Hello All,
I really need some help with this issue i am having. Any advise at all would be greatly appriciated.
Here is a description of what is going on:
We have 2 types of users groups Privileged and Non-Privileged. Both of these users can create Ad-hoc webi reports. At the universe level we implemented object level security where privileged users can use any object available and non-privileged users can only use objects that do not contain pii (personally identifiable information). This works fine.
When a privileged user creates a new webi document he see all available objects and when a non-privileged user creates a new webi document he only see non-pii objects.
The client has asked for a public folder in infoview where both types of users can drop a report.
This is where the issue starts. LetÂ’s say a privileged user creates a ad-hoc report that contains both pii and non-pii objects. The privileged user then saves the webi document into the public folder. The data that was loaded into the micro cube is still available for view at any time to both users. So if a non-privileged user opens the report he will be able to see both non-pii and pii objects and the subsequent data.
If we enable refresh on load and the webi document has prompts the non-priv user will get an error saying that he not allowed to see the objects and opens the query window with only non-pii objects, this is fine.
But if the report does not have any prompts and refresh on load is enabled, the report still loads and the non-priv user can still see everything. Even if they hit the refresh data icon after the report is loaded the Pii information stays.
The question I have for you is, is there any way to set security at the Micro Cube level which holds the data retrived from the query. This security would check to see which objects are loaded into the micro cube and if the user accessing the document has rights to view. If yes then the report opens, if not the report is either closed or it goes the query window and only shows objects available to that specific user group.
if anyone knows of a different work around for this please let me know. Any input I can get would be greatly appreciated.
Thanks
mithu81 (BOB member since 2010-03-04)