WebFOCUS 8 Repository - Information Builders
Download
Report
Transcript WebFOCUS 8 Repository - Information Builders
WebFOCUS 8: Technical Overview
Jim Thorstad
Technical Director, WebFOCUS
Product Management
1
Agenda
WebFOCUS 8 Architecture
Security Model
Enhancement Highlights
Demo
2
WebFOCUS 8 Architecture
3
What is WebFOCUS 8?
Understanding Middle-tier vs. Server-tier Components
WebFOCUS 8 Updates the Middle-tier
WebFOCUS Client
Managed Reporting
WebFOCUS
Report
Server
ReportCaster
Users
BI Portal/Dashboard
Data
+ Report Server 7.7.04
WebFOCUS 8.0
WebFOCUS 8.0.01 + Report Server 8.0.01
4
WebFOCUS 8 Architecture
Integrated Repository
WebFOCUS Client
Managed Reporting
WebFOCUS
Report Server
BI Portal
ReportCaster
Reports
Schedules
Content
Users
Groups
Security
WebFOCUS 8
Repository
Metadata
Uploaded Data
Application
Directories
5
Information Builders File System
WebFOCUS 8 Architecture Is Built Around IBFS
IBFS Service Layer – Internal Subsystem
IBFS Path – an Object Addressing Scheme
IBFS paths used in drill-down links,
schedules, security rules
For backward compatibility, migrated
content can still be accessed via HREF
properties
6
Information Builders File System
IBFS is All-Encompassing
IBFS Used to Reference
Reports, portal pages
Schedules, output
IBFS governs access
Users, groups
to everything
Report Servers
IBFS is Hierarchical and Enables
Security policy inheritance
Group nesting
Full control over content
organization
7
Information Builders File System
IBFS Enables Full Control of Content Organization
Mandatory folders
in 7x are
migrated “as is”
… but are no longer
required in 8.0
Reports, reporting
objects, and library
output can be
deployed in the
same folder
Folder depth not limited to
one sub-folder
8
WebFOCUS 8 Architecture
HTTP Service
All Content is Accessed via the IBFS Service Layer
Core WF
MR/BIP/RC
RC Distribution
Server
IBFS Service
Layer
ReportCaster uses an
IBFS Service API to
access report
procedures in the
repository
WebFOCUS 8
Repository
Eliminates problematic
HTTP requests to the
web tier
9
WebFOCUS 8 High-level Architecture
Running Report Requests
HTTP Service
WebFOCUS runs interactive requests through IBFS
Core WF
MR/BIP/RC
IBFS Service
Layer
User ID and Groups can be
passed to the Server:
• Connection=Trusted/IBIMR_user
• IBI_WFRS_Passthrough_Groups=ALL
u=jim, g=Tenant22
Web
Requests
WebFOCUS 8
Repository
WebFOCUS
Report Server
1
WebFOCUS 8 Security Model
11
Why a New Security Model?
Customer Feedback Related to WebFOCUS 7x
Managed Reporting Role Security was Limiting
Only 5 base roles and 9 permissions
One role for all Domains
Domain Security Model was Limiting
Couldn’t customize security on sub-folders
Content Sharing was Limiting
Couldn’t share with specific people
Challenging for Multi-tenancy SaaS Deployments
Couldn’t allow sharing in a common Domain—user’s would
see content from other tenants
Dilemma: abandon common domain or drop sharing?
WebFOCUS 8 Addresses These Challenges!
12
WebFOCUS 8 Security Model
Basic Security Concepts
Security Rules Connect…
Subjects – groups/users to authorize
Roles – collection of privileges
Resources – objects to secure
Access – type of rule: permit, deny, ...
Apply To – scope of rule: folder, folder & children, ...
Security Policy – Collection of Security Rules
Effective Policy – Evaluation of the Security Policy
Bob has privileges A, B, C on resource X
Takes into account rule inheritance, rule conflicts, group
membership, user-specific rules (if any)
The Security Model in WebFOCUS 8
Provides Complete Control of Your Security Policies
13
WebFOCUS 8 Security Model
Understanding Group Membership
Policy Evaluation Includes Processing of a User’s:
Explicitly assigned groups
Implicit groups
• Bob is assigned to the
Sales Basic Users group
• Sales Basic Users
belongs to Sales Group
• Therefore Bob implicitly
belongs to Sales…
• And the rules associated
with both groups apply
implicit
Bob
explicit
14
WebFOCUS 8 Security Model
WebFOCUS 8 Security Center – Users & Groups Tab
15
WebFOCUS 8 Security Model
WebFOCUS 8 Security Center – Roles Tab
16
WebFOCUS 8 Security Model
WebFOCUS 8 Security Center – Role Customization
Select all or a portion of the
privileges within each category
Choose whether users select a Master
File or Reporting Object with InfoAssist
Choose whether users can upload a
spreadsheet to the Reporting Server
17
WebFOCUS 8 Security Model
Creating Security Rules
Select any IBFS resource …
and then Security > Rules…
18
WebFOCUS 8 Security Model
Creating Security Rules – Security Rules Dialog
The resource
You select a
subject…
…role, type, and
scope
Click OK to
create rule(s)
19
WebFOCUS 8 Security Model
Managing Your Security Policies
Rules on this Resource answers:
“Who can access this?”
20
WebFOCUS 8 Security Model
Managing Your Security Policies
Rules for this Group answers:
“What does this group have access to?”
21
WebFOCUS 8 Security Model
Understanding the Built-in Global Groups
Consider Using Global Groups Carefully
Global groups have
access to all content
through inheritance
22
WebFOCUS 8 Security Model
Benefits
Flexible Security Model
Over 150 assignable privileges
You can develop custom roles
Sub-Groups and Inheritance Simplify Policy Creation
Tools simplify Creation and Management of Policies
Possible to Address Enterprise and SaaS Markets
Possible to Address Each Customer’s Unique Needs
23
WebFOCUS 8 Enhancement Highlights
24
WebFOCUS 8 Enhancement Highlights
Resource Templates
Private Content, Publishing, and Content Sharing
Localization
Licensing
Authorization Mapping
25
Resource Templates
The Deployment Challenges Facing Administrators
What are our security requirements?
How do I design and implement a security policy?
How long will it take to create security rules?
What best practices should I be aware of?
Where do I start?
26
Resource Templates
Simplifying the Creation of Security Policies
Resource Templates Automate the Creation of
Folders, portals, groups, roles, security rules
WebFOCUS 8.0.01 Includes Two Resource Templates:
Enterprise Domain template
SaaS Tenant Domain template
27
Resource Templates
Simplifying the Creation of Security Policies
The Enterprise Domain Template Creates:
1 Domain-specific Folder,
Portal, and Group
4 Sub-groups
21 Domain-specific Rules
8 Configurable Roles
28
Resource Templates
Simplifying the Creation of Security Policies
The SaaS Tenant Template
Creates the Same Things Plus
A Common folder
The EVERYONE group is hidden
29
Resource Templates
Simplifying the Creation of Security Policies
The template also creates the required security rules
30
Resource Templates
Support Site and Roadmap
Latest Information on Templates:
https://techsupport.informationbuilders.com/tech
/wbf/v8templates/wbf_8_resource_templates.html
Download the Policy Design Worksheet
Use this to plan your custom deployment
Roadmap: Create Your Own Templates
31
Private Content, Publishing, and Sharing
Private Content
All Content Initially Created as Private
Visible only to owner
Doesn’t inherit security
Administrators with Manage Private Resources can access
private content
Authority to Create Private Items Outside of a My
Content Folder Can be Assigned
In 8.0.01 private content is
indicated with a grayscale overlay
on the icon
32
Private Content, Publishing, and Sharing
Publishing Private Content
Authorized Users Can Publish a Private Resource
Published resources inherit security rules from parent
Create, Publish & Un-Publish are separately assignable
Contrast with Formal Change Control Model
Isolated DEV/TEST/PROD environments
Developers don’t have write access to TEST/PROD
But a Useful Alternative in SaaS Deployments
SaaS tenant developers only interact with PROD
Tenant developers can work out of view from users
Publishing completed reports is simple
IBFS paths don’t change
Consider Developing In-Place with Private Content
33
Private Content, Publishing, and Sharing
My Content Folders
End-Users Need to Create Resources in Production
This is facilitated by special My Content folders
A Folder Property Enables Support for My Content
Assignable Privilege Determines Who Gets One
Private content, created
and saved by a user to
their My Content folder
34
Private Content, Publishing, and Sharing
Content Sharing
Complete Control Over Content Sharing
Share – simple sharing determined by WebFOCUS
Share with – user determines who to share with
Configurable Policy Determines Available Users/Groups
Enhanced Shared Content View
Only Users Sharing Content are Shown
Shared
content
Assignable
sharing
options
35
Authorization Mapping
Key Requirement for Enterprise & SaaS Deployments
What if you Manage Authorizations in LDAP/AD via…
The user’s group memberships
A custom attribute on the user entry
Authorization Mapping is Built-in to WebFOCUS 8
Groups in AD/LDAP
User Attribute in
Oracle LDAP
36
Authorization Mapping
Key Requirement for Enterprise & SaaS Deployments
Administrator Maps the Value to a WebFOCUS Group
Resource Templates Can Configure the Mapping
Group DN or user
attribute value is
mapped to WF group
37
LDAP Authorization Mapping
Key Requirement for Enterprise & SaaS Deployments
Mapped WebFOCUS
groups have a link icon
User accounts are
automatically
created during
sign-on
38
Other Security Enhancements
Password Policies, Auditing
For Customers Using Internal Authentication
Strong encryption for password hashes
Configurable password policies
Built-in Protection from Web Vulnerabilities
Built-in User and Administrative Activity Auditing
This
user
Used
this API
To move
this user
[2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1
thoja13 addUserToGroup SUCCESS user:smija03 (314568704)
group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006)
Into this group
39
Localizable Content Titles
A Complete Solution for Localized Applications
Repository data
can be localized
User sees label
based on their
language
preference
40
WebFOCUS 8 Client License
New for WebFOCUS 8
Enforces Licensed Options
Features: BI Portal, InfoAssist, ReportCaster, etc.
Managed Reporting user count
InfoAssist user count (future release)
Work with Customer Support/Account Team
Make sure your site code (XXXX.nn) reflects your products
41
Migrating to WebFOCUS 8
42
Migrating to WebFOCUS 8
Built-in Utilities to Simplify the Process
Utility Migrates 7x Content
ReportCaster Content
Managed Reporting Content
Dashboards
Dashboard Conversion to BI Portals
Not Automatic
User Experience and Policies Preserved
Identical folder structure
Identical security policy
43
Understanding a Migrated Policy
MR7x to WF8
MR 7x users had only a single role and optionally a
few extra privileges
The role was defined on the user
Migration creates a policy with this same behavior
Requires the User Default Role (UDR) Setting
44
Understanding a Migrated Policy
MR7x to WF8
Sets special system Roles between migrated Groups
and Domain folders
45
Understanding a Migrated Policy
MR7x to WF8
Enables Default Role tab on the user account
Here the user’s 7x “role” and “privileges” are defined
They apply to all Domain folders
46
Summary
47
WebFOCUS 8 Technical Overview
Summary
Rich Portal and Tool Interfaces
Replace BI Dashboard and Java Applet UIs
Integrated Repository Based on IBFS
Unified, fully localizable repository for MR, BIP, RC
Full control of content organization and security policy
Resource Templates simplify security policy creation
Enhanced Content Publishing and Sharing
External Authorization Built-in
Migration Utilities Streamline Upgrade
WebFOCUS 8.0.01 requires 8.0.01 Report Server
48
49