In this section: |
PMF is designed to work for identified users only, and authenticates each of its users with WebFOCUS MR/CUS security. You can set up users for PMF in MR/CUS and import them into the PMF internal security authorization table to allow authorization for PMF for your users.
As detailed earlier in this documentation, all PMF users must be identified and authenticated as MR/CUS users. MR/CUS also contains authorization information that permits users to access the various Domains and/or Folders in the MR Repository.
PMF also maintains a separate but connected set of authorization parameters within the PMF Data Mart, for each PMF user (an Owner in PMF jargon). This is necessary, since PMF has many application-specific security extensions that enable such things as:
In conclusion, all current PMF users must be:
For more information, please see Understanding Security and PMF.
To enable consistency between the MR/CUS security, PMF includes a facility called the User Sync tool, which enables an administrator to manually synchronize users from the MR/CUS environment into the PMF authorization table. This tool allows you to speed up the process of:
The User Sync tool is available from the Manage tab in PMF, and is fully documented in the section Importing Users (Owners) in the PMF Administrator’s Guide.
If your MR/CUS environment is configured to allow access to WebFOCUS using an external system of record such as an RDBMS repository, LDAP repository, MS ActiveDirectory, or another similar system, it is possible to automate the synchronization between the MR/CUS environment authorized user table and PMF.
In addition, your users might be granted access to various levels of operational data, as used in their WebFOCUS reports and applications. There could be parallelisms in what PMF Measure data they are permitted to view and what data they are allowed to view in your various operational reporting systems and applications. It is possible also to automate this synchronization.
Since your systems of record, MR/CUS environment, and PMF authorization tables are so difference in architecture and logic, the process of setting up automatic synchronization would currently entail some development work to allow ETL transfer of information to the target WebFOCUS and PMF tables. This customization and ETL can be performed either by your own developers, or by an Information Builders consultant or partner.
For more information on how to enable an automated synchronization capability for your users from a system of record, please consult the PMF Developer’s Guide, and/or contact your Information Builders support representative.
How to: |
To create a new Tenant in PMF, you need to copy the template files that are set up in the default tenant template pmf_base, which is created when you install PMF. Then, set up the WebFOCUS Server and WebFOCUS Client to access that tenant exclusively whenever a user from that tenant logs in.
If you have shared client and server instances, you need to create only one set of folders. If you have a split-tier configuration, you will create separate sets of folders on both the client and the server.
For example, assuming this is a shared client or server configuration and are using SQL Server as host RDBMS for the PMF Data Mart, you will create tenant folders under the application root and then make one copy of the [proper master folders] (with content) under each the new tenant name folder.
Tips:
-SET &&PM_TNT_NAME_PRF = '[tenant_name]' ; -SET &RDBMS_PRF = '[SQLrdbms]' ; -SET &RDBMS_CUBE_PRF = 'sqlhyp' ; -SET &PMF_DB_SPLIT_MODE_PRF = 'OFF' ; APP MAP pmfdata "C:\ibi\apps\pmf_tenants\pmfdata" APP MAP pmfdata_tenant "C:\ibi\apps\pmf_tenants\pmf_base\pmfdata_tenant" APP MAP pmfdb_system "C:\ibi\apps\pmfdbms\pmfdb_system\pmfdb_system_&RDBMS_PRF" APP MAP pmfdb_system_tenant "C:\ibi\apps\pmf_tenants\pmf_base\pmfdb_system\pmfdb_system_&RDBMS_PRF" APP MAP pmfdb_cube "C:\ibi\apps\pmfdbms\pmfdb_cube\pmfdb_cube_&RDBMS_CUBE_PRF" APP MAP pmfdb_cube_tenant "C:\ibi\apps\pmf_tenants\pmf_base\pmfdb_cube\pmfdb_cube_&RDBMS_CUBE_PRF" APP MAP pmf_custom_tenant "C:\ibi\apps\pmf_tenants\pmf_base\pmfcustom" -SET &APP_PATH_START = 'pmf_custom_tenant pmf_custom' ; -SET &APP_PATH_CUBE = IF (&PMF_DB_SPLIT_MODE_PRF EQ 'OFF') THEN ' ' ELSE 'pmfdb_cube_tenant pmfdb_cube' ; -SET &APP_PATH_END = 'pmfdata_tenant pmfdata pmfdb_system_tenant pmfdb_system mainstreet' ; APP PREPENDPATH &APP_PATH_START &APP_PATH_CUBE &APP_PATH_END -* Followed by ENGINE statements ENGINE [RDBMS_ENGINE] SET CONNECTION_ATTRIBUTES pmf_system [machine]/[uid],[password];[tenant_dbschema]
ENGINE SQLMYSQL SET CONNECTION_ATTRIBUTES pmf_system my_server/abcdefg,longxxpassword;pmf_tenant01
-SET &&PM_TNT_NAME_PRF = 'pmf_tenant01' ;
<IF> IBIMR_domain EQ "[tenant_name]/[tenant_name].htm" IBIF_wfdescribe = OFF IBIC_server=PMF_BASE <SET>IBIC_user(PASS) <SET>IBIC_pass(PASS) _site_profile = -INCLUDE FILTERS <ENDIF>
Note: Group Views can also be created for any additional Functional Roles you might have to configure for your users. For more information, see the Performance Management Framework manual.
Note: If you are using SSO technology and would prefer not to use the standard bootstrap ID, contact IB Customer Support for PMF installation help.
WebFOCUS |