Hi we have purchased Baan Solutions Kit for Crystal Reports and Crystal
Enterprise. This is great and now means that anyone who uses Baan can log on
to their data source. The only problem - and it is quite a big one!, is the
lack of security levels. We have two user types on our system, Normal user
which cannot run programs by name and has the sessions that they allowed access
to determined by a DEM Menu, and Super user which has a normal menu and full
access.

However when using the Baan Solutions kit, even a normal user can see every
table that is in the system.

Some one has said to me that profiles can be set up in Baan for users which
would enable them only access to selected tables.

Is this the case?

If so how do I go about implementing this?

Cheers

Andy

We have had the Solution Kit for Baan for over 4 years now, and our CFO had the same concerns. You can restrict data access at several levels using the Tools -> User Management -> Authorizations -> Database Authorization. If you do use this (it does work!) be careful about which tables, columns, or ranges you lock them out on. For example, some General Ledger tables are programatically accessed by several sessions, and if you lock them out of the GL tables, the session will not work and complain about the denial of access. Crystal also allows you to use session level security, but we haven't tried it yet. The newest driver (version 9) has added company security. It previously allowed multi-company access regardless of whether you could access that company or not. I have complained to them about the security issues in the past, and I believe that they have been addressing this, but they also work with Baan on this.
If you have any questions, feel free to ask.

Gilbert Guymer
Database Administrator
Lufkin Industries, Inc.

Gilbert

Thanks for this. I know what you mean - I have just finished speaking to someone at Baan , and I feel that security is not one of Baans greatest features!! ;)

I think that the only way I am going to be able to do this, is to apply table permissions to indivdual users, as I provide them with the native Baan driver for Crystal Reports.

I am waiting for Baan to supply with documentation on setting Table authorizations, as I want to make sure that I am doing this right, however will I be giving user accounts permission to see tables, or will I be stopping them from seeing certain tables?

Many thanks

Andy

Andy,

Table access right now is limited to what sessions a Baan user has available to them. In that way, security of sorts, is enforced on each user because they can only access specific tables through those sessions. When you use the Database Authorizations, you take a specific user's "carte blanc" access to all tables through the Crystal / Baan driver away. While using the Crystal / Baan driver in Crystal they will still be able to see the Baan tables and columns, and they will be able to select and put them on reports, but they will not be able to get data back that has been locked out.


Gilbert

Gilbert

I think I understand, so basically it I start restricting access using database authorizations, it will not affect the table list that a user will see when designing the report, and the user will not recieve any errors when running - it will just hide the data that they are not allowed to see?

Cheers

Andy

Andy,

There are different levels of database access that you can restrict from using the Baan Database Authorizations. There is table, field, and range of data. I believe that when the table is locked out, and the user tries to run the report it will complain with a BDB error. If you restrict the field or range , then it will run the report minus the data from that field, or that range of data and not report any error. It has been a while since I tried this, and this is as best as I can remember. The result is that they will be blocked out.


Gilbert

Gilbert

Thanks for your help on this.

I will await receipt of the docs from Baan and then I think it will be a case of testing things out on our test server and see what happens.

Many thanks for your time

Cheers

Andy