BusinessObjects Board

Row Level Security - Universe level

building semantic layer
#1

Hi All,

I need some help regarding Row Level security implementation using designer. I have already done a search on the topic. But the description given here is not elaborate. Let me explain my problem as below:

I have a table called Rates having following data

Rate_Ref Rate_Type

R1 MINIMUM
R2 CONTRACT
R3 SPOT

We want for certain users, records where rate type is MINIMUM should not be visible. We have created a security table to achieve this. This security table contains following data.

SECURITY TABLE

USERID

User1
User2

Note :
a) The security table contains only those records who have access to all the records. That means if a user runs a report whose id is not present in security table he should not be able to see records where Rate Type is MINIMUM.
In the above example User1, User2 should be able to see all the records including rate type Minimum, but other users like “User3” not having entry in security table should not be able to see those records having rate type as Minimum.

b) We can’t implement the solution at the supervisor level.

c) We are using BO 6.5.

Thanks in Advance

diganta_goswami (BOB member since 2006-12-14)

Security Table
#2

Hi,
You can use a mapping table.
I can explain you what we did in a project. It was an audit project. So a person belonging to a country would be able to see the records.

So we used a mapping table and then using BOUSER feasure we were mapping it to the country in which user was belonging to.

Omkar Paranjpe :us: (BOB member since 2006-02-13)

#3

One possible option:
Apply a complex self-restrictive join on your fact table along the lines of:

( FactTable.RateType = 'MINIMUM' 
  AND EXISTS (SELECT 1 from SecurityTable WHERE USERID= @('BOUSER') )
)
OR FactTable.RateType <> 'MINIMUM'

Andreas :de: (BOB member since 2002-06-20)

#4

You may want to consider changing the structure of your security table to layout access/security at all level.
User access1 access2 access3
User1 contract claim minimum
user2 contract AA minimum
user3 AA claim AA

AA- no access to that level.
Such a structure will help in resolving access/privilege problems once your users multiply or your levels explode. Talk to your DBA/warehousing manager.

Don840 (BOB member since 2005-03-14)