You are right Dave, it’s live. Restrictions are associated to universes objects but are not universe objects.
They are like connections: managed in Designer, used by universes, but not as part of universes.
Concerning the problem…
Make sure you have really applied the restriction to the user.
Also make sure as Dave suggested that you have created the restriction on the correct table.
Otherwise, I don’t see no other reason for this restriction not to work…
Thanks it works but I am running into another issue.
So say suppose, I have a row level security defined on Theater = “EMEA” and I have another row level security defined as other restriction as
Controlled: “They can not see some classes in the universe”
Now if I want to combine those that users can not see the certain classes and can only see EMEA then how does will it work in CMC? and the more generic question is if users are in both of the groups then how the group level security works?
and how it works with the folder level security? It seems to be getting very complicated.
Is there any rule of thumb? when to use what and how to use?
For restriction on classes, use object level security, add the classes/objects whatever you want using Manage access restriction in the universe.
If the user is in both the groups, as far as my knowledge, both restrictions will apply.
I have a similar issue, although my request is slightly different.
I have a report that is scheduled over night. It generates about 500 pages, and contains information for about 30 offices.
Now i want that when a user logs into infoview and opens the report, s/he sees only the data for his office (i.e. about 15 pages). The report is already sectioned by office.
– You have to link the USER to Department Id in the Universe… and use user as prompt in WHERE part of your query. Schedule the report for all users.(means all departments). Now, when the user logs in to view the report, s/he will view the information for their department… (It is something like ROW LEVEL SECURITY)
OR
It is better if you burst the report by department… and save it in PDF.
You have two choices depending on the setup you have.
If there is a security table containing the user access to his/her office/dept, then it can be joined with the fact table along with the @variable(‘BOUSER’) function as
SECURITY_TBL.DEPTNO = FACT_TBL.DEPTNO AND SECURITY_TBL.USERID=@VARIABLE('BOUSER')
where userid in your security table is same as BOBJ user account
If there is no security table then you will have to use the manage security- manage access restrictions option in Designer and assign a where clause to each user/group which will be dynamically shown in the generated SQL
FACT_TBL.DEPTNO = 10
This is also termed as multi pass/refresh report bursting
Publication feature in XIr2 can be used to burst reports in single pass/refresh to users/groups
I would liek to understand If I use the Maanges Security option available in Designer for Rowlevel security,then how do I apply that security for any other object pulled in the query
For example:If in Manage Security teh row level security is based on department then tablename.Dept=10 is applied in the Manage restriction
But if I dont pull dept in teh query and pull other objects for eg bu then how is it taht I can force this join to appear for any of the objects selected in teh query
In order to restrict on the whole context, you need to force that table in the query. For each objects in the corresponding context(s), in the Object properties window, change the “Tables…” list and add the corresponding table.
Be careful!! When you modify some object properties like SELECT and WHERE, the “Tables…” list is reinitialized…
I tend to use a macro in excel to make these kind of changes in universes. That way I have full control over what is updated.
i’m just wondering if there is an ACCESS RESTRICTION when using SAP universe? i tried to do it but the icon is disabled… it seems that row level access restriction is impossible in OLAP universes…
is there a solution to this? or i’m just missing something… please help.
Row level restrictions are (at least to my knowledge) restricted to relational database sources. They will not work for stored procedures or any other data source.
I am using SAP BI 7.10 and BOXI R3.1. I want to implement row level security, but I dont know which option should I use. I am trying to restrict the data using profiles available in BO CMC, but hard luck.
So please advice me How can I implement ro level security using universes on top of SPA BI Cubes and BEx