Data level security for Dashboard pages.

Hi all,
I have a question.I want to apply data level security to the data in Dashboard pages .
Any Answers.
Thanks Sunny.

Thanks Srikanth and Aravind .
I have studied abt the data level security for dashboard.
My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
and if we want to implement datalevel security to page is that possible.
Thanks
Sunny.

Similar Messages

Data level security for 30000 profir centers

Hello Gurus
I have a requirement to implement data level security for 30000 profit center . Now I can think of creating the groups and applying security filters ( both on Dimesion & Fact) on the top of that.
But I cannot do so as I will have to create some 30,000 groups/roles which is not possible. because there are some users who have access to only one or two profit center and it forms a heirarchy.
As a workaround what I did is created a user-profit center table and joined it with the profit center table which is actually a snowflaked with two more dimensions - gl_account & gl_segment.
In the BMM layer , in the Content section of teh profit center dimension , I applied a where filter like below :
"Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_ID" in (1000163) and "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_NAME"='Profit_Centre' AND ( "Oracle Data Warehouse"."Catalog"."dbo"."PF_USER_MAPPING"."USER" = VALUEOF(NQ_SESSION.USER) OR 'UNMATCHED'=VALUEOF(NQ_SESSION.USER) )
All is well if I create a report having Profit center as one of the dimension/component in the analysis (answers) .
But when I don't take Profit center the roll up is happening with all the Profit center . Reason being I have not applied "security filter " in the fact table and I cannot do so because USER tabel is not directly joined with the fact table.
Is there any workaround for this.
Pls. advise.

Hi,
Yes, any dimension filters are applied only when you include that dimension in your analysis.
As a workaround, you could create a filter as "Profit Centre" is not equal to 'Dummy Profit Centre' with "Protect Filter as ON" and add this filter to all of your analysis.
So what it does is, even though you do not refer to profit centre dimension in your analysis, the filter in each analysis makes sure that the profit centre dimension is always mapped and the data restriction is applied.
Hope this helps.
Thank you,
Dhar

Data Level security for specific Users

Hi,
Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
But, key thing here is that, the user belongs to both the groups.
Any ideas helps.
Thanks,
Chandu.

So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
Why are they in the group then?
Are the data filter defined with variables or are the hard-coded?
If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

Data level Security for Oracle Apps as Source

Hi all
I need to implement Data level Security on Apps Users in OBIA
We are using Apps as source with Single sign On. I need to apply Data level security on Business Group Field.
We dont have users in OBI, we need to register apps users in OBI.
Could anybody tell me how to register Apps users in OBI???
OR tell me if you know some other way to implement D L Sec on Single sing On and Apps as source.
Thanks in avd
V P

You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

Dats Level Security @Dashboard

Hi ,
I want some clarifications for below
1) Can we Implement Data Level Security in Dashboard? If yes How to do this in Dashboard.
2) I want to divide dashboard into 4 equal parts? Pls give some iDea
3) In want situations we will use 2 LTS under one Dimension table?
If Any one knows pls give some idea.

Hi RamOBI,
Just as an FYI, it makes it easier for others to help you if you keep one question to each thread. Right now you've got three questions. Here's my response to the one stated in your thread subject.
1. You implement data level security in the Repository file (RPD). You'll build out a subject area with the data level security and use that subject area to build out your dashboard with data level security. Here is a website that walks you through the data level security. http://www.rittmanmead.com/2007/05/13/obiee-and-row-level-security/
If you post the other questions in their own threads, I'll be more than willing to give you feedback.
Let me know if this helps.
Best regards,
-Joe

Authorization: data level security by cost center to finance line items

We have a business unit request requiring implementation of cost center data level security through FI transaction codes for financial line items. Example requirement: Cost center manager can execute FS10N GL account line item display, drill into the balance and only return those line items to which the cost center manager has access. Cost center managers currently report their cost center expenses via cost center accounting report and through those reports are able to drill into the FI line items to display document and line item details. Cost Center managers, due to their varied responsibilities, also have access to tcode FS10N, from which if they execute reports directly, can access data for cost centers which they are not responsible for.
Our security team has stated that the determination of authorization objects which are checked at transaction code/program execution are not configurable. We’ve found when debugging that it would be possible to implement user exits for additional authorization checks, but that in order for the authorization check to actually get called, the object must be set as ‘checked’ within SU22/SU24.
Has anyone had a request to implement such cost center data level security for financial line items through Financial transaction codes? If so, what steps were taken to be implemented? Was this able to be accomplished via security configuration and PFCG security role updates or was custom code logic needed? If custom logic was needed, to what extent was this implemented (what tcodes/programs were included; how was the decision of what to include and exclude determined). What was the duration of this effort?
Has anyone had a request to implement such cost center data level security request for financial line items via Financial transaction codes and not implemented the request? How was this communicated to the business that the request for data level security goes against SAP’s authorization design?
Thank you in advance for your input,
Becky Zick

Hi Becky
Have you tried with object K_REPO_CCA? You have available these fields to filter authorizations.
I hope this helps you
Regards
Eduardo

Data-level security in user level

Hi All,
In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
Is this possible to work in OBIEE 11g?
Thanks.

Hi,
Yes it is possible,
Please refer the below link.
http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
Hope this help's
Thanks
Satya

What if I implement data level security using Selection formula?

Hi All,
I have a requirement to implement data level security for all the reports, the thing is, we donot have a front end application developed in java/.net or any other language, so we have only two options (as per me, if you think there are other alternatives then please share).
1) Implement security at the database level (that is use user roles in where clause which will make the where clause really complicated and hence the performance of the query will eventually decrease).
2) Retrieve the data with the flags of user role/permission on data. Use these flags in selection formula to select the needed records as per the user login.
I have already in middle of implementing the second method, thought to take suggestion from you guys, I appreciate if you could tell me the drawbacks of the method I am using, and if there is an alternative method you could think of.
Thanks,
-Azhar

Standaone Crystal Reports does not have any security option except to use Trusted Authentication when connecting to the DB. We use Microsofts NT or MS SQL Server Authentication only.
Doing this in CR Designer using flags and formula will never be secure, the user could simply change the formula etc...
Check with your DBA on how to configure AD authentication and then enable or add each user to SQL server. You may need to configure and mantain this manually depending on how you ahve your network configured.
Thank you
Don

Dashboard prompts are getting cached and not working as per data level security

Hi,
Version: OBIEE 11.1.1.5 BP2
We have dashboard prompts that have data level security defined in RPD - Content tab of an LTS.
After clearing cache, the dashboard prompt applies the security properly. When another user who has a different security defined, is seeing the same prompt values on clicking the drop down of a prompt and also when they click search prompt popup.
Issue is, for second user, I do not even see cached query in the session logs. Tried applying the DISABLE_CACHE_HIT=1 in the prompt sql results, no luck.
But reports are applying the security correctly, issue is with prompts alone.
Any thoughts on this?
Thanks,
Rajesh

Just for others reference: We disabled caching on the table to avoid this issue.

Data level Security issue in obiee 11g

Hi,
We are trying to implement data level security, let me explain the issue
The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
SQL used in session variable -
select 'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
and job_desc1 = 'Principal High School - KPI'
Any suggestions please ??
Thanks,
VRP

Hi,
I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
Thanks
[OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
-------------------- SQL Request:
SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
SELECT
0 s_0,
"High School KPI"."- Date"."School Year" s_1,
"High School KPI"."- Grade"."Grade Level" s_2,
"High School KPI"."- School"."School Name" s_3,
"High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
"High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
"High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
FROM "High School KPI"
WHERE
(("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
) djm ORDER BY 1, 2 ASC NULLS LAST
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
WITH
SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T29835.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
from
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
D1.c2 as c2,
count(distinct D1.c6) as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH0 D1
group by D1.c2, D1.c4, D1.c5),
SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH1 D1),
SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T26023.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
from
W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_KPI_QTR_DAY_D T30647,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
count(distinct D1.c6) as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH3 D1
group by D1.c3, D1.c4, D1.c5),
SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH4 D1)
select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
D1.c3 as c5,
D2.c2 as c6
from
SAWITH2 D1,
SAWITH5 D2
where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
order by c1, c2, c3
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
WITH
SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T29835.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
from
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
D1.c2 as c2,
count(distinct D1.c6) as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH0 D1
group by D1.c2, D1.c4, D1.c5),
SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH1 D1),
SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T26023.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
from
W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_KPI_QTR_DAY_D T30647,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
count(distinct D1.c6) as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH3 D1
group by D1.c3, D1.c4, D1.c5),
SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH4 D1),
SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
from
SAWITH2 D1,
SAWITH5 D2
where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
select D2.c11 as c1,
D2.c12 as c2
from
SAWITH6 D2
order by c2
Edited by: 965968 on Oct 17, 2012 11:49 AM

How to do data level security on users based on region

Hello guys
I currently have created a report with dashboard prompt on column "state" with a default value "CA"
Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
If so, how should I configure the session value so that users get filtered date based on its state location?
PLease provide guidance
Thanks

Here’s an idea off the top of my head (untested):
First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
Untested. Please reply back and let us know how it goes.

Data level Security

I need to implement data level security on the dashboards for users based on job hierarchy and region location
since i have multiple subject areas this needs to be implemented on one subject area and reports and dashbord from the same subject area .
any ideas or links how one can achieve this

Check this URL
http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
Mark as correct if it is helpful
Thanks

Data Level Security In Answers

Hello Experts
Can we configure data level security in answers and dashboards without using any variables ?? If so ..please guide me how to ..
Thanks for your time .
Edited by: newbi on Sep 13, 2010 2:14 PM
Edited by: newbi on Sep 13, 2010 2:15 PM

Hi
Follow the link
http://obieeblog.wordpress.com/category/obiee/obiee-security/
Regards
Debo

BIP Security - Data Level Security / Init Blocks

Hello, I am using BIP 11.1.1.5. I am aware that in OBIEE data-level security can be implemented by placing permissions on a application role. However, I am wondering if this can be accomplished in BIP if I use a BI Analysis or SQL as the datasource for my data model. I have a catalog of 100 BIP reports and was wondering if I can implemented data-level security via the RPD. I am exploring the various options of executing this type of security. I already performed some research and found Oracle's whitepaper on Row Level Security with BI Publisher.
Another Question: Does session init blocks work with BIP? I flipped the switch for BIP security model to 'Oracle BI Server' on the Admin security page. Next, I went to the RPD in online mode and created a simple query inside a init block. However, when I logged into BIP I didn't see the variable from the session init block in the Manage Sessions window.
Thanks

Look at the below link..It has three options. this one is from veeravalli I believe..I personally like the second option if there are not many reports to work with.
cool-bi.com

Data level security filter to groups imported from database

The groups that a user belongs to are stored in a table in the database. How do I create a group in the rpd to define data level security filters when the group name is retrieved from the database table depending on who logs in. One user can be a part of several groups.
Please help.

I created the groups manually in the rpd first and assigned security filters to the group. The same group was created in the presentation services assigning some object level security (dashboard pages visibility). But the user picks the groups (row wise initialization) correctly and not the security filters applied to the group in the rpd. The privileges to the group in the presentation services works fine. Why is the group definition in the rpd being bypassed.

Data level security for Dashboard pages.

Similar Messages

Maybe you are looking for