Item level security not working when placed in a portlet page

Similar Messages

• Item Level Security not working with Tabs

  I've Portal 9.0.2.2.22
  This issue is with Item Level Security with Tabs. Here is what I've have:
  Page Group: MyPagegroup (Privs: portal => Manage All)
  Page: MyTestPage (Privs: portal => Manage All,
  testUser => View)
  There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
  Now here are the two scenarios that I'm having problem with:
  1) MyTab (portal => Manage All, testUser => view)
  image1 (ILS enabled: portal => Manage All)
  image2 (ILS enabled: portal => Manage All,
  testUser => View)
  When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
  2) MyTab (portal => Manage All)
  image1 (ILS enabled: portal => Manage All,
  testUser => View)
  image2 (ILS enabled: portal => Manage All)
  When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
  Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
  If I don't put the items under a tab, then things work as expected.
  thanks
  Lalit Agarwal
  Vienna, VA
  703-521-5200 x3610

  This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
  Regards,
  Jerry
  PortalPM

• Help! Javascript not working when object moved from one page to another!

  Hello all:
  I am new to Adobe Livecycle Designer (version 8.0). I have created a 3 page interactive pdf form with numerous objects (text fields, radio buttons, drop-down boxes, etc.), that our business wants to begin using soon.
  I am having difficulty with some of my Javascript not working with a few of my objects on page 2 of the form. Specifically, there is a drop-down box for "Country" on page 2 of my form. When the user selects, for example, "United States" from the list, I have Javascript that is supposed to change the "Currency" drop-down box rawValue to "US Dollars" accordingly (upon the change event).
  I think my Javascript syntax is proper, but I am not certain. Here is my simple Javascript associated with the "Country" drop-down box (Note: rawValue 80 = "United States" and rawValue 105 = "US Dollars"):
  form1.Page1.cmbContactInfoCountry::change: - (JavaScript, client) -
  if (this.rawValue == 80) {     
       cmbCurrency.rawValue = 105;
  This seems pretty straight forward and it WORKS when my "Country" drop-down box is moved to page 1 of the form, but it WILL NOT WORK when I move the "Country" drop-down box back to page 2 of the form (which is where it belongs).
  Does anyone have any suggestions or solutions? I have spent probably 6-8 hours racking my brain trying to figure out why it works when on one page, but it does not work when move to a different page. I am guessing that I may have corrupted something OR that I am not fully addressing the proper name of the object?
  Please help!
  Frustrated and helpless near Chicago!
  Taylor T

  Hi Jono:
  Thank you for your quick reply.I was able to obtain the full name of the cmbCurrency object using the method you taught me. That is brilliant! Great short-cut tool.
  Unfortunately, I am still having issues with getting Javasript for the cmbCountry object to work with the cmbCurrency object. I haved pasted my new Javascript below.
  JavaScript for cmbCountry object:
  //UNITED STATES
  if (this.rawValue == 1) {
            xfa.resolveNode("form1.#subform[1].cmbCurrency").rawValue = 1;
  else
  //CANADA
  if (this.rawValue == 2) {
            xfa.resolveNode("form1.#subform[1].cmbCurrency").rawValue = 2;
  I have checked the "Specify Item Values" checkbox of the cmbCurrency drop-down object and Value 1 = "US Dollars" and Value 2 = "Canadian Dollars".
  When I select "Canada" from the cmbCountry drop-down object, the rawValue of the cmbCurrency drop-down object is changed to "US Dollars" (when it is clearly defined as "Canadian Dollars"). When I select "United States" from the cmbCountry drop-down object, the rawValue of the cmbCurrency drop-down object stays blank for uknown reasons. Very strange.
  Since I am not able to further explain in detail on what I am experiencing, I have posted a link to my file below (I just signed up for an account at ShareFile). I would forever be indebted to you if you can help me figure this out!
  https://thomptk.sharefile.com/?cmd=d&id=07ede2fe11db4549

• Urgent:Tab and item level access not working

  Hi,I am on portal 9.0.2.0.1 version.I am trying enable security.I have made 5 groups.Added users to group.Those users have only basic view privileges.
  At my page group level I gave view access to all 5 groups.
  At page level gave view access to all 5 groups and checkmarked enable item level security.
  At tab level on one of tabs I gave view access only 4 groups.
  At item level on one of items I gave view access to only 4 groups.
  Now I log in as one of the users in 5 th group and the tab as well as te item both are visible.
  Is it a bug or am I missing somehting.
  Pls let me know urgently

  You asked:
  But if I do not assign any sort of privileges to my groups consisting of all my users then how will they view the page group also forget abt viewing page and tabs on it.
  If you don't assign view privilege on the page group, then you have to assign view privilege on every page that you want your users to see.
  As you discovered, the tabs and items override the page privilege (a tab or item can be hidden from a user who has view privilege on the page), although your users need a minimum of view privilege on the page to see any content.
  I don't understand your comment about groups - they work fine for managing privileges.
  Note that you can use bulk actions (and List View in 9.0.2.6) to manage privileges for multiple pages. You can also assign privileges to your page template to default the privileges on pages based on the template. And new pages will inherit the privileges of their parent if the page group property "Copy Parent Page Properties When Creating Page" is set.
  Regards,
  Jerry
  PortalPM

• Item level security not available to accounts with manage content?

  Though I'd post this here before trying metalink.
  Environment: App Server Portal 9.0.4 (10g) on Win200
  The scenario:
  I have set up a page with one item area. This is set to be a portlet on another page and act as a message board.
  I wish to set up a group of users to maintain this message board, but restrict their access any further.
  Setting a user up with 'Manage Content' on the Page properties almost does this. It allows them to Enter/Edit/Move or delete items but pretty much no more which is exactly the level of access I require.
  What it doesn't allow, when they add or edit an Item, is the ability to change Access permissions.
  The page has 'item level security' ticked, and a user with higher 'Manage' access can set access permissions on items, for example only allowing a certain group viewing an item, but it also allows them to manipulate the page which I do not want to permit.
  Is it possible that 'Manage Content' level users can also set access on items?
  Thanks.

  Resolved, it appears that access can be set after item creation using the edit. a little quirk.
  Also I was trying to set access on an item created by the 'manage' user, which was beyond the 'manage content' users scope, and not a practical situation.

• Row Level Security not working for SAP R/3

  Hi Guys
  We have an environment where the details are as mentioned below:
  1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
  2. The SAP roles are imported in Business Objects CMC.
  3. Crystal Reports are published on the Enterprise as well.
  3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
  Any help in this issue is greatly appreciated.
  Thanks and Regards
  Kamal

  Hi,
  In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
  This tool defined which tables are to be restricted based on authorizations.
  However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
  You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
  thanks
  Mike

• Crystal reports LOV cascading prompts row level security not working

  Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
  Using XIR2 environment.
  Appreciate the response.
  Thanks
  Chenthil

  Hi Chen,
  In terms of what could be done on the Crystal Reports end, there is no such controls available.  However, your question may be better answered if it was posted to our Business Objects Enterprise forum. 
  It is at "BusinessObjects Enterprise Administration" section of the forums.
  FYI.

• Group Level Data Level Security not working

  I'm trying to test the data level security at the group level.
  Here's what I did
  1. Went to the security -> Groups -> Permissions -> Filters
  2. In Name added the Fact table on which I want to filter.
  3. Selected "Enable"
  4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
  When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
  Am I missing something in the creation of filters?
  Thanks in Advance.
  Rama.

  Hi,
  If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
  Hope this helps.
  Regards,
  Sandeep

• Database Level Security not working ???

  The 10 g (10.1.2.1) documentation states the following:
  Chapter 7 Controlling access to information:
  "Regardless of the access permissions and task privileges that you set in Discoverer Administrator, a Discoverer end user only sees folders if that user has been granted the following database privileges (either directly or through a database role):
  ex: SELECT privilege on all the underlying tables used in the folder "
  So how come a folder (view in my case - not table) cannot be queried directly by a user, but the folder still shows up a choice when building a report using PLUS ? I am misreading the above ? For is sounds lilke to me if the user account does not have SELECT privilege then they will not see the folder in Discoverer ?
  Anyone run into the same issue or have an explanantion ?
  thanks
  OBX

  I think the user has access to see all the folders in the business area in Discoverer if he has permission to do so. This is a Discoverer level security to filter people who should not have access to the business area at all. You'll find that although they can see these Discoverer folders because the permission is set in Discoverer Administrator, that the database tables they are based on will not allow the users to see any of the data if they don't have those rights at the database level.

• Object Level security not working on OBIEE 11g 11.1.1.7

  Hi,
  I am experiencing problems with object level security applied on application role in 11.1.1.7 version. If i create a user and assign that user to a application role and give that application role permission to Access Answers in Manage previleges, it is not working. If i directly add a user to permission list in Manage previleges section then user is able to access the answers. I added that application role in "Access to Answers" section in Manage previleges section. Permission for Authenticated users is denied.
  We recently upgraded from 11.1.1.5 to 11.1.1.7. Please can someone confirm if it a bug in 11.1.1.7 or it is because of the upgrade process.
  Regards,
  Sandeep

  Hello Sandeep,
  I have just verified the below scenario as you said but didnt find any issue.
  I have just created a User, Group and Applictaion Role under default authentication provider . Assigned user under group and group under newly created application role and provided access to answers for new application role under manage privilages and I am able see it.
  This might not be a 11.1.1.7 bug check it from upgrade end.
  Regards,
  Srikanth

• Obi 11g row level security not working

  All,
  I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
  Very frustrated... ;(

  Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
  1) I created a test user
  2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
  3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
  4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
  5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool.

• Row level security not working if I hit the aggregate

  I have applied row level security on presentation layer , however it does not work if the report hit the aggregate any idea on this...

  Hi Ingo,
  Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
  This custom auth object is maintained for the PA0001 table.
  This object is added at the role level with the restricted access to the Company Code..

• IPHONE4 not working when placed on FLAT surface (i.e. Table)

  Anyone experiencing Touchscreen not functioning when IPHONE4 is placed on flat surface such as table?
  Is it normal or my phone is faulty?
  Also bottom corner (about 5mm) become insensitive after applying Privacy Touchscreen. Anyone has this problem as well?

  no to both. However, I was previously using the non apple charger to charge my ipod nano (2nd gen). It still charges the iphone fine - but i'm not sure behaving in this. Could thAt be the charger or the iPhone?
  It could be both. If a 3rd party product does not include the "made for iPhone" certification on the packaging and product documentation, you are taking a chance. The "made for iPhone" certification is for a reason and means something. It doesn't matter if used with a 2nd generation iPod Nano and it worked with the iPhone. The 2G iPad Nano is not an iPhone and the charger does not include the "made for iPhone" certification.
  As for the Zagg, I know Apple wouldnt provide this or refund for it. Just wondering whether Zagg would replace one if it was included with a faulty iPhone back to Apple?
  Probably not, but contact Zagg.

• Row Level Security Not working for the ECC table.

  Hi All,
  We have created a crystal report using SQL Driver.
  We have set the row level security on PA0001 table so that we can restrict the query based on Company Code.
  But when I run the report, it bypasses the row level security and gives access.
  Am I missing some configuration?

  Hi Ingo,
  Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
  This custom auth object is maintained for the PA0001 table.
  This object is added at the role level with the restricted access to the Company Code..

• Access Control Mechanism (data level security) not working properly

  Hi Experts,
  I have done datalevel security for groups by help of a database table. This table contains UserId, Dept. code, GroupName column. UserID are verified by LDAP server during logging into Dashboard. I have made two init blocks for GroupName and Dept.Code .
  Query is :
  SELECT 'Group', GroupName from TABLE
  Where
  UserId = ':USER'
  Similiar query is for Dept Code.
  There are two groups ; 1. CC_User 2. Full_User. I have applied filter in PERMISSIONS for CC_User on Fact table on Dept Code. So, user in this group may see data for Dept Code aligned to him in the table. All_User may see whole data for All Dept Codes as NO filter is applied on this group.
  Dept Code , UserId and GroupName are Varchar.
  Now problem is this when a user have membership of one group , it works fine. For CC_user it shows data for its Dept Code and All_user may see whole data.
  But When A user have permission of both the groups , only data related to CC_User group is visible. But, in my view , maximum permmision out of the both groups must be applied to the user if he belongs to more than one group.
  So , here , he must see whole data, as All_user group can see full data.
  Does least restrictive permmission happens in case of membership of more than one group in OBIEE.

  848839 wrote:
  Does least restrictive permmission happens in case of membership of more than one group in OBIEE.Indeed it does. The most restrictive filters get applied if a user belongs to multiple groups that have filters at various levels of data because its always an AND clause in the where condition. This is the sort of behavior in various tools I have seen apart from OBIEE.
  Hope this helps.
  Regards,
  -Amith.