====== Defining User, Groups and Profiles in BIPLUS ======

[[biplus:documentation:admin_guide:user_groups_profiles#defining_users|Defining Users]]

[[biplus:documentation:admin_guide:user_groups_profiles#defining_groups|Defining Groups]]

[[biplus:documentation:admin_guide:user_groups_profiles#defining_profiles|Defining Profiles]]


===== Defining Users =====
==== User Types in BI PLUS====
As of version 3.5, BI PLUS support the following Users types:
  * [[biplus:documentation:admin_guide:user_groups_profiles#administrator|Administrator]]
  * [[biplus:documentation:admin_guide:user_groups_profiles#reporter|Reporter]]
  * [[biplus:documentation:admin_guide:user_groups_profiles#developer|Developer]]
  * [[biplus:documentation:admin_guide:user_groups_profiles#power_user|Power User]]
  * [[biplus:documentation:admin_guide:user_groups_profiles#external_user|External / Remote User]]

==== Administrator ====
As the title implies, Administrator user are those users who can log into BIPLUS Administration and perform administrative tasks, which include:
  * Locking the repository
  * Managing the License Key
  * Creation / maintenance of Users
  * Creation / maintenance of Data Sources
  * Creation / maintenance of Privilege Groups
  * Maintain the scheduler, scheduled reports, scheduled cache refreshes
  * Maintain ETL Tasks, scheduled ETL jobs
  * Manage Repository Administration & Configuration Management
  * Export / import of reports, Global Field Formats, Themes, Privilege Groups, Data Sources and Users
  * Template maintenance
  * Cancel developer / power user's report checkouts / force check-ins
  * Repository Comparison
  * Monitoring of server resources
  * Applying Patches
  * Enabling, tracing and disabling of BI PLUS debug mode
  * Clear individual and global caches
  * Maintain governor timeouts per datasource, per user and global settings
  * Maintain Data Object permissions
  * Theme Maintenance
  * Maintain Broadcast messaging
To access the administrative features, you need to login in [[biplus:documentation:admin_guide:pre-requisites#your_first_login|Admin mode]] 

==== Reporter ====
A Reporter user is a Consumer/End User of BI PLUS. Reporter users log onto the system and run the reports they have access to by way of the privilege groups granted to them. Reporter users can interact with BI PLUS on an individual report basis by:
  * Running reports
  * Save-as to various static formats (HTML, PDF, Excel, CSV, PNG, RTF, TXT, XML)
  * Annotation of reports
  * Pivot Analysis & Pareto Analysis
  * Filter, sort, summarize & search
  * Schedule, email, print reports
  * Maintain their own favourites sub-menu
  * Create their own desktop shortcuts to certain reports
To use BI Plus reporter, login in [[biplus:documentation:admin_guide:pre-requisites#your_first_login|Reporter mode]]. 

Reporter users do NOT create their own reports, but rather have developers create the reports for them. Reporter users can log into BI PLUS via VPN (intranet enabled over the internet).


==== Developer ====
A Developer user is a user who authors (creates) the reports that Reporter users will consume. Developer users will typically be familiar with SQL and the Data Model of the data structures they will be creating reports against. Developer users and Admin users will use the /Admin extension of the home URL for the BI PLUS installation (http://server:portnumber/BIPLUS**/admin** ). Reporter users can access BI PLUS by the authentication type the Administrator assigns to their User-ID.

==== Power User ====
A Power User is a hybrid type of user, who has both Reporter capabilities and also Developer access. Power users are like an advanced type of user, who understands some SQL, but more importantly, understands the business needs and are able to create their own reports for the data source and objects they have been given access to. Power users can access either the Reporter interface of the Developer interface. When they access the Developer interface, they will have 1 master Category called ‘My Reports’ under which they can create and maintain their own reports. These reports are not visible to other users.

Power users are subject to the same governor limits that any other user is governed by and only an Administrator can change these.

When a Power User wishes to publish a personal report, they can right-click the private report and request to publish it, The Administrator then receives the publish pending request and will then set the report live for access by the public domain (everyone else allowed to run reports).

==== Remote User ====
Remote users do not actually log onto BIPLUS directly but interface with BIPLUS via POP and email accounts.

A Remote user MUST have a valid email address and all requests for reports will come via this address.

If BI PLUS has been configured for report access by Remote users, then BI PLUS will pull report requests from Remote users via a POP queue.

BI PLUS will find the sending email address of the POP request. If the sending email address ties up with a valid and active Remote user account, then BI PLUS goes on to check the privilege groups of the requested report and the Remote User, otherwise the email request is dropped and ignored. Benchmarks have shown that BI PLUS running on a single-CPU windows server is easily able to handle in excess of 1,000 POP requests per minute, depending of course on the nature of the report request (A 500 page PDF document report may take a little longer to process and a lot more memory than an average 1 or 2 page report). 
==== Managing users ====

**Note : Only Administrators can create users in BIPLUS.**
 
To create a new user, open the **Users** dialog from the Admin menu. 

{{:biplus:documentation:user_menu.png?nolink&550|}}


The **Report Users** Dialog is opened. This dialog displays current available users in BI PLUS and their pertinent information (like Login Name, First Name, Last Name and privileges). 

{{:biplus:documentation:report_user.png?nolink&550|}}

Using **Report users** dialog, you can do following operations.
  * Add: allows you to create a user.
  * Modify: allows you to modify the selected user's information like password, contacts, groups, profiles.
  * Delete: allows you to delete the selected user.
  * Copy: Copies the selected User details into a new user record.
  * Export: Export selected users into a .smd file.
  * Search: Searches for a user through the user list.
Now click the **Add** button. The **User Details** Dialog box as shown below opens.

{{:biplus:documentation:user_detail.png?nolink&550|}}

This is the main dialog where we create a user and set their user type and privileges. This dialog contains several fields. Fields in bold are mandatory fields required to create a user. Let's examine each field one by one.
  * **Login:** login name of the user to log into BIPLUS. Login values must be unique.
  * **Password:** password to log into BIPLUS
  * **Confirm Password:** password & Confirm password should be same.
  * **User Type:** Lets you select the login type for the current user. User types supported in BIPLUS are Admin, Developer, Reporter, Power User and Remote User.
  * Status: Status of the user, whether user is Active, Inactive or Locked.
  * First Name: First name of the user.
  * Last Name: Last name of the user.
  * Phone: Phone number of the user.
  * Mobile: Mobile number of the user
  * Email: Email address of the user.
  * Profile: Lets you set a profile for the user. A user may only be linked to 1 profile
  * Login Type: Set the login type for the user if multiple login types have been configured. The default Login Type is BIPLUS. LDAP login type is also supported (if configured).
  * Creation Date: User creation date is automatically set by BIPLUS.
  * Expiry Date: You can set an expiry date for the user. 
  * Properties: Not used widely, reserved for engineering purposes.
  * Preferences: Lets you to set the default report for the user, which will be executed automatically by the user upon login.
  * Groups: Lets you to assign the Groups which current user is to be a member of.

Once you are done with the field edits, click on the **OK** button to save the changes. If you attempt to exceed the limits of your license, BI PLUS prevents you from doing this when you try to add a new users. This covers user management in BI PLUS.
===== Defining Groups =====

The reason for defining users in BI PLUS is to have named users where they can log into the application and thus provide secure reports. BI PLUS supports group access control to reports, so that if a report is assigned to a particular privilege group (Report Group), then only those users who have been assigned to the particular group are able to see the report. This prevents situations where you have payroll or sensitive reports that only certain managers should see, from being viewed by unauthorized users.

To create a **Group**, open the **Groups** dialog from the Admin menu.

{{:biplus:documentation:group.png?nolink&550|}}

The **User Groups** dialog is opened.

{{:biplus:documentation:user_groups.png?nolink&500|}}

Here, you can perform several tasks like...
  * **Add:** Allows you to add a group.
  * **Modify:** Allows you to Modify a group.
  * **Delete:** Allows you to delete a group.
  * **Copy:** Allows you make copy of a group.
  * **Export:** Allows you to export group in a .smd file.
  * **Search:** Allows you to search a group in list of groups.

Clicking on the **Add** button opens the **Group Details** dialog. In this dialog you can mention Group Name, description about that group, Group Type and Members Users. Group Type determines whether this group is for Reports or Data sources. 

Here you can see the added Group Name as 'Finance' and its description as 'Finance related users are in this group'. the group type for Finance group is 'Report' and a few users have already been added (TOM, JIM, ADMIN) as members of this group, using right arrow button. Once done, click on **OK** button to save the changes.

{{:biplus:documentation:group_details.png?nolink&400|}}

After clicking on the **OK** button you will see 'Finance' group in the groups list.

{{:biplus:documentation:user_groups_1.png?nolink&500|}}

That’s it, you’re done ! TOM now belongs to the 'Finance' group and the next time he logs in, all the report hierarchies for the 'Finance' Privilege group will now be visible to TOM. This is the way that users and groups are linked with each other.

You can also cross-check whether users are correctly assigned to specific group, by checking the users details dialog. The following image shows details for user 'TOM', showing that 'TOM' is assigned to the 'Finance' group.

{{:biplus:documentation:user_details_for_group.png?nolink&550|}}

===== Defining Profiles =====

BI PLUS profiles exist to enable the restriction of certain BI PLUS end-user features. A profile is created, the behavioral properties are then either enabled or disabled for the profile. The profile is then granted to one or more users and when these users log on, the particular feature will not appear (if disabled) or appear (if enabled for the profile and disabled for the environment).

To create or modify a profile, click the ‘Profiles’ option of the Admin menu.

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:profiles.png height="40%" width="40%" >
</html>

Clicking on Profile menu opens the **Profiles** dialog. This dialog allows you to add, modify, delete, copy and export selected profiles. 

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:profiles_dialog.png height="35%" width="35%" >
</html>

By default no profiles are created in BI PLUS. Click on the **Add** button to create a new profile. The **Profile-New profile** dialog opens. Here you can create a profile for executives and disable a few of the features for the users assigned to this profile. You can add and select as many as features you want and enable/disable them. Users with this profile will not be able to save or print any report. See the image below.

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:profile_feature_adding.png height="40%" width="40%" >
</html>

Click on the **OK** button to save the changes.

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:profile_features_1.png height="40%" width="40%" >
</html>

Multiple profiles can be created.

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:profile_created.png height="40%" width="40%" >
</html>

Once the profile is created you need to assign that profile to specific users. This can done using the **User Details** dialog of Users menu. The profile field drop-down allows you to select a specific profile for a user. The following image shows that user 'TOM' is assigned the 'Executive' profile and hence he will not be able to Save & Print any report. Click on the **OK** button to save the changes.

<html> 
<img src = http://wiki.seemoredata.com/lib/exe/fetch.php?&media=biplus:assigning_profile_to_user.png height="40%" width="40%" >
</html>

==== Dynamic Data Sources using Profiles ====

BIPLUS profiles allow the creation of dynamic datasources. This is useful in a hosted situation where there may be a separate database/schema or users for each customer that logs on and uses this dynamic datasource to get to only their data. The **Expression** tab in profile allows us to achieve this. 

{{:biplus:documentation:profile_expressions.png?nolink&550|}}

First, create a datasource that will not work (due to no username or password values, which are required for an Oracle connection). Now, you can dynamically override this datasource in the profile.

{{:biplus:documentation:dynamic_datasource_oracle.png?nolink&550|}}

The following screenshot shows that the 'Executives' profile will over-ride the datasource called DYNAMC-ORA with a datasource called northwind-ORA. 

**Note:** You may only override a datasource once in a profile. If you try to add a 2nd override for a single datasource, you will get an error where BI PLUS will ask you to rename one of them or drop the one not needed.

{{:biplus:documentation:adding_exprsn_in_profile.png?nolink&550|}}

User 'JIM' has been assigned the 'Executives' profile, which means that any report JIM runs based on datasource DYNAMIC-ORA will pick up the actual overridden datasource from the profile Executives.

{{:biplus:documentation:assigning_profile_for_dymanic_ds.png?nolink&550|}}

A simple report based on the query ‘SELECT USER FROM DUAL’ will show how dynamic datasources work.

{{:biplus:documentation:dynamic_ds_profile_report.png?nolink&550|}}

The header information will reflect which user is running the report, by binding the LOGIN session variable value into the header.

{{:biplus:documentation:user_information.png?nolink&550|}}

Log into the Reporter with the username JIM. Previously, JIM was assigned the Executive profile, which overrode the DYNAMIC-ORA datasource with the northwind-ORA datasource, which is based on the Northwind schema.

{{:biplus:documentation:dynamic_ds_report_run.png?nolink&550|}}

You can see now that the dynamic datasource has been invoked by user JIM. The northwind-ORA connection is based on the Northwind schema / user.

**Caching Caution:** If a report is based on a dynamic datasource and the report is cached,  the cache will be hosted on the BI PLUS file system and there will not be any indication as to which actual datasource the cached data originated in, so it might be possible to be looking at a completely different environment’s data.

**Data Object Caution:** If a data object is based on a dynamic datasource, that means that the security layer as well as the caching mechanism needs to push the credentials of the user currently accessing it, and Data Objects were never meant to be used in this way.