Securing the Adapter

There are two types of users associated with the BODS Adapter, Runtime Users, and Schedulers. You maintain definitions for these types of users from the Users pane.

  • Runtime Users

    Runtime users in the context of BODS jobs represent those users and passwords required for authentication. BusinessObjects Data Service operations require authentication against a valid BODS user as defined by a BusinessObjects Data Services administrator. You can also use runtime users to override data source logons used by your reports.

  • Schedulers

    Schedulers are those users who will define and manage BODS jobs. There are three aspects of a user profile that grant and limit access to scheduling jobs that affect BODS:

    Security policy that grants or denies add, edit, delete and view capabilities for BODS jobs.

    Authorized runtime user list that grants or denies access to specific authentication accounts for use with BODS jobs.

    Authorized agent list that grants or denies access to specific BODS Adapter connections for use when defining BODS jobs.

Defining Runtime Users

To define a runtime user:

  1. Expand the Administration node from the Navigation pane and click Runtime Users to display the defined users.

  2. Right-click Runtime Users and choose Add Runtime User from the context menu (Insert mode).

    OR

    Click Add. The User Definition dialog appears.

  3. Enter the new user name in the User Name field.

  4. Enter the Full Name or description associated with this user.

  5. Click the Domain field and choose a Windows domain associated with the user account required for authentication, if necessary.

  6. Click Add on the Passwords tab to define this user as a runtime user for BODS jobs. The Change Password dialog appears.

  7. Choose BusinessObjects DS from the Password Type list.

  8. Enter a password (along with confirmation) in the Password/Confirm Password fields. Only those users with a password specified for BODS will be available for use with BODS jobs. The password might be the same as the one specified for Windows/FTP jobs.

    Note: If you have updated the passwords and are experiencing issues with running jobs or events, we recommend disabling and re-enabling the connection to ensure everything works properly.

  9. Click OK to return to the User Definition dialog.

    The new password record displays on the Passwords tab.

  10. Click OK to add or save the user record in the TA database.

Authorizing Schedulers to Work with BODS Jobs

Access to the BODS environment is controlled by assigning a BODS security policy with specified privileges to user accounts. The system administrator should create a new security policy or edit an existing policy in Scheduler as described in the Users chapter of the User Guide, that in addition to the normal user privileges includes the capability to add and edit BODS jobs. A user whose assigned security policy does not include BODS privileges cannot create and run BODS jobs.

To authorize Schedulers:

  1. Click Administration > Security Policies on the Navigation pane to display the Security Policies pane.

  2. Right-click Security Policies and click Add Security Policy. You can also right-click the Security Policies pane > Edit Security Policy to choose an existing security policy.

  3. Enter a name for the policy in the Security Policy Name field.

  4. Click the Functions tab, scroll to the BusinessObjects DS Jobs category, click the ellipses on the right-hand side of the dialog and click the checkboxes next to the functions that are to be authorized under this policy (Add, Edit, Delete, and View BusinessObjects DS Jobs).

  5. Click Close on the Function drop-down list.

  6. Click OK to save the policy.

Defining BODS Scheduler Users

To define a Scheduler user to work with BODS jobs:

  1. Expand the Administrative node from the Navigation pane and click Interactive Users to display the defined users.

  2. Right-click Interactive Users and choose Add Interactive User from the context menu (Insert mode). You can also right-click a user in the Interactive Users pane and choose Edit Interactive User from the shortcut menu (Edit mode).

    Note: If this is a new user definition, enter the new user name in the User/Group Name field.

  3. Enter the Full Name or description associated with this user.

  4. Click the Domain field and choose a Windows domain associated with the user account required for authentication, if necessary.

  5. Click the Security tab, then click Other and choose the security policy that includes authorization for BODS jobs.

  6. Click the Runtime Users tab.

  7. Click the BODS users that this scheduling user can use for BODS authentication from BODS jobs.

  8. Click the Agents tab.

  9. Choose the checkboxes for the BODS connections that this scheduling user can access when scheduling jobs.

  10. Click OK to save the user definition.