we are trying to design security in xi R2 and we have requirement where a user should see only the information related to his for example i have two users pepsi and coke and when the user pepsi logs in he should be able to see only the accounts related to pepsi and same with coke.The accounts are identied by account id .Is there any security option in xi where i can specify ,"where account id =pepsi display those accounts for pepsi "
I have gone through the post and it says we need to create security table in the database and we got to synchronize the database credentials with the BO username and passwd.Is there any way get around this i mean not to do anything on the database side?
Using a security table will make life so much easier for you. Can you imagine that you have to make manual change in Designer every single time when a user permission is changed?
You didn’t mention what type of reports you are using - with Crystal, I’d use Business Views rather than designer but for Webi - Designer. Table driven vs. meta/symantic layer you must consider one thing. If you make it table driven and user A can see Coke on Monday but on Tuesday they instead can see Pepsi; it won’t be retroactive so for Monday they will never see Pepsi. If it’s driven at a filter level once you change the filter, it’s retroactive. Some of my customers require one and some the other so there’s no right or wrong; it depends on your requirements
Sure. let’s say user A can see Texas accounts, but subsequently user A moves to a new territory on September 1 and now should see Oklahoma. With a filter approach in the meta layer even for reports run before September 1, after the filter is changed he will see Oklahoma even before September 1. Some people like that because he sees the history of his new territory rather than the old.
With a table driven approach, the state is a part of the SQL query and therefore is stored with the report so the filter is not live so to speak. In that case the user would see Oklahoma for September 1 forward but for reports run before September 1 would see Texas.
This is historical instances too and I’m not sure of your scenario. I have a good number of clients who don’t allow ad hoc/view on demand. For ad hoc, you wouldn’t have this consideration but historical instances would represent a different view of data than reports run on demand.