Page tree
    Skip to end of metadata
    Go to start of metadata

    There are two types of authentication available for use with the product: BusinessObjects Business Intelligence (BI) Enterprise and LDAP.

    For users to be authorized to use BMC Decision Support – Network Automation, they must have role assignments in BMC Network Automation. These roles control all access in BMC Decision Support – Network Automation, as described in Product roles and the access control system.

    After the product installation, the role assignment information is transferred to the BMC Decision Support – Network Automation data warehouse using the Extract, Transform, and Load (ETL) process. ETL runs populate the data warehouse with report data and role authorization details. A utility called URG Mapper is responsible for mapping the role authorizations to the BMC Decision Support – Network Automation groups. URG Mapper runs hourly through a Windows scheduled task, called bds_urgmapper_tsk. This task is created during the product installation. The mapping and group authorizations are described in Product roles and the access control system.

    Authentication setup and how it influences user and group creation

    You can use one or both authentication types (BusinessObjects BI Enterprise and LDAP) in your environment. Installing BMC Decision Support – Network Automation and running ETL and URG Mapper automatically sets up BusinessObjects BI Enterprise authentication. You must configure BusinessObjects BI to work with LDAP authentication.

    The order in which authentication is set up impacts how users are created and the tasks performed by URG Mapper. Review the following authentication scenarios and determine the best approach for your environment. Three scenarios are described:

    • The product is installed and ETL and URG Mapper are run (LDAP is not configured)
    • LDAP is set up before the product is installed (or before ETL and URG Mapper are run)
    • The product is installed, ETL and URG Mapper are run, and then LDAP is configured

    Use these scenarios to determine how you want to set up authentication in your environment and the sequence in which you will set up authentication if you support both types of authentication.

    Product is installed and ETL and URG Mapper are run (LDAP is not configured)

    In this scenario, you have installed BMC Decision Support – Network Automation and ETL and URG Mapper are run. BusinessObjects BI is not configured for LDAP authentication.

    After the first ETL run, when URG Mapper runs for the first time, it does the following:

    1. Creates the BMC Decision Support – Network Automation groups in BusinessObjects BI and grants access levels to those groups.
      This is the only time that URG Mapper will create groups when it runs and it creates all groups (see Product roles and the access control system for a list of the groups that are created).
    2. Creates the BMC Decision Support – Network Automation users in BusinessObjects BI and maps those users to the groups.

    In subsequent runs, URG Mapper does the following:

    1. If there are any changes in role mapping in BMC Network Automation and those changes have been transferred to the data warehouse via an ETL run, URG Mapper updates the users to reflect those changes.
    2. If any users have been added in BMC Network Automation and the user information has been transferred to the data warehouse via an ETL run, URG Mapper creates the users and maps them to the groups it already created.

    LDAP is set up before the product is installed (or before ETL and URG Mapper are run)

    In this scenario, BusinessObjects BI is configured for LDAP authentication before you install BMC Decision Support – Network Automation or before ETL and URG Mapper are run.

    After the first ETL run, when URG Mapper runs for the first time, it does the following:

    1. Creates the BMC Decision Support – Network Automation groups in BusinessObjects BI and grants access levels to those groups.
      This is the only time that URG Mapper will create groups when it runs and it creates all groups (see Product roles and the access control system for a list of the groups that are created).
    2. Maps the users who are already been imported from the LDAP group to the groups that it created in the first step.
      These users will not have a BusinessObjects BI Enterprise login, because they were already present in BusinessObjects BI and URG Mapper does not create duplicate users.
    3. If any of the users from BMC Network Automation that were transferred to the data warehouse via an ETL run do not match users already imported from the LDAP group, URG Mapper creates those users and maps them to the groups it already created.

    Product is installed, ETL and URG Mapper are run, and then LDAP is configured

    In this scenario, you have installed BMC Decision Support – Network Automation and ETL and URG Mapper are run (URG Mapper has already set up the groups and mapped the BusinessObjects BI Enterprise users to those groups). Then you configure BusinessObjects BI for LDAP authentication and the users in your LDAP group. The users in your LDAP group match the BusinessObjects BI Enterprise users.

    When URG Mapper runs after you set up LDAP authentication, it does the following:

    1. Maps the users from the LDAP group to the groups that it has already created. The existing BusinessObjects BI Enterprise users now have BusinessObjects BI Enterprise and LDAP log in credentials (they have the same aliases).
    2. If there are any changes in role mapping in BMC Network Automation and those changes have been transferred to the data warehouse via an ETL run, URG Mapper updates the users to reflect those changes.
    3. If any users have been added in BMC Network Automation and the user information has been transferred to the data warehouse via an ETL run, and those users do not already exist from the LDAP group, URG Mapper creates the users and maps them to the groups it already created.

    Related topics