Business Objects 11 (BOXI) Login ID format when running BMC Analytics reports in multi-tenancy mode.
** Hello list... Environment: ARSystem 8.1 Patch 002ITSM 8.1 Patch 002BSM Analytics for BSM 7.6.06 Patch 3SAP Business Objects Business Intelligence Platform 4.0 SP5 Patch 3 I am wondering if anyone has experienced the same issue as below. The issue I have is that I am logging into Analytics (actually BOXI) and trying to run Analytics reports. However, I do not get any data in any of the Analytics reports, even though my connection to the ITSM universe is valid and I am connecting to the underlying SQL database. I am logging into BOXI as "firstname.lastname" where "firstname.lastname" is the same as the LoginID in CTM:People (which must be the case when using Analytics in Multi-tenancy mode. Analytics uses the permissions associated with your entry in CTM:People in order to determine which customers you are allowed to report on (in multi-tenancy mode). As mentioned above, the BMC Anaytics report definitions that are installed with Analytics query information from the ITSM universe based upon the currently logged in Business Objects userid. The issue here is that all the Analytics reports that I saw EXPECT the Business Objects userid to be in the format of "use...@domainname.com" as shown in the following highlighted (bolded) selection criteria in the Analytics report (Note: This is the subset of selection criteria that gets the permissions associated with the current user): SELECT DISTINCT CTM1.COMPANY FROM CTM_PEOPLE_PERMISSION_GROUPS CTM1 WHERE UPPER(REMEDY_LOGIN_ID) = UPPER(SUBSTRING(@VARIABLE('BOUSER'),0,CHARINDEX('@',@VARIABLE('BOUSER' AND CTM1.COMPANY IS NOT NULL AND ( CTM1.COMPANY = HPD.COMPANY OR CTM1.COMPANY = HPD.CONTACT_COMPANY OR CTM1.COMPANY = HPD.Direct_Contact_Company OR CTM1.COMPANY = HPD.Assigned_Support_Company OR CTM1.COMPANY = HPD.Owner_Support_Company) UNION SELECT DISTINCT CTM2.COMPANY FROM CTM_PEOPLE_ORGANIZATION CTM2 WHERE (SELECT 1 FROM CTM_PEOPLE_PERMISSION_GROUPS WHERE UPPER(REMEDY_LOGIN_ID) = UPPER(SUBSTRING(@VARIABLE('BOUSER'),0,CHARINDEX('@',@VARIABLE('BOUSER' AND PERMISSION_GROUP = 'Unrestricted Access') = 1 (in the example above, @VARIABLE('BOUSER') returns the current login id of the BOXI user) It is the string above UPPER(REMEDY_LOGIN_ID) = UPPER(SUBSTRING(@VARIABLE('BOUSER'),0,CHARINDEX('@',@VARIABLE('BOUSER' that is embedded within all the Analytics reports that expects the "@" in the Business Objects userid. In our case, our userid (and Remedy userids) do not follow this convention. We follow "firstname.lastname". As a result, the query above returns NO results and my reports contain no data. As soon as I change my BOXI userid to firstname.lastname@domainname , logout, and re-login into BOXI and run the report, the report runs just fine. Has anyone else experienced this and/or can advise as to how to resolve ? (without modifying ALL Analytics reports). Thanks.. Terry _ARSlist: "Where the Answers Are" and have been for 20 years_
Re: Customizing ITSM7 Multi-Tenancy Mode
We customized a single tenancy environment by overwriting the 'assignee groups' field (112) for selected support groups. This field normally has the company group ID(s). By overwriting we were able to hide these tickets from the rest of our company since they no longer had group permission to those records. The bulk of the person profiles were set up to NOT have unrestricted access and were granted access to the single company. Anyone in a restricted group got unrestricted access. This e-mail and its attachments are confidential and solely for the intended addressee(s). Do not share or use them without Fannie Mae's approval. If received in error, contact the sender and delete them. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Charles Sent: Wednesday, June 25, 2008 6:13 PM To: arslist@ARSLIST.ORG Subject: Customizing ITSM7 Multi-Tenancy Mode Hi, Has anyone done a customization where you control access restrictions by application rather than company. For instance Company A can use Company B's change management tickets but not Company B's incident tickets? ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Re: Customizing ITSM7 Multi-Tenancy Mode
Charles, Assuming this requirement is valid and has been discussed in detail to ensure this is a sensible requirement... You could look at separating company B into two. One for incident and one for change. The users of company B would belong to both of these separated companies, and users of company A would also belong to company B's change company. In theory this could achieve what you are looking for. You will need to consider how this impact things like: SLA's, Reporting, and Relationships. Hope this helps. Sam -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Charles Sent: Thursday, 26 June 2008 10:13 a.m. To: ARSList Subject: Customizing ITSM7 Multi-Tenancy Mode Hi, Has anyone done a customization where you control access restrictions by application rather than company. For instance Company A can use Company B's change management tickets but not Company B's incident tickets? ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Customizing ITSM7 Multi-Tenancy Mode
Hi, Has anyone done a customization where you control access restrictions by application rather than company. For instance Company A can use Company B's change management tickets but not Company B's incident tickets? ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
Re: Tenancy mode
Dear Roseta, Apart from all the other benefits of Multi tenancy, I have particularly used multi tenancy to enforce row level security for our HR and the security teams who had tickets which required to be hidden from other support groups. Regards, Roney Samuel Varghese On 6/23/07, roseta < [EMAIL PROTECTED]> wrote: Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- View this message in context: http://www.nabble.com/Tenancy-mode-tf3968428.html#a11264334 Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Tenancy mode
** I have issue with it also , I have configure 3 companies but the requester should submit requests for the 3 companies , when user trying to send request for company he's already not member of this company in this case I receive error ARCreateEntry - The operational categorization information is invalid for the specifidid company? Any Idea which all user is selected unrestricted' access ? -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Savant, [EMAIL PROTECTED] Sent: Monday, June 25, 2007 8:12 PM To: arslist@ARSLIST.ORG Subject: Re: Tenancy mode One more thing to keep in mind - when establishing companies in multi-tenancy mode, information associated with a particular company is only visible to members of that company unless their account has 'unrestricted' access to all companies. For example, if you create a Product Categorization for a particular company, it will not appear in the menu unless you're a member of that company. Granted, you can associate the Product Categorization with all companies, but it truly is an 'all or nothing proposition'. So while Company does allow one to restrict access to tickets and the like, it also restricts access to the "rules" one configures within the application itself. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Payne, George Sent: Saturday, June 23, 2007 5:25 PM To: arslist@ARSLIST.ORG Subject: Re: Tenancy mode Roseta et al., There's actually a decent definition for "unknown user" in the appendix of the ITSM 7.0 Configuration Guide. That might be of some help. What we've found is that the distinction between multi-tenancy and single-tenancy does NOT affect the ability to establish multiple companies (divisions). You can create and use multiple companies in either mode. What you get with SINGLE-tenancy is a DEFAULT company and a generic "User" (which you establish the credentials for!) that can login and access the Requester screen. This is your "unknown user". I cannot imagine that we would EVER want to have an UNKNOWN USER, and if we did, I could create one in the PEOPLE form just as easily as in the Advanced Configuration. A user being in the PEOPLE form is not quite all that they need in order to be a "known user"...they also have to have a REMEDY LOGIN ID (that's a tab on the PEOPLE form). When you add that information to the user's PEOPLE record, the application creates an entry for the user in the USER form and PEOPLE PERMISSION GROUPS if needed. One "under the covers" thing that I noticed that does affect your foundation data: Companies that we created while we had the system set to SINGLE-tenancy all got their own individual GROUP ID established for them. Since we switched to MULTI-tenancy, all new companies are SHARING the same GROUP ID. Honestly this FEELS backwards to me and we're certainly going to examine that more closely before going live with our 7.0 installation. Best of luck! To ALL of us! George Payne Assistant Director, User Services Information Technology Services University of Texas at Austin 512.232.4132 -Original Message- From: Action Request System discussion list(ARSList)=20 Subject: Re: Tenancy mode Roseta, I believe the answer to your question about the unknown users are those who log in that are not listed in the People data. For example, if you have the system set to allow guest users, it should let them still request things if you have single tenancy set. This is useful if you don't track all of your customers. Multi-tenancy is useful in an organization like mine where we have multiple divisions, and we have FERC regulations that require us to prevent users from certain divisions from seeing our corporate information that we don't divulge to the general public. If you don't have groups of people that shouldn't be allowed to see each other's data, then single tenancy is the way to go. Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) Subject: Tenancy mode Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta --=20 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslis
Re: Tenancy mode
One more thing to keep in mind - when establishing companies in multi-tenancy mode, information associated with a particular company is only visible to members of that company unless their account has 'unrestricted' access to all companies. For example, if you create a Product Categorization for a particular company, it will not appear in the menu unless you're a member of that company. Granted, you can associate the Product Categorization with all companies, but it truly is an 'all or nothing proposition'. So while Company does allow one to restrict access to tickets and the like, it also restricts access to the "rules" one configures within the application itself. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Payne, George Sent: Saturday, June 23, 2007 5:25 PM To: arslist@ARSLIST.ORG Subject: Re: Tenancy mode Roseta et al., There's actually a decent definition for "unknown user" in the appendix of the ITSM 7.0 Configuration Guide. That might be of some help. What we've found is that the distinction between multi-tenancy and single-tenancy does NOT affect the ability to establish multiple companies (divisions). You can create and use multiple companies in either mode. What you get with SINGLE-tenancy is a DEFAULT company and a generic "User" (which you establish the credentials for!) that can login and access the Requester screen. This is your "unknown user". I cannot imagine that we would EVER want to have an UNKNOWN USER, and if we did, I could create one in the PEOPLE form just as easily as in the Advanced Configuration. A user being in the PEOPLE form is not quite all that they need in order to be a "known user"...they also have to have a REMEDY LOGIN ID (that's a tab on the PEOPLE form). When you add that information to the user's PEOPLE record, the application creates an entry for the user in the USER form and PEOPLE PERMISSION GROUPS if needed. One "under the covers" thing that I noticed that does affect your foundation data: Companies that we created while we had the system set to SINGLE-tenancy all got their own individual GROUP ID established for them. Since we switched to MULTI-tenancy, all new companies are SHARING the same GROUP ID. Honestly this FEELS backwards to me and we're certainly going to examine that more closely before going live with our 7.0 installation. Best of luck! To ALL of us! George Payne Assistant Director, User Services Information Technology Services University of Texas at Austin 512.232.4132 -Original Message- From: Action Request System discussion list(ARSList)=20 Subject: Re: Tenancy mode Roseta, I believe the answer to your question about the unknown users are those who log in that are not listed in the People data. For example, if you have the system set to allow guest users, it should let them still request things if you have single tenancy set. This is useful if you don't track all of your customers. Multi-tenancy is useful in an organization like mine where we have multiple divisions, and we have FERC regulations that require us to prevent users from certain divisions from seeing our corporate information that we don't divulge to the general public. If you don't have groups of people that shouldn't be allowed to see each other's data, then single tenancy is the way to go. Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) Subject: Tenancy mode Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta --=20 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Tenancy mode
Roseta et al., There's actually a decent definition for "unknown user" in the appendix of the ITSM 7.0 Configuration Guide. That might be of some help. What we've found is that the distinction between multi-tenancy and single-tenancy does NOT affect the ability to establish multiple companies (divisions). You can create and use multiple companies in either mode. What you get with SINGLE-tenancy is a DEFAULT company and a generic "User" (which you establish the credentials for!) that can login and access the Requester screen. This is your "unknown user". I cannot imagine that we would EVER want to have an UNKNOWN USER, and if we did, I could create one in the PEOPLE form just as easily as in the Advanced Configuration. A user being in the PEOPLE form is not quite all that they need in order to be a "known user"...they also have to have a REMEDY LOGIN ID (that's a tab on the PEOPLE form). When you add that information to the user's PEOPLE record, the application creates an entry for the user in the USER form and PEOPLE PERMISSION GROUPS if needed. One "under the covers" thing that I noticed that does affect your foundation data: Companies that we created while we had the system set to SINGLE-tenancy all got their own individual GROUP ID established for them. Since we switched to MULTI-tenancy, all new companies are SHARING the same GROUP ID. Honestly this FEELS backwards to me and we're certainly going to examine that more closely before going live with our 7.0 installation. Best of luck! To ALL of us! George Payne Assistant Director, User Services Information Technology Services University of Texas at Austin 512.232.4132 -Original Message- From: Action Request System discussion list(ARSList) Subject: Re: Tenancy mode Roseta, I believe the answer to your question about the unknown users are those who log in that are not listed in the People data. For example, if you have the system set to allow guest users, it should let them still request things if you have single tenancy set. This is useful if you don't track all of your customers. Multi-tenancy is useful in an organization like mine where we have multiple divisions, and we have FERC regulations that require us to prevent users from certain divisions from seeing our corporate information that we don't divulge to the general public. If you don't have groups of people that shouldn't be allowed to see each other's data, then single tenancy is the way to go. Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) Subject: Tenancy mode Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Tenancy mode
Roseta, I believe the answer to your question about the unknown users are those who log in that are not listed in the People data. For example, if you have the system set to allow guest users, it should let them still request things if you have single tenancy set. This is useful if you don't track all of your customers. Multi-tenancy is useful in an organization like mine where we have multiple divisions, and we have FERC regulations that require us to prevent users from certain divisions from seeing our corporate information that we don't divulge to the general public. If you don't have groups of people that shouldn't be allowed to see each other's data, then single tenancy is the way to go. Shawn Pierson -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of roseta Sent: Saturday, June 23, 2007 3:37 AM To: arslist@ARSLIST.ORG Subject: Tenancy mode Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- View this message in context: http://www.nabble.com/Tenancy-mode-tf3968428.html#a11264334 Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" The information in this e-mail, and any files transmitted with it, is intended for the exclusive use of the recipient(s) to which it is addressed and may contain confidential, proprietary or privileged information. If you are not an intended recipient, you have received this transmission in error and any use, review, dissemination, distribution, printing or copying of this information is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately of the erroneous transmission by reply e-mail, immediately delete this e-mail and all electronic copies of it from your system and destroy any hard copies of it that you may have made. Thank you. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Tenancy mode
multi-tenancy refers, I believe (without having the thing in front of me at the moment) to do with being able to change the organization that a login belongs to, and that this is a necessary setting for setting up LDAP single sign-on integrations. I know that when I did an LDAP to Lotus integration I had to have multi-tenancy selected to set up the LDAP. -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] Behalf Of Howard Richter Sent: Samstag, 23. Juni 2007 19:43 To: arslist@ARSLIST.ORG Subject: Re: Tenancy mode ** I myself have been trying to understand what happens when you go to Multi tenancy as well. Anyone have a real good idea what is going on behind the covers? Howard Richter On 6/23/07, roseta <[EMAIL PROTECTED]> wrote: Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- View this message in context: http://www.nabble.com/Tenancy-mode-tf3968428.html#a11264334 Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" -- Howard Richter Remedy ServiceDesk Manager CedarCrestone Managed Services Center [EMAIL PROTECTED] __20060125___This posting was submitted with HTML in it___ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Tenancy mode
I myself have been trying to understand what happens when you go to Multi tenancy as well. Anyone have a real good idea what is going on behind the covers? Howard Richter On 6/23/07, roseta <[EMAIL PROTECTED]> wrote: Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- View this message in context: http://www.nabble.com/Tenancy-mode-tf3968428.html#a11264334 Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" -- Howard Richter Remedy ServiceDesk Manager CedarCrestone Managed Services Center [EMAIL PROTECTED] ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Tenancy mode
Hello, I wanted to know if I change the tenancy mode form single to Multi what are the effects. in document it says: single tenancy mode is required if you need unknown users to access the ITSM Requester console. but who are unknown users. I thought unknown users are whom do not have licence . but these users can login and see the request console if multi tenancy is selected. who are the unknown users exactly??? Regards, Roseta -- View this message in context: http://www.nabble.com/Tenancy-mode-tf3968428.html#a11264334 Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"