10 dim 1 fact data level restrict

All,
I have 10 dimension tables and 1 fact table.
and my Country Dimension table like below data
Name,Country
A UK
B US
C MY
D SG
My requirment is When user "A" logged in,he wants to view only UK country values simillarlly other user data.
How will restrict each dimenstion table.
Thanks

hi,
this can be achieved by implementing row level security. you can define permissions for a particular group in the rpd so that when the user logs in, he only sees the data according to his role/access level. for more details see these urls
http://mithil-tech.blogspot.com/2010/07/obiee-session-variables-and-row-level.html
http://www.rittmanmead.com/2007/05/obiee-and-row-level-security/
assign points if found helpful.

Similar Messages

  • Standalone security with no data level restrictions - doesn't work

    I am attempting to set up some new users in our OBIEE 7.9.6 - 10.1.3.4.1 implementation.
    I created the new users ids in the RPD, and granted access to a couple groups - ie. HR Analyst.
    I then refreshed the server, logged in as administrator and made sure the user did not have presentation services access.
    I then logged in as the new user. Unfortunately not all the reports execute. I get errors on some reports that run if I login as Administrator and execute them.
    The most common error is a view display error - a numeric value was expected(recieved "0") ...
    any ideas? we are just trying to allow users to review reports prior to the integration with oracle 11i

    Thanks that helps, now that I have it all working in one environment I tried to copy the webcat and rpd to our UAT environment.
    Everything works except it puts all the subject areas back to everyone can access via answers. Not sure why it does that.
    I have tried everything. I have migrated both the RPD and the WEBCAT made sure the services were stopped when I did the copy.
    Anyone have any ideas what causes this. We need to be able to migrate to mulitple environments.

  • Data Access Restriction in Webi via Infocube/Multiprovider

    Hi All,
    As we know that Row level security is not available in OLAP universe, the approach for data level restriction is to creat roles at BI level.
    I have Query regarding the same.
    If I m creaing my universe on top of Infocube or multiprovider.
    I have 2 users, User1 and User2.
    Now if I want User1 should see data for CostCentre = UK,India.
    User2 should see data for CostCentre = US, UK,India
    Here are my queries:
    1) Will User1 and User2 be able to see the data level access in Webi Report based on the their Login?
    2) If I creat the Prompt on "CostCentre" in Webi then, will User1 see Lov as {UK,India} and Will the User2 see Lov as {US, UK,India}
    If Data level access cannot be achieved in Webi via universe created on top of Infocube/Multiprovider then what is the approach to do so?
    Regards,
    Nisha

    Hi,
    I m creaing my universe on top of Infocube or multiprovider.
    >> The recommendation path is to use BW queries with the necessary Authorization Variables leveraging your BI Authorizations.
    I have 2 users, User1 and User2.
    Now if I want User1 should see data for CostCentre = UK,India.
    User2 should see data for CostCentre = US, UK,India
    >> This is part of BI Authorizations in BW.
    Here are my queries:
    1) Will User1 and User2 be able to see the data level access in Webi Report based on the their Login?
    >> assuming you follow the 2 steps mentioned above (Query and authorization variables) - yes
    If Data level access cannot be achieved in Webi via universe created on top of Infocube/Multiprovider then what is the approach to do so?
    >> Data level security is part of your BI authorizations in BW
    Ingo

  • Data Level Security from rpd to Weblogic Server

    Hi,
    Req: To implement data level security through weblogic or external authenticator OID
    Current implementation: Created a grop in rpd UserG and configured permission settings with respect to subject area and assigned this group to users.
    such that, When User1 log in he will see his data and when User2 log in repective data
    New implementaion: We have to achive this data level security through weblogic or external authenticator OID
    How to acheive this?
    Thanks in advance!
    Satheeshkumar

    You can choose where to get the groups from either database or any provider and map them to Application roles in EM, but you would have to set up your data restrictions thru Application roles in RPD on your Facts and Dims based on your requirement.
    Now if your looking for bringing External groups using BISQLGroupProvider then refer to:
    How-to: OID Authentication with Groups Stored in an External Database Table - OBIEE 11g ~ Ask John OBIEE - Oracle Busine…
    For database groups with users mapped in it those tables then you can refer to:
    Jonathan's Tech Journey: OBIEE 11g Security part 1
    Hope this helps.
    SVS

  • Data level security for 30000 profir centers

    Hello Gurus
    I have a requirement to implement data level security for 30000 profit center . Now I can think of creating the groups and applying security filters ( both on Dimesion & Fact) on the top of that.
    But I cannot do so as I will have to create some 30,000 groups/roles which is not possible. because there are some users who have access to only one or two profit center and it forms a heirarchy.
    As a workaround what I did is created a user-profit center table and joined it with the profit center table which is actually a snowflaked with two more dimensions - gl_account & gl_segment.
    In the BMM layer , in the Content section of teh profit center dimension , I applied a where filter like below :
    "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_ID" in (1000163) and "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_NAME"='Profit_Centre' AND ( "Oracle Data Warehouse"."Catalog"."dbo"."PF_USER_MAPPING"."USER" = VALUEOF(NQ_SESSION.USER) OR 'UNMATCHED'=VALUEOF(NQ_SESSION.USER) )
    All is well if I create a report having Profit center as one of the dimension/component in the analysis (answers) .
    But when I don't take Profit center the roll up is happening with all the Profit center . Reason being I have not applied "security filter " in the fact table and I cannot do so because USER tabel is not directly joined with the fact table.
    Is there any workaround for this.
    Pls. advise.

    Hi,
    Yes, any dimension filters are applied only when you include that dimension in your analysis.
    As a workaround, you could create a filter as "Profit Centre" is not equal to 'Dummy Profit Centre' with "Protect Filter as ON" and add this filter to all of your analysis.
    So what it does is, even though you do not refer to profit centre dimension in your analysis, the filter in each analysis makes sure that the profit centre dimension is always mapped and the data restriction is applied.
    Hope this helps.
    Thank you,
    Dhar

  • Data Level Security issue

    Hello Gurus:
    I am having a problem with Data Level security.
    I copied my Production RPD and Webcat in Test, changed connection pool DSN and user/passwords.
    Now the problem is, a user who has same rights in Prod and Test, is seeing properly in Production, but sees nothing in Test.
    I am using initialization block from Siebel CRM Application. So customers are assigned to users based on their responsibility from S_RESP and S_USER.
    based on that, users can see the list of customers. Authentication is LDAP, same server for production and Test.
    Now, a user sees properly assigned list in Production, but not in Test. I dont know how to solve it. I searched query logs and stuff, but couldnt find anything.
    Please help me how should I investigate this issue.
    Thanks.
    Vinay

    Thanks for quick reply Stijn:
    Here are my inputs..
    1)"they see nothing"? means the dont see any customers in drop down. This is data level and not related to column or subject area. The only filter I use is
    "ATLAS Reports"."Dim - Accounts Hierarchy".LVL1ANC_ID = VALUEOF(NQ_SESSION."ORGS")
    This filter is applied to Customer hierarchy and couple of sensitive facts.
    The users are able to see all products because filter is not applied. I disabled the filter, and users could see everything. But I cant disable this in Production.
    2) What is the physical sql generated by the report? Set the loglevel of a user to a higher level in order to seet this.
    I am not able to set higher loglevel because i dont see the user in repository. All I see is GROUP, and they are assigned to particular groups based on GROUP session variable. Then filters are set on particular groups. How do I set logging level at Group level?
    3)Can you copy the query and run it against the test database. What results do you get?
    I can not see the query because of above reason.
    4)Does the user get the proper groups assigned? Yes. I put the session variable in title view to verify this.
    5) Are S_USER and S_RESP in Test equal to S_USER and S_REPS in Production? Yes.
    Let me know if you need more information.
    ~Vinay.

  • Data Level Security Criteria

    Friends,
    Is it mandatory to have "external table Authentication" for implementing Data Level Security.
    Thanks In Advance,
    Kumar

    Hi,
    Not really,
    Data level security is based on the requirement. Depending upon the data to be view by the users across. That can be in the fact table or dimensions or in the report depending upon the requuirement. If you can do with the logging in credentials of the user to restrict then that should also be fine.
    Refer below for simple understanding-
    http://obiee10grevisited.blogspot.com/2012/06/data-level-security.html
    Hope this helped/ answered.
    Regards
    MuRam.
    Edited by: MuRam on Jul 10, 2012 3:21 AM

  • Row Level Restrictions on DeskI Report not working under InfoView

    When running/refreshing DesktopIntelligence XI r3 (Full Client) reports under InfoView, the row-level restrictions applied in the universe are not being included in the SQL (additional filtering is NOT happening). However, if a user creates a report using the same universe in WebIntelligence or if the user runs the same report in DesktopIntelligence, the row-level restrictions are working.
    It strikes me that the problem has to do with security rights granted (or not granted), but I can't figure out which settings would allow the proper running of a DeskI report under InfoView.
    Thanks for any assistance rendered!

    Mike,
    Do people connect to Infoview and Deski using the same authentication method and the same username?
    How does this compare to how your data restrictions are configured?
    Are you using @Variable('BOUSER') restrictions? Have you taken domain into account e.g. "Domain\UserName" vs "UserName"?

  • Org Level, fund center/cost center level restriction for tcodes????

    I am looking to see whether org level restriction and cost center/fund center level restriction is possible for certain set of transactions.
    I am using USOBX table for this analysis. This table has a check flag field ( same as in SU24) which says whether the Tcode (program) does the authority check for certain auth objects. Example- X (checked but not maintained in USOBT). This table pulls up several authorization objects under the 'X' category. However, when I do the System trace for the same tcode, all the objects (marked as X) are not captured. Instead only a few are captured.
    Can we rely on the USOBX data or should we do system Trace for every tcode. I am just pulling a report and not creating roles at this point. So trace is time consuming. But data reliability is equally important.
    My objective is to verify whether org level and cost center/fund center level restriction is possible or not for some tcodes.
    Do you have any suggestion to achieve this faster (through USOBX or any other means)?
    Thanks in advance
    Kee

    I would suggest you to check USOBX_C and USOBT_C instead of USOBX and USOBT as it will have your customization as well and not just the standard ones given by SAP.
    Also when check field is X ...it means the object is checked but not maintained for the t-code as you already said but I am not sure how much it will help you as the they will not be pulled by PFCG when you are creating the role until you change the object to Check / maintain . When you do that the check field will be Y and not X. So basically it is the Y one which you need to see.
    Going for trace is time consuming for every t-code and I am not sure if it really needed. When your roles are in testing phase and are tested by the functional team or the team which needs it and if they are missing some object, you can run a trace and find the missing object....
    I am not sure on what basis you want to change some field to Org level ...but typically it is done if you want to do segregation of roles based on these org level. There could be various other reasons and it is better to talk to your functional counterparts before changing a field to Org level.
    for ex : If you want to segregate on company code, you will create co. code as Org level and create roles for different company code.

  • SSAS Multidimensional Time Intelligence YTD calculation showing BLANK for Date level

    Hi there,
    I am working with SSAS Multidimensional Cube, basically I have defined a Time Intelligence calculations for just YTD in the Cube, the calculation was created in the Calculations tab of the cube as follows:
    /*Year to Date*/
        [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Year to Date],
    [Dimension Dim Time].[Year].Members, 
        [Dimension Dim Time].[Date].Members   
      =
      Aggregate(
                 { [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Current Dimension Dim Time] } 
                 PeriodsToDate(
                                [Dimension Dim Time].[Calendar].[Year],
                                [Dimension Dim Time].[Calendar].CurrentMember
    My Calendar hierarchy is as follows:
    Year -> Quarter -> Month -> Week -> Date
    The problem I have is that when I am at Date level I am not getting the cumulative YTD value, instead I am just getting blank cells:
    Could anyone help me defining a Time Intelligence YTD calculation that works for all levels including the Date (highlighted in yellow above)?
    Thanks and best regards,
    Joss

    The only strange thing is the MDX script, I would have used this one instead (sse below) - but if this is not the issue, I would suggest you to isolate the issue in a simpler MDX script removing any other calculation.
    Also take a look at the DateTool solution for these calculations - I really don't like the wizard provided by the development environment, it has other issues but not something that should affect your calculation:
    http://www.sqlbi.com/articles/datetool-dimension-an-alternative-time-intelligence-implementation
    /*Year to Date*/
        [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Year to Date],
        [Dimension Dim Time].[Calendar].Members, 
        [Dimension Dim Time].[Date].Members   
      =
      Aggregate(
                 { [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Current Dimension Dim Time] } 
                 PeriodsToDate(
                                [Dimension Dim Time].[Calendar].[Year],
                                [Dimension Dim Time].[Calendar].CurrentMember
    Marco Russo http://ssasworkshop.com http://www.sqlbi.com http://sqlblog.com/blogs/marco_russo

  • Data level Security issue in obiee 11g

    Hi,
    We are trying to implement data level security, let me explain the issue
    The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
    We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
    Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
    SQL used in session variable -
    select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
    and job_desc1 = 'Principal High School - KPI'
    Any suggestions please ??
    Thanks,
    VRP

    Hi,
    I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
    Thanks
    [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
    -------------------- SQL Request:
    SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
    SELECT
    0 s_0,
    "High School KPI"."- Date"."School Year" s_1,
    "High School KPI"."- Grade"."Grade Level" s_2,
    "High School KPI"."- School"."School Name" s_3,
    "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
    "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
    "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
    CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
    CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
    REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
    FROM "High School KPI"
    WHERE
    (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
    ) djm ORDER BY 1, 2 ASC NULLS LAST
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
    Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1)
    select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
    case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
    case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
    case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
    D1.c3 as c5,
    D2.c2 as c6
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    order by c1, c2, c3
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1),
    SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
    case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
    select D2.c11 as c1,
    D2.c12 as c2
    from
    SAWITH6 D2
    order by c2
    Edited by: 965968 on Oct 17, 2012 11:49 AM

  • Group Level Data Level Security not working

    I'm trying to test the data level security at the group level.
    Here's what I did
    1. Went to the security -> Groups -> Permissions -> Filters
    2. In Name added the Fact table on which I want to filter.
    3. Selected "Enable"
    4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
    When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
    Am I missing something in the creation of filters?
    Thanks in Advance.
    Rama.

    Hi,
    If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
    Hope this helps.
    Regards,
    Sandeep

  • How to do data level security on users based on region

    Hello guys
    I currently have created a report with dashboard prompt on column "state" with a default value "CA"
    Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
    I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
    Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
    If so, how should I configure the session value so that users get filtered date based on its state location?
    PLease provide guidance
    Thanks

    Here’s an idea off the top of my head (untested):
    First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
    Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
    To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
    Untested. Please reply back and let us know how it goes.

  • Data level Security for Oracle Apps as Source

    Hi all
    I need to implement Data level Security on Apps Users in OBIA
    We are using Apps as source with Single sign On. I need to apply Data level security on Business Group Field.
    We dont have users in OBI, we need to register apps users in OBI.
    Could anybody tell me how to register Apps users in OBI???
    OR tell me if you know some other way to implement D L Sec on Single sing On and Apps as source.
    Thanks in avd
    V P

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • Data level Security with Oracle Apps as Source

    Hi all
    I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
    I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
    (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
    I have created Groups in rpd with same name as the responsibility in Apps.
    I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
    I have created Group in WEB with the same name as the Group name in rpd.
    If I say show all Users and Groups in WEB, I m getting the APPS Users.
    I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
    But in the Report, I m getting all the Business Group Ids,
    Plz advice if I m doing something wrong.
    ThanQ
    Anand

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

Maybe you are looking for