Page tree
Skip to end of metadata
Go to start of metadata


User Objects and Aliases in the BI Platform

In the SAP BusinessObjects BI Platform, user objects have an associated "alias" that determines how a user is able to authenticate to the Central Management Server.  By default, a new user created inside the Central Management Console will have a secEnterprise alias which allows that user to logon using secEnterprise authentication.  However, if you are using a 3rd party authentication provider an alias will be created for that authentication type.  The below image describes the relationship between a user object and it's associated aliases.



In the BI Platform, it is not possible to have a user object without an associated alias.  As a result, if a user object only has one third party alias and the mapped group from which that alias is derived becomes unmapped, then the user object itself will be removed from the system.  Therefore, it is a best practice to make sure there is always an Enterprise alias in addition to the third party alias associated with a user object.  This way, if the third party group becomes unmapped, the user object and it's associated rights and content will be preserved.

The Enterprise Alias Manager allows you to programmatically add or remove an alias for all user objects that do not have an existing secEnterprise alias. 

Starting the Enterprise Alias Manager

To start the Enterprise Alias Manager, go to the submenu Landscape Tools then select Enterprise Alias Manager.  Click Start Manager and logon to the desired Central Management Console system.


Configuring the Enterprise Alias Manager

To run the Enterprise Alias Manager, choose which filters and password options to use, then click Add to Add aliases or Remove to remove aliases.

Targeting specific users

User types to be modified section is a filter that allows you to target only users which have an existing specific third party alias.  Check Select groups to modify if you only want to alias / un-alias users that belong to a specific group. 

Setting Passwords for new Aliases

When creating a new Enterprise Alias for an existing user, it means that this user will now be able to logon to the CMS using this new authentication method.  Therefore, you have flexibility on how to deal with this:

  • Enter a password - will be applied to all newly created secEnterprise aliases
  • Use a random password - every alias will have a random password so neither the user or an administrator will know the password (useful for Trusted Auth)
  • Disable New Aliases - prevents the user from logging on using the secEnterprise alias


Adding Aliases

Click Add to add new aliases.  A log file will provide the results of the alias execution.

Aliases will only be added to user objects that do not already have an existing secEnterprise alias.  Users which already have a secEnterprise alias will not be modified.

Removing Aliases

Click Remove to remove existing secEnterprise aliases.  A log file will provide the results of the alias execution.

  • No labels