cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSM 7.0 - Reports and roles questions

Former Member

on ‎07-21-2009 10:07 AM

0 Kudos

Hi,

we are wondering if it is possible to restrict the access to the public reports sets based just on the application groups defined.

This is our situation in SSM UI > Reports: 3 report sets saved as Public (all users).

PUBLIC

+ Financials reports

Report A

Report B

Report C

+ Customer reports

Report D

Report E

+ Process reports

Report F

Report G

Report H

All of these resports and sets are saved as Public.

We have 3 application groups: group 1, group 2 and group3.

- Group 1 needs to access to all reports of the 3 public reports sets => OK. We have achived it.

- Group 2 needs to access just to the Customer Reports (the same reports that Group 1 see) => Is it possible to design this situation in SSM?

- Group 3 just needs to acces to the report F and H of the Process reports => Is it possible??

So, is it possible to publish a set of public reports into an application group like publishing queries in roles in SAP BI?

Thank you very much in advance.

Kind regards,

Santiago

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Bob_McGlynn
Product and Topic Expert
Product and Topic Expert
‎07-21-2009 8:53 PM
0 Kudos

Santiago,

Here is what you can do for publishing reports in Strategy Management.

When you create the report, if you save for Myself Only (Private), only you can display, edit, rename, or delete this report or set.

If you save for Group: <set>, the report is available to all members in the application group specified. Save the report to an existing set selected in the drop-down list. Or, save the report to a new set using Create New Set in the drop-down list

If you save for All users (Public), the report is available to all users. The All users (Public) option is available only if your administrator set up Save Public permissions for your group.

SSM does not automatically edit reports based on role and access like SAP BI. You would have to that up for each created report to specify which group could view it.

Regards,

Bob

Edited by: Bob McGlynn on Jul 21, 2009 1:04 PM

Show replies
Show replies
Former Member
‎07-21-2009 9:31 PM
0 Kudos

Thank you for you answer Bob.

We are testing the following approach described in the SSM 7.0 course manual (code TZSSM3): PAS Security

We followed the 7 steps described and works ok for the SC (key concept: create a SECURITY PROCEDURE - INDEX USER-CASE-ENDINDEX)

We are testing for report access by user access restriction to PUBLIC reports by selecting the corresponding KPIs. We are finding some problems.

Do you think it is a good way to face it?

Thank you very much.

Kind regards,

Santiago

Bob_McGlynn
Product and Topic Expert
Product and Topic Expert
‎07-21-2009 10:11 PM
0 Kudos

Santiago,

Public reports are set to be seen be any user, there won't be any filtering of information based on role or access. Although creating PAS Security measures will only provide appropriate access to data for users, if that user were to put together a report and publish it to Public, any user could see that Report, regardless of their access rights or roles.

There are a couple of ways to address this .

From the Adminstration area, you can choose which tabs an application group has access to. If there are any application groups that don't need to see Reports at all, just eliminate that tab for them.

Since there is no filters, by user role, on displayed Reports. You may want to consider only allowing only a small number of users that ability to save Public reports.

Also in the Administrator area In the Reporting Permissions section of Manage Application Groups (Administration section), allow the members of the selected application group to save dashboards and reports to a public set in the Dashboard and Reports component by clicking Save Public. This permission displays the All users (Public) option in the Save Report dialog box when a user clicks Save in the Reports and Dashboard components. Both the author and the administrator can edit, rename, and delete these public items. This application group must have access to the Dashboard and Reports tabs and must have the Display Advanced Report Settings permission. If you deselect this option, users in the application group can save reports and dashboards to their group set or to their own private set.

You can also limit the ability of application groups creating reports.

Again, in that same section of Manage Application Groups. By allowing members of the selected application group to use advanced report settings in the Reports component, this permission displays the full settings and options in the Settings panel of the Reports component. To allow this for an application group click Display Advanced Report Settings.This application group must have access to the Reports tab.

In this case they could access any Public Reports, but could not create any of their own.

One more thing. You can also create filters in the Administration section under Set Scorecard Defaults. There you can filter the data for a Context. The data would be filtered by Dimensional level and which members under the dimension you wished them to have data for.

Regards,

Bob

Edited by: Bob McGlynn on Jul 21, 2009 2:26 PM

Ask a Question