Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BI: Can fixed hierarchy filters and authorization variables coexist?

Go to solution
l_borsboom
Active Participant

‎10-30-2008 8:24 AM

0 Kudos

Hi,

Consider the following Organizational hierarchy:

A

/ \

A1 A2

/ \ / \

A11 A12 A21 A22 etc..

I have a query with a fixed filter on hierarchy node A1. There is also an authorization variable present. When I run this query with only authorization A11 I get an authorization error, stating that I am not authorized for A1.

I would expect the fixed filter would only check that the data queries is within the subtree below A1, but it seems that the fixed filter requires total authorization for this node.

Could anyone explain if and how fixed filters and authorization filters can coexist together?

Thank you!

Kind regards,

Lodewijk Borsboom

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎10-30-2008 1:46 PM

0 Kudos

Hi Lodewijk,

Check the authorizations your ID has from the security roles in PFCG.

Besides the Authorization variable and filter in the Query, you may also have to check if BI Analysis Authorizations are applied to your ID.

As BI Authorizations are a combination of general PFCG authorizations and Analysis Authorizations, you need to make sure that the ID has authorizations for the right node in the hierarchy.

Hope this helps.

Regards,

Kiran Kandepalli.

6 REPLIES 6

Go to solution
Former Member

‎10-30-2008 1:46 PM

0 Kudos

Hi Lodewijk,

Check the authorizations your ID has from the security roles in PFCG.

Besides the Authorization variable and filter in the Query, you may also have to check if BI Analysis Authorizations are applied to your ID.

As BI Authorizations are a combination of general PFCG authorizations and Analysis Authorizations, you need to make sure that the ID has authorizations for the right node in the hierarchy.

Hope this helps.

Regards,

Kiran Kandepalli.

Go to solution
l_borsboom
Active Participant
In response to Former Member

‎11-05-2008 8:42 AM

0 Kudos

All prerequisites you describe are met.

The problem is that without the fixed filter, the query picks up the value of the authorization variable, but with the fixed filter set it checks the values specified in the filter.

I would expect that the filter only would check that the values selected (in this case: the authorization variable's value) are within the filter limits.

So the problem is still not solved

Go to solution
Former Member

‎11-05-2008 8:43 AM

0 Kudos

Hallo,

if you use a fixed filter for the hierarchy node A1 and run the query with the authorization for A11, you will receive an error. During the authorization check, the authorization for A1 is necessary (because of fixed node) u2013 even if you use a variable.

You have a few possibilities:

1. Try the query with the authorization A1, it should work.

2. Delete the fixed filter node A1 and use only a hierarchy variable

Regards

SWS

Go to solution
Former Member

‎11-05-2008 5:02 PM

0 Kudos

Add a value " : " in your authorizations and see if that works!!

Go to solution
Former Member

‎11-06-2008 5:18 PM

0 Kudos

Hi Lodewijk, 

         A
      /       \
   A1           A2
   /   \          /  \
 A11 A12 A21  A22  etc..
 
I have a query with a fixed filter on hierarchy node A1. There is also an authorization variable present. When I run this query with only authorization A11 I get an authorization error, stating that I am not authorized for A1.

This is expected behavior. Note that you mentioned your filter is set at A1 ( higher node ) while your auth variable is at A11 ( lower node or subset of A1 ). When you are asking your query to "filter results starting at A1", the system expects that you have authorization for the complete selection (or as you say it total authorization ) -- in your case it is starting at A1. However, your authorization is restricting you to a subset of A1. In query selection you are asking for data starting at higher node but applying auth restrictions at lower node. Remember, authorizations will ALWAYS take higher priority.

If you want to use fixed filter on hierarchy it better be within or equal to the authorized node value. But of course this can't be guaranteed unless you create a unique query for each user that has different authorization needs, which leads to inefficient design. Instead, you may want to create 'filters' based on variables that derive their value from authorization values instead of fixed values.

Ashutosh

Go to solution
l_borsboom
Active Participant

‎11-12-2008 1:42 PM

0 Kudos

Our BI-guys solved this problem as follows:

All static-filters are now set in the 'Characteristic Restrictions' and the Authorization Variable is set under 'Default Values' . The query is now working as expected.

Thanks for your input!

Kind regards,

Lodewijk Borsboom