Friday, May 16, 2014

Common SAP BusinessObjects Security Mistakes - Abuse of the Everyone Group

By Rick Epstein

Resolvit Inc. - Rick Epstein
This post starts a list of the most common security mistakes committed by uninitiated SAP BusinessObjects administrators. The world of BI security is ruled by the law of unintended consequences. What you don't know can hurt you.

The mistakes documented in these posts are not in rigid order of importance. However, you may regard the three listed in this first post as foundational to your security model. If you don't get these ones right, your security model will almost certainly cause you grief.

Mistake #1: Applying security on the Everyone group rather than setting the group to "No Access"
To avoid inappropriate (and not necessarily apparent) access to folders, applications, and content, you should always set the Everyone group to "No Access." If you want to apply a security setting to all users, then create a custom group and add the Everyone group to it. Setting the Everyone group to "No Access" is the foundation upon which you will build a good security model.

Mistake #2: Forgetting to apply "No Access" to the Everyone group on all Top-Level folders (Folders, Personal Folders, Universe Folders, Connection Folders, Categories, Personal Categories)

Missing any one of these Top-Level folders potentially allows users inappropriate access to other users’ content.

Mistake #3: Forgetting to apply "No Access" to the Everyone group on all applications
Missing any application may allow users to have inappropriate access and permissions with regard to applications.

Are you aware of other common security mistakes, or do you have questions about what is written here? Use the Comments section for this post, or email me directly at repstein@resolvitinc.com.

More common mistakes in my next post.

No comments:

Post a Comment