I’m going to go out on a limb here and say you’re doing something wrong :o or at least not in the most efficient manner. It sounds like you’re pre-aggregating it with your data perhaps?
Typically a security table is a table which houses users and thier credentials, or security rights.
I can’t imagine a table that has 10-15million rows of users unless you’re doing something for say a company the size of Amazon.com.
Can you provide a bit more info as to how this security table is layed out?
Here’s my scenario and use of a BOUser() style security implementation…
Our userbase is extremely small at the moment (Still in Pilot phase)
We have 1 row per user, per client ID. If a user is setup to access more than one Client… they have more than one row… we have only about 2000 client IDs… and no more than about 200 Users planned at the moment… Even if all Users had access to all clients, that only 400k users.
Instead of giving people who have access to ‘everything’ a specific row in the main table… I created a 2nd table which contains just a list of user names… no client ID, signifying that they have access to all clients. (This is actually done this way to mirror the system which is supplying us with the security information, and not necessarily for performance)
So my ClientSecurity Table has these columns.
UserID, ClientID, DatabaseID (Ignore this one for now)
My ClientSecurityALL Table has
UserID, DatabaseID
In our case we have users who fall into 3 categories:
Standard User - Access to 1 client ID only - Listed in ClientSecurity Table
Advanced Users - Access to multiple Client IDs - Listed in ClientSecurity Table.
SuperUsers - Access to ALL clients - Listed in ClientSecurityALL table
Then I created a view which joins which matches up the ClientSecurityTable, and ClientSecurityALL with my “Client” table to produce a resultset that effectively could have all 400k rows, but the tables themselves do not. The Tables are indexed on both UserID and ClientID.
(Note: that databaseID field actually lets me filter via a smaller sub-set of group based upon our two main data feeds, and could be expanded for items such as Region, Departments or any other sub-set if it were large enough to warrant it).
As to performance… thanks to indexes our performance degradation is almost nil, prior to using the security model (which did not filter) vs after showed no decrease in running speed, and in fact increased it since the security is then applied to each fact table via a filter on ClientKey in the form of a where statement in a derived table in Universe. (Where statement based off the ClientIDs they have access to using BOUser).
I honestly can’t think of a reason why your security table would ever be larger than your fact table unless you are simply pre-joining them into one big table for some reason (which is probably not the most efficient way).
I’m also assuming here that you have some input into the DB design schema and not having to use someone elses pre-designed ideas.
If you can provide a bit more information as to the layout and why it’s so large I’m sure a few of us could suggest some alternatives.
JPetlev (BOB member since 2006-11-01)