Hi all,

I'm trying to find information about the creation and use of Group or User Profiles in the Managed Reporting Environment and I'm not finding much.

Here is my objective - I have created a Business View of a synonym and in order for it to work properly in tools like Report Assistant or Power Painter the environment variable SET FOCTRANSFORM=ON must be set. According to the documentation I found on Business Views this SET command must be issued in the global server profile or in a user profile. I'm not sure I want to set it at the server level and I sure don't want to manage a whole bunch of user profiles. The ideal would be to set it at the domain or group level.

I tried adding the SET command to the domain profile procedure but it doesn't seem to be working from there. When it is not working you get an error "(FOC32508) "Error processing request using BV MFD: 'viewname'". This seems to occur when I create parameters that use dynamic lists.

Here are my questions:
1) Is there a way to see what environment variables are SET? I'd like to be able to see the variables so I can determine if indeed that is where the problem is coming from.
2) Where can I find good info on Group and User Profile creation and the types of things that can be managed by using them? I can't find 'profiles for dummies' type documentation to help me with the Group or User Profile creation!

Thanks in advance for any assistance!

Dan Pinault

Dan,

Profiles and APP commands are documented in the Server Adminstration manual for your platform, in your case: UnixNtAsOpen_SrvAdm761.pdf.

These are server profiles and have nothing to do with the MRE logon id. If you have security turned on in your server (OPSYS) and make you users do a dual logon (MRE and EDASERVE), then you can use the user profile concept. That means that each user had to have an id on the box where the server is. A lot of sites just use a default id. In that case, user profiles won't buy you anything. You'll have to check to see which way your site is set up.

And I know Chris asked about group profiles as well in another post. I have a Unix implementation and I know that I cannot use a group profile. It would be great if I could. You might be able to on Windows.

Happy reading!

Thanks for the response Ginny.

I've been playing with this all day and here is what I have learned...
Using a Business View as a Master File requires the SET FOCTRANSFORM=ON command. Because I don't want to manage individual user profiles I followed the instructions in the Server Administration manual (http://216.245.184.137:8080/ibi_apps/webconsole/iwaynode_EDASERVE/ibi_doc/wsmmain.html#3254023) to create a Group Profile and add the command there. That did not work for me. I can run Report Assistant and select the Master File and build a report but I get errors when I run the report. I also can not retrieve values to populate parameter lists. This tells me that the SET command is not really being processed.
Our security mode is set to OPSYS but I'm not sure if we make the users do a 'dual logon' as you say.
So, I abandoned that approach and built a Reporting Object based on my Business View. Inside the Reporting Object's 'Other' section I added the SET command. This actually works. The only limitation I see now is that parameters can not be set to populate dynamically. If you select static, retrieve the values and populate the parameter with those it works just fine. In fact, even my where clause I created in the Reporting Object was upheld and the retrieved values were limited by it.
On a side note, I discovered that where clauses in a Reporting Object based on a regular Master File were not upheld when using dynamically populated parameters. This seems to be a separate issue that I will research outside this thread.

When security is set to OPSYS:

Profiles for operating system users are supported on all platforms; profiles for groups are
supported on all platforms except Windows.

Piipster,

Thanks for the answer to my previous Group Profile question (posting "How to limit items in WebFOCUS Masters List).

You said "profiles for groups are
supported on all platforms except Windows". I'm in a pure Windows shop, and this explains why I couldn't find a place in IBI's product that sets them up. Is there manual or TechMemo reference confirming this or is this another experience proven undocumented 'Foc-feature'?

Chris Burtt

Piipster,

We are using Active Directory to authenticate our users. We plan to deliver all our applications via MRE. Would it make more sense for us to change the security mode from OPSYS to LDAP? This would then allow us to use group profiles, yes? I'm not an admin nor anything close to a security expert. What are the basic implications of making this switch in security mode?

While we're at it I want to be sure that we are talking about the same thing. Are we talking about Groups as defined in MRE Administration or are we talking about Groups as defined in Active Directory?

Thanks,

Dan

quote:

Is there manual or TechMemo reference confirming this or is this another experience proven undocumented 'Foc-feature'?

Server Administration for UNIX, Windows, OpenVMS, i5/OS, and z/OS
Version 7 Release 6.2
DN3501728.0507
Chapter 2

I am no security expert either.

My first suggestion would be to take a look at the security manual, if you haven't already. There are different types of security applied at different levels. The security manual will help you get them straight. You also need to consider this need ofr group/profiles in context with all your security requirements.
WebFOCUS Security and Administration
Version 7 Release 6.1 and higher
DN4500790.1107


The next thing would be to talk to your SE or local consulting team to have them provide recommendations based on the specifics of your environment.


To clarify groups:
Managed Reporting Groups are used to associate Managed Reporting Users with the domains in MR that they can access.
Groups at the Reporting server level (based on LDAP or OS group levels) are used to determine what data resources a user can access.



...and...based on a help screen from my R764 Server console Security set to LDAP will allow you:
Control of the data resources can be accomplished via creating different profiles for LDAP users and LDAP groups.

So how's that for a non answer?

Hi all,

We finally switched our security mode from OPSYS to LDAP yesterday and now we are able to use Group Profiles in our Windows environment.

It is important to note that the Group Profile name corresponds to a user group in our Active Directory rather than to a group in MRE.

It is also important to note that the name of the group can not include spaces.

There is no obvious place to add a Group Profile so we just added them in the same place that we added user profiles using the Web Console.

After some testing the Group Profiles are performing the same as the user profiles did. The good news is that we only need to maintain a fraction of the profiles we would have if we were still using user profiles.

If the rumors I hear concerning the next major release are true then there will be much better synchronization between Active Directory security and MRE security. I'm looking forward to that!

Dan