H!! All,
How I can Implement the Object level Security depending upon the value of the object in the Business Object XI universe desgn level Or in CMC Level 
sudhakar kalva (BOB member since 2006-04-24)
From XI R2 we can do this from Designer.
I am attaching the screenshots document.
bobjkb 
(BOB member since 2004-03-19)
H!! bobjkb
Thk for replying to my question.
I have tried this but it is not restricting the user.
My requirement is there is a object called Office location code.depending upon this value, I have to restrict the user.
I have tried this through Manage Access Restrictions by giving the where clause in the row leve propertyby spcifying the location code=value.but it is not working .pls help in this regard.
sudhakar kalva (BOB member since 2006-04-24)
You can maintain an external security table that contains:
Column1: BOLoginName
Column2: LocationCode
Add this table to your universe, join it to your fact on LocationCode. Put a self join on the BOLoginName column in your security table. Join should read something like:
Then click on each object you’ve added from the fact table to bring up the properties, click the tables button and add your security table from the list in order to force the join.
The net effect of this is your query will have a where clause limiting the results to the LocationCodes listed for the user as defined in your external security table.
ScreenShots.doc (108.0 KB)
mmunnis (BOB member since 2005-01-17)
H!! mmunnis
THks for your support.
It has solved my problem.
sudhakar kalva (BOB member since 2006-04-24)
your solution worked like a charm! another doubt, can you do a conditional join in BO? For eg in the above security table, we’ll have a column called flag. if the value for this column is ‘L’ then it has to join the locationcode, if value is ‘Z’ it has to join by the zone or if it’s ‘A’ then it has to skip the join, meaning take all the locations… the reason for doing this is simple, for normal users they need to only see their location’s data, for zonal managers they need to see their zone’s data (a zone consists of multiple location codes) and for head of departments, they need to see data for all locations.
whizkid420 (BOB member since 2003-03-26)
Users who are not included in the security table will have no restricions, so that takes care of your ‘A’ users.
If you list the user more than once in the security table, one row for each LocationCode that make up a zone, that should take care of that issue.
Something like:
Jim - Location A |
Jim - Location B | ZONE 1
Jim - Location C |
Mike - Location A
Bob’s not in the table, so he gets all locations, Mike gets location A, Jim gets Location A,B,C which are the locations that make up Zone 1.
The drawback is maintaining multiple entries. The advantage is that If Jim doesn’t fit nicely into ZONE 1, and all of a sudden needs Location D from Zone 2, you can grant him that access without giving him all of Zone 2.
Hope that made some sense.
Mike
mmunnis (BOB member since 2005-01-17)
Guys,
you seem to be way ahead on this issue. Here is my problem - it is somewhat related to yours:
I converted several universes from BO 5.1.9 to XIR2SP1.
They had object level security on them. During the conversion the restrictions seem to convert OK (I can see all of them on a Manage restrictions screen in Designer). However, when users belonging to almost any group mentioned in this list are trying to create a WEBI report and select this universe they get an error “User rights are not found. See your Business Objects Administrator. (Error: WIS 00502)”.
Any ideas?
I am also trying to find any information on what “Object level security” tab in CMC Universes screen does and can’t find any information on it. I am not sure whether it is related to my problem or not. I would imagine that those restrictions converted then they should be working. I am looking for some kind of a global setting for the universe that I might have forgotten to turn on for all this to work.
Boris
boris_knizhnik (BOB member since 2006-02-24)
Mike,
I am also facing same problem with implementation of security in universe. Thanks for the detail reply in your post and worked fine for me as well.
FYI: secuity table
Columns: Name and deptid
joined with fact table column called deptid
i.e secuirty table.deptid = fact table.deptid
However i have another report on same universe where i want to run the summary report so that it should display total amount for an organization(i.e irrespective of all department)
When i run this summary report by login with a particular user it giving me the results for deptid which fall under that user name.
How can we get data for all department by using the same universe which has restriction on deptid based on security table.
Any suggestions please?
Thanks in Advance!!
santhoshini (BOB member since 2007-11-08)
Hi Santoshini,
I see that you are looking to apply security only on a selective group of users…
The following steps should help you …it is a slightly different approach…
Step1 - Create an object in the universe which address the security need in the where clause
Step2- Create a restriction from manage access restrictions
Step 3- From Manage Access Restriction apply this restriction only on desired user group(s)
…
more details with screen shots in the attached file…
Benefits I can see…
- you need not apply security at every object level and can do this at the table level.
- you can selectively apply security only on the group(s) that you prefer.
- if a user is supposed to see all departments you could avoid adding h/er to the security group which might help with performance…
This would mean one extra level of maintainance, but will help you attain #2
Feel free to let me know if you think I might have missed something…
PS - XIR3 has some additional capabilities which is there in another thread and also on Dave’s blog.
http://www.dagira.com/2008/11/05/designer-xi-3-new-feature-class-restrictions/
Thanks,
nganatra_security.doc (78.0 KB)
Naresh Ganatra 
(BOB member since 2004-04-09)