Row level security

system · November 18, 2008, 4:06pm

Hi,

Is it possible to have row level security on a Crystal Report at view time?
In effect, a user will be logging on to Business Objects Edge Series via Infoview and running a report that returns only data relevant to the user, on demand.
Is this possible without Business Views or Universes?

Any help gratefully received.

Rgds,

robc

robc (BOB member since 2006-03-10)

system · November 18, 2008, 4:32pm

Only if you do something funky in the database with views or maybe using Oracle VPD.

ABILtd (BOB member since 2006-02-08)

SebastienGoiffon · November 18, 2008, 4:35pm

I suppose it should work if your report is using universes since those restrictions are creted within the Xi Designer

system · November 18, 2008, 4:37pm

I think I may have got a bit ahead of myself.
The report will contain all the data (run under an Admin account) - but the user only sees data relevant to themselves at view-time.
Also, I think reports will be instances rather thatn on-demand.

Rgds,

robc

robc (BOB member since 2006-03-10)

system · November 18, 2008, 4:44pm

If you’re using instances then it’s definitely not possible, since the output is pregenerated.

wahey (BOB member since 2007-05-31)

SebastienGoiffon · November 18, 2008, 4:51pm

Profiles could be your solution

system · November 19, 2008, 11:18am

Hi guys,

Your talking about solutions that require a Universe, Robc suggested that he didn`t want to use one.

Robc. Will your reports be published to Infoview (and thus require a login?). If so, what you can probably use is the @CurrentCEUser() function in conjunction with either the record selection formula, or the save data selection formula (crystal 2008 only), or even detail row suppression.

This will allow the report to refresh ALL data and then filter out what the user is allowed to see depending on their BOXI login. We used to implement simple row level security in Crystal Enterprise like this before Business Views were invented.

But as you say, you want this as pre run instances? You`d only have one instance if the data is for all users and filtered at view time but you might be able to do this on an instance of the report if you implement this in save data filters or detail row suppression. In infoview based reports obviously.

ABILtd (BOB member since 2006-02-08)

system · April 24, 2009, 2:18pm

Hi Andy,

Can you advice on how we pass function ‘CurrenCEUsername’ to database (using report SQL) without using parameter?

BOKris (BOB member since 2003-08-27)

system · April 28, 2009, 5:05pm

Apos Software (www.apos.com) has a tool called View Time Security that does what you asked for. The reports are scheduled by a supervisor that can see all rows then when restricted users view that saved instance they only see the rows they are allowed to see. In the background the security is handled with processing extensions that read a selection criteria from a table to further restrict the data for that user.

It is a very good tool!

tbrady (BOB member since 2007-09-25)

system · June 9, 2009, 6:43pm

Can you tell me how I can pass @CurrentCEUser() to a database SP when using a parameter?

(In Crystal Reports 10 we used a custom .CSP page to suppress the first parameter and substitute the user ID which worked great, but we haven’t been able to find a way to do that with BO XI Enterprise.)

UMG Developer (BOB member since 2009-06-09)

system · June 10, 2009, 11:47pm

Row level security can be performed if the client maintains a users table then you can restrict the data in select expert for Eg:username=@CurrentCEUser()

jayad (BOB member since 2008-07-11)

system · May 4, 2010, 8:16pm

it depends on the database your reporting off of. JD Edwards Data integrator maintains JD Edwards Row Security. so users running the same report can only see data set they are specifically granted in JD Edwards.

i’m sure the SAP integrator is the same.

if you using a database that BO hasn’t created a integration kit for, then a universe is your only hope.

good luck.

Tanked (BOB member since 2005-12-13)

system · November 8, 2011, 8:39pm

I’m trying to implement a Oracle VPD solution using Crystal Reports XI (published to Infoview where it is initiated). All the SQL needed for our reports are contained within PL/SQL packages in Oracle. The package functions return REF Cursors which Crystal references to display the report.

I’d like to use an Oracle service account to make the connection so that user maintenance is minimized but still have Oracle know about the BO User that initiates the report. Is there something setup between Oracle and BO to accommodate the necessary handshaking?

My vision is to have the BO User Id passed to Oracle when the initial database connection is established. I could then create a When Logon trigger to save the User Id as an Oracle Context that could be accessed whenever an RLS Profile is triggered. Then a user-specific SQL Predicate would be automatically added to any queries and only appropriate data returned to Crystal Reports.

I’m a database developer, not a Crystal Reports developer, but there is obvious overlap here. Is this possible?

jreisenb (BOB member since 2011-08-05)

system · February 11, 2012, 9:35pm

Hi

We are in the same scenario and looking for a way

Did you find a solution to this ??

kanth (BOB member since 2005-09-05)