Hi
How we can change Object Level Restrictions for any user on the fly
when that user runs report and select any particular roles from the roles user has access?
How we can build this and at what level? Please let me know if need more information on this.
Thanks in advance.
Regards
KRG
krgodbole (BOB member since 2003-02-24)
On the fly? Sure, just sign in with the correct ID. In Supervisor, the privileges, object restrictions, and so forth are tied to the User ID and/or group(s) they belong to. You don’t choose a role as part of the login process. If they want role 1, sign in with ID1. If they want role 2, sign in with ID2.
Dwayne Hoffpauir 
(BOB member since 2002-09-19)
On the fly? Sure, just sign in with the correct ID. In Supervisor, the privileges, object restrictions, and so forth are tied to the User ID and/or group(s) they belong to. You don’t choose a role as part of the login process. If they want role 1, sign in with ID1. If they want role 2, sign in with ID2.
Thanks for reply. But first of all User will have only one Login Id.
Also we need to create muliple bucket for each role which will really make
supervisor maintenance cumbersome. Also if suppose tommarow we add or remove object restrictions from role again we need to change that in supervisor manually?
Is there any other way using SDK or Universe level can be achieved?
Regards
krg
krgodbole (BOB member since 2003-02-24)
I think it would help if you would give us an example of what makes one role different from another.
I can see that as desirable, but there are times when it is not possible.
I’m not sure what you mean by multiple buckets. Can you please clarify?
Yes, managing user roles is a built-in function of Supervisor.
Take a look at object level security. How many roles do you have? Is each role a subset of the other? If yes, in the universe you can assign a security level to each object (public, controlled, and so forth). Then in supervisor, set each group accordingly, and place the users in the appropriate group.
Dwayne Hoffpauir 
(BOB member since 2002-09-19)
I think it would help if you would give us an example of what makes one role different from another.
krg wrote: suppose one employee has role like manager so that user will see data of employee of some business and also see their some fields (object level)…if user has another role like comp viewer then he will have different business and object level access.
I’m not sure what you mean by multiple buckets. Can you please clarify?
krg wrote: As each role has different security access for each we need different bucket.
Take a look at object level security. How many roles do you have? Is each role a subset of the other? If yes, in the universe you can assign a security level to each object (public, controlled, and so forth). Then in supervisor, set each group accordingly, and place the users in the appropriate group.
–Each role will be different in itself. not related to each other.
then how we can implement this in supervisor and also if user has
multiple role and need to user only one id we cannot put user in
multiple bucket with same id.
On the fly? Sure, just sign in with the correct ID. In Supervisor, the privileges, object restrictions, and so forth are tied to the User ID and/or group(s) they belong to. You don’t choose a role as part of the login process. If they want role 1, sign in with ID1. If they want role 2, sign in with ID2.
krg wrote : this will not help as we have to user only id. also it will make
things more difficult to manage also for end user.
Is there any other way using SDK or Universe level can be achieved?
Regards
krg
krgodbole (BOB member since 2003-02-24)
Supervisor basics: A user ID can be in multiple groups. However, if the privileges conflict (object visible in one group, but invisible in another group), the “most restrictive” rule is applied, and the user will not see the object.
You may not like it, but if a user has multiple roles, they will need multiple ID’s.
Dwayne Hoffpauir (BOB member since 2002-09-19)