SAP has included a Universe Designer Users group since SAP BusinessObjects Enterprise XI Release 2 (XI R2). My typical routine is to assign users that create universes to the built-in Universe Designer Users group. Although I can add users directly, I generally prefer to assign users to one or more groups that become subgroups of the Universe Designer Users group (and therefore inherit all of its rights).
I recently noticed that SAP BusinessObjects Business Intelligence 4.0 assigns security differently between the two semantic layer tools. For the Universe Design Tool (or UDT, formerly known as Designer in XI 3.1 and earlier), SAP uses the built-in Full Control access level.
Using the Permissions Explorer, we can examine what Full Control actually provides to Universe Design Tool users.
But the new Information Design Tool, or IDT, assigns advanced rights, not Full Control, to the built-in Universe Designer Users group.
I’m guessing that the current situation is the result of multiple SAP development teams moving quickly. I doubt it will affect my approach to security.
Feature Pack 3 SAP BusinessObjects Business Intelligence 4.1 coming later in 2013, SAP should harmonize out-of-the-box security and:
- Adjust all of the predefined access levels (View, Schedule, View On-Demand, but especially Full Control) to provide varying levels of access to the Information Design Tool (consistent with Universe Design Tool)
- Assign Full Control of Information Design Tool to the Universe Designer Users group instead of advanced rights (consistent with Universe Design Tool)
- Consider giving Universe Designer Users group a less application-centric name like Semantic Layer Designers
How do you grant users access to the semantic layer tools? Do you leverage the Universe Designer Users group or create your own? I’m interested in learning from different approaches.