cancel
Showing results for 
Search instead for 
Did you mean: 

Central repository and Windows AD

former_member199543
Contributor
0 Kudos

BODS 4.1 Sp02 .

IPS 4.0 with Sp04

We have Windows AD with SSO set on IPS level, Windows AD works fine in Designer and in CMC. My question is: is there a way how to use Windows Active directory group for Central repository authorisation? At the moment I add all users manually there and it seems unsupported that BODS automatically takes all users from AD.

What do i mean. I have ad group domain\group and I want all users from that group to be authorized to work with central repository. manual add\remove works fine, but what about automatical inheritance ?

Accepted Solutions (0)

Answers (1)

Answers (1)

DayaJha
Active Contributor
0 Kudos

Hi Mister,

Yes, It was possible but in that case all user is having the rights to move the content from Local repository to Secure Central Repository.

For E.G: Here i have 6 user that are attached in One Group.

  • User 1
  • User 2
  • User 3
  • User 4
  • User 5
  • User 6


Add all user to Central Repository Group (Create or Add in Administrator Group).


Then login in SAP Business Objects Data Services Management console and add all User in one Group and save it.

Now all users (User 1,User 2,User 3,User 4,User 5,User 6) are having rights to move the Objects (project , Work Flow, Dataflow,...) to Secure Central Repository.

And also add the specific secure central repository to local repository for moving the content from local to secure central repository.


Thanks,
Daya

former_member199543
Contributor
0 Kudos

Thanks for your response.

My idea was to implement full synchronization between Windows AD group and Central repository, when user is added to domain\group on AD level, then it automatically is added to Central repository group. it works fine in BOE 4.0 and in IPS, but at the moment it seems that this type if syncronization is missing for Central repository.

DayaJha
Active Contributor
0 Kudos

lets assue you have a group in windows AD. (SAP_BODS_Users) that contains "N" number of user.So when any user add in that group it will populate in your CMC.

But that group needs to be added in local and secure central repository, this activity you have to do it manaually first time after that it will synchronise.

Thanks,

Daya

former_member199543
Contributor
0 Kudos

You mean that i need to go to http://BODSSERVER:8080/DataServices/admin.jsp and add exactly the same group to Central repository->users and groups and it will populate authomatically all the users from it?

I can use Windows AD for authorization in http://BODSSERVER:8080/DataServices/admin.jsp and I see all users from Windows AD in there, but i do not see groups, when I try to add them manually then nothing happens, because for me it seems that connection does not exists on group level... or  I'm doing smth wrong

DayaJha
Active Contributor
0 Kudos

Yes, When you apply rights and security on local and secure central repository to that group it will come automatically in SAP Business Objects Data Services management console, Only you have to login and add in specific group for auditing.

Thanks,

Daya

former_member199543
Contributor
0 Kudos

Thank you Daya

I tried to add my AD group but got some violation error, when I performed double click on it, also it does not extract data from AD tree, at least i see no activity on AD level. So, the truth is somewhere else, or I'm doing smth crazy!

Regards Andrey

DayaJha
Active Contributor
0 Kudos

Can you please share the error screen shot.

Thanks,

Daya

former_member199543
Contributor
0 Kudos

I got this error when I click on Windows AD Group which I created manually in Management Console

CSRF Violation is detected. The request is coming from un-authorized source! (BODI-3016849)

DayaJha
Active Contributor
0 Kudos

Can you please tell me that group is available in Windows AD or not, If yes then we have to implement security in that group in Central Management console. If not then "WINDOWS AD" was not configured properly

Thanks,

Daya

former_member199543
Contributor
0 Kudos

Hello

Extreme sorry for the delay. Group itself is visible in CMC and BODS can be used in SSO mode, in BODS admin mode when i click on Central repository i see only users from the group, not the group itself.

Windows AD group has enough rights, for example - i use Administrator user to login in BODS admin console, admin as far as I know have all rights included, except few