we are trying to design security in xi R2 and we have requirement where a user should see only the information related to his for example i have two users pepsi and coke and when the user pepsi logs in he should be able to see only the accounts related to pepsi and same with coke.The accounts are identied by account id .Is there any security option in xi where i can specify ,"where account id =pepsi display those accounts for pepsi "

appreciate any suggestions.Thank you

zombique (BOB member since 2006-06-28)

Hi,

You can manage this using row level restrictions under the Designer or directly in the database.

Regards

can you tell me how to implement row level security in designer?

Thank you

zombique (BOB member since 2006-06-28)

Hi,

Make a search on this on BOB and then have a look to Designer or admin guides. Note that now row level restrictions are called access restrictions.

Regards

Begin with this post

Regards

I have gone through the post and it says we need to create security table in the database and we got to synchronize the database credentials with the BO username and passwd.Is there any way get around this i mean not to do anything on the database side?

Thanks a lot

zombique (BOB member since 2006-06-28)

Hi,

Yes it’s one way to do things but the other way is only to use row level restrictions under Designer and apply restrictions like Company=“My value”.

Regards

Using a security table will make life so much easier for you. Can you imagine that you have to make manual change in Designer every single time when a user permission is changed?

A good design should always be table-driven.

substring (BOB member since 2004-01-16)

You didn’t mention what type of reports you are using - with Crystal, I’d use Business Views rather than designer but for Webi - Designer. Table driven vs. meta/symantic layer you must consider one thing. If you make it table driven and user A can see Coke on Monday but on Tuesday they instead can see Pepsi; it won’t be retroactive so for Monday they will never see Pepsi. If it’s driven at a filter level once you change the filter, it’s retroactive. Some of my customers require one and some the other so there’s no right or wrong; it depends on your requirements

charlottecraig (BOB member since 2006-06-20)

Can you throw more light on user A able to see on monday and cannot see that on tuesday?

Thanks[/quote]

zombique (BOB member since 2006-06-28)

Sure. let’s say user A can see Texas accounts, but subsequently user A moves to a new territory on September 1 and now should see Oklahoma. With a filter approach in the meta layer even for reports run before September 1, after the filter is changed he will see Oklahoma even before September 1. Some people like that because he sees the history of his new territory rather than the old.

With a table driven approach, the state is a part of the SQL query and therefore is stored with the report so the filter is not live so to speak. In that case the user would see Oklahoma for September 1 forward but for reports run before September 1 would see Texas.

This is historical instances too and I’m not sure of your scenario. I have a good number of clients who don’t allow ad hoc/view on demand. For ad hoc, you wouldn’t have this consideration but historical instances would represent a different view of data than reports run on demand.

charlottecraig (BOB member since 2006-06-20)