We have a DB2 UDB database where they have a bunch of security defined in the database. They do not want to open up access to the database with a generic BO_REPORT account which is what we typically use for our other databases.
I was thinking about creating a connection to the database, making the connection use the BO acct/pass, and then design the universe with an account that had DBA privileges so I have access to everything.
I’m just wondering how this would work when a regular user logs in WebI. Would they only see the classes and objects that they have access to ?
Ok, so you’re saying the classes and objects would show up. So that would be problematic because users would attempt to use them and then encounter security problems.
yeah - sorry I got cut off with a user. Secured views is a form of row-level security done at the DB that join the data table to a security tables and enforces what rows a user can see. It’s why we have to use the DB user ID in BO and pass it thru to the DB (and why passwords have to match).
But you could also make views of just the tables/columns that a group of users is allowed to see. We have done that before with our financial transaction table where we had the full view and then 3 other limited views. This is not hard for a DBA to do so I wonder why they have not suggested this already. So then I had the 4 views in one universe and the user would use the one for which they were authorized but you could also do one universe per view - just depends on how many tables/views you have to deal with.
note - views are just real big SELECT statements done at the DB level