Reports Integration Guide › Deployment › Map CA DLP Reviewers to BusinessObjects Accounts

Map CA DLP Reviewers to BusinessObjects Accounts

The iConsole and BusinessObjects Enterprise use trusted authentication to communicate with each other. Using trusted authentication allows users to log on to a system once, without needing to provide passwords several times during a session. In the case of CA DLP and BusinessObjects Enterprise, it means that users do not need to log on separately to BusinessObjects when they run a BusinessObjects report or launch InfoView from the iConsole. However, trusted auhentication only works if each iConsole reviewer has their own, unique BusinessObjects user account. Therefore, after installing CA Business Intelligence, you must ensure that each of your CA DLP reviewers has their own, unique BusinessObjects account.

Note: You set up trusted authentication when you install the BOE Integration for the iConsole (see the later section for details).

Why Is Account Mapping Necessary?

When a reviewer runs a BusinessObjects report or launches InfoView from the iConsole, the reviewer's CA DLP account is mapped to a unique BusinessObjects account. This account mapping is performed in the background and serves two purposes:

• First, the mapping allows the iConsole connect to BusinessObjects using the reviewer's BusinessObjects account.
• Second, the mapping allows BusinessObjects Enterprise to apply the reviewer's CA DLP security model to the report results. Security models ensure that reviewers can only see events they are permitted to see when running CA DLP reports, including BusinessObjects reports for CA DLP.

How Do I Set Up Account Mapping?

There are two approaches to enable the account mapping:

• You can manually create the required BusinessObjects accounts.
• You can set up LDAP authentication, whereby BusinessObjects uses an LDAP directory to validate logon attempts by CA DLP reviewers.

Both approaches are described below.

Manually Create BusinessObjects Accounts

We recommend this approach if you have only a small number of reviewers. After installing CA Business Intelligence:

1. Manually create a unique BusinessObjects account for each of your iConsole reviewers.

   Note: An acknowledged problem in BusinessObjects Enterprise means that the BusinessObjects account name must not contain a '\' backslash character. Currently, the workaround is to specify a new name without a backslash.

   Example: For user unipraxis\srimmel, create a BusinessObjects account unipraxis_srimmel.
   For user lsteel, create a BusinessObjects account under the same name, lsteel.

2. Assign these new BusinessObjects accounts to an appropriate BusinessObjects user group. The groups are "CA DLP Reports Administrator", "CA DLP Reports Author" and "CA DLP Reports Viewer".
3. Do the following for all accounts whose BOE account name is not identical to their CA DLP account name:
   1. Provide each of your iConsole reviewers with the name and password of their new BusinessObjects account.
   2. When a reviewer first runs a BusinessObjects report or launches InfoView from the iConsole, the iConsole prompts them for their BusinessObjects user name and password. The reviewer must enter these credentials once only. Thereafter, CA DLP remembers the credentials. The reviewer is not prompted for them again in any future iConsole sessions.

      If the reviewer enters incorrect credentials, or enters credentials that have already been used by another CA DLP reviewer, the logon fails. The iConsole fails to connect to BusinessObjects Enterprise and the reviewer is unable to run a BusinessObjects report or launch InfoView.

This approach is appropriate if you have a large number of reviewers or a constantly changing pool of reviewers. Details about setting up LDAP authentication are the BusinessObjects Enterprise Administrator's Guide. See the 'Using LDAP Authentication' section in the Configuring Third-Party Authentication chapter.

After setting up LDAP authentication, the iConsole permits reviewers to run BusinessObjects reports or launch InfoView seamlessly. That is, the iConsole does not prompt the reviewers for their BusinessObjects account details.