Description:

This document outlines the steps required configure CA Business Intelligence (CABI) to restrict information displayed on reports based on Multi-Tenancy and Data Partition rules.

Solution:

Please follow the steps below to configure CABI to restrict information displayed on reports based on Multi-Tenancy and Data Partition rules.

1. From the Start menu on the CABI server, navigate to BusinessObjects XI 3.1 -> BusinessObjects Enterprise -> Designer
   
   
2. Log into Designer using a Service Desk credentialed User Account (i.e. servicedesk).
   
   
3. In the Designer window, go to File -> Import.
   
   

   <Please see attached file for image>

   
   
   
4. From the Dropdown list, select the "CA Universe" folder.
   
   
5. Select "CA Service Desk" Universe and click OK.
   
   
6. Go to File -> Parameters
   
   

   <Please see attached file for image>

   
   
   
7. On the Definition tab, click the Edit button.
   
   
8. From Authentication Mode dropdown list, select "Use Business Objects credential mapping" and ensure "casd_(Service Desk host Name)" is selected in Data source name field. Click the Next button.
   
   

   <Please see attached file for image>

   
   
   
9. Click the Next button accordingly and then click the Finish button.  This will take you back to the Universe Parameters screen.
   
   
10. Click on the Test button to check the connection.  Ensure the server is responding successfully.
    
    

    <Please see attached file for image>

    
    
    
11. Click OK and close Universe Parameters screen.
    
    
12. Go to File -> Save and then File -> Export
    
    
13. Select "CA Universe" from Domain Dropdown list and highlight all the groups and then click on OK.
    
    

    <Please see attached file for image>

    
    
    
14. Close Designer.
    
    
15. From Start menu, navigate to BusinessObjects XI 3.1 -> BusinessObjects Enterprise -> BusinessObjects Enterprise Central Management Console.
    
    
16. Log onto Central Management Console by using a CABI Administrator account (i.e administrator).
    
    
17. Select "Users and Groups".
    
    
18. Click on "User List" and double click on an username that you want to apply the Tenant setting to.
    
    
19. Scroll down the Properties screen and turn on the option "Enable Database Credentials".  Enter the user ID and password used to log into Service Desk.  Type the same password in the 'Confirm' field.
    
    Note: The Service Desk User ID and Password need to be same as the CABI User ID and Password.
    
    

    <Please see attached file for image>

    
    
    
20. Click on the Save & Close button.
    
    
21. Close Central Management Console.

You also need to specify an appropriate Report Role in Service Desk. Please refer to the Technical Document TEC485041 for details on how to do this.

Once the above steps have been completed, test the CABI reports and ensure that the tenancy and data partition rules are being applied to the report results.

NOTE:  If CABI authentication is tied to LDAP and/or if you have multiple CA Service Desk (CA SDM) users who need to be adhered to in respect to data partitions for reporting needs, you would have to:

1.  Have those users manually login to CABI at least once for CABI to save the credentials under the Data Source.  

2.  This can be done using any CABI client tool like Infoview, WEBI Rich Client, Universe Designer, Crystal Reports Developer, Central Management Console etc. The user just needs to login using their credentials.  That enables CABI to save those credentials to the Data Source section.

3.  Thereafter, CABI reports built on top of the CA SDM Universe, whether they are accessed via the CA SDM Reports tab or directly via Infoview, will enforce the CA SDM data partitions.

4.  If the user's password was changed (on the LDAP Server for example), then the user needs to repeat Step #2 above for CABI to recognize the updated credentials.  Unfortunately there is no easy solution for this other than the above approach.