Row level security on designer with Oracle form

system · July 6, 2005, 12:14am

Hi All,

   I have a Oracle form where users can send a request for access on certain nodes/depts,etc.The security restriction is given to the users and updated in 3 security tables in the database. Now I have build a universe where the restrictions from these tables have to be applied.Can you let me know how I can setup the row level security from these tables into the universe so that when the users query,they are able to see only for what they are given access to.

Also,if the restrictions change thru’ the form again,how does the BO know it?

Appreciate your response.

Thanks,
Nisha

nisha_18 (BOB member since 2004-08-10)

system · July 6, 2005, 12:38am

If you give a few more details, someone may reply with a more specific answer. Otherwise, try doing a search here on BOB, suggested keywords: Row Level Restrictions

Anita Craig (BOB member since 2002-06-17)

system · July 6, 2005, 12:40am

You must be storing these restirictions in some db table where there would be a table having columns like USER_ID, ACTION, ALLOWED(Y/N). What you can do is you can filter the data for the logged in user i.e. BOUSER be getting its access priorities from your security table mentioned above. Hope this helps.

salam (BOB member since 2005-01-27)

system · July 6, 2005, 12:43am

Hi Salam,

Yes..we are storing the restrictions in a db table.How do I apply a filter for a BOUSER in universe?

Thanks,
Nisha

nisha_18 (BOB member since 2004-08-10)

system · July 6, 2005, 12:53am

@Variable(‘BOUSER’) give you the currently logged in user id

salam (BOB member since 2005-01-27)

system · July 6, 2005, 12:56am

Hi salam,

  I am sorry..this might be a basic question but wanted to know how to do this and where do I do this filter with @variable('BOUSER')?

Thanks,
Nisha

nisha_18 (BOB member since 2004-08-10)

system · July 6, 2005, 2:49am

You really just want to populate a table. The rest should be generic in the Supervisor.

See here for a presentation that should shed some light on this for you.

Steve Krandel (BOB member since 2002-06-25)

system · July 6, 2005, 6:09am

Hi Steve,

         Thanks for the presentation.I have gone thru' your presentation..Which solution(among the 4)one would be good for my case.I thought 3rd one would be ideal but I have about 1500 users to be given access to diferent nodes in department hierarchy. Not everyone have same access.

Any insight on this would be appreciated.

Thanks

nisha_18 (BOB member since 2004-08-10)

system · July 6, 2005, 3:58pm

I would use option 3. A simple subquery in Supervisor and a table in the database is the way to go.

Steve Krandel (BOB member since 2002-06-25)

system · July 7, 2005, 9:25pm

Hi Steve,

   I am trying to understand the option 3 from your presentation and its application  to my universe. This is what I came up with:

I have a security table(Sec_table) in the database that gets updated thru’ an oracle form with user_id and group_id in the table.But we don’t have control on this form.If the users change groups,how do we know?

Now,In supervisor,I create groups under which I create users(all the 1500 depending on their access to different groups).

For eg: Group :Dept
Top Node
user : sam

Add the row level restriction in the supervisor as follows:

Sec_Table IN(select distinct Sec_table.value(what is this value?) from
Sec_table where Sec_table.type = Top Node and userid = @variable(‘sam’))

Please let me know if this is what I have to do…Also wanted to know,what you menat by creating objects in designer would reduce lot of headaches…:))

Appreciate your response…

Thanks

nisha_18 (BOB member since 2004-08-10)

system · July 11, 2005, 9:21pm

Any help appreciated…

Thanks

nisha_18 (BOB member since 2004-08-10)