We have a need to implement row level security for 3 different contents within the universe.
Product
Region
Segment
The security rows/values for each user are available within a security table (screen shot attached)
One option to implement this security is to create aliases for different security contents and apply the filters on the universe.
(again screenshot attached)
But with this every time a new security content is created an alias would have to be created in the universe and joins created.
Let us say tomorrow if we have a 4th security content based on Industry.
Then would have to create a 4th alias, say INDUSTRY_SECURITY and use the same as the others.
I am looking for any possible ideas where we can avoid any changes to the universe when a new content is created.
Any ideas out there ?
There is possibility of making changes to the backend to some extent if required.
Again looking to see if there can be a more seemless solution which will requires minimum or no chnages to the universe when
new security content is added.
Feel free to let me know if you need more details.
Hi Naresh,
Instead of creating alias.Use Tools–> Manage Security -->Manage Access Restriction ,create a new restriction,
In Rows tab select the table --> XX.FACT_TABLE
and in where Clause
FACT_TABLE.produt_security_key = (select security_content_key from Security_table where security_Content_name = ‘PRODUCT’ and Security_table.BO_user_id = @variable(‘BOUSER’ ) )
and
FACT_TABLE.Region_security_key = (select security_content_key from Security_table where security_Content_name = ‘REGION’ and
Security_table.BO_user_id = @variable(‘BOUSER’ ))
and
FACT_TABLE.segment_security_key = (select security_content_key from Security_table where security_Content_name = ‘SEGMENT’ and
Security_table.BO_user_id = @variable(‘BOUSER’ ))
And apply the Restriction to the List of Users in the Right Pane of the Manage Security Restriction.
Remove all the joins between the security table and fact table and remove the Security class.
Same way you can add any number of security conditions for the fact table.
I see the option that you have suggested as one other way of applying the security and is a good one.
But here is what I am trying to get to…I am looking to ways to implement this without having to make changes in the universe every time a new kind of security is added in the security table.
I bleieve this is not achievable (or at least not straight forward) but wanted to put it out there to see if there is something I could have missed.
BTW…the screenshots I provided were only straightforward samples…
there are quite a few fact tables in the actual universe (seperated with contexts) and some of the security content could have 1000s of rows for each user.
(BOB member since 2004-04-09)
(BOB member since 2010-10-28)
(BOB member since 2004-04-09)