Security Issues

Hi All,

The problem is:
The client says they have some 1000 users. They want to restrict all the 1000 users to access their own particular data not all the data. Is it possible to restrict the data user-level? Any suggestions are welcome.

Thanks.

______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com


Listserv Archives (BOB member since 2002-06-25)

You can use the BOUSER() function in your connection string, have the user log in the back end database with his own account - that is how we apply security to the data… maybe?

Brent

Hi All,

The problem is:
The client says they have some 1000 users. They want to restrict all the
1000 users to access their own particular data not all the data. Is it
possible to restrict the data user-level? Any suggestions are welcome.

Thanks.

______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com


Listserv Archives (BOB member since 2002-06-25)

At 12:04 PM 2/2/2000 -0500, businessobject@HOTMAIL.COM wrote:

Hi All,

The problem is:
The client says they have some 1000 users. They want to restrict all the 1000 users to access their own particular data not all the data. Is it possible to restrict the data user-level? Any suggestions are welcome.

There are many ways to do this. The first question you have to answer is how you determine what data “belongs” to a user.

If there is some way of tying that to the user’s loging, you can either restrict the data through BusinessObjects Supervisor, or through a database view.

This question has been discussed in the past, so you might do a search on the archives of BUSOB-L at http://listserv.aol.com/archives/busob-l.html.

Regards,
Anita Craig
Stanford University


Listserv Archives (BOB member since 2002-06-25)

Hi All,

The problem is: The client says they have some 1000 users. They want to restrict all the
1000 users to access their own particular data not all the data. Is it possible to restrict the data user-level?
Any suggestions are welcome.

As Anita Craig replied, there are many ways of doing this, so it depends upon your data. However, just to give you an idea of how we’re handling this type of problem:

We have an ORACLE data warehouse with over 1700 users globally. The data is restricted by product grouping.

We have a security tables set up in ORACLE with the list of users (USERID) and what product group(s) they can view.

In the universes, this security table is joined to the fact tables via product group

Next, the security table has a join to itself via USERID (USERID= @Variable(‘BOUSER’)

Finally, in within the definition of each sensitive measure, using the “Table” button, we add the security table to be brought into the query whenever the measure object is selected.

This causes the following to be brought into the where clause:

WHERE fact_table.product_group = security_table.product_group And security_table.userid = @variable(‘bouser’)

So, in a data driven way, the user can only see the data for the product groups which he has access to.

Bob Addington

R.L. Addington
Shell Services International
Information Management - Data Services
CHEMIST - Global Sales & Marketing Development OSP 1236 / (713) 241-4517


Listserv Archives (BOB member since 2002-06-25)