I have to create row level security for different groups in the organization. The only problem I have is that one user can be in different groups and any user can act as say a Manager as well as a student. How do I differentiate between these groups so that if somebody wants to view just the Manager detail, he can do it, or a student detail he can do it at any given point of time.
You can set up groups which combine the rights of others, which can be a major pain in the proverbials to maintain if you have a lot of overlap.
Another way of doing it is to do the restriction in the universe with self-joins and a maintained lookup table… Basically, you end up with self-joins along the lines of
DataTable.Region in ( Select Region From SecurityLookup Where User = @BOUSER )
This has been discussed before, so search should find something relevant. Try searching on something like ‘row restriction’ in the Designer forum.