Row level Security

system · July 14, 2008, 4:08pm

Hi, i have read the manual but sorry i just don’t get it.
how do i ser security?
i have groups mapped in LDAP that need to only their data for each report. i just can not get it to work. please help
installing xi2 on windows and sql 2005

jql (BOB member since 2005-05-31)

system · July 14, 2008, 8:56pm

The best way to set up data security is in the database. In our case, everybody is using the same set of operational reports, but different users at different org level will see different data. In order for this to work, you have to set up the organizational hierarchy table in the database first. All fact tables contain foreign key(s) to this org table. You join that table with your security table to determine the data security. The concept is very simple and the maintenance is easy.

You can also set Row Level Security in the Universe. But it is not as clean and flexible as in the database.

Hope this helps.

substring (BOB member since 2004-01-16)

system · July 15, 2008, 12:48am

Hi,

You can set up in Universe Designer, no matter what type of security you live with (Enterprise /WindowsAD/LDAP).

Create appropriate groups to fit the security model when you define your system.

bo_ilango (BOB member since 2007-01-28)

system · July 15, 2008, 7:39am

Thanks for reply, how would i add security in Universes to say group A sees only A data, group B sees only B data ect.
thanks again

jql (BOB member since 2005-05-31)

system · July 15, 2008, 8:38am

In the universe designer, you will find an option “access restriction” from tools menu.
Add a restriction based on any table from rows tab
For eg

TBL.DEPTNO = 10

Then apply it to groups/users in your setup.
Login to DeskI or Infoview with a user to see the where clause changing dynamically

You can as well consider the first option pointed out by substring regarding security tables in the database. It will then require a separate username(Schema)/password for each user to be keyed in the CMC under user properties-database credentials for BOBJ universes

.

haider (BOB member since 2005-07-18)

system · July 15, 2008, 8:59am

thanks, just worked it out in the universe by adding row security such as org = (a) then adding this to group a. going to be long day got 400 groups and 15 universes to add each to.

jql (BOB member since 2005-05-31)

system · July 15, 2008, 9:09am

Can you not consider having atleast a security table having details about users (exactly like BOBJ users) and then apply restriction using @VARIABLE(‘BOUSER’) in the universe.
It should be easier to maintain and setup

.

haider (BOB member since 2005-07-18)

system · July 15, 2008, 9:13am

Sounds better, will have talk to the team that look after the database.
they should know what i am on about
thanks for advice

jql (BOB member since 2005-05-31)