Maconomy Enterprise Cloud Online Admin Guide

Using the Help Search
Using the Help Search
  • Phrase:Returns all topics that contain the exact phrase in the search criteria. Use quotation marks around the phrase.
    Ex."system administration"
  • And:Returns all topics that contain all the words in the search criteria, in any combination. Insert a plus sign between all words in the search criteria.
    Ex.system + administration
  • Or:Returns all topics with any combination of words in the search criteria. This is the default.
    Ex.system administration
For more information:Searching Online Help

Recommended Access Roles for Business Objects

You can setup Business Objects access roles using this guide.

As part of the Enterprise Cloud offering, the SysAdmin Business Objects (BO) role is set up as default. The SysAdmin role is assigned to the customer’s SaaS Administrator. The SaaS Administrator is responsible for distributing access to additional users by creating new roles of equal or lesser access to the SysAdmin role.

Groups and users are synchronized between Maconomy and Business Objects. This is handled by the USync tool that is scheduled to run automatically every night. Creation and deletion of /groups in Business Objects takes place within Maconomy. All standard roles are maintained as groups in Maconomy. USync will run each evening to synchronize Maconomy with BO. If you require the synchronization to happen earlier please raise the Run USync to sync users with Business Objects service request in the Deltek Support Center.

Note: Creating or deleting groups must take place in Maconomy. Users must be assigned to their BO role by assigning them to the relevant Maconomy group. Removal of users from Business Objects role is done by removing the user from the relevant group.

The following roles are provided as standard in the Enterprise Cloud Business Objects solution:
  • SysAdmin
    • The SysAdmin role gives full access to all functions in the Business Objects solution to administrate content, users, and applications. This includes folders, inboxes, categories, universes, calendars, and events. The SysAdmin cannot modify the Administrator user as this role is only accessible by Deltek Cloud Operations. The SysAdmin does not have access to any server management as Deltek Cloud Operations handles this. This includes servers, server groups, replication lists, federation, and the multitenancy management tool. Connections as also controlled by Deltek Cloud Operations, but SysAdmins and all other roles have read access to these.
    • The SysAdmin has full control over content in the customers Development environment. This includes access to necessary development tools such as the Information Design Tool, the Upgrade Management Tool, and Promotion Management. These tools are not available in Test and Production environments, where Deltek Cloud Operations controls all content. Content is promoted from Development to Test and then to Production by Deltek Cloud Operations.

All non-administrator Maconomy users are automatically transferred into BO every evening via USync. USync synchronizes and creates usernames in Business Objects per the setup in Maconomy provided by the SaaS Administrator. The new users are all created with a secure (unknown) password. Maconomy groups are also transferred to BO and assigned to the relevant users.

If a user requires direct access to the SAP BI Launch Pad (formally InfoView), a SaaS Administrator must log in to the BO CMC system and update the password for that user in Users and Groups and assign appropriate user rights. An administrator of the BO system is typically a SaaS Administrator for the customer.

When the SaaS Administrator starts looking at setting up the Business Objects Access Provisioning, the following role suggestions can be used as a guide. We recommend that Consultants during Implementation include a Maconomy group for each Business Objects role and the SaaS Administrator ensures these groups are kept in Maconomy moving forward:

Universe Developer

It is recommended to have a role intended for users who need to develop and maintain universes within Business Objects. In the Development environment, this role should give full access to folders and tools to create and modify universes. This includes folders for LCM (Life Cycle Management), the Report Conversion Tool, Visual Difference, and others. Accessible tools include the Information Design Tool, Design Studio, Promotion Management, Lumira, and others. Like the Sys Admin role, tools and access to modify content will not be available in Test and Production environments. It is recommended that Universe Developers also have the role of Report Developers. The Universe Developer role should have read access to connections as other roles.

Report Developer

The Report Developer role contains the necessary access for users that need to create, modify, and delete reports in Business Objects. It is recommended that this role provides access to the necessary folders such as LCM (Life Cycle Management), the Report Conversion Tool, and BPM\Development. Access to tools such as Lumira, Design Studio, Visual Difference, Upgrade Management, and Web Intelligence can also be provided. As with other roles, tools and access to modify content will not be available in Test and Production environments. The Report Developer role should have read access to connections as other roles.

Ad-hoc Report Developer

This role is recommended to give users full access to their Personal Folder and the ability to create and modify WebI reports. This allows users to modify existing reports and create new reports from within WebI and save them in their Personal Folder. This can be done on the customer’s production system. The Ad-hoc Report Developer role should have read access to connections like other roles.

Report Viewer

Deltek recommends setting up a role to provide the necessary access for users to view Business Objects content. This includes read access for folders that store content, connections, and tools for this purpose. It is recommended that all users created by USync are given the role of Report Viewer.