Row-base security : how to filter on a set of value ?

Hello all!
I am currently trying to setup the row-based security in OBIEE and I am facing some difficulties, not sure if they are basic or not:
I'd like my users or groups to access data depending on a list of value.
I know the best practice is to create a session variable and to filter on it in the security filters. But what if I want to filter on n values?
It looks like a session variable can only host one value. Should I then define n variables initialized in my initialization block ? this would limit the number of values I can filter on. I can't believe there isn't a way to make it clean.
More precisely, my context is:
each user can belong to one or more groups
each group is granted access to one or more brands.
So basically, I'd like to filter on "brand in group.brands where group in (all groups in nq_session.groups)"
I don't have any prerequisite on where to store the filter data (repository, database) nor anything else.
Any help much appreciated ! thanks in advance !
Cedric

Hi
Thanks, I am able to figure out that.
But I am stuck in performance issue with this approach, I am applying filter on my fact table , but my issue is that for a given user, filter values are in thousands, so OBIEE is putting them in a IN Clause(1,.... 20000) and when the actual query get executed it had performance issue.
Is there any way where I can write subquery on fact table instead of storing multiple values in dynaic variable.
Another issue is that when user log in , this variable get initialize which result in delay in login for the user.
Deepak

Similar Messages

  • How to pass the whole set of values of a shuttle item in AJAX

    Hi,
    I am trying to pass the value of shuttle item to a dynamic process using Ajax. But if I use shuttle_right, I am able to get only the first selected value. If I simply give shuttle it returns null.
    Please let me know How I can get the whole set of values separated by ':'
    Thanks,
    Vikas

    Vikas,
    Here's a little snippet that should get you going:
    var shtVals = '';
    var shuttle = new dhtml_ShuttleObject("PXX_SHUTTLE_LEFT","PXX_SHUTTLE_RIGHT");
    for (x=0; x<shuttle.Op1Init.length; x++) {
       shtVals += shuttle.Op1Init[x].value + ':'; //Op1 = left & Op2 = right
    shtVals = shtVals.replace(/:$/,'');
    alert(shtVals);Regards,
    Dan

  • Row-base security - mulitiple dimensions

    Hi
    I filter data using the row-wise initialization.
    In groups, in security filter, the logical SQL is eg.:
    Group "Region 1" has filter: DM."Dim Region"."rg_id" = VALUEOF("R1")
    Group "Region 2" has filter: DM."Dim Region"."rg_id" = VALUEOF("R2")
    R1, R2- are static variables containing numeric IDs of regions.
    User belongs to one or more groups.
    That works good for one dimension Region and the condition in sql is like:
    WHERE Region.rg_id in (1,2)
    When I've added next serveral groups for second dimension, eg.:
    Group "Category 1" has filter: DM."Dim Category"."Ct_id" = VALUEOF("C1")
    Group "Category 2" has filter: DM."Dim Category"."Ct_id" = VALUEOF("C1")
    generated sql has the condition like this:
    WHERE
    Region.rg_id in (1,2)
    OR
    Category.Ct_id in (1,2)
    But, I'd like to have logical sum:
    WHERE
    Region.rg_id in (1,2)
    AND
    Category.Ct_id in (1,2)
    regards
    Harnas

    Hi
    Thanks, I am able to figure out that.
    But I am stuck in performance issue with this approach, I am applying filter on my fact table , but my issue is that for a given user, filter values are in thousands, so OBIEE is putting them in a IN Clause(1,.... 20000) and when the actual query get executed it had performance issue.
    Is there any way where I can write subquery on fact table instead of storing multiple values in dynaic variable.
    Another issue is that when user log in , this variable get initialize which result in delay in login for the user.
    Deepak

  • How to filter reports based on Prompt values

    Hi All,
    I have requirement in dash board.
    in my dash board it contains two reports which is having same column with different values.i.e.,
    one report contains Input method column with CSS value,
    another report contains Input method column with SFF value
    and i have dashboard prompt for INPUT METHOD column.
    when i need to select CSS value in prompt the first report should enable(display).second report should disable.
    when i need to select SFF value in prompt the second report should enable(display).first report should disable.
    But problem is when iam prompting values the 2 reports displaying same report only.Can any give solution for this one. how to solve this prob?
    Thanks in Advance response .
    Naveen

    Hi,
    Follow the steps from this link. I hope it will be helpfull
    http://oraclebizint.wordpress.com/2008/01/17/oracle-bi-101332-selecting-reports-from-dashboard-prompts-and-guided-navigation-sections/
    Phani.

  • How to filter out data by total value.

    Hi expert,
           I have following requirement for a query:
             employee              overtime_reason_code        overtime_hours
                   1                                      1                                       1
                                                           2                                       6
                                                           3                                       10
           so for an employee, if total overtime_hours>8, then it will be displayed in the report, otherwse , it will be filterred out from the report.
    Many Thanks,

    Hi Bo,
    This suggestion will add another KF in column:
    Create a FORMULA and insert the OVERTIME_HOURS in it..Go to aggregation tab and make it TOTAL with reference characteristic to EMPLOYEE..
    Then make a CONDITION for the FORMULA you have created so that if total is <8 hours, it will not be shown..
    The result will be like this:
             employee              overtime_reason_code        overtime_hours               new formula
                   1                                      1                                       1                                                 17
                                                           2                                       6                                                  17
                                                           3                                       10                                                17
    so if you have employee 2 with total of less than 8 hours, it will not be shown..
    Regards,
    Loed

  • How to prevent numericstepper from setting the value to the defined Maximum when a number greater than maximum is entered in by keyboard and user hits the "Enter" key.

    I need to set the Maximum so that the use can use the mouse to change the value of numericstepper (and not go over a certain number), but at the same time I have to allow the user to enter their value by typing in the text field. When the user enters a number greater than the Maximum, I disable the "Ok" button of the dialog and show a red warning(error message). The issue is that the user can hit "Enter" and numeric stepper would set the value to the Maximum and the dialog box would close and the rest of code would run. I want the numericstepper not to change the value and keep showing the warning even if the user hits the "Enter".
    Note: Setting maxChar does not help since my maximum is 1000, and user might enter 5555
    I would appreciate the help.

    Thanks for trying to help, But
    The issue is that if I set the maximum value of stepper 1 greater than the max value that I want, then the user can select an invalid value(of myMax + 1) when he clicks on the UP arrow of the numeric stepper(which is not acceptable for what I am working on).
    I need to preserve the users invalid number, while not letting the user to select an invalid number by clicking UP key.
    I noticed that when the user enters a number greater than the Maximum, and then click on the down arrow, it would set the value to 1 less than the maximum. This is not acceptable either.

  • Tips on Implementing Row Level Security

    Dear All,I am currently trying to implement row level security in Hyperion Intelligent version 8.2. The user guide is straight forward on explaining the steps. However, when I tried it, the row level security does not filter the information at all eventhough I have set the row level security setting in System Administration. Is there Anyone who can share their problems and experience when implementing row level security in Hyperion Intelligent version 8?Regards,Ricky

    I don't believe you need the bqy file anymore, as you set up the ODBC to connect to the database of the EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR).
    (I don't have an EPM instance with IR installed to check currently).
    Note: from the docs quoted earlier:
    If you want to implement row-level security in Reporting and Analysis, keep these points in mind:
    At least one Hyperion Interactive Reporting Data Access Service instance must be configured to access the data source storing your row-level security information.
    The database client library should be installed on the computer where the Hyperion Interactive Reporting Data Access Service is running.
    The data source for the Reporting and Analysis repository that has the row-level security table information should be configured.
    For security reasons, the user name and password to access the data source should differ from that used for the Reporting and Analysis user account.
    Regards, Iain

  • How to check the row level security in TOAD for oracle

    Hi ,
    for ex, i have 2 types of users
    normal user and super user
    super user can see the group set (some column name) created by normal user
    but normal user can not see the set created by super user
    this set crestion aslso has 3 types "U','P',S'
    P & S can be viewed by even normal user
    but U should not
    so here we are having some row level security for the normal user .....
    So, in TOAD for oracle how to check that......
    Let me know if i'm not clear

    Like
    I'm the super user....
    And some records are inserted to a table by different users ('a' , 'b', etc....)
    So,if user 'a' logins then he can be able to see only the records inserted by 'a' only...
    how to see in TOAD where such type of scripts (filter conditions) are written.....

  • How to implement row level security using external tables

    Hi All Gurus/ Masters,
    I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
    I can use a filter condition in my user level so that he can access his data only.
    But when i have 4 tables in external tables
    users
    groups
    usergroups
    webgrups
    Then in which table I need to give the filter conditions..
    Pl let me know this ...

    You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
    Hope this helps

  • How do I apply SAP's mantra, "Run Like a Factory" to my Basis/Security team?

    I will preface this by stating that I am a newbie to SAP, and I am not technical. Currently I manage a Basis/Security team, albeit understaffed.
    For the past 5 years I have been charged to:
    Organize the team into a highly-performing department. (Done!)
    Leverage existing SAP (and non-SAP) tools to drive up the performance and availability of our SAP landscape. (Currently on SolMan 7.1, SP12. Early Watch reports for 17 instances. Crank out CQC's like they are free candy)
    Take full advantage of our SAP Enterprise Support. (Monthly calls with our Ent. Support Advisor. Burn through our EGI's, AEI's, and Road Maps. Training curriculum built around the Ent. Support Academy offerings, etc.)
    But there is a part that is missing, and this is where I need guidance. What I am referring to is the integration and synchronization of my team with the abundance of proactive services of SAP's MarketPlace (MP) and Enterprise Support (ES). Here is what I mean:
    So I am subscribed to umpteen SAP "MP" & "ES" newsletters and RSS Feeds, I occasionally browse the Security Portal (because I can't find where to subscribe to an RSS Feed), I receive the "SAP Support Notification" email every couple of days, I am connected to their Social Media presence,and there are a few other communication channels I am connected to. But from all of this what I am missing is... Continuity!
    I have had this nagging feeling that I am missing, or not yet fully aware, of some basic elements within the "MP" or "ES" that I need to address so that the steady flow of information from these channels are relevant and substantial. Here is my best example:
    Every few days I receive the "SAP Support Notification" email. At first the email was basically empty. I figured out that I had to choose my instances within my subscription so that I receive relevant information. I accessed my instance list and found it was a mess. So I had my architect remove all obsolete instances.  The contents of the email is now more substantial, but there is more to the email that I don't understand the relevance of.
      Another example is the SAP Security Portal. I can't figure it out. Updates, announcements, etc. aren't sent out. I have to remind myself to visit the Portal.
    I have a few more examples, but this post is already too long. I need help with the manipulation of the basic elements of "MP" and "ES" to start receiving more substantial, and actionable, proactive support. Once I have this I can integrate this support into the daily administration of my SAP ecosystem, as well as define KPI's and metrics to strive for improved performance and availability.
    So what am I missing?

    Hi Pete,
    This is a great discussion item, and I am glad that you brought it up!  There is a lot of information out there, and how to syphon it so it relates to you is definitely something that is important.
    Couple points/questions on the above, and then some information that may help future wise.
    There are many notifications within the SAP Support Portal that you can subscribe to.  Some require filters, some are based on 'subscribing' to Spotlight News or to specific notes and KBAs.  Happy to set up some time with you to go through these in detail.
    What is the URL to the SAP Security Portal you mention?  Are you referring to this area: https://support.sap.com/kb-incidents/notifications/security-notes.html?
    Future direction is focusing on personalizing your experience within the portal.  Giving you what you need, when and how you prefer.  We can chat on that as well.
    Feel free to reach out to me directly.
    Cheers,
    Kristen

  • How to implement row level security?

    Hi all,
    There is a database which is for 3 companies to use it and how to use row level security to make sure that they can only manipluate their own data? For example, "employee" table, for each company they just can see their own employees information. How to use dynamic view to do it?
    Many Thanks
    Amy

    Here are two options to achieve what you want.
    A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
    1. create a security codes table. Say for example
    001 - company a
    002 - company b
    2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
    3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
    4. update all data in the tables according to which company they belong to.
    5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
    With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
    B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
    Table name = Employee.
    Create a view employee_a on employee
    create a view employee_b on employee
    Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
    create synonym employee on employee_a in x schema.
    create synonym employee on employee_b on y schema.
    This i have not tried but believe should work.
    Hope one of these options serve your purpose.

  • How to filter rows where multiple columns meet criteria, ignoring rows where only some columns meet criteria

    Hi All,
    Question: How do I filter rows out of a query where multiple columns are equal to a single question mark character?
    Background: I'm using SQL 2008 R2.  Furthermore, the part of my brain that helps me create less-than-simple queries hasn't been working for the last 4 days, apparently, and now I need help.
    We have about 4,000 rows in a table.  This data set was generated from an exported report, and many of the rows in the detail table were not actual data rows but were simply "header" rows.  For those table rows, most of the columns have
    a single question mark as the value.
    Some of the detail rows have one or more question mark values, too, so it's important that these rows don't get filtered out.
    When I include criteria like "WHERE col1 <> '?' AND col2 <> '?' AND col3 <> '?' AND col4 <> '?'", all rows with a question mark value for even a single one of those columns get filtered out.  How do I filter out rows
    where all columns 1-4 contain a question mark value?
    Thanks for your help,
    Eric

    I just tried to create to create a scenario for you. Please see ig you're looking for something like this.
    Create table test_Question_mark
    RecordID INT identity(1,1),
    Col1 varchar(10),
    Col2 varchar(10),
    Col3 varchar(10),
    Col4 varchar(10),
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','?','?','?')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','??','?','?')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','??','??','?')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','??','??','??')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('?','?','?','?')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','test ??','??','??')
    insert into test_Question_mark (Col1, Col2, Col3, col4) values ('??','test ?','??','??')
    --drop table test_Questio_mark
    select * from test_Question_mark
    select * from test_Question_mark 
    WHERE 
    (CHARINDEX('?', Col1,1) > 0 AND CHARINDEX('?', Col1, CHARINDEX('?', Col1,1)+1) = 0) AND 
    (CHARINDEX('?', Col2) > 0 AND CHARINDEX('?', Col2, CHARINDEX('?', Col2,1)+1) = 0) AND 
    (CHARINDEX('?', Col3,1) > 0 AND CHARINDEX('?', Col3, CHARINDEX('?', Col3,1)+1) = 0) AND 
    (CHARINDEX('?', Col4,1) > 0 AND CHARINDEX('?', Col4, CHARINDEX('?', Col4,1)+1) = 0) 
    --drop table test_Questio_mark
    I hope above solution will help.
    Thanks!
    Ashish.

  • How to implement Bursting(Row level security) in Xcelsius

    Hi,
    We are using Xcelsius 2008. We have created xcelsius dashboard using Qaaws but for authentication in qaaws we are suing enterprise authentication and default user.
    Now in my dashboard i have one combo box wich gives data fro diffrent states, now i need to restrict the user to see the state values. I implement the row level security in universe, when i create webi report and view that reprot in infoview, the row level security works. But when i publish the dashboard to infoview the row level security doesn't work.
    We are uisng XO 3.1 with SSO on IIS. So how and what are the diffrent option available to implement the row level security in Xcelsius Dashboard.
    Thanks for the help in advance.
    Thanks,
    Nimesh.

    Nimesh,
    Were you able to implement ? I have a requirement to use the same dashboard for 5 regional users.
    Row level security works.
    combo box intial value is Global , when I login as North America user, combo still shows Global but it will have the value of North America.
    i am curious to know how you implemeted this?
    Thanks
    Pushpa

  • How To Apply Row level security ??

    Hi all,
    I want to apply row level security on one of my custom objects created in PO schema in R12. How to do that??
    Thanks and Regards
    Raj

    Thank You Gaurav
    --Raj                                                                                                                                                                                                                                       

  • How to Migrate Row Level Security Configuration

    Hi Guys,
    Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
    Thank you in advance,
    Bob

    Here are two options to achieve what you want.
    A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
    1. create a security codes table. Say for example
    001 - company a
    002 - company b
    2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
    3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
    4. update all data in the tables according to which company they belong to.
    5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
    With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
    B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
    Table name = Employee.
    Create a view employee_a on employee
    create a view employee_b on employee
    Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
    create synonym employee on employee_a in x schema.
    create synonym employee on employee_b on y schema.
    This i have not tried but believe should work.
    Hope one of these options serve your purpose.

Maybe you are looking for

  • CD ROM Drive lost when installing iPod Nano

    After installing my iPod Nano and iTunes my PC will no longer recognise it has a CD ROM drive. Like a dummy I tried it on 2 PC's and now they are both stuffed! Apple tech support don't have a clue. I have uninstalled everything, even the CD ROM Drive

  • Java  sdk 1.4.2 Windows 2008 SAP ECC 6.0 SR3

    Hello, I want to install SAP ECC 6.0 SR3on server which is running windows 2008. The operation system is 64 bit version with a Xeon processor. I folow the following path to Download a j2sdk version http://java.sun.com/j2se/1.4.2/SAP/download.html. Do

  • Async webservice with Callback

    Hi Experts, How to call a Asynchronous Microsoft webservice(Used callback mechanism) from XI? First I have to call the Microsoft webservice, it will return acknowledgement about the status. Again I have to invoke the webservice then it(microsoft) wil

  • Sales order quanity in multiples

    Dear All, I have maintained minimum order quantity for a mterial in material master so that I should not raise sales order less than that quantity, it is also fine we are able to succeed in that. But my requiremnt is I should put the sales quantity i

  • Problems with Bridge CS4.

    Dear members: Since my last disappointing experiences with Bridge I decided I would wait until CS4 had been out for a while and Adobe had the chance to clean all the bugs and problems with the first releases. I am now beginning to use the CS Premium