In short: Lumira Desktop was installed on my PC. ( Win7 64 bit machine)
I got a “license key” from SAP and apply it.
I log in using my account (in admin group) and … yes, this works.
Can create a new (story) document, create a “data set” using a universe : this works.
Conclusion: technically everything is in place. Ready to test with a “business or test user account”

Bad luck: create a test user, put him into a user group with access to (some) folders, access to (a lot of) universes: using WEBI this user can create queries on those universes.
Start up Lumira Desktop, create “new doc” … and when it comes to selecting a data provider / data set: check the one for “universes”

At that moment there is an ERROR: universes caznnot be listed, so there’s no universe to be chosen, no data set to be created.

WHY ?

Go back to CMC (yes with the admin account) :

• create Custom Access Level “Lumira_Developer”, and include in it ALL explicit rights from the category “Application - Lumira”. Then add the “general override” ones - all of them but not the “owner” ones nor the “modify rights”.

Apply that CAL to the test user, (re)start Lumira :
exact same error message: no universes to be shown because … “not a valid query - FWB00025”

SAP support is not fast in helping me resolve this.
Already tried : giving “top-level full control” on folders: is not enough. On universes: in itself is not enough.
Give “full control” on LumiraApplication : together with the other two “full control on top level” this comes pretty close to the user account in the admin group.

We cannot have all of our people, not even all developers (50) in the admin group. Nor can we permit a “view right on all folders and their content”.

But still searching WHAT is needen here.

We do NOT have HANA, nor a Lumira Server. We only want to be able to install Lumira on a few machines and have a small group of business experts be able to use it, with our structured data, accessible through the universes they know (from Webi)

Is Lumira such a dangerous tool that ICT should keep it for themselves ?
Or is is so difficult to administrate, that business users can only use it when given “administrator” rights ?

RensH (BOB member since 2007-06-18)

Hi,
Did you get a solution for this ?

Thanks

Botfield77 (BOB member since 2016-10-04)

We do not have Lumira up and running yet. But our past experience with universes makes think that any user using Lumira and universe needs at least ‘View on Demand’ rights for the universe and the associated connection.

kevlray (BOB member since 2010-06-23)

That is indeed what SAP Support suggests.

We examined the “standard access levels” available years ago (XI R2), re-evaluated our CUSTOM Access Levels when upgrading to XI 3.0 , again to 3.1
Going to 4.0 / 4.1 we 've been lucky: almost everything we had done for 3.1 could be reused.

But the SAP suggestion to “grant View on Demand for Lumira users to top level of universes” is a MUCH TOO BROAD approach.
In our business security model, that would grant universe object and universe data access ONLY given to a very small group of highly trusted people.

It was a no-go , even before contacting business go-betweens. They could only confirm: if Lumira won’t work without giving “too much” access to the data, we 'll do without Lumira.

BUT

Lumira doesn’t “see” the universes if we give the rights that work so well for webi, for crystal

Our “old” rights (CAL) for universe access were :

UNV_Reporter_CAL
Collection / Type / Right Name
General / General / View objects
System / Universe / Create and Edit Queries Based on Universe
System / Universe / Data Access
System / Universe (information design tool) / Data access
System / Universe (information design tool) / Create and edit queries based on the universe (owner right)
System / Universe (information design tool) / Create and edit queries based on the universe

For Lumira we ADDED :
Collection / Type / Right Name
System / Shared Query / Create and edit queries based on the universe
System / Shared Query / Data access
System / Shared Query / Retrieve Shared Query

Users who do not CREATE queries - report consumers with ‘view on demand’, so who can “refresh” a report’s content) -
don’t get the “create query” right.

All of these rights are granted “on the universefolder AND its contents”
To ACCESS the universe folder, we use a “navigational” CAL that grants “View the object - on object only, not on contents”, opening a set of “doors” . Works very well for nested groups.

RensH (BOB member since 2007-06-18)