If employees at your organisation use business intelligence (BI) tools from Business Object to slice and dice corporate data and to produce reports and performance metrics, you may well be considering migrating to the newest version of the company's software, Business Objects XI R2. From June 2008, this will be the only supported version of the company's BI toolset.

In terms of Business Objects XI security, however, there is much to consider upfront, says Mike Perks, a business intelligence specialist at Logicalis. "Security is an area of complexity with  migrations that mostly remains understated but is in fact key to successful delivery and the future integrity of your reporting system," he says. Any Business Objects migration, he adds, needs to take this into account.

That's because the BusinessObjects XI security model is considerably different from those used by predecessors, with a move from a user-centric model to an object-oriented model, he explains. This means that a user can be assigned to both a ‘parent' and a ‘child' group, allowing them different levels of access to data. "In addition, there is a change of terminology, with all components being known as ‘objects' within the security model" he says.

Understanding these changes is important, says Perks, but an even greater priority for customers is understanding the best practice around successfully building and deploying a system that is both robust and intuitive enough to be easily maintainable in the long run.

At a functional level, he says, they need to be able to control three distinct areas within Business Objects XI: 

1. What a user can do within the application;

2. What content a user can access 3;

3. What a user can do with that content.

First, some basics: The Business Objects XI security model is formulated using (but not limited to) a combination of the following types of objects: groups (contain users): folders (contain documents and sub-folders); users (user accounts); objects (all other objects, such as reports and agnostic documents).

"When designing your new security model, consideration should be given to both the end user and the users that will ultimately have to maintain the system," says Perks.

From an end user's perspective, planning is required to dictate what will be visible to users via the Infoview portal, specifically around navigation through folders and categories and the use of inheritance, he says. And from a maintenance point of view, organisations that use Business Objects XI want to keep the security structure flat and aptly named, to make it clear at first glance the relationships between groups, folders and roles.

For these reasons, Logicalis has worked with several clients, including a major UK high-street retailer and publishers, to smooth the transition and ensure that they have in place a robust security framework that works well with that required by Business Objects XI.

Your Comments and Questions

Mike Perks, 6 months ago

Robust is probably a choice of word that I'd use with caution as there are certain security vulnerabilities with any SOA / distributed product…but security in XI has vastly improved the level of control and flexibility available to system administrators compared to previous versions. The use of ACL’s (Access Control Lists) at the individual object level is a real benefit but certainly adds a new dimension in complexity. Real security success is driven by comprehensive planning and design, considering the choice of a ‘closed system’ and, of course, vigorous testing.

Devlin Murray, 7 months ago

I can think of a few government departments that could benefit from knowing this... seriously though, I know you say the security features in XI are slightly different, but do you think they're more robust than what were in place before in previous versions?

What's Your Question or Comment?

Name

Email Address

Your Website URL (please include http://)

Your Question or Comment

type the text from the image