprise Administrator’s Guide 525 . However. Use multi-threaded database drivers. they cannot access the User Environment variables that are created by default. For details. see “Modifying Page Server performance settings” on page 115. Therefore. Check that database connections are closed in a timely fashion. 8. Consult your Windows documentation for details. Download the latest instructions from the Business Objects Customer Support Knowledge Base. 10. Reference remote data sources with UNC paths. Ensure that servers have access to remote databases through UNC paths. For example. Multi-threaded database drivers allow the processing servers to connect to the database without having to wait for the database to fulfill initial requests. Ensure that you have enough database client licenses. If your report is based on a Lotus Notes database. if you design a report off a PC database that resides on a network drive. 9. On Windows. Check the available environment variables. Crystal Reports now includes a number of thread-safe native and OLEDB drivers. ODBC connections are typically recommended because they provide multithreaded connections to the database.

For example. because UNC paths can limit performance due to limitations in the underlying protocol. because the servers do not actually log on to the network with that 526 BusinessObjects Enterprise Administrator’s Guide . you can specify the root directory for each File Repository Server. once a drive is mapped. when you restart the local machine. when you log on and map a local or network drive. but. Do not use Universal Naming Convention (UNC) paths or mapped drives. Note: Changing a server’s log on account from the LocalSystem account to a Windows NT/2000 user account with network privileges will not resolve the problem. Although some BusinessObjects Enterprise servers can recognize and use UNC paths. the server may appear to function correctly. the directory that you specify must be on a local drive (such as C:\InputFRS or C:\Cache). See the Business Objects Customer Support Knowledge Base for discussions of this and other DB2 clients. whose ODBC drivers were written for actual programmatic interaction with products like BusinessObjects Enterprise. see “Configuring Windows processing servers for your data source” on page 132. the mapped drive is not restored until you log back on. The recommended client is IBM DB2 Direct Connect. However. it is available to the entire operating system. and hence to the BusinessObjects Enterprise servers running on the local machine. many can be configured to use specific directories to store files. if you configure a server to use a mapped drive. In all cases. or the directory from which the Job Servers load processing extensions. the mapped drive is accessible to the LocalSystem account.21 General Troubleshooting Report viewing and processing issues IBM offers several client applications for connecting to DB2. However. Ensuring that server resources are available on local drives When the BusinessObjects Enterprise servers are running on Windows. If you encounter problems with any other specific data sources. do not configure the servers to access network resources in this manner. Use local drives instead. So. For details. check the Knowledge Base for the latest information. the servers may retain access to the mapped drive for some time (Windows will release the drive mapping if no application maintains a persistent connection to the mapped resource). the service must run under a domain user account with network permissions. the temporary directories for the Cache and Page Servers. Similarly. Drives are mapped according to your user profile when you log on to Windows NT/2000. In this case. Tip: If your report runs against a PC database that resides on a network drive. servers cannot access mapped resources when the machine is restarted. When you log off the local machine. then the report itself must reference its data source through a UNC path.

Instead. A user can also select alternate destinations in InfoView by updating the Destination option. unless the user changes the Destination option.” This provides access to some profile-specific resources (such as printers and email profiles). use the Preferences Manager. For more information about using specific time-zone properties in your custom web applications. use the CCM to restart it. If the user selects the Default destination setting in BusinessObjects Enterprise Administrator’s Guide 527 . Use the CCM to start the Page Server and then enable it.General Troubleshooting InfoView considerations 21 account. To view or modify the time-zone setting for any user account. Dedicated accounts are recommended because the default Guest account does not allow users to modify account preferences that would affect other users. and that each user's InfoView preferences include the appropriate time-zone setting. Note that the destination set in InfoView applies only to the scheduled instance.Cacheserver] This error indicates that the Page Server is not started and enabled. (If the Page Server was already started and enabled. Instead.) InfoView considerations Supporting users in multiple time zones Avoid granting Schedule access to the default Guest account if you deploy InfoView for users in different time zones. Page Server error when viewing a report When you attempt to run or preview a report. but not others (such as ODBC User Data Source Names and mapped drives). the following error message appears: There are no Page Servers connected to the Cache Server or all the connected Page Servers are disabled. which is available as a Client Sample on the Crystal Enterprise User Launchpad. the destination that is set in the CMC will be selected. the servers perform “account impersonation. [On Page Server : <servername>. when a user schedules another instance in InfoView. Please try to reconnect later. a report's destination that is set in the CMC will be the selected destination when a report is scheduled in InfoView. Thus. see the BusinessObjects Enterprise SDK documentation. ensure that each user who is allowed to schedule reports has a dedicated account on the system. Setting default report destinations By default.

528 BusinessObjects Enterprise Administrator’s Guide . reports are processed on the Job Server and sent to the File Repository Server.21 General Troubleshooting InfoView considerations InfoView. The Default destination setting in InfoView is equivalent to the Default destination setting in the CMC.

Licensing Information chapter .

For example. Processor licenses are based on the number of processors that are running BusinessObjects Enterprise. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. Concurrent licenses specify the number of people who can connect to BusinessObjects Enterprise at the same time. This provides named users with access to the system regardless of how many other people are connected. 500. 530 BusinessObjects Enterprise Administrator’s Guide . For more information about licenses. count the number of processors on any servers running any component of BusinessObjects Enterprise. RAS Report Modification licenses are also available. sessions. these licenses add standard report-creation and report-modification wizards to InfoView. You can purchase concurrent. You may want to purchase named user licenses for people in your organization who require access to BusinessObjects Enterprise at all times. named. Note: If you are upgrading from a trial version of the product. so users can create and modify reports over the Web in an ad hoc fashion. Named user licenses are associated with specific users and allow people to access the system based on their user name and password.22 Licensing Information Licensing overview Licensing overview BusinessObjects Enterprise is a scalable product that provides you with the ability to add license keys as the demand for report information increases in your organization. and processor licenses. you could purchase a named user license for each of the 25 managers and a concurrent license for 175 general users. a 100 user concurrent license could support 250. To determine the number of processor licenses you require. and session handling see “BusinessObjects Enterprise Security Concepts” on page 227. This type of licensing is very flexible because a small concurrent license can support a large user base. thereby providing you with tools for building your own webbased reporting and query tools. or 700 users depending on the frequency with which the system is accessed and the number and size of the reports. BusinessObjects Enterprise Embedded or RAS Report Modification licenses enable the Report Application Server’s Software Development Kit (SDK) for report-creation. For example. In addition.

go to: http://www. The details associated with the key appear in the Licensing Information area. To purchase additional license keys: • • Contact your Business Objects sales representative. Contact your regional office. Select a license key. and processor licenses associated with each key. 2.com/company/contact_us/ BusinessObjects Enterprise Administrator’s Guide 531 .businessobjects. named. 1.Licensing Information Accessing license information 22 Accessing license information The License Keys tab identifies the number of concurrent. Go to the License Keys management area of the CMC. For details.

2. be sure to delete the Evaluation key prior to adding any new license keys or product activation keycodes. along with additional job metrics. 2. Go to the License Keys management area of the CMC. The key is added to the list.22 Licensing Information Adding a license key Adding a license key Note: If you are upgrading from a trial version of the product. Go to the Settings management area of the CMC. Note: Key codes are case-sensitive. 3. Click Add. 532 BusinessObjects Enterprise Administrator’s Guide . This tab displays current license usage. Click the Metrics tab. 1. Viewing current account activity 1. Type the key in the Add Key field.

Licensing Information Viewing current account activity 22 Feature Crystal Repository refresh Insert subreport Unicode support Setting locale of the Report Engine New viewer architecture Smart Tags Exporting page ranges New Excel export options OLAP integration Export drill down views Embed URL link to report in email Set database location Custom printer settings Java SDK .NET SDK RAS support for processing extensions Distributed servers Ability to define users/ personalization Concurrent users Third-party authentication support Events Object distribution (Destinations) BusinessObjects Enterprise Mobile Desktop Server group re-direction Express X X X X X X X X X X X X Professional X X X X X X X X X X X X X X X X X X X X X X X X X X X BusinessObjects Enterprise Administrator’s Guide 533 .

22 Licensing Information Viewing current account activity 534 BusinessObjects Enterprise Administrator’s Guide .

x to BusinessObjects XI appendix .BusinessObjects Enterprise Administrator’s Guide From BusinessObjects 6.

but are not part of it.A From BusinessObjects 6. Although the applications in each row belong to the same area of functionality.x column and those in the BusinessObjects XI column are not necessarily equivalent: In BusinessObjects 6.x In BusinessObjects XI • • • Designer Supervisor Supervisor over the Web • • • Designer Business View Manager Central Management Console Several applications allow you to add • Publishing Wizard objects to the repository. InfoView • • • • • • • • • Web Intelligence Crystal Reports OLAP Intelligence OLAP Intelligence Designer Central Management Console (CMC) Developer Suite Performance Management (formerly Application Foundation) Data Integrator Import Wizard The Application Foundation suite and Data Integrator are available to complement the BusinessObjects 6. • • • • • • • • • • Administration Console Auditor InfoView BusinessObjects BusinessQuery WebIntelligence WebIntelligence for OLAP Data Sources Broadcast Agent Developer Suite • • • Central Configuration Manager Central Management Console Auditing is incorporated in the Central Management Console.x to BusinessObjects XI Product offering Product offering Here is a list of the applications in each version’s offering.x suite. 536 BusinessObjects Enterprise Administrator’s Guide . those in the BusinessObjects 6. Several other applications allow you to add objects to the repository as well.

portal pages.x BusinessObjects 6. The presentation layer contains the web and application servers.From BusinessObjects 6. and WIStorageManager. scheduling. and HSAL). BusinessObjects 6. The application services layer provides the essential framework and services to the processing layer. such as WISessionManager. etc. WILoginServer. The database tier is made up of the databases containing the data used in documents and reports.x is organized five logical layers: • • • • • The client tier contains products or features that run on the end-user’s computer (either as a standalone application or in the web browser). as well as the Business Objects components hosted on them (server SDKs. Dispatcher. servlets. as well as the additional components that implement business logic (portal workflows.). The processing layer contains report engines.x to BusinessObjects XI Architecture A Architecture The overall architecture of the two systems is organized in a similar manner. BusinessObjects Enterprise Administrator’s Guide 537 . repository access.

managing audit information. • The processing tier accesses the data and generates reports.x reports only. Transactional workflows are therefore simplified. routing requests to the appropriate processing layer services. rather than a provider of shared services such as WIQT.x system.” or processes. with each server processing requests for a specific type of object. than the BusinessObjects 6.x context. There are no strict equivalents for these servers in the BusinessObjects 6. In a BusinessObjects 6. 538 BusinessObjects Enterprise Administrator’s Guide .A From BusinessObjects 6.x processing layer. which plays a shared role in several types of processing workflows. maintaining security information.x to BusinessObjects XI Architecture BusinessObjects XI BusinessObjects XI is organized into five tiers: • The client tier contains client applications. • The data tier is made up of the databases containing the data used in reports. as well as the Business Objects components hosted on them. and storing report instances for rapid report viewing. which processes WebIntelligence 6. this corresponds a dedicated role such as WIReportServer. • The application tier includes the web and application servers. • The intelligence tier manages the BusinessObjects XI system. This layer contains fewer “servers.

The repository is used to secure access to your data warehouse and to provide an infrastructure for distributing information to be shared by users. such as Web Intelligence WID files.x Repository The BusinessObjects 6. categories and parameters.x suite uses a repository — a database that is stored in a relational database management system.x deployment. groups. Making sure the repository database has enough space is therefore critical. it also contains pointers to the physical objects. See “Migration” on page 542.). Although the repository database stores specific information about the objects published to it. including users. The repository database actually contains the data associated with the security. you can import its contents (user rights. It can also contain universe and document domains. servers.From BusinessObjects 6. universe UNV files and third-party documents. security. stored in storage associated with the File Repository Servers. The CMS is the central service/daemon in the BusinessObjects Enterprise XI system (see its entry further along in this table). Crystal Reports RPT files. BusinessObjects Enterprise Administrator’s Guide 539 .x to BusinessObjects XI Basic terminology A Basic terminology Here are some of the main differences in terminology between the two releases: In BusinessObjects 6. it does not actually store physical copies of the objects. etc. folders. Although the security domain itself is not imported. they are made into folders in the CMS database. universe and document domains. as one of the databases maintained by the Central Management Server (CMS). Repository domains The repository must have a security domain. In BusinessObjects XI The repository exists here as well. When universe and document domains are imported from a BusinessObjects 6.

A From BusinessObjects 6. such as users/groups.x to BusinessObjects XI Basic terminology In BusinessObjects 6. and as daemons under UNIX. for example. administers scheduling tasks. The CMS serves as the central nervous system of the BusinessObjects Enterprise intelligence layer. and services. concerns processes. They run as services under Windows. Disabling the CMS is roughly equivalent to disabling the Session Stack (starting with version 6. In BusinessObjects XI Central Management Servers (CMS) The CMS is a single service which provides framework services. security management. In addition it maintains the repository and audit databases.1. Modules Processes used in Business Objects transactions which can be configured through the Administration Console are called modules. A few examples of modules are: Broadcast Agent Manager (which manages Schedulers) • WIStorageManager • • • • • A few examples of servers are: Job Server the File Repository Servers Web Intelligence Report Server WIReportServer 540 BusinessObjects Enterprise Administrator’s Guide . or server machines. Servers Processes in the BusinessObjects Enterprise XI system are called servers. the Business Objects server back end must be installed on the cluster’s primary node and all secondary nodes. The CMC’s ability to enable/disable and even group servers. the set of core processing modules enabled or disabled as a group).x Business Objects servers At a minimum. security levels. and also is responsible for maintaining the database (CMS database) containing system information. not actual Business Objects servers. This installs all the processing layer modules on the server machines.

There is one and instruct the new CMS to connect to the existing only one primary node in a cluster. Each server hosts the entire set of Business Objects modules.installed CMS. prefaced by “@”. which instructs the Job Server to process the job on a schedule managed by the CMS. the new cluster is given the name of the is a primary node. Both primary and secondary nodes are considered cluster nodes. first installed CMS. WIReportServer Corporate documents page File Watcher allows the processing of a scheduled task only when a specified file is present in a specified location. the Session Stack must be activated in order for the server to contribute to cluster processing. if CMS database and to share the processing the cluster contains only one node. BusinessObjects Enterprise Administrator’s Guide 541 .From BusinessObjects 6. When a cluster contains more than one server machine. The CMSs can be on the same machine or on different ones. Other processes (servers) can be installed and run on other machines. you central coordinator amongst all the nodes in the cluster. WebIntelligence Application servers Broadcast Agent Web Intelligence Web application servers Scheduling functions are handled by the CMS. it is called a distributed deployment.x Clusters A cluster is one or more Business Objects servers which provide the functional processing for a given BI portal. as well as optional services. When you add a new CMS to a deployment • The primary node serves as the containing a previously. Clusters can contain the following elements: The distinction between primary and secondary nodes does not apply. Schedule-based and custom events. A CMS cluster is called an expanded deployment. • Optional secondary nodes run the ORB components required to communicate with the primary node and start Business Objects processes on the secondary node(s). on the other hand. This means that at a minimum only the CMS component must be installed and activated on the machine. are managed by the CMS. In BusinessObjects XI CMS clusters A Central Management Server cluster (CMS cluster) consists of two or more CMSs working together to maintain the system databases and repository. Web Intelligence Report Server Public folder The Event Server manages file-based events. By default. it workload with any existing CMS machines.x to BusinessObjects XI Basic terminology A In BusinessObjects 6.

This property must be reset manually by the administrator at the global level. and reports from BusinessObjects 6.A From BusinessObjects 6. • WebIntelligence OLAP • • • • Custom applications and interfaces created using the SDK Broadcast Agent Scheduler or Publisher tasks BusinessObjects Auditor Timestamps Migration and mapping of specific objects Here is some important information about migrating specific objects from BusinessObjects 6. This Wizard and how to use it is described in the BusinessObjects Enterprise XI Installation Guide. Password Validity settings 542 BusinessObjects Enterprise Administrator’s Guide . Instructions are in the Report Migration Utility guide. users and groups. universes. Here is a summary of what the Import Wizard does and doesn’t import: The Import Wizard imports: The Import Wizard doesn’t import: • • • • • • Users and groups WebIntelligence reports Universes Connections Categories Security • BusinessObjects documents To migrate .wid format. you can use the Report Migration Utility. you use the Import Wizard. • • • • Identification Strategy Logon Enable Real Time User Rights Update Enable Password Modification flag This maps to the User cannot change password property.x.x to BusinessObjects Enterprise XI: Object User properties Specific migration information These properties are not mapped. delivered with the BusinessObjects 6.x to BusinessObjects XI Migration Migration To import repository objects such as domains. categories.rep documents to .5 suite. documents. universe restriction sets. which when True. means what it says.

x map to appropriately-named user groups. Administrators need to create dynamic groups. If Inbox already includes duplicate documents.x to BusinessObjects XI Migration A Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. For example.From BusinessObjects 6. object levels in BusinessObjects 6. Dynamic groups are mapped with Enterprise authentication.x continue to refer to them in BusinessObjects Enterprise XI. but instead simply granted the appropriate rights on all imported objects. are not mapped to the Administrators group. The Company group maps to the Everyone group. Document and universe domains become folders with the same name. After migration. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI. Inbox documents are imported to the Inbox folder. Both personal and corporate categories are imported. Documents and universes cannot be imported unless their domain is imported as well. The Import Wizard maps static LDAP groups. where only the BusinessObjects administrator and their owners have access to them. General Supervisors become members of the Administrators groups. When you import corporate categories. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6.x domains. Personal documents are imported to the user’s Favorites folder. User profiles Groups External groups Inbox documents Personal documents Categories Domains BusinessObjects Enterprise Administrator’s Guide 543 . Supervisors. Any personal or corporate categories that referred to these documents in BusinessObjects 6. which manage all document instances that have been scheduled or published to the repository. on the other hand. they are also migrated to the File Repository Servers. Most BusinessObjects 6.x user profiles map to default groups in the new system. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels.

Inbox documents are imported to the Inbox folder. If Inbox already includes duplicate documents. Personal documents are imported to the user’s Favorites folder.A From BusinessObjects 6. you can select individual categories and subcategories to import into BusinessObjects Enterprise XI. they are also migrated to the File Repository Servers.x continue to refer to them in BusinessObjects Enterprise XI. When you import corporate categories. General Supervisors become members of the Administrators groups. are not mapped to the Administrators group. but instead simply granted the appropriate rights on all imported objects. After migration. Administrators need to create dynamic groups.x domains. For example. The Company group maps to the Everyone group. Documents and universes cannot be imported unless their domain is imported as well. User and group access to these folders is equivalent to the rights they had on the BusinessObjects 6. Both personal and corporate categories are imported. where only the BusinessObjects administrator and their owners have access to them.x user profiles map to default groups in the new system. object levels in BusinessObjects 6. User profiles Groups External groups Inbox documents Personal documents Categories Domains 544 BusinessObjects Enterprise Administrator’s Guide . Supervisors.x to BusinessObjects XI Migration Object Object Security level Specific migration information Expressed as limit rights set on the universe folder. Users with the User/Versatile profile are added to an Object Level Security group based on their Object Security levels. The Import Wizard maps static LDAP groups. on the other hand. Most BusinessObjects 6. Any personal or corporate categories that referred to these documents in BusinessObjects 6. which manage all document instances that have been scheduled or published to the repository.x map to appropriately-named user groups. Document and universe domains become folders with the same name. Dynamic groups are mapped with Enterprise authentication.

x universe IDs are updated to BusinessObjects Enterprise XI IDs and CUIDs: • For universes: Universe ID. A delegated administrator may nonetheless be able to view imported objects (such as connections) that were previously hidden in the source deployment. imported “delegated administrators” will inherit the rights specified for the Everyone group for access to such objects. in particular. BusinessObjects XI provides the ability to specify global rights for Web Intelligence. events. or only those associated with the WebIntelligence reports being imported.g. Along with the ability to specify rights at the object level. Delegated Administration does not support “modes”. and Performance Manager applications. BusinessObjects 6. connection ID.x to BusinessObjects XI Migration A Object Universes Specific migration information Users can choose between importing all universes and connections. By default. Secured or Extended mode. etc.x universe use the same universe in BusinessObjects Enterprise XI. WebIntelligence documents that used a BusinessObjects 6. BusinessObjects Enterprise Administrator’s Guide 545 .From BusinessObjects 6. Import attempts to set rights in the destination deployment that are at least as restrictive as the effective rights in the source deployment. each of which defines a different level of access to user/group information and management.).x (e. General supervisors can limit other supervisors’ access by setting their scope management setting to Standard. Dashboard Manager. This is true for all restrictions that limit modification and administration of objects. and core universe ID • For Web Intelligence reports: universe ID Scope management is a Supervisor option which allows you to control the extent of the access that all supervisors are granted to users and user groups. Although this feature is mapped to the Delegated Administration feature in Business Objects Enterprise XI.x (as applied to the integrated components) are available in BusinessObjects XI. calendars. Scope management Migration of user rights Key security features provided by BusinessObjects 6. the two features are not strictly equivalent. It is recommended to verify effective rights on imported objects for “delegated administrators” after import and to set appropriate rights for access to objects that only exist in BusinessObjects Enterprise XI and not in BusinessObjects 6.

domain folder.x Default Value in Version XI Aggregation Rules Aggregation in Version 6.x Migrated to BusinessObjects Enterprise XI as.) Enabled Denied Security Command Right • • • If hidden anywhere. or content object Right to view domain folder Right to view content object Different default and aggregate rules The fundamental default and aggregate rules governing rights change radically in BusinessObjects Enterprise XI. then denied Domain Access Right Document/ Universe Access Right Granted Denied If granted (or unspecified) anywhere: granted If granted anywhere: granted If unspecified or denied anywhere. Product Access (PA) right Security Command right Domain Access right Document/Universe Access right Right to view application object Right to application object.x = denied in XI If unspecified or denied anywhere. to maintain greater system security: Right Type (6.. then disabled Otherwise. then hidden If disabled anywhere. enabled • • Hidden in 6.x Rules in Version XI If granted (or unspecified) anywhere: granted If unspecified or denied anywhere. then denied Denied Denied 546 BusinessObjects Enterprise Administrator’s Guide .. then denied If unspecified or denied anywhere.x) Product Access (PA) Right Default Value in Version 6.x to BusinessObjects XI Migration The following identifies the migration path for integrated rights: Right Type in BusinessObjects 6. then denied Granted Denied (The Designer and Supervisor PA right is set to Denied on the root folder at install time.A From BusinessObjects 6.

you add additional cluster nodes to a cluster. This installs the entire set of processes required for system processing on each machine. configuration. can be hosted on machines running completely different (but supported) operating systems. BusinessObjects Enterprise Administrator’s Guide 547 . and deployment A Installation. configuration. the Session Stack must be activated on each cluster node to share the transaction load. At a minimum. The other “servers” in the intelligence layer. To add a cluster node. In BusinessObjects XI The CMS “servers” in a BusinessObjects Enterprise XI cluster must all be running on machines running the same operating system and version. you must install Business Objects server on the node machine.From BusinessObjects 6.x Server operating systems BusinessObjects 6.x to BusinessObjects XI Installation. The CMS does not need to run on each machine. Initial installation options • Desktop • • Server Custom • • • • • Client Server The Server option provides three installation options: New Expand Custom Distributed deployments To distribute processing. such as the Job Server. and deployment: In BusinessObjects 6.5 supports heterogeneous clusters. You can distribute a single deployment’s transactional capabilities on the same machine by creating multiple instances of a “server”. configuration. and deployment Here is an overview of key differences in installation. in which Business Objects servers are hosted on Windows and UNIX machines. This capability offers you the ability to scale your system vertically (more services on the same machine) or horizontally (more machines). or you can install on additional machines to distribute the load. however.

The WCA allows your application server to run BusinessObjects Enterprise applications making Crystal Web Requests.A From BusinessObjects 6. For information on deploying web For information on deploying web applications on application servers.x to BusinessObjects XI Installation. MySQL is installed. the installation procedure automatically installs and configures Microsoft Data Engine (MSDE) as the CMS database. in this table. Silent installation You must install a Web Component Adapter (WCA) on any machine hosting an application server. the default user and group accounts are created. After installation. then using it to configure the server as a client node of the cluster. In similar circumstances in UNIX environments. see “Deploying web applications” on page 550 applications” on page 550 in this table. In BusinessObjects XI Setting up the CMS database. and you do not choose to connect the CMS to an existing database. Command-line installation Application servers Application servers communicate with the Business Objects cluster through the ORB. When the installation is complete. the client and server components are installed. or by configuring the ORB manually. which includes the repository. is an integral part of BusinessObjects Enterprise installation. 548 BusinessObjects Enterprise Administrator’s Guide . you can select or create a new CMS database at any time using the Central Configuration Manager (CCM). In a New server installation.x Installation and the repository Repository creation is completely independent of the installation of Business Objects software. If the application server is hosted on a machine which is neither a primary nor secondary node. InfoView doesn’t need it unless users will be viewing OLAP Intelligence documents. see “Deploying web applications on application servers. When you perform this installation. Not all applications require the WCA. you must configure the ORB on it in order to allow it to communicate with the cluster. if you install a Central Management Server in a Windows environment. You configure the ORB on the application server machine either by installing the Configuration Tool on that machine. and to host the Central Management Console. and deployment In BusinessObjects 6. Installing BusinessObjects Enterprise XI on the same machine as the application server is called a server-side installation. For example. and the sample reports are published to the system. configuration. the servers are started as services on the local machine.

The subsequent machines on which you install the CMS become part of a CMS cluster named <@Name of First CMS>. see “Deploying web applications” on “Deploying web applications” on page 550 page 550 in this table. You configure the cluster’s primary node and then its secondary nodes. This creates a cluster of one and sets the cluster up for subsequent Expand installs. configuration. which add additional CMSs to the cluster.x Web servers To configure the web server to work with a cluster. License key management Before installation. BusinessObjects Enterprise Administrator’s Guide 549 . At the installation of each additional CMS. You can view your deployment’s current license keys. you specify where these XML files are located. During installation. see web servers. in this table. OLAP Intelligence is installed separately. This makes it part of the cluster. When you install the first Central Management Server (typically a New install). In BusinessObjects XI If you connect BusinessObjects Enterprise to a web server. the web server must be able to communicate with the machine that runs your Web Component Adapter (WCA). License keys are stored in the CMS database. you can define it as a cluster.From BusinessObjects 6. Configuring clusters and the ORB You create clusters and configure their ORB on their nodes using the Configuration Tool. you specify the name of the first CMS you installed. you copy your license key to a directory to which all nodes or application client machines have access. using the CMC. and deployment A In BusinessObjects 6. you must install a third-party connector to the cluster’s application server. as well as add or delete them. For information on deploying web For information on deploying web applications on applications on web servers. OLAP You install Web Intelligence for OLAP Data Sources using the standard installation process.x to BusinessObjects XI Installation.

and deployment In BusinessObjects 6. you must deploy web applications manually. you must create a new. This database will be configured during the install. If you choose a New installation and are using IIS or Apache/Tomcat. using the Supervisor application. Whenever you add a new CMS to a cluster in an Expand installation.x In BusinessObjects XI • • • • • Available web applications Administration Console InfoView Auditor Supervisor over the Web • • • • Central Management Console InfoView Performance Manager applications (formerly Application Foundation). • You can manually deploy the application on all other supported web and/or application servers. configuration. Repository creation You create the repository after installation and configuration.x to BusinessObjects XI Installation. Deploying web applications You can deploy web applications in three ways: • If you’re using IIS or Tomcat/Apache.key file corresponding to the repository on each node in the cluster. To use your own database server. Otherwise. the Configuration Tool can deploy the applications automatically on web and application servers. • You can use the wdeploy tool. 550 BusinessObjects Enterprise Administrator’s Guide . a command-line utility that you can run on all other supported application and/ or web servers. you define the connection to the initial CMS’s database.A From BusinessObjects 6. Application Foundation applications can also be deployed. J2EE only Custom web applications developed using the SDK Custom web applications developed using the SDK Although not part of the BusinessObjects 6. If you do not have a supported database client on the machine. the Business Objects web applications are deployed automatically on the web and/or application server. unless you are deploying to an existing Java application server. you must copy the bomain. After repository creation. empty database on your database server prior to running the installation.x suite. This allows the server to connect to it. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database.

Unicode databases are not supported for repositories or BusinessObjects documents. which must run on the same operating system within a single cluster. and WIReportServer. You can choose between Microsoft AD or an LDAP user management system for external authentication sources. are designed to be multi-instance on cluster nodes. Implementing an authentication method is broken down into selecting an authentication mode. When users log into the system. Unicode databases In BusinessObjects XI Multiple instances of the same service can run on the same machine (providing vertical scaling).1. You use the Administration Console to set the number of instances in each process pool. store information in different languages and centralize all the information in a company. BusinessObjects.5. In BusinessObjects XI.x Multiple service instances In BusinessObjects 6. is supported as a data source for Web Intelligence reports. which can All CMS databases must support the Unicode protocol. or External.exe (Windows)/bolight (UNIX).x applications use a very different security model than that provided with BusinessObjects Enterprise XI. authentication is defined for an entire cluster and/or all desktop users. security is much more granular. Connection Server.x. in any mixture of supported operating systems. The single exception is the Central Management Server.From BusinessObjects 6. or on separate machines (for horizontal scaling). BusinessObjects Enterprise Administrator’s Guide 551 .x systems are encouraged to read with attention the documentation shipped with BusinessObjects Enterprise XI. then its source. but may enter their authentication method as well. when you create the user’s account.5 also supports multiple Business Objects servers on the same UNIX box. and as such.x to BusinessObjects XI Security A In BusinessObjects 6. Through BusinessObjects 6. administrators of BusinessObjects 6. External then Repository. certain modules such as WIQT. The use of Unicode databases. BusinessObjects 6. You implement an authentication method for each user. which can be Repository. they specify their username and password. Security BusinessObjects 6.

name and password against the security information stored in the CMS database.x In BusinessObjects XI bomain.key tells Business Objects There is no bomain. Each CMS is configured either at installation or subsequently using the Central Management Console (CMC) to connect to a specific database. At login. Windows NT or Active Directory.x to BusinessObjects XI Security In BusinessObjects 6. You configure authentication in the Authentication management area of the CMC. or authentication modes. Configuring authentication and authorization You set authentication/authorization for the entire cluster using the Security Configuration Tool. using the CMC. you don’t need to create the settings for each user individually. or create new aliases then assign them to exiting users in the system.5. You can even assign multiple aliases.1.A From BusinessObjects 6. Setting the authentication and authorization methods Up through version 6. If you import external users via LDAP. you set authentication/authorization for the entire cluster using the Security Configuration Tool. to a single user. users are automatically created. the Central applications where to find the repository’s management Server (CMS) verifies the user security domain. You select the authentication method for each user at the creation of the user’s account.key The bomain. So if you are not using complex scenarios in which users can log on with both NT and LDAP authentications. 552 BusinessObjects Enterprise Administrator’s Guide .key file.

x) Windows NT authentication Single-Sign-On (SSO) To enable SSO. This means. but is available for certain authentication modes. that you could allow a group to refresh document A.From BusinessObjects 6. universes.x to BusinessObjects XI Security A In BusinessObjects 6. you must use LDAP for external user management. Authorization You can use security commands in Supervisor to restrict user and group access to functionalities in Business Objects products. such as SAP authentication. folders. End-to-end single sign-on includes SSO to the database at the back end. an industry standard method of controlling cascading security access. and role level security at the object level. the imposition of restrictions is much more granular. for example. See below. categories. if you grant a group the right to refresh. • • • Enterprise authentication (automatically enabled when you install the system. For example. and connections. to documents. Because of the use of Access Control Lists (ACL). but not refresh document B. Single Sign-On to BusinessObjects Enterprise can be provided through the use of third-party systems such as Windows AD or Netegrity SiteMinder. group. Note: If you use SiteMinder.x In BusinessObjects XI • • • • Available authentication modes Business Objects standard Windows-NTLM (similar to BusinessObjects XI Windows NT authentication) Single Sign-On • LDAP authentication Basic authentication (user Windows AD authentication authentication is delegated to the web server) Other authentication modes are available through add-in products. Single Sign-On is not a mode in itself. and similar to Business Objects standard in version 6. BusinessObjects Enterprise Administrator’s Guide 553 . You cannot restrict access at the object level. you must use Netegrity SiteMinder. but not create documents. You can apply user. the restriction will apply regardless of the documents being used.

and disable Business Objects servers. At first. or remove servers from your BusinessObjects Enterprise system.sh) allows you to manage servers from a command line. On Windows.x to BusinessObjects XI Administration Administration The administrative model applied to BusinessObjects Enterprise XI is very different from the BusinessObjects 6. 554 BusinessObjects Enterprise Administrator’s Guide . these settings include default port numbers. server and cluster management. organize. The CCM comes in two forms. universes. enable. the CCM takes into account only the servers running locally. In a Windows environment. and more. CMS database and clustering details. whenever the Central Management Server (CMS) is running. This tool allows you to start. as well as view and configure advanced server settings. SOCKS server connections. This section covers administrative tasks concerning the repository.x model. the CCM allows you to manage local and remote servers through its Graphical User Interface (GUI) or from a command line. the CMC enables you to manage servers and create server groups. It also allows you to publish. the CCM shell script (ccm. and set security levels for all of your BusinessObjects Enterprise content. on Windows the CCM allows you to add servers to. and auditing.A From BusinessObjects 6. • The Central Configuration Manager The CCM is a server-management tool that allows you to view and configure each of your BusinessObjects Enterprise server components while Business Objects servers are offline. users and groups. Additionally. You can then connect to servers on a remote machine. • The Central Management Console (CMC) The CMC allows you to perform user management tasks such as setting up authentication and adding users and groups. In addition. stop. In a UNIX environment.

Everyone If you’re using Windows NT/2000. you must create a new. an additional group called Business Objects NT Users is also created. A “company name” group is automatically created at repository creation. This allows the server to connect to it. installation can install and configure MSDE (Windows) or mySQL (UNIX) for use as the CMS database. repository. using the Supervisor application. an initial Administrator and Guest account is is created when you create the created at installation. User/group creation and management You use Supervisor or Supervisor over the Web. empty database on your database server prior to running the installation.x Repository creation and management You create your cluster’s repository after Business Objects installation and configuration. Two default groups are automatically created at installation: • Administrators • Using Designer You can use Designer in online or offline mode. An initial General Supervisor account By default. This database will be configured during the install. Whenever you add a new CMS to a cluster in an Expand installation. You can use Designer in online mode only. In BusinessObjects XI If you do not have a supported database client on the machine. BusinessObjects Enterprise Administrator’s Guide 555 . This means that unless you are logged into the repository.From BusinessObjects 6. To use your own database server. You use the CMC. you cannot work on a universe. you define the connection to the initial CMS’s database.x to BusinessObjects XI Administration A In BusinessObjects 6.

not the actual cluster nodes.sh script. The CMC allows you to configure what information you want each server/service to audit. you can use WINotify or the Start menu. You can also use the Auditor application for enhanced system monitoring and analysis. Caution: You can use the CMC to disable/enable and even group servers. Under UNIX. printers and file servers. you use the Central Configuration Manager (CCM) to disable a Central Management Server (CMS). but this refers to what BusinessObjects 6. Setting up Broadcast Agent schedulers You create and manage schedulers using the Broadcast Agent Manager’s Properties page in the Administration Console.x users refer to as modules. during installation. you start the cluster manually using the wstart command. Because the scheduler is incorporated into the CMS. and whether you are online or offline. number of CPUs. you can also set the In BusinessObjects XI You use the CCM to stop a Central Management Server (CMS). you use the cms. depending on the type of setting you want to define. At installation.x Cluster start/stop Under Windows. including information about the machine that the server is running on—its name. Cluster server enable/disable You use the Administration Console.A From BusinessObjects 6. total RAM. You use the CMC. Server settings management You use the Administration Console. Business Objects server to run automatically as a Windows service. Auditor is not part of this release. and local time. Audit management You use the Audit facility in the Administration Console. regardless of the operating system. free hard disk space. operating system. 556 BusinessObjects Enterprise Administrator’s Guide . You can also use the CMC to view server metrics. You use the Central Management Console or the Central Configuration Manager. In Windows. total hard disk space. it comes automatically installed with BusinessObjects Enterprise XI and requires little or no additional configuration beyond setting up access to email servers. you can also configure the server to start automatically at machine startup. Note: You cannot use the Central Management Console (CMC) to stop a CMS. In UNIX.x to BusinessObjects XI Administration In BusinessObjects 6. or use S99WebIntelligence to start it automatically on machine startup.

You can modify the appearance and some functionality using the BusinessObjects Enterprise Applications management area in the CMC. Users can set the language of their interface in InfoView. you can subsequently use the Site Properties tab in the Administration Console to modify it. Users set the locale for their own interface in InfoView. you can also view a list of an object’s instances by looking at the object’s history. InfoView appearance and functionality management You can use Supervisor security commands to prevent users from modifying the default settings in the InfoView Options page. This list includes all scheduled jobs for the object.x In BusinessObjects XI Viewing scheduled tasks You can view the full list of scheduled You cannot view a global list of scheduled jobs. if they don’t. In InfoView. Setting locale You set the cluster’s language at installation.x to BusinessObjects XI Administration A In BusinessObjects 6. time in the CMC in the object’s History page. as well as existing instances of the object (i. You don’t specifically set the CMS locale. A sample application built using the Administration SDK and available from the BusinessObjects Enterprise User’s Launchpad also allows you to see all the jobs scheduled by any specific user. InfoView uses the locale specified on the web server. BusinessObjects Enterprise Administrator’s Guide 557 .From BusinessObjects 6. reports that have already been run and contain data). documents and their status using the You can view the status of one scheduled object at a Broadcast Agent Console.e.

x Reporting tools • BusinessObjects In BusinessObjects XI • • WebIntelligence WebIntelligence for OLAP Data Sources • • • • • Crystal Reports Web Intelligence OLAP Intelligence What reporting tools use universes? • BusinessObjects Crystal Reports Web Intelligence • WebIntelligence Crystal Reports can also connect directly to databases using a variety of methods including ODBC and native drivers. distributing and scheduling corporate data: In BusinessObjects 6.x application. as well as enduser tasks such as accessing. The out-of-the-box portal in BusinessObjects Enterprise XI is also called InfoView. 558 BusinessObjects Enterprise Administrator’s Guide . Available for both Java and . wdeploy. It can also use Business Views (the semantic layer from Crystal Enterprise) as a data source.NET platforms. It is available in JSP and ASP platforms. analysis. or manual procedures. InfoView InfoView is a web application that must be deployed after Business Objects installation using the Configuration Tool.A From BusinessObjects 6. analysis. its interface is somewhat different from the BusinessObjects 6.x to BusinessObjects XI Reporting. information sharing Reporting. as well as XML and text files. information sharing This section includes information on available reporting tools.

while categories simply point to objects. or InfoView (with reduced management capabilities) or Supervisor. You can use security commands to restrict access to corporate categories. In the CMC you can restrict users’ and/or groups’ access to categories and folders. Folders are used for the storage location of information. You do this by enabling the security command Manage All Categories or Manage My Categories. Folders contain actual copies of objects. called Personal Folders. from BusinessObjects or WebIntelligence. • BusinessObjects Enterprise XI automatically creates a folder for each user in the system.x Categories Within InfoView.x to BusinessObjects XI Reporting. these folders are called Favorites folders. There are two types of categories: • Corporate There are two kinds of categories: • Corporate • Personal • Personal Corporate categories can be created Corporate categories can be created either in from InfoView. information sharing A In BusinessObjects 6. and to rename and delete the categories they create.From BusinessObjects 6. Within InfoView. These folders are organized within the CMC as User folders. • Categories are equivalent to BusinessObjects 6. BusinessObjects Enterprise Administrator’s Guide 559 . while categories are used more for the classifying information regardless of its storage location. analysis. from the CMC (full management capabilities). you can use categories to organize documents on a particular document list page. Folders are created and managed from the CMC. In BusinessObjects XI BusinessObjects Enterprise XI uses both categories and folders to organize documents.x categories. which automate regular clean-ups of old Business Objects content by eliminating excess instances of particular objects. or object instances which have remained more than the specified number of days in the folder. you can grant specific users or groups the right to create categories. As a general supervisor or supervisor. You can set limits on folders. BusinessObjects.

In BusinessObjects XI You schedule for refresh objects from the CMC or from InfoView. analysis.x Scheduling You schedule for refresh documents and files either from 2-tier deployments of BusinessObjects.x to BusinessObjects XI Reporting.A From BusinessObjects 6. information sharing In BusinessObjects 6. or from InfoView. 560 BusinessObjects Enterprise Administrator’s Guide .

BusinessObjects Enterprise Administrator’s Guide 561 . Upload documents stored on your local computer when you’re using InfoView.x to BusinessObjects XI Reporting. • • • Taking care of other administrative tasks. analysis. Save directly to your Enterprise folders when you are: Designing reports with Crystal Reports or Web Intelligence. • Creating other objects with BusinessObjects Enterprise plug-in components. Use the Publishing Wizard when you: • Have access to the locally installed application. Performing tasks remotely. You can publish objects to BusinessObjects Enterprise in several ways. Use the Central Management Console (CMC) when you are: • Publishing a single object. Publishing to the repository You add objects to the repository by: • Exporting universes from Designer or Supervisor • Adding users and groups and managing security settings from Supervisor and/or Supervisor over the Web • Saving documents to the repository from InfoView • Publishing documents from 2.From BusinessObjects 6.x or Crystal Enterprise 10. • Using the OLAP Intelligence Application Designer.x In BusinessObjects XI • • • You can schedule: BusinessObjects documents WebIntelligence reports WebIntelligence OLAP reports • • You can schedule: Crystal reports Web Intelligence reports You can also schedule program objects.and 3-tier deployments of BusinessObjects • Are adding multiple objects or an entire directory. or scripts (Jscripts and VBscripts) to run at specified times. such as executables. information sharing A In BusinessObjects 6. Use Designer to export universes to the repository. Java programs. The Publishing Wizard is a locally installed Windows application that enables both administrators and end users to add any supported document to BusinessObjects Enterprise. Use the Import Wizard to migrate objects to a BusinessObjects Enterprise XI repository from BusinessObjects 6.

A From BusinessObjects 6.x Development platforms • Java In BusinessObjects XI • WebServices • • • • Java WebServices .NET .COM 562 BusinessObjects Enterprise Administrator’s Guide .x to BusinessObjects XI SDK SDK In BusinessObjects 6.

Rights and Access Levels appendix .

The table matches the descriptions used in the CMC with the programmatic name that developers use when assigning rights with the BusinessObjects Enterprise SDK.B Rights and Access Levels Rights Rights This table lists the rights available within the Advanced Rights page of the Central Management Console (CMC). Other BusinessObjects Enterprise plug-in components may in future add their own. Description used in the CMC Respect current security by inheriting rights from parent groups Respect current security by inheriting rights from parent folders Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Define server groups to process jobs Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data View objects that the user owns Edit objects that the user owns Modify the rights users have to objects that the user owns Name used in the SDK AdvancedInheritGroups AdvancedInheritFolders ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightPickMachines ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerView ceRightOwnerEdit ceRightOwnerModifyRights 564 BusinessObjects Enterprise Administrator’s Guide . object-specific rights to this list.

That is. View Description used in the CMC View objects View document instances Name used in the SDK ceRightView ceRightViewInstance Schedule Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines BusinessObjects Enterprise Administrator’s Guide 565 . Note: There is no predefined access level to grant users the rights required to create or modify reports through the Report Application Server (RAS). When rights are unspecified.Rights and Access Levels Access levels B Description used in the CMC Delete objects that the user owns Delete instances that the user owns View document instances that the user owns Name used in the SDK ceRightOwnerDelete ceRightOwnerDeleteInstance ceRightOwnerViewInstance Pause and resume document instances ceRightOwnerPauseResume that the user owns Schedule Access levels This section lists the rights that constitute each of the predefined access levels that are available through the Advanced Rights page of the Central Management Console (CMC). rights are neither explicitly granted nor explicitly denied. For details. see “Object rights for the Report Application Server” on page 568. the system denies the right by default. No Access This access level ensures that all rights remain unspecified.

B Rights and Access Levels Access levels Description used in the CMC Copy objects to another folder Schedule to destinations View document instances Print the report’s data Export the report’s data Edit objects that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerPauseResumeSchedule Delete instances that the user owns ceRightOwnerDeleteInstance View On Demand Description used in the CMC View objects Schedule the document to run Define server groups to process jobs Copy objects to another folder Schedule to destinations View document instances Print the report’s data Refresh the report’s data Export the report’s data Edit objects that the user owns Delete instances that the user owns Pause and resume document instances that the user owns Name used in the SDK ceRightView ceRightSchedule ceRightPickMachines ceRightCopy ceRightSetDestination ceRightViewInstance ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport ceRightOwnerEdit ceRightOwnerDeleteInstance ceRightOwnerPauseResumeSchedule 566 BusinessObjects Enterprise Administrator’s Guide .

This folder provides the following rights by default: • • The Everyone group is granted the Schedule access level. BusinessObjects Enterprise Administrator’s Guide 567 . The Administrators group is granted the Full Control access level.Rights and Access Levels Default rights on the top-level folder B Full Control Description used in the CMC Add objects to the folder View objects Edit objects Modify the rights users have to objects Schedule the document to run Delete objects Delete instances Copy objects to another folder Schedule to destinations View document instances Pause and Resume document instances Print the report’s data Refresh the report’s data Export the report’s data Name used in the SDK ceRightAdd ceRightView ceRightEdit ceRightModifyRights ceRightSchedule ceRightDelete ceRightDeleteInstance ceRightCopy ceRightSetDestination ceRightViewInstance ceRightPauseResumeSchedule ceReportRightPrintReport ceReportRightRefreshOnDemand Report ceReportRightPageServerExport Define server groups to process jobs ceRightPickMachines Default rights on the top-level folder The top-level BusinessObjects Enterprise folder serves as the root for all other folders and objects that you add to the system.

you must have RAS Report Modification licenses available on your system. To ensure that users retain the ability to perform additional reporting tasks (such as copying. they can select the report as a data source for a new report or modify the report directly: • • • • View objects (or “View document instances”. You must also grant users a minimum set of object rights. scheduling. you allow them to modify the report by changing the access level to Advanced and explicitly granting the additional Edit objects right. see “Licensing overview” on page 530. The extra Edit objects right is not required. 568 BusinessObjects Enterprise Administrator’s Guide . but View On Demand is required to actually use the advanced search features. and add any of the required rights that are not already granted. change the access level to Advanced. it’s recommended that you first assign the appropriate access level and update your changes. When users view reports through the Advanced DHTML viewer and the RAS. For instance. the View access level is sufficient to display the report. printing.B Rights and Access Levels Object rights for the Report Application Server Object rights for the Report Application Server To allow users to create or modify reports over the Web through the Report Application Server (RAS). as appropriate) Edit objects Refresh the report’s data Export the report’s data User must also have permission to add objects to at least one folder before they can save new reports back to BusinessObjects Enterprise. Tip: For more information about RAS Report Modification licenses. and so on). if users already have View On Demand rights to a report object. Then. When you grant users these rights to a report object.

Configuring NTFS Permissions appendix .

even after you repeatedly enter the correct database logon information. a report may not appear in the viewer. ensure that each BusinessObjects Enterprise component uses an account with the appropriate permissions. see the Microsoft Windows help. users may be unable to access reports over the Web. If a BusinessObjects Enterprise component is running on a user account that does not have the required NTFS permissions. You may need to change the user account or change the NTFS access for particular files and folders. and make sure the user account has the required NTFS permissions. For details on changing server user accounts. Ensure that each component is running on the correct user account. NTFS provides security for file storage in Microsoft Windows. For information on changing NTFS permissions.C Configuring NTFS Permissions Configuring NTFS permissions Configuring NTFS permissions When you view reports over the Web. insufficient New Technology File System (NTFS) permissions on the server can cause a number of problems. To troubleshoot NTFS permissions. see “Changing the server user account” on page 146. For example. 570 BusinessObjects Enterprise Administrator’s Guide . Configuring NTFS permissions for BusinessObjects Enterprise components Each component requires a user account with certain NTFS access rights to specific files and folders.

Ensure this user account has the appropriate NTFS permissions for specific folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • C:\Winnt\system32 C:\Program Files\BusinessObjects Enterprise\Web Content\enterprise C:\Program Files\BusinessObjects Enterprise\WCA\CRImages C:\Program Files\BusinessObjects Enterprise\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\BusinessObjects Enterprise\WCA\Logging • • • Write • Note: This table shows the default installation paths. set its user account to a domain user account with local administrative access to all computers hosting BusinessObjects Enterprise components. File Repository Servers (FRS) The Input and Output File Repository Servers (Input and Output FRS) use the local System account by default. the WCA user account also needs Read permission for the OLAP Intelligence FileStore\Input folder. these accounts provide sufficient access to files and folders on the local machine. see “Changing the server user account” on page 146. the Central Management Server uses the LocalSystem account to access resources and BusinessObjects Enterprise components. However.Configuring NTFS Permissions Configuring NTFS permissions C Web Component Adapter (WCA) By default. BusinessObjects Enterprise Administrator’s Guide 571 . if the Input or Output FRS needs access to directories on other machines. For details on changing the user account. If your BusinessObjects Enterprise deployment includes OLAP Intelligence.

Central Management Server (CMS) The CMS uses the local System account by default. the respective FRS creates it when the service starts. make sure the user account has access to the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Output C:\Program Files\Business Objects\ BusinessObjects Enterprise 11\FileStore\Output Note: • • The Input and Output File Repository Servers cannot share the same directories. Ensure that the System account has the appropriate NTFS permissions for specific files and folders: NTFS rights Folders • • Read & Execute Write • • C:\Winnt\system32\drivers\etc\hosts C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86\CITemp 572 BusinessObjects Enterprise Administrator’s Guide .C Configuring NTFS Permissions Configuring NTFS permissions Ensure that the user account for the Input FRS has the appropriate NTFS permissions for the following folders: NTFS permissions Files and folders • • • Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input For the Output FRS. This account does not need access to other machines. If the Input folder or the Output folder does not exist.

For details on changing the user account. The Job Server must use a different user account if it needs to access BusinessObjects Enterprise components on other machines. Ensure that the Cache Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • • Job Server Read Read & Execute Write • • • C:\Winnt\system32 C:\Program Files\Business Objects\BusinessObjects Enterprise 11\win32_x86 C:\Program Files\Business Objects\WCA The Job Server uses the local System account by default. or the Output FRS is not located on the same machine as the Job Server. Ensure that the Job Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\WCA C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore • Write BusinessObjects Enterprise Administrator’s Guide 573 . If the CMS. the Input FRS.Configuring NTFS Permissions Configuring NTFS permissions C Cache Server The Cache Server uses the local System account by default. see “Changing the server user account” on page 146. For details on changing the user account. set the Job Server’s user account to a domain user account that has local administrative access to all computers hosting these components. you must set its user account to a domain user account that has local administrative access to all computers hosting components. If the Cache Server needs to access BusinessObjects Enterprise components on other machines. see “Changing the server user account” on page 146.

C Configuring NTFS Permissions Configuring NTFS permissions Page Server The Page Server connects to the database to retrieve the information needed to build the report. see “Changing the server user account” on page 146. the reporting database is located on a separate machine. Ensure that the Page Server’s user account has the correct NTFS permissions for the following folders: NTFS permissions Files and folders • • Read Read & Execute • • • • • • C:\Winnt\system32 The system’s temporary directory C:\Winnt\Business Objects C:\Winnt\Fonts C:\Program Files\Business Objects\Shared C:\Program Files\Business Objects\BusinessObjects Enterprise 11\FileStore\Input C:\Program Files\Business Objects\WCA • Write • 574 BusinessObjects Enterprise Administrator’s Guide . you must change the Page Server’s user account from the default local System account to a domain user account with local administrative access to the computer hosting the reporting database. If the Page Server is on a different machine from the database. For details on changing the user account. For most BusinessObjects Enterprise deployments.

Customizing the appearance of Web Intelligence docum