SAP BO Access Management
As part of the Essentials and Flex Cloud offerings, there are certain Business Objects roles that are set up as default.
The Sys Admin Business Objects (BO) role is set up as default. The Sys Admin role is distributed to the customer’s SaaS Administrator. The customer’s SaaS Administrator is responsible for distributing access to additional users, by creating new roles which are of equal or lesser access to the System Administrator role.
Groups and users are synchronized between Maconomy and Business Objects. This is done with the USync tool that is scheduled to run automatically every night. Creation and deletion of roles in Business Objects should take place within Maconomy. All standard roles are provided as groups in Maconomy. Any new roles need to be created in Maconomy. Deletion of roles also takes place there. Users need to be assigned to their BO role by assigning them to the relevant group in Maconomy. Removal of users from Business Objects role is done by removing the user from the relevant group in Maconomy.
The following are the standard roles provided in the Flex Cloud Business Objects solutions:
- System Administrator - Flex Only
- The System Administrator role gives full access to all functions in the Business Objects solution to administrate content, users and applications. This includes folders, inboxes, categories, universes, calendars, and events. The System Administrator cannot modify the Administrator user as this is role is only accessible by Deltek Cloud Operations. Furthermore, the System Administrator does not have access to any server management as that is controlled by Deltek Cloud Operations. This includes servers, server groups, replication lists, federation and the multitenancy management tool. Connections are also controlled by Deltek Cloud Operations but the System Administrator and all other roles have read access to these.
All non-administrator Maconomy users are automatically transferred into BO every evening via USync. USync synchronizes/creates usernames in Business Objects exactly per the setup in Maconomy, which is provided by the SaaS Administrator. The new users are all created with a secure (unknown) password. Maconomy groups are also transferred to BO and assigned to the relevant users.