In supervisor, go to the universe tab and select the universe properties. Then go to the Rows tab and a restriction on your security table with a where statement like: .USERID = @Variable(‘BOUSER’).
Then in your universe associate every object which requires security, with the
security table by including the security table in the list of tables for that object
(this is the tables in an objects properties).
So, can I have a sql to create a view in oracle that looks like: create sal_tbl as
select * from ****
where base.org_id = security.org_id and
security.user_name = @variable(‘BOUSER’)
In a message dated 00-10-05 15:28:08 EDT, you write:
So, can I have a sql to create a view in oracle that looks like:
create sal_tbl as
select * from ****
where base.org_id = security.org_id and
security.user_name = @variable(‘BOUSER’)
I don’t think you can do what you want. The @variable() function is internal to BusinessObjects. If you aren’t in BusObj, then it’s not available. And you can’t run the type of SQL that you are showing from within a universe.
But here are some thoughts.
What you want to do is use the Oracle equivalent to BOUSER. If you are using a dynamic universe connection (in other words, your universe connection does NOT contain a hard-coded username and password) then the BusObj user id / password info is passed through to the DB. This is also known as the Advanced Login Strategy; search the archives and you’ll find tons of posts on this.
Then your script would reference the Oracle variable USER, no quotes. In other words, you need:
create sal_tbl as
select * from ****
where base.org_id = security.org_id and
security.user_name = USER
Now, a few questions:
How are you planning on calling this? Are you trying to dynamically create a table during a session? I’m not sure BusObj will provide the mechanism that you need to do this, but I could be wrong…
Check the techsupport website for Case # 137 and you will get the required info
on ALS.
Best of Luck…
So, can I have a sql to create a view in oracle that looks like: create sal_tbl as
select * from ****
where base.org_id = security.org_id and
security.user_name = @variable(‘BOUSER’)
Another strategy is to put a self restricting join on the table in question using the userid=@variable(‘BOUSER’). Then you can force the join by using the Tables button on the objects you want to secure. In most companies, it’s OK to let people see the dimension data as long as you hide the important numbers.
Thanks to all who have responded to my question. We are able to implement row level security by there user id within the database, and is pretty cool as no security is maintained at BO level.
Feel free to ask specific question if you would like to implement this.
Another strategy is to put a self restricting join on the table in question
using the userid=@variable(‘BOUSER’). Then you can force the join by using
the Tables button on the objects you want to secure.
In most companies,
it’s OK to let people see the dimension data as long as you hide the
important numbers.
So, can I have a sql to create a view in oracle that looks like:
create sal_tbl as
select * from ****
where base.org_id = security.org_id and
security.user_name = @variable(‘BOUSER’) security.user_name = @variable(‘BOUSER’)
Is there a way to pass the BO user id to database, we
are using oracle?
What we are trying to do is create a view:
create sal_tbl as
select * from ****
where base.org_id = security.org_id and security.user_name = {Business Objects user name}
__________________________________________________ Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
In a message dated 00-10-06 12:32:53 EDT, you write:
Thanks to all who have responded to my question.
We are able to implement row level security by there user id within the database, and is pretty cool as no security is maintained at BO level.
Feel free to ask specific question if you would like to implement this.
Go ahead and post a three-four line summary of what you did, if you don’t mind. I’m curious to see what your eventual solution looked like.
We have create a user id in oracle and BO. When the user logs into BO the same id/pw are passed to the database.
In the database we have a view which will be create dynamically for each user according to the privileges granted.
All users are able to see all the objects and run the same report but there data is different i.e NY manager can only see NY data…
The only thing you should be careful about is the passwords synchronization. Someday, someone will write a tool to sync up the BO and Oracle passwords.
The only thing you should be careful about is the passwords synchronization.
Someday, someone will write a tool to sync up the BO and Oracle passwords.
We have create a user id in oracle and BO. When the user logs into BO the same id/pw are passed to the database.
In the database we have a view which will be create dynamically for each user according to the privileges
granted.
All users are able to see all the objects and run the
same report but there data is different i.e NY manager
can only see NY data…