Skip to Content
avatar image
Former Member

Row Level security - BO 4.2 SP3 - SAP HANA direct access Calculation views

Hi,

I've been trying to see a possibility of implementing row level security in Business Objects 4.2 for SAP HANA direct access (Calculation / Analytic / Attribute views) without a Universe layer.

Can anyone advise if it is feasible to build data level security for BO on SAP HANA direct access views?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Aug 07, 2017 at 04:04 PM

    If SSO is enabled to your HANA DB along with your own credential in HANA with appropriate roles and previleges this is possible even without universe layer.

    Thanks

    Mani

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 06, 2017 at 05:05 PM

    Hi, I need to design the same scenario.

    Do you have some documentation to achieve it?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 28 at 08:06 AM

    Yes, this is definitely a solution that exists but it should be used. There are a few components that you need to understand in order to have this work:

    1) Creation of Analytic Privileges with the necessary views with corresponding attributes that drive these row level security authorizations

    2) If a view is not reporting, the Apply Privileges section within the Properties should be blank

    3) If a view is a reporting view, then the Apply Privileges section should be set to SQL Analytic Privileges. Classical will be sunset in the future (these are XML based) so you should be positioning yourself for the future. When doing this, you have to have all reporting views that have this property set to be in an analytic privilege. This will apply to the end user roles but most importantly, it is important to create 1 developer analytic privilege for SQL, which contains all views but no restrictions on them. This will be part of the developer role so the developers can continue to work without receiving errors.

    4) The biggest component here is the communication between SAP HANA and SAP BOBJ and this is done using SAML. At a high level, this is done using certificates that are imported between BOBJ and HANA at the OS level. SAP HANA receives a request from the OLAP or Relational connection (set up for SSO) and with the SAML configuration, HANA trusts BOBJ and receives an external identifier (BOBJ id). The external BOBJ ID is configured within the SAML configuration for the user within the HANA system and they don't have to be the same. A couple of things that you need to understand are what characters Linux accepts and doesn't accept, especially if you are using Windows AD or SAP BW authorizations. This is due to the fact how names are created. If there are issues, you have a few options but easiest would be to create enterprise names on top of these names to pass over to SAP HANA. Make sure that the user names are in lower case as HANA is case sensitive and easier to do this.

    Please reach out if you want additional information.

    Add comment
    10|10000 characters needed characters exceeded