I am not totally familiar with Supervisor so any guidance on how to accomplish the following is greatly appreciated. We are preparing to release BO Reader to a large set of users. However, we want to be able to restrict the amount of data they are able to view in certain areas (i.e. only allow a Sales Rep to see their own customer list). Is there a way to accomplish this in Supervisor? Perhaps at their login? Or multiple prompts? We are trying to determine and then quickly execute the best option.
Thanks
Michele Robertson
Southern California Edison
Analyst
Phone: 909-394-8573
Michele, we did something similar to this but it wasn’t at the supervisor level. To my knowledge, at the supervisor level you can block someone from seeing certain objects but not from just result sets of the objects. What we did would translate to your situation something like this (I warn you, there is somewhat of a manual piece to this but it was the best we could come up with). We created a table, for example called “Salespeople”. This table had two fields, the BO User ID and their sales ID. The manual piece is this table would probably have to be updated manually unless you enlisted the help of a particularly talented programmer.
We linked this table to the table in the database that held the sales id. The join between those two tables was Salespeople.SalesID → DatabaseTable.SalesID and @variable(‘BOUSER’) = DatabaseTable.UserID. Therefore, the BO User ID they logged in with would determine the info they could see. In Designer, you do have to make sure that each object will hit that join. To do that, the box with the object, hit the Tables… button and the table the object is from will be highlighted, so also highlight the Salespeople and DatabaseTable tables. That way when the object is used, that join will be brought into the mix.
This worked fine with our setup. It does force you to bring in two tables to the query that you would not need otherwise. In our case, with the tables it involved, it did not slow down performance at all. I don’t know if that would be the case with you or not. Anyway, just an idea… Hope it helps!!
I am not totally familiar with Supervisor so any guidance on how to accomplish the following is greatly appreciated. We are preparing to release BO Reader to a large set of users. However, we
want to be able to restrict the amount of data they are able to view in
certain areas (i.e. only allow a Sales Rep to see their own customer list).
Is there a way to accomplish this in Supervisor? Perhaps at their login?
Or multiple prompts? We are trying to determine and then quickly execute
the best option.
Thanks
Michele Robertson
Southern California Edison
Analyst
Phone: 909-394-8573
I have used the type of security you are describing at the Group level. It will also work at the user level as you suggest in your note; however, it can create a fair amount of administrative work depending on the number of users and the number of tables you need to restrict.
So, in Supervisor, you would select the Group/User you wish to restrict. Then select the Universe tab and right mouse button on the universe you wish to secure (quick note: if you have more than one version of this universe, say, development and production, you will need to define the security for each!). Then click on the Row tab to define row level security. This option essentially allows you to define additional where clause conditions, by table, by group/user. I’m sure you’ll be able to figure out the rest.
We like this option since it does not require any user intervention (like prompts). I’m not sure how else you would accomplish such security (ie, row level) using the tool with no user intervention.
I hope that helps,
Donald May
MIS Eagle Services
Pratt & Whitney
Ph: (860) 565-5253 Fax: (860) 565-4347 M/S: 117-35
E-mail: maydp@pweh.com
In general, to restrict a user’s view of a set of information to specific rows of information (not just objects):
(1) Open the Supervisor module
(2) Select the user or group concerned
(3) Click on the “Universe” tab at the bottom of the screen (4) Double-click on the Universe you want to restrict (5) Choose the “Rows” tab in the dialog box that appears (6) Add a WHERE clause to the tables that need to be restricted. This expression can include BusinessObjects variables such as the username.
Whenever this user then executes a query that requires the use of these tables, a WHERE clause is automatically inserted into the SQL.
See the online help (look under “rows” in the index) or the product documentation for more information.