Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SHARING] Three tier / Self-service / MRE / Dev Studio / Security Conundrum

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SHARING] Three tier / Self-service / MRE / Dev Studio / Security Conundrum
 Login/Join
 
Expert
posted
We are being arm-twisted into merging two completely different environments into one, but somehow keeping everything separate - we do not want users of one group to run reports of the other group, we do not want the developers of one group to edit the programs of the other group.

I've tried several scenarios but every time I make one small change to security or some other parameter - things get messed up.

Current Environment 1:
Self-service app that uses MRE for security - login screen logs in to MRE and then navigates to a self-service parameter screen. Generic User ID with non-expiring Password is used for database access.

Current Environment 2:
Self-service app that uses it's own security to validate user access. User ID and expiring Password is used for database access.

New Combined Environment:
We were told by Information Builders to use "APPLOCK" (Technical Memo 4613: Creating Private Application Views With APPLOCK). Convert Environment 2 to login to MRE and then use App Path defined for the logged-in user. This means every User in Environment 2 must be added to MRE and also every user must have a profile on the reporting server - this sets the App Path. Then in Developer Studio, the user must log in to MRE to have the available Self-service App Folders only be the ones based on the user App Path Profile. Dev Studio does not seem to login to MRE automatically - you have to click on the MRE icon to log in every time you open Dev Studio.

All this seems counter intuitive and annoying, and I can't make it work perfectly for the two different types of users.

Does anyone have any ideas?

This message has been edited. Last edited by: Kerry,


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
 
Posts: 10577 | Location: Toronto, Ontario, Canada | Registered: April 27, 2005Report This Post
Member
posted Hide Post
One idea is to create an additional service in the WebFOCUS Reporting Server, specify a new node (server) in the odin.cfg to point to this service.

One application would use the default server node and the other application would use the new server node.

You could then use a service profile to set the app path.


7
Excel, PDF, HTML, PPT
 
Posts: 2 | Registered: August 28, 2008Report This Post
Platinum Member
posted Hide Post
Francis,
What are you presently running for security on the Reporting Server? Depending on what you're using might open up different options.

e.g. With LDAP security on the Reporting Server you can use group profiles based on an LDAP group instead of having individual user profiles.

As far as the merging of the environments are concerned, based on your description I don't see why you'd have to add the second environment to Managed Reporting if you're happy with the level of security you presently have in that environment.

APP LOCK is implemented at the Reporting Server level. Since APP LOCK that is going to keep your MAS and FEXes on the Reporting Server from being accessible from other users, whether Managed Reporting is in the picture really doesn't mater.

APP LOCK does not do anything with Managed Reporting content and it will only limit the MAS and FEXes that come from the Reporting Server. It will not impact the domains, or FEXes within the MR content.

In addition if you want Developer Studio to log into Managed Reporting automatically you can save your credentials within the environment configuration. The prompt for credentials should also have a "remember" checkbox.

Thanks,
Doug Logan
 
Posts: 203 | Registered: November 19, 2007Report This Post
Expert
posted Hide Post
bhearn, a very intriguing idea, thank you. Would this affect WebFOCUS licencing? The goal of this is to reduce the number of licenses.

Regards,


Francis


Give me code, or give me retirement. In FOCUS since 1991

Production: WF 7.7.05M, Dev Studio, BID, MRE, WebSphere, DB2 / Test: WF 8.1.05M, App Studio, BI Portal, Report Caster, jQuery, HighCharts, Apache Tomcat, MS SQL Server
 
Posts: 10577 | Location: Toronto, Ontario, Canada | Registered: April 27, 2005Report This Post
Platinum Member
posted Hide Post
It definitely would not require another WebFOCUS Client license, and I believe it would not require another Reporting Server license.

However, if you check with your local branch they should be able to verify.
 
Posts: 203 | Registered: November 19, 2007Report This Post
Member
posted Hide Post
You would still only be using one Reporting Server instance, just with multiple services under the one reporting server so it should not require an additional license. But yes, check with your local IBI rep.

This is also a good technique to separate the report requests from your adhoc (Report Assist or Info Assist) users and your standard parameterized report users (to minimize the impact of any run away adhoc requests from affecting your standard report response times as each service can be tuned differently - max cpu limit, memory limit, etc).


7
Excel, PDF, HTML, PPT
 
Posts: 2 | Registered: August 28, 2008Report This Post
Virtuoso
posted Hide Post
We something similar for our RC requests and external user scheduling where authentication is hard-coded for system access. External self-service applications contain their own security but use a system account for WF access. All other access is through MRE.


Regards,

Darin



In FOCUS since 1991
WF Server: 7.7.04 on Linux and Z/OS, ReportCaster, Self-Service, MRE, Java, Flex
Data: DB2/UDB, Adabas, SQL Server Output: HTML,PDF,EXL2K/07, PS, AHTML, Flex
WF Client: 77 on Linux w/Tomcat
 
Posts: 2298 | Location: Salt Lake City, Utah | Registered: February 02, 2007Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SHARING] Three tier / Self-service / MRE / Dev Studio / Security Conundrum

Copyright © 1996-2020 Information Builders