cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Row Level Data Security

Go to solution
Former Member

on ‎08-20-2009 8:57 PM

0 Kudos

I want to implement row level data security in a Universe by using a WHERE clause.

Our users are linked with user groups that should control their data access. Can anyone give me the table/fields from the CMC Database that would contain BOUSER and the accompanying group membership?

Thanks

Barry

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-21-2009 4:39 PM
0 Kudos

Hi,

For your case I think you can implement security at Universe level also as Tools -> manage access restrcitions -> Manage restrictions. there u can give access for required user groups for required objects.

Cheers,

Suresh Aluri

Show replies
Show replies
Former Member
‎08-24-2009 2:54 PM
0 Kudos

Thank you. We were exploring that option as well. The number of Departments makes that solution inelegant. Will post what we discover.

Former Member
‎08-26-2009 9:20 PM
0 Kudos

Let me re-phrase the question.

I know how to access @variable('BOUSER') to get the user name, is there a method for this variable to pull the groups the user is a member of....or another variable to pull the groups?

Former Member
‎08-31-2009 9:28 PM
0 Kudos

According to tech support, what we were asking is impossible. Here is our solution:

1) Build a table in the Data Warehosue that dynamically extracts user names and department groups from Windows AD, which our BOXI XI 3.1 installation uses to set group membership.

2) Include that table in each Universe Designed

3) Reference the table by @variable('BOUSER') to return Department Groups and thus control Row Level Security.

Any additional insights are appreciated.

Barry Bridges

Former Member
‎09-18-2009 4:09 PM
0 Kudos

Auditor is worth exploring. Connect directly to the data base there via a tool other than BusinessObjects. There are fields for group membership.

Former Member
‎09-18-2009 5:09 PM
0 Kudos

Barry,

Thanks for passing along the insight for using Auditor. One caveat would be that Auditor is only going to get populated per an event (like the user logging on), and that Auditor has a time delay between an event and actually posting to the Auditor table(s). As you explore this possibility more fully please continue to post your findings/successes.

thanks,

John

Answers (0)

Ask a Question