Hi all.I have one doubt.Is it possible to restrict the level of viewing the data in a report for many users.
For example consider an hirerachy as
1)Manager
2)Senior Developer
3)Junior Developer
4)Employee.
In a single report is it possible to restrict the level of viewing the data ie; data viewed by the mgr should nt be available for the snr developer and the data viewed by the snr developer should nt be available for Junior developer and so on.
If it possible how it can be done.Can any one explain me how it can be done 8)
The easiest way would be through groups in Supervisor.
This requires that you can easily define a few conditions what data is classified how.
The only exception to this restriction is that a general administration account can not be restricted.
For exampe Manager can see all customers, Senior Developer can see all but one, Junior Developer can only see ones starting with “F”.
Using a department group setup in Supervisor I create the group .
then get access configured to which universe and which general role they will have as broad as needed to fulfill any role.
is a sub group of and inherits all permissions/restrictions from .
Further restrictions as needed are placed on . For example I restrict their access time to BO from 8AM to 8PM so that they are forced to go to the pub with me at a certain time (Timestamp tab under group properties).
Any person created in this group now automatically inherits the rights from . I could go into finer detail and adjust properties once the person is created. Please note that this type of micromanagement leaves you quite open in regard of administration overhead.
Next group is . Again this group inherits its basic settings from .
This group is not allowed to see the universe object . Select the group, then select the tab, right-click the universe you want to modify and go to the tab.
<Add…> the objects from the universe.
Now the object will not even be visible to any user in this group in their reports. (Haven’t tested this with universe design myself.)
Now to the table level restriction - Senior Developers shall not be able to see the results for customer [MNG001] - the global master manager account !
Switch to the tab of the universe properties and click <Add…>.
You can now select the table to restrict and enter a specific where clause. In this example the table scheme.customer is selected as table and the where clause is set to [ <> ‘MNG001’ ].
This will stop Senior Developers to see any data where the customer table is involved as BO will automatically add this where clause to the generated SQL.
So much for the generic setup with Supervisor.
In your case probably the best way is to use each lower group as a sub group of the higher group. This way you can restrict the data access more and more as you go down the hierarchy.
You can always break these restrictions by inheriting them first, then take them out.
This also has the advantage that if you add restrictions later on they will cascade down the groups.
(BOB member since 2005-05-17)
(BOB member since 2004-02-11)