Problem with security:pl help

We have some accounting data in the database and do not want all users to be able to see the data for a specific company. So I created two objects . In the first I put the condition where company!=xxxxx (the restricted company) and made this object public. Then I created another object with the condition company=xxxxx and changed the Object Security Level to a Confidential. Only the users who can access the data for the specific company have the privileges of seeing the objects with Confidential Object Security Level. Everything seems fine or atleast it seemed so till, I just received a call from the user. He logged on as the special user(with higher privileges) and ran a report containing the critical data. Now he logged on as a normal user. He is not able to see the objects with higher privileges and that is as it should be. But then he ran the same report now and he was able to see the data,which sure is as he called “DANGEROUS”.

Can someone tell me a better way of incorporating the security. And if Users who do not have higher privileges can run reports containing objects with Higher security level…I wonder what the security really is for…OR am I missing something.

We need to fix this by monday and so immediate help will be really appreciated
thanks
guna


Listserv Archives (BOB member since 2002-06-25)

You could put that restriction in the “Rows” tab of the Universe properties in the Supervisor.
Make it applicable to everybody except your privileged user. Use only one object, with no condition.
With this method the user can not go around security.

Jean-Francois Cayron
Manager of Decision Solutions Support
InfoSol Inc.
Ph (623) 707-7600
Fax (623) 707-7601
http://www.infosol-inc.com


Listserv Archives (BOB member since 2002-06-25)