BusinessObjects Board

Row level Security

building semantic layer
#1

Hi everybody,

I have created groups/subgroups/users in the supervisor.Now i wanna give row level restriction to these users.

For Example:

BONAPSLAB
LAB11
user1
user2…etc
LAB12
user3
user4

i have to restrict data that each lab can see.for example lab11 can see only this labs data.
Can anyone help me how it can be done?

thanks,
GJR

gjr (BOB member since 2005-06-09)

#2

quite a few ways of doing this …

one is to apply row level security using the supervisor

the other is to create a security table and add it to the universe. Then join the security with each table in the following manner
securitytable.col = table.column
and securitytable.user_id = @Variable(‘BOUSER’)

Then you could force this join on every object and thus apply security…

Just do a search on BOB as recently there have been many posts regarding this type of problem.

Anonymous (BOB member since 2002-06-06)

#3

Welcome to B:bob:B!

See this topic for some ideas on how to do security.

Steve Krandel :us: (BOB member since 2002-06-25)

#4

Hi Prateek,

Thanks for ur instant reply!!
I had gone through few forum topics and understood the idea of creating a security table and joining to all tables in the universe but my problem is that i have about 100 base tables and many aliases.i was wondering how i can implement for so many tables.
One more issue is that how should i join the security table with base
table? Since there will be no common column.

For Example:
Security table: groupid/userid Labcode

Thanks,
GJR

gjr (BOB member since 2005-06-09)

#5

youve got a problem then!! I guess, you will need to denormalize your tables in such a way that will enable you to join your security table to these table. Or build your security table in a way which enables you to join it to other tables…

One other option is to identify a table which would always be used and denormalize only that and then join the security table to that table. Then you would have to force two joins, one is from the table to this identified table and then to the security table.
This may not be feasible, and it all depends on your DB model.

Hope this helps!!

Anonymous (BOB member since 2002-06-06)

#6

Hello,

I am trying to identify all the row level security we have set up on our universes. Instead of going to Supervisor and check on each universe, I wonder if I can run a sql query against the repository tables that lists all the universe with the its row level security. Could you please let me know if this can be done?

Thanks.
Fan

FanWeik (BOB member since 2004-03-16)