Row-base security : how to filter on a set of value ?
Hello all!
I am currently trying to setup the row-based security in OBIEE and I am facing some difficulties, not sure if they are basic or not:
I'd like my users or groups to access data depending on a list of value.
I know the best practice is to create a session variable and to filter on it in the security filters. But what if I want to filter on n values?
It looks like a session variable can only host one value. Should I then define n variables initialized in my initialization block ? this would limit the number of values I can filter on. I can't believe there isn't a way to make it clean.
More precisely, my context is:
each user can belong to one or more groups
each group is granted access to one or more brands.
So basically, I'd like to filter on "brand in group.brands where group in (all groups in nq_session.groups)"
I don't have any prerequisite on where to store the filter data (repository, database) nor anything else.
Any help much appreciated ! thanks in advance !
Cedric
Hi
Thanks, I am able to figure out that.
But I am stuck in performance issue with this approach, I am applying filter on my fact table , but my issue is that for a given user, filter values are in thousands, so OBIEE is putting them in a IN Clause(1,.... 20000) and when the actual query get executed it had performance issue.
Is there any way where I can write subquery on fact table instead of storing multiple values in dynaic variable.
Another issue is that when user log in , this variable get initialize which result in delay in login for the user.
Deepak
Similar Messages
-
How to pass the whole set of values of a shuttle item in AJAX
Hi,
I am trying to pass the value of shuttle item to a dynamic process using Ajax. But if I use shuttle_right, I am able to get only the first selected value. If I simply give shuttle it returns null.
Please let me know How I can get the whole set of values separated by ':'
Thanks,
VikasVikas,
Here's a little snippet that should get you going:
var shtVals = '';
var shuttle = new dhtml_ShuttleObject("PXX_SHUTTLE_LEFT","PXX_SHUTTLE_RIGHT");
for (x=0; x<shuttle.Op1Init.length; x++) {
shtVals += shuttle.Op1Init[x].value + ':'; //Op1 = left & Op2 = right
shtVals = shtVals.replace(/:$/,'');
alert(shtVals);Regards,
Dan -
Row-base security - mulitiple dimensions
Hi
I filter data using the row-wise initialization.
In groups, in security filter, the logical SQL is eg.:
Group "Region 1" has filter: DM."Dim Region"."rg_id" = VALUEOF("R1")
Group "Region 2" has filter: DM."Dim Region"."rg_id" = VALUEOF("R2")
R1, R2- are static variables containing numeric IDs of regions.
User belongs to one or more groups.
That works good for one dimension Region and the condition in sql is like:
WHERE Region.rg_id in (1,2)
When I've added next serveral groups for second dimension, eg.:
Group "Category 1" has filter: DM."Dim Category"."Ct_id" = VALUEOF("C1")
Group "Category 2" has filter: DM."Dim Category"."Ct_id" = VALUEOF("C1")
generated sql has the condition like this:
WHERE
Region.rg_id in (1,2)
OR
Category.Ct_id in (1,2)
But, I'd like to have logical sum:
WHERE
Region.rg_id in (1,2)
AND
Category.Ct_id in (1,2)
regards
HarnasHi
Thanks, I am able to figure out that.
But I am stuck in performance issue with this approach, I am applying filter on my fact table , but my issue is that for a given user, filter values are in thousands, so OBIEE is putting them in a IN Clause(1,.... 20000) and when the actual query get executed it had performance issue.
Is there any way where I can write subquery on fact table instead of storing multiple values in dynaic variable.
Another issue is that when user log in , this variable get initialize which result in delay in login for the user.
Deepak -
How to filter reports based on Prompt values
Hi All,
I have requirement in dash board.
in my dash board it contains two reports which is having same column with different values.i.e.,
one report contains Input method column with CSS value,
another report contains Input method column with SFF value
and i have dashboard prompt for INPUT METHOD column.
when i need to select CSS value in prompt the first report should enable(display).second report should disable.
when i need to select SFF value in prompt the second report should enable(display).first report should disable.
But problem is when iam prompting values the 2 reports displaying same report only.Can any give solution for this one. how to solve this prob?
Thanks in Advance response .
NaveenHi,
Follow the steps from this link. I hope it will be helpfull
http://oraclebizint.wordpress.com/2008/01/17/oracle-bi-101332-selecting-reports-from-dashboard-prompts-and-guided-navigation-sections/
Phani. -
How to filter out data by total value.
Hi expert,
I have following requirement for a query:
employee overtime_reason_code overtime_hours
1 1 1
2 6
3 10
so for an employee, if total overtime_hours>8, then it will be displayed in the report, otherwse , it will be filterred out from the report.
Many Thanks,Hi Bo,
This suggestion will add another KF in column:
Create a FORMULA and insert the OVERTIME_HOURS in it..Go to aggregation tab and make it TOTAL with reference characteristic to EMPLOYEE..
Then make a CONDITION for the FORMULA you have created so that if total is <8 hours, it will not be shown..
The result will be like this:
employee overtime_reason_code overtime_hours new formula
1 1 1 17
2 6 17
3 10 17
so if you have employee 2 with total of less than 8 hours, it will not be shown..
Regards,
Loed -
I need to set the Maximum so that the use can use the mouse to change the value of numericstepper (and not go over a certain number), but at the same time I have to allow the user to enter their value by typing in the text field. When the user enters a number greater than the Maximum, I disable the "Ok" button of the dialog and show a red warning(error message). The issue is that the user can hit "Enter" and numeric stepper would set the value to the Maximum and the dialog box would close and the rest of code would run. I want the numericstepper not to change the value and keep showing the warning even if the user hits the "Enter".
Note: Setting maxChar does not help since my maximum is 1000, and user might enter 5555
I would appreciate the help.Thanks for trying to help, But
The issue is that if I set the maximum value of stepper 1 greater than the max value that I want, then the user can select an invalid value(of myMax + 1) when he clicks on the UP arrow of the numeric stepper(which is not acceptable for what I am working on).
I need to preserve the users invalid number, while not letting the user to select an invalid number by clicking UP key.
I noticed that when the user enters a number greater than the Maximum, and then click on the down arrow, it would set the value to 1 less than the maximum. This is not acceptable either. -
Tips on Implementing Row Level Security
Dear All,I am currently trying to implement row level security in Hyperion Intelligent version 8.2. The user guide is straight forward on explaining the steps. However, when I tried it, the row level security does not filter the information at all eventhough I have set the row level security setting in System Administration. Is there Anyone who can share their problems and experience when implementing row level security in Hyperion Intelligent version 8?Regards,Ricky
I don't believe you need the bqy file anymore, as you set up the ODBC to connect to the database of the EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR).
(I don't have an EPM instance with IR installed to check currently).
Note: from the docs quoted earlier:
If you want to implement row-level security in Reporting and Analysis, keep these points in mind:
At least one Hyperion Interactive Reporting Data Access Service instance must be configured to access the data source storing your row-level security information.
The database client library should be installed on the computer where the Hyperion Interactive Reporting Data Access Service is running.
The data source for the Reporting and Analysis repository that has the row-level security table information should be configured.
For security reasons, the user name and password to access the data source should differ from that used for the Reporting and Analysis user account.
Regards, Iain -
How to check the row level security in TOAD for oracle
Hi ,
for ex, i have 2 types of users
normal user and super user
super user can see the group set (some column name) created by normal user
but normal user can not see the set created by super user
this set crestion aslso has 3 types "U','P',S'
P & S can be viewed by even normal user
but U should not
so here we are having some row level security for the normal user .....
So, in TOAD for oracle how to check that......
Let me know if i'm not clearLike
I'm the super user....
And some records are inserted to a table by different users ('a' , 'b', etc....)
So,if user 'a' logins then he can be able to see only the records inserted by 'a' only...
how to see in TOAD where such type of scripts (filter conditions) are written..... -
How to implement row level security using external tables
Hi All Gurus/ Masters,
I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
I can use a filter condition in my user level so that he can access his data only.
But when i have 4 tables in external tables
users
groups
usergroups
webgrups
Then in which table I need to give the filter conditions..
Pl let me know this ...You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
Hope this helps -
How do I apply SAP's mantra, "Run Like a Factory" to my Basis/Security team?
I will preface this by stating that I am a newbie to SAP, and I am not technical. Currently I manage a Basis/Security team, albeit understaffed.
For the past 5 years I have been charged to:
Organize the team into a highly-performing department. (Done!)
Leverage existing SAP (and non-SAP) tools to drive up the performance and availability of our SAP landscape. (Currently on SolMan 7.1, SP12. Early Watch reports for 17 instances. Crank out CQC's like they are free candy)
Take full advantage of our SAP Enterprise Support. (Monthly calls with our Ent. Support Advisor. Burn through our EGI's, AEI's, and Road Maps. Training curriculum built around the Ent. Support Academy offerings, etc.)
But there is a part that is missing, and this is where I need guidance. What I am referring to is the integration and synchronization of my team with the abundance of proactive services of SAP's MarketPlace (MP) and Enterprise Support (ES). Here is what I mean:
So I am subscribed to umpteen SAP "MP" & "ES" newsletters and RSS Feeds, I occasionally browse the Security Portal (because I can't find where to subscribe to an RSS Feed), I receive the "SAP Support Notification" email every couple of days, I am connected to their Social Media presence,and there are a few other communication channels I am connected to. But from all of this what I am missing is... Continuity!
I have had this nagging feeling that I am missing, or not yet fully aware, of some basic elements within the "MP" or "ES" that I need to address so that the steady flow of information from these channels are relevant and substantial. Here is my best example:
Every few days I receive the "SAP Support Notification" email. At first the email was basically empty. I figured out that I had to choose my instances within my subscription so that I receive relevant information. I accessed my instance list and found it was a mess. So I had my architect remove all obsolete instances. The contents of the email is now more substantial, but there is more to the email that I don't understand the relevance of.
Another example is the SAP Security Portal. I can't figure it out. Updates, announcements, etc. aren't sent out. I have to remind myself to visit the Portal.
I have a few more examples, but this post is already too long. I need help with the manipulation of the basic elements of "MP" and "ES" to start receiving more substantial, and actionable, proactive support. Once I have this I can integrate this support into the daily administration of my SAP ecosystem, as well as define KPI's and metrics to strive for improved performance and availability.
So what am I missing?Hi Pete,
This is a great discussion item, and I am glad that you brought it up! There is a lot of information out there, and how to syphon it so it relates to you is definitely something that is important.
Couple points/questions on the above, and then some information that may help future wise.
There are many notifications within the SAP Support Portal that you can subscribe to. Some require filters, some are based on 'subscribing' to Spotlight News or to specific notes and KBAs. Happy to set up some time with you to go through these in detail.
What is the URL to the SAP Security Portal you mention? Are you referring to this area: https://support.sap.com/kb-incidents/notifications/security-notes.html?
Future direction is focusing on personalizing your experience within the portal. Giving you what you need, when and how you prefer. We can chat on that as well.
Feel free to reach out to me directly.
Cheers,
Kristen -
How to implement row level security?
Hi all,
There is a database which is for 3 companies to use it and how to use row level security to make sure that they can only manipluate their own data? For example, "employee" table, for each company they just can see their own employees information. How to use dynamic view to do it?
Many Thanks
AmyHere are two options to achieve what you want.
A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
1. create a security codes table. Say for example
001 - company a
002 - company b
2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
4. update all data in the tables according to which company they belong to.
5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
Table name = Employee.
Create a view employee_a on employee
create a view employee_b on employee
Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
create synonym employee on employee_a in x schema.
create synonym employee on employee_b on y schema.
This i have not tried but believe should work.
Hope one of these options serve your purpose. -
Hi All,
Question: How do I filter rows out of a query where multiple columns are equal to a single question mark character?
Background: I'm using SQL 2008 R2. Furthermore, the part of my brain that helps me create less-than-simple queries hasn't been working for the last 4 days, apparently, and now I need help.
We have about 4,000 rows in a table. This data set was generated from an exported report, and many of the rows in the detail table were not actual data rows but were simply "header" rows. For those table rows, most of the columns have
a single question mark as the value.
Some of the detail rows have one or more question mark values, too, so it's important that these rows don't get filtered out.
When I include criteria like "WHERE col1 <> '?' AND col2 <> '?' AND col3 <> '?' AND col4 <> '?'", all rows with a question mark value for even a single one of those columns get filtered out. How do I filter out rows
where all columns 1-4 contain a question mark value?
Thanks for your help,
EricI just tried to create to create a scenario for you. Please see ig you're looking for something like this.
Create table test_Question_mark
RecordID INT identity(1,1),
Col1 varchar(10),
Col2 varchar(10),
Col3 varchar(10),
Col4 varchar(10),
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','?','?','?')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','??','?','?')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','??','??','?')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','??','??','??')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','?','?','?')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','test ??','??','??')
insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','test ?','??','??')
--drop table test_Questio_mark
select * from test_Question_mark
select * from test_Question_mark
WHERE
(CHARINDEX('?', Col1,1) > 0 AND CHARINDEX('?', Col1, CHARINDEX('?', Col1,1)+1) = 0) AND
(CHARINDEX('?', Col2) > 0 AND CHARINDEX('?', Col2, CHARINDEX('?', Col2,1)+1) = 0) AND
(CHARINDEX('?', Col3,1) > 0 AND CHARINDEX('?', Col3, CHARINDEX('?', Col3,1)+1) = 0) AND
(CHARINDEX('?', Col4,1) > 0 AND CHARINDEX('?', Col4, CHARINDEX('?', Col4,1)+1) = 0)
--drop table test_Questio_mark
I hope above solution will help.
Thanks!
Ashish. -
How to implement Bursting(Row level security) in Xcelsius
Hi,
We are using Xcelsius 2008. We have created xcelsius dashboard using Qaaws but for authentication in qaaws we are suing enterprise authentication and default user.
Now in my dashboard i have one combo box wich gives data fro diffrent states, now i need to restrict the user to see the state values. I implement the row level security in universe, when i create webi report and view that reprot in infoview, the row level security works. But when i publish the dashboard to infoview the row level security doesn't work.
We are uisng XO 3.1 with SSO on IIS. So how and what are the diffrent option available to implement the row level security in Xcelsius Dashboard.
Thanks for the help in advance.
Thanks,
Nimesh.Nimesh,
Were you able to implement ? I have a requirement to use the same dashboard for 5 regional users.
Row level security works.
combo box intial value is Global , when I login as North America user, combo still shows Global but it will have the value of North America.
i am curious to know how you implemeted this?
Thanks
Pushpa -
How To Apply Row level security ??
Hi all,
I want to apply row level security on one of my custom objects created in PO schema in R12. How to do that??
Thanks and Regards
RajThank You Gaurav
--Raj -
How to Migrate Row Level Security Configuration
Hi Guys,
Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
Thank you in advance,
BobHere are two options to achieve what you want.
A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
1. create a security codes table. Say for example
001 - company a
002 - company b
2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
4. update all data in the tables according to which company they belong to.
5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
Table name = Employee.
Create a view employee_a on employee
create a view employee_b on employee
Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
create synonym employee on employee_a in x schema.
create synonym employee on employee_b on y schema.
This i have not tried but believe should work.
Hope one of these options serve your purpose.
Maybe you are looking for
-
CD ROM Drive lost when installing iPod Nano
After installing my iPod Nano and iTunes my PC will no longer recognise it has a CD ROM drive. Like a dummy I tried it on 2 PC's and now they are both stuffed! Apple tech support don't have a clue. I have uninstalled everything, even the CD ROM Drive
-
Java sdk 1.4.2 Windows 2008 SAP ECC 6.0 SR3
Hello, I want to install SAP ECC 6.0 SR3on server which is running windows 2008. The operation system is 64 bit version with a Xeon processor. I folow the following path to Download a j2sdk version http://java.sun.com/j2se/1.4.2/SAP/download.html. Do
-
Async webservice with Callback
Hi Experts, How to call a Asynchronous Microsoft webservice(Used callback mechanism) from XI? First I have to call the Microsoft webservice, it will return acknowledgement about the status. Again I have to invoke the webservice then it(microsoft) wil
-
Sales order quanity in multiples
Dear All, I have maintained minimum order quantity for a mterial in material master so that I should not raise sales order less than that quantity, it is also fine we are able to succeed in that. But my requiremnt is I should put the sales quantity i
-
Problems with Bridge CS4.
Dear members: Since my last disappointing experiences with Bridge I decided I would wait until CS4 had been out for a while and Adobe had the chance to clean all the bugs and problems with the first releases. I am now beginning to use the CS Premium