Administering and Securing the Environment

The new WebFOCUS Client repository and authorization security model uses an implementation of Role-Based Access Control (RBAC) to enforce security across all resources in the repository. The flexibility of the new model enables an administrator to implement security at a granular level for every resource in the WebFOCUS repository.

Resource Analyzer and Resource Governor help Information Systems (IS) organizations analyze and control end user data access, as well as provide site-specific control options.

WebFOCUS Client Repository and Authorization Security

Release 8.1 Version 05

IBI_Push_Image Setting. The IBI_Push_Image setting in the Advanced Settings category of the Administration Console specifies whether to upload images that are stored in the repository, to the Reporting Server for embedding in reports and HTML pages. The default value is False.
Run User Audit Option. The Run User Audit option, which is located in the License Management window of the WebFOCUS Administration Console, evaluates the repository license usage for Managed Reporting, InfoAssist, and Data Visualization. It produces a License Analysis report with information on the total number of licenses by license type, the number of licenses in use by license type, and an analysis of license assignment by Group and by User.
You can also run the User Audit utility (license_audit.bat) from your local WebFOCUS installation directory, which is available in the following location:
```
drive:\ibi\WebFOCUS81\utilities\mr
```
When you run this program, the License Analysis report (auditUserCounts.htm) is created in the same directory.
New ZIP All Button Captures Traces. The new ZIP All button appears when you select the All Clients, Client Connection, MR Deferred Ticket, Cleanup Utility, or WF Servlet pages from the Traces folder of the Diagnostics menu on the Administration Console. This button saves copies of all trace files on display into a single zip file.

Release 8.1 Version 03

SAML for Single Sign On Support. WebFOCUS offers single sign on support for SAML 2.0 as a candidate for release feature.
Centralized Validation of Product Variables. WebFOCUS provides enhanced protection against SQL injection and cross-site scripting attacks by using a centralized filter to validate all product variables by URI. When a request fails the validation test, the request is not validated and a generic error message is displayed to the user. Blocked requests are logged for administrator review and violations are aggregated into a list that can be used to develop new filters.
Parameter Prompting Behavior. The IBIMR_promptingUnset setting enables or disables parameter prompting for Managed Reporting procedures (FEXes) when IBIMR_prompting is set to XMLPROMPT or XMLRUN, and the Prompt for Parameters setting is unchecked in the FEX Properties dialog box.
Confirmation Message When Moving Folders. You can set the IBI_Move_Confirmation_Message parameter to specify whether WebFOCUS will request confirmation when a user moves a folder using a drag-and-drop operation. The default value is False.
IBI_XFrameOptions Setting. The IBI_XFrameOptions setting in the Filters category of the Administration Console prevents your content from being embedded in other sites, as a security measure against clickjacking attacks.
IBI_Message_Detail Setting. The IBI_Message_Detail setting in the Security category of the Administration Console determines when users receive detailed or simplified error messages. The detailed message appears in the event.log for administrator troubleshooting.
Updating Application Settings on the Command Line. You can update any WebFOCUS Application Setting with the updateWebconfig.bat utility (for Windows) or the updateWebconfig.sh utility (for UNIX). These command line utilities modify the ibi\WebFOCUS81\config\webconfig.xml file and automatically encrypt any passwords you update.