Siebel Business Analytics Server Administration Guide > Security in Siebel Business Analytics > Analytics Security Manager >
Working with Users
User accounts can be defined explicitly in an analytics repository or in an external source (such as a database table or an LDAP server). However user accounts are defined, users need to be authenticated by the Analytics Server for a session to take place unless the administrator has configured the system to bypass Analytics Server security. For more information, see Bypassing Analytics Server Security.
Users defined explicitly in a repository can access business models in that repository, but they cannot span repositories.
The Administrator user account is created automatically when a repository is created and cannot be deleted. For more information about the Administrator user account, see About the Analytics Server Administrator Account.
This section includes the following topics:
Adding a New User to a Repository
Use this procedure to add a new user to a repository.
To add a new user to a repository
- Open a repository in the Administration Tool.
- Display the security manager by selecting Manage > Security.
- Select Action > New > User to open the User dialog box.
- Type a name and password for the user.
- If you want to log queries for this user in the query log, change the query logging level to 1 or 2.
For more information about query logging, see Setting a Logging Level.
- Click OK.
This creates a new user with default rights granted to it. In the NQSConfig.INI file, the default rights are specified by the entry DEFAULT_PRIVILEGES.
- To modify the user's permissions, open the User dialog by double-clicking on the user icon you want to modify. If you click Permissions, you can change permissions for multiple columns.
- Specify the password expiration option.
- You can grant rights to the user individually, through groups, or a combination of the two. To grant membership in a group, check as many groups as you want the user to be a part of in the Group Membership portion of the dialog box.
- To specify specific database logon IDs for one or more databases, type the appropriate user IDs and passwords for the user in the Logons tab of the User dialog box.
NOTE: If a user specifies database-specific logon IDs in the DSN used to connect to the Analytics Server, the logon IDs in the DSN are used if the administrator has configured a connection pool with no default database-specific logon ID and password. For information about configuring the connection pools to support database-specific logon IDs, see Creating or Changing Connection Pools.
- Set up any query permissions for the user. For information, see Managing Query Execution Privileges.
About the Analytics Server Administrator Account
The Analytics Server Administrator account (user ID of Administrator) is a default user account in every analytics repository. This is a permanent account. It cannot be deleted or modified other than to change the password and logging level. It is designed to perform all administrative tasks in a repository, such as importing physical schemas, creating business models, and creating users and groups.
NOTE: The Analytics Server Administrator account is not the same as the Windows NT and Windows 2000 Administrator account. The administrative privileges granted to this account function only within the Analytics Server environment.
When you create a new repository, the Administrator account is created automatically and has no password assigned to it. You should assign a password for the Administrator account as soon as you create the repository. The Administrator account created during the installation of the analytics repository, that is, the repository shipped with Siebel Business Analytics, has the default password SADMIN.
The Administrator account belongs to the Administrators group by default and cannot be deleted from it. The person logged on using the Administrator user ID or any member of the Administrators group has permissions to change anything in the repository. Any query issued from the Administrator account has complete access to the data; no restrictions apply to any objects.
NOTE: You can set the minimum length for passwords in the NQSConfig.ini file using the MINIMUM_PASSWORD_LENGTH setting.