In Resume
|
|
Project
|
Security Implementation in Carson and Cherry-point Refinery data
|
Customer
|
BP International
|
Period
|
June-2010 to Aug-2010
|
Description
|
Two refineries Carson and Cherry-point have MAXIMO 4 setup. More than
1200 BO reports are running on MAXIMO repository there with no security.
BP needed to identify and separate the users to see each other reports
even data also. Security will be application level, object level and location
level. TCS responsibilities was helping BP functional expert to understand
and propose the possible security model and implement it as a whole.
|
Role
|
As a single resource top to bottom work.
|
Solution Environment
|
Windows 2003 server, XP SP3, Oracle 10g Database
|
Tools
|
Business Objects XIR3 (SP3)
|
Highlights
|
Involved in the below activities:
|
While I was busy with the NIKE project there was a project
already started. Maximo upgrade project for three refineries in USA - Carson,
California, Cherry-Point, Washington and Toledo, Ohio. These three refineries have different type of
complexity regarding the functionality and implementation purpose. TCS was
started implementing Maximo 7 on those three locations.
While
designing the reporting structure on Maximo tools the analytics team came to
understand that the reporting tool available in Maximo is not fit with the type
of reporting they want or they have. It demanded a robust and excellent
reporting system which solves their complex ad-hoc reporting purpose.
When
analytics team dig into the existing Business objects application, our
analytics team discovered that there is no security enabled in the reporting
environment and everyone can see everyone’s data. That was ridiculous and the
reporting implementation will be after the Maximo upgrade. This means, they
need to fix the big issue in existing environment. They have to implement the
security before the requirement analysis starts for reporting.
That
was immediate requirement and I was pulled out from my running project and tag
with a SME to implement the security.
When I
dig into the existing systems I came to know that Carson and Cherry-point have
identical systems and have BOXIR3 as a reporting tool while Toledo has BO 6.5.
Toledo is not interested to implement security as the structure was different
there and very few employees have direct access to reports. They want to
implement the security on Carson and Cherry-point and replicate it in Toledo
when that will upgrade to BOXIR3 after Maximo implementation.
Security
requirement was very complex and at the end of the project I implemented the
entire security pattern present in BO environment to match up to the goal. Let
me explain the problem first in short and then I will explain a summarized
detail of the implementation:
Problem Description:
|
Two refineries have active directory user authentication. All have
their NT ID and the security will be based on that. User will be of four type
by their access level – analyst, general, HR and special access. Analysts
have majority access points and they can see a big amount of universe
objects. Generals are common users who will not be able to see all the
objects but a part of object list and will be given access based on their
user id.
There will be a super user who will be given access for all the
administrative roles like user authentication jobs or report movement from
folder to folder but will not have access to universe designer. A super user
can see multiple sites data. They can create report using multiple sites
data.
Managers for each site will see their own sites data and also can see
what the common users can see.
Managers will have administrative access on the groups to add or
remove users from it. They cannot see other sites data.
Special access users will have set of objects access which is coming
from different application. Those objects will not be visible to any other
employee (sometime including managers).
There are also some special cases which require seeing a set of objects
with predefined filter value which is not filtered out for other users.
No users except super user and administrator can edit or publish
corporate documents reports. Also the SQL button will be removed from their
view.
|
Taking the above scenario (some additional secret rules) I
build a security matrix and implemented the project: (A short summary is below)
|
Solution
Process
|
|
There are several other things which I am planning to put in PPT and put it in
my blog. The whole structure of the security was so complicated and I cannot
recollect it all. I got several client appreciations for implementing this as
in future the same structure will be followed while combining all three universes.
No comments:
Post a Comment