Skip to Content

BO4 - Tomcat security + ensuring business objects functionality


We have BO4.2 SP05 on a development platform along with the bundled Tomcat (8.5.13) and use the BOE/BI, BOE/BILaunchpad and /BOE/CMC applications for webi reporting, also use IDT/UDT and some dashboards.

From security perspective we've been asked if number of interfaces available could be limited.

For instance ca see lots of services listed at http://<servername>/dswsbobje/services/listServices

What is the best way of achieving this but ensuring access to the above applications and business objects enterprise platform and above applications isn't affected adversely.

Had a look in the web.xml file in dswsbobje to see if some configurable parameters such as services.visible which could set to false but would still allow functionality but nothing obvious.


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    May 17, 2018 at 03:03 PM

    Have you tried the following :

    There is a services.xml file for each Web Service.

    The following examples shows you how to deactivate the BICatalog service.

    1. Locate and open the services.xml file for the service. For example, in a default Windows installation, the file for the BICatalog service is located at C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\dswsbobje\WEB-INF\services\bicatalog\META-INF\

    2. Add an activate property to the service tag and set the value to false. For example, if you are disabling BICatalog service, this is what your changes must look like: .

    3. Restart your web application server.

    For more details check out Web Services Administrator guide at

    Hope this helps!

    Add comment
    10|10000 characters needed characters exceeded