Hi,
I am currently using Webi XIR2 SP3 on Windows XP at a client site
I have been advised by the organisation I am doing the work for (I am a BI/BO consultant) that there is a potential security issue as follows:
when scheduling a Webi report in Infoview, a user can enter any email address (ie implying not their own) in the FROM field in the Destination section of the schedule.
I can’t set it as a default value on the Webi Server defaults as it will be different for each user.
How do I get around this? I think they are being pedantic but I have no come back.
Any ideas appreciated.
Regards
Ben 8)
BenI 
(BOB member since 2005-02-08)
You can customise the page used for scheduling. Look for the following file.
D:\Program Files\Business Objects\Tomcat\webapps\businessobjects\enterprise115\desktoplaunch\InfoView\schedule\destination_include.jsp
Look for the line starting with : <html:text styleClass=‘textfield’ property=‘smtpSender’ size=“30”
Change to : <html:text styleClass=‘textfield’ property=‘smtpSender’ size=“30” value=’%SI_EMAIL_ADDRESS%’ disabled=‘true’/>
or enter the email id
I hope this should work. I don’t have a SMTP server configured and so not able to test.
vigi_guna (BOB member since 2008-07-09)
Hi Vigi_guna,
thanks for that…I will look into it.
I will add that providing the client has Auditing turned on, there will be an audit trail of who did what and when albeit a bit scant though. This may be enough to satisfy their paranoia.
Another option could be to do all scheduling from the CMC so that way only the BO Administrator can do it and therefore reduce the risk but imagine it would get unwieldy in a large organisation.
Alternatively, deny the schedule functionality to all users and the user can run the report, download to excel or pdf and then email it themselves. This will work and no doubt piss the users off no end!!! ; )
Regards
Ben 8)
BenI (BOB member since 2005-02-08)