Managed Reporting Deployment Process
Managed Reporting (MR) has many features that enable
security integration with your business at the enterprise level.
If security integration is not your immediate concern, you can skip
this section because Managed Reporting is installed out of the box
with its own built-in user repository.
The first step in an enterprise Managed Reporting deployment
is to identify roles and responsibilities. It is possible in a large
enterprise that there are different people charged with the following
roles:
-
WebFOCUS Administrator. This
role has access to the WebFOCUS Administration Console and can configure
global settings including Managed Reporting security, multi-language
support and data server access. You can access the iServer Console
from the WebFOCUS Administration Console.
-
Reporting Server Administrator. This
role has access to the Reporting Server Console and has rights to
configure adapter settings and also global settings such as server
security. They can also identify and set access rights for other
individuals who can use the Reporting Server Console.
-
Reporting Server Application Administrator. This
role has access to the Reporting Server Console and has rights to
create metadata and application resources. For a complete description
of this and other Reporting Server privilege levels, consult your
Server documentation.
-
Managed Reporting Administrator. This
role has access to the Managed Reporting Administration interface.
They can create and managed MR users, groups, domains, and roles,
and define which reports are available to each different group of users.
Administrators can also delegate limited administrative capabilities
by assigning the MR Security Object Manager, MR Group Authorization
Manager, or the Managed Reporting Group Administrator roles.
-
MR Security Object Manager. This
role can create and manage domains, groups, roles, and users. Users
created by a MR Security Object Manager are assigned the No Privilege
role, which means that they have no functional capabilities. They
can also access View Builder with the same capabilities as a Managed
Reporting Administrator.
-
MR Group Authorization Manager. This
role can perform specific tasks for the groups that they are a member
of. They manage access to Managed Reporting application content
by assigning users and domains to the groups they manage, as well as
manage a functional capabilities of a user by assigning a user a
role and privileges. The MR Group Authorization Manager cannot create
or delete Managed Reporting Security Objects (domains, groups, roles,
and users) and they cannot manage a user who is a member of a group
to which the MR Group Authorization Manager is not a member.
-
Managed Reporting Group Administrator. This
role can add and remove users from the groups to which they are
granted administration rights, and can create users with some limitations.
Group Administrators can also access the View Builder to create
and update Group Views for groups they administer.
-
Managed Reporting Developer. This
role can use the Developer Studio (Windows) Dashboard and Domain
Builder (Java applet) interfaces to create report content for MR
domains. This includes Reporting Objects which enable end users
to create their own ad-hoc reports. If granted access, these users
can create metadata on the server.
-
Managed Reporting Users. Based
on their role and privilege settings, Managed Reporting users can
create and run reports and access other features such as Report
Library.
Before deploying Managed Reporting, an enterprise may follow
the process described in the following image.
After you have identified roles and responsibilities, the WebFOCUS
Administrator should decide how users will be authenticated and
authorized to use Managed Reporting (MR). For example, users authenticated
by Active Directory are configured in the WebFOCUS Administration
Console. Likewise, the Managed Reporting Administration interface
supports user maintenance in a relational DBMS. To configure this
security option, use the WebFOCUS Administration Console. It is
possible to grant authorized personnel access to the WebFOCUS Administration
Console, so that MR security settings can be made by the MR administrator.
For more information, see the WebFOCUS Security and Administration manual.