List of Values(LoVs) caching in BO XI 3.1 SP3

Recently, I came across a weird behavior while working with BusinessObjects Web Intelligence. I have divisional hierarchy in the prompts for all the WebI reports. Now, inspite of having SSO as authentication mode for the universe connection, the LoVs were getting cached!! As a result, the users were able to see the divisional hierarchy nodes which they don't have access to.

It was a security nightmare. Alright, it was not that bad. Though users were able see and select the nodes, they were getting authorization error message. The users had to use 'Refresh values' option in the prompt window to get the correct LoVs. While technically good, it was not a very pleasant user experience.

This is a bug in BusinessObjects XI 3.1 SP3. By design, when SSO is defined as universe connection mode, the LoVs should not be cached. This was discovered only recently because it turned out that entire BO community had BI_ALL. I will not dwell much onto that but not sure why everyone had this super privilege. When we started removing BI_ALL, the issue surfaced.

We raised OSS with SAP. They acknowledged it as a bug and suggested to apply FP 3.2/FP 3.6 or even upgrade to SP4. They released a note 1519503 on this.

Here is the interesting part. We had a call on 06/22/2011 with BO support team on this and they acknowledged the issue as a product bug. Immediately after the call, SAP released the note :).