Applying row-level security to crystal report instance

Hi
we have created crystal reports based on sap r/3 data using open sql driver and imposed row level security and published to BOE.The user when opens report with view on demand can see the data which he is supposed to see.
Is it possible to schedule a single instance of the crystal report and then all the users access the instance and see the data that they are supposed to see.If not what is the other way out.
Thanks in advance.
Kamal

Hi,
I didn't try it so far
but I found this Link:
http://neverknewthat.wordpress.com/2007/11/06/row-level-security-trick-with-crystal-reports/
-> create Instance with full authorization
-> Join CR-Result with Customer-Table: User Authorization
Max

Similar Messages

  • Help with implementing Row Level Security in Interactive Reporting

    We're deploying Hyperion BI+ 9.3.1, using Workspace and Interactive Reporting. I'm researching how we can use the Workspace row level security option. I've read what's available for documentation in the Workspace Administrator Guide and the Interactive Reporting Users Guide. I understand the concept of setting up rules with row_level_security.bqy, but I'm confused about where these tables should go and what actually happens when I go to Workspace > Administrator > Row Level Security and turn it on.
    The Administrator's Guide tells me the "properties" are stored in the repository, but the "rules" are in the "data source". Does that mean my BRIOSEC* tables go in the database I'm running my reports from? If so, then what's the data source I'm filling in on Workspace > Administrator > Row Level Security?
    I have many different database connections going to different Oracle and SQL*Plus instances, and I don't want to apply row level security to all of them. How does Workspace tell the difference between them? If I enable rules but create a report from a database that doesn't have rules defined for it, what happens?

    The 3 tables used with the RLS are stored in the same schema as your repository by default.
    The RLS store all the Rules for any database that you are using.
    You define the rules based on the tablename (owner.tablename) and the column name.

  • How to apply row level security against the database administrator

    I would like an advice in applying row level security against the database administrator. We need to prevent DBA from editing data in some table rows or have any indication that data was corrupted.
    There is no problem in viewing the data so we considered one way hash function or digital signature which will be stored in the same table, but we see following disadvantages:
    HASH - DBA may use the same hash function to update the stored data after he changes the sensitive row.
    Digital signature - the is a need to manage and keep the private key in a safe place outside of DB
    Is there additional ways to achieve the aim?

    Does VPD helps to prevent from DBA to edit/view a data in specific rows?Yes.
    If I correctly understand, DBA has full access to security policy used by VPD to control the access and can grant himself privileges that I don't want.You can to define which users can be exempt of the politics, for the context or by Grant EXEMPT.
    This includes DBAs.
    The simple fact of being DBA doesn't guarantee the exemption.
    Everything goes to depend of the VPD config.

  • How To Apply Row level security ??

    Hi all,
    I want to apply row level security on one of my custom objects created in PO schema in R12. How to do that??
    Thanks and Regards
    Raj

    Thank You Gaurav
    --Raj                                                                                                                                                                                                                                       

  • Row level security in Xcelsius through scheduled reports?

    Hi Experts,
    Our requirement is to implement row level security in Xcelsius dashboards from SAP BW source through Bex queries which would have authorization variables. We have seen that these Bex authorization variables work in Webi reports and security is applied appropriately. But do they work in upto Xcelsius as well, if we use Live Office Parameter binding option? If it does, then do we need to create prompts agian in Webi?
    We have also seen that security is applied if we use the BICS (SAP Netweaver native connectivity) option. However our objective is to schedule as many reports as possible in the dashboard to save on report refresh time at run-time, which is not possible is BICS or QAAWS. Therefore the best option for us would have been if we could apply row level security on scheduled reports.
    Can you please advise on the best approach? Your help is greatly appreciated.
    Thanks,
    Sougata

    Since you are using BEx queries as data sources authorization variables is the only way to apply row level security. This will work fine also for XCelsius dashboards that run in the InfoView (in an SAP logon context eg. when the user uses it's SAP credentials to login into the InfoView) and fetch data on-demand over LO from your WebI reports. Just make sure that the underlying webi reports are set to use SSO.
    If you are using scheduled report instances no row level security is applied depending on the context of the user that started the dashboard. XCelsius will get the data that have been saved in the instances. In this case the row level security has been already applied at the moment the report instance was created BUT for the user who scheduled the reports to run.
    Regards,
    Stratos

  • Row level security not working if I hit the aggregate

    I have applied row level security on presentation layer , however it does not work if the report hit the aggregate any idea on this...

    Hi Ingo,
    Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
    This custom auth object is maintained for the PA0001 table.
    This object is added at the role level with the restricted access to the Company Code..

  • Column level access in Crystal Report Server

    <p>Hi,</p><p>I have three fields in my Crystal Report. The crystal report will be exported to PDF by my customised web application. The application has a built in user security and access control model. However if user 1 logs in he should see all the 3 columns(database fields) on the exported PDF. If user 2 logs in he should see only first 2 columns as he has access to only those. We would also be using Crystal Report Server.</p><p>I know this could be done in Crystal Report itself but is there any way to leverage column level access (and also row level) functionality using Crystal Report Server. The Crystal Report reports off an ODBC Datasource.</p><p>It would be great if any one could help me in this regard.</p><p> Cheers. </p><p>&#160;</p>

    If you were running the same version designer and server, you could open your reports straight from the repository, and save them straight back. Then you wouldnt have multiple versions of RPTs flying about.
    I have just purchased a new licence for 2008 and an 2008 upgrade for a Xr2.
    I don't think I completely understand, but we do have Crystal Reports 2008 and Crystal Reports Server 2008 available for purchase.

  • SAP-BO SSO and Row Level Security

    Hi,
    We can configure the SAP authentication and able to login InfoView via SAP user name and password. And also, we can import the roles from the SAP system.
    When we create a connection to BW cubes from designer, we want to use "Use Single Sign On when refreshing reports at view time" to apply row-level security which is defined at the BW cubes.
    In our tests, we use "Use BusinessObjects credential mapping" while creating connection from designer to test the row level security. As you can guess, after importing the SAP user, in CMC screen > Users and Groups > Users, we manually enter the password of the user to the Database credentials part. However, as you can guess, the password of the user's is not static and that is not a good solution.
    My question is that, do I need to configure SSO between SAP and BO system or how can I enable row level security?
    System Information
    Business Objects XI 3.1
    SAP Intg. Kit 3.1
    Thanks a lot,
    Omer

    Hi Omer,
    please note that only row-level security implemented through authorization variables in BW queries can be used in BusinessObjects. Row-level security defined at cube level will not be applied.
    As long as you have used the SAP authentication to log on your BOBJ server, the SAP credentials will be used automatically to get the data from your SAP BW source as long as the "Use Single Sign On when refreshing reports at view time" option  is selected in the Database configuration panel (Found in the CMC when viewing the properties of your report) and the option "Use BusinessObjects credential mapping" is selected in your universe connection.
    Please note that this will only work for reports that are invoked directly in the infoview. If a user schedules such a report, she/he has to enter her/his SAP credentials explicitely in the Database Configuration Panel appearing in the scheduling assistant window. In this case you can activate SNC trust between your two servers in order to avoid entering a password when the report is scheduled.
    Regards,
    Stratos
    Edited by: Efstratios Karaivazoglou on May 5, 2009 10:16 AM
    Edited by: Efstratios Karaivazoglou on May 5, 2009 10:23 AM

  • Row level security in OBIEE 11g: Which is better: VPD or RPD

    We can apply row level security in OBIEE by 2 ways.
    1. by Creating Initialize Block in RPD
    2. or Applying VPD in Database, which restricts source tables
    Which one is more efficient and why?
    Thanks,
    Sunil Jena

    you will have some degree of performance degradation with either approach since you are adding additional filters so I would not use that as the main factor to decide. You need to assess your actual requirements. What is the basis by which you are planning on doing the security. Is LDAP the main basis for the security? Do you plan to use certain roles? if your security is more based on roles at the application level, then it may be easier to define at the Application level (OBIEE)...if its just based on a certain user ID for a set of tables, then perhaps VPD can work. If helpful, pls mark.

  • Crystal Reports - ECC Tables - Row level security on Multiple tables

    Hi Experts,
    We are implementing Crystal Reports directly reporting on ECC Tables.  Lot of information on row-level security has been provided by experts Ingo Hilgefort, Don Williamsand Mike Seblani, but not related to multiple tables or Wild cards
    Requirement:
    Crystal Users should have access to ALL the tables in ECC, but restricted by Company code, plant, Sales Organization, Purchasing Organization fields to what ever table it applies to. Example: MARC table should be restricted by Plant, BSEG table should be restricted by Plant and company code, GLT0 table should be restricted by Company code..etc
    Users should ONLY see their Organization related data.
    Solution Developed:
    1. We created custom authorization object with BUKRS and WERKS
    2. In  /CRYSTAL/RLS  we used Wild Cards *, +  rather than specific table  and referenced the custom authorization object with =BUKRS and =WERKS  in the Field Value
    3. Enabled global lock
    4. Custom Authorization object was added to user-profiles with corresponding restrictions
    *Observation:*
    1. This security works when a crystal report was developed on a ECC table which has both BUKRS and WERKS
    2. This setup DOES NOT work when a crystal report developed on a table with either one of BUKRS or WERKS
        Example: Does not work on MARC table - error message "Database connection error: /CRYSTAL/OSQL_EXECUTE_QUERY Message: field T0~BUKRS" unknown"
       Does not work on GLT0 table - error message "Database connection error: /CRYSTAL/OSQL_EXECUTE_QUERY Message: field T0~WERKS unknown"
    Trouble Shooting:
    In the "where clause" of the internal ABAP code generated for MARC, system is checking for BUKRS - which  should not be the expected result
    ANYTHING WRONG IN THE SECURITY SETUP ? PLEASE ADVICE
    Note: Document "BusinessObjects XI Release 2, Integration Kit for SAP, Installation Guide" does not talk much about this multiple table restriction. Any other document to be referred to ?

    I'm not sure how that would help; by using the Faculty_ID Session Variable I can identify the CRN and Term of all courses a faculty member is teaching. But I don't think that has to do with the problem I am having?

  • Crystal reports LOV cascading prompts row level security not working

    Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
    Using XIR2 environment.
    Appreciate the response.
    Thanks
    Chenthil

    Hi Chen,
    In terms of what could be done on the Crystal Reports end, there is no such controls available.  However, your question may be better answered if it was posted to our Business Objects Enterprise forum. 
    It is at "BusinessObjects Enterprise Administration" section of the forums.
    FYI.

  • Universe row level security workiing in main report but not subreports

    I have a report with a couple of sub reports that are running against a universe with row level security. The security works in the main report but when the sub reports run, the security is missing. The report is running through BOE, CR XI R2. Is there something Im missing...? Being new to BOE...

    Hi Michael,
    I am sure the Sub-report is also based on Universe.
    Try to create query with atleast one object/column coming from table on which row level security is applied in universe.
    Hope this will solve the problem.
    Thanks,
    Sushil

  • Reports XI: Infoview behavior with Row Level Security

    Post Author: pwilliamsbssp
    CA Forum: General
    I have a report that is based off a business view that has project information with an additional table used to assign report users to certain clients (each project has a client).  A filter is used to assign the report user to the current ce username.The report is scheduled by the administrator login.  Each user goes to view their report on Infoview and is able to view data for only those clients specifically assigned.   This functionality seems to work fine - everyone views one instance of the report and InfoView assigns the row level security.However, I'm running into a problem viewing report histories when adding or changing client assignments.   The historical reports come up either blank or with erroneous information (such as the current week's information instead of the previous week's data saved with the instance of the report).   I have not found a logical link between the behavior of the historical reports and the specific users.  Some can see one week and not another while others have the reverse, regardless of their security assignments.Does anyone understand the behavior of view historical reports with row-level security?  I have no idea what data/metadata is saved with each report instance and when the row-level security is being read.  Is it read when viewing the report? or, is it specific to the structure of the data when the report was run?With other reports using the same row-level security model I'm able to view the historical reports although it has the client assignments at the time the report was created.  But, at least I'm able to view the reports.Any insight welcome.Patrick Williams

    Post Author: pwilliamsbssp
    CA Forum: General
    Bump.  Anyone is welcome to tackle this question.  Please.

  • Report based row level security

    I have a requirement to have row level security on only one particular report - so a user in the "Accounting" group - when running this report can only see the "Accounting" business unit but not any of the other business units such as "food service" or "training" - however when running any of the other reports - they are able to see all business units. Is there a way to deploy row level security so when a particular report is run that the security filter is applied - and not in all cases?
    thanks very much for your help!

    Kapsnerc,
    One way to solve your problem is to duplicate the column in your rpd and then define security accordingly.
    For this report use the duplicated column and for the rest use the original column to build the report.
    Regards,
    Venkata.
    Edited by: user8000915 on Jun 28, 2010 2:07 PM

  • Row-level Security Filters applied to Columns and Tables only? no Areas?

    Good day all,
    Just quick question (obiee 10.3.3.2) - Is there a way to edit row-level security using Whole subject areas (instead of bringing in the individual Fact tables and applying filters by copying/pasting them).
    Follow up question - if I have nested facts in presentation layer (ones preceding with "-" - do I specifically add them to conditions, or would they be inherited by only including parent fact)?
    Thanks!
    Message was edited by:
    wildmight

    I'm not sure how that would help; by using the Faculty_ID Session Variable I can identify the CRN and Term of all courses a faculty member is teaching. But I don't think that has to do with the problem I am having?

Maybe you are looking for

  • How is Total Calculated(VBAP-MWSBP) in Sales Contracts(VA43)?

    Hi All, First of all, I'm no a SD consultant but rather an ABAPer.  Correct me if I'm wrong: Scenario: - Line Item 10,  Billing Plan, I have:     15 $2,016.00       7 $1,992.61 Total Net Value is:  $44,188.27 Total Tax(VBAP-MWSBP) per line item is ca

  • Preview and printing

    Still new to iMac. In preview i've found some pdf that it will not open. Why is this and how does one get to make it/them display? Does i depend on what program made the pdf or something else? Thanks, larryJay

  • When I try to go to the Itunes store my computer says the connection timed out

    When I try to conect to the apple store I get the message that connection timed out.

  • Decrease the logo size

    Hi all, I have a logo to print in script. I want to drag it in X direction. while uploading, I increased the DPI size. still i want to modify it. How can i do it.

  • Delete statements very slow

    hi, We have a performance issue the delete statements on the database are running very slow they are taking about 12 hours. the delete statements are like DELETE table_name WHERE column1 = 'temp' AND col2 LIKE 'A%' AND col3 = 0; that table has an com