Authorization at DATA level.

We have 2 power users with access to a Infocube. One from USA (U1) and onother from Canada (U2). I want to restrict the US power user (U1) from accessing Canada data in the Infocube and see only US data.
We are aware that we can create an authorization object on info-object (Country) and create a seperate role for all the power users based on their country.
Is there any other proper approach you can suggest ? Appreciate your quick replies. Thanks.
Laxmikant

Hi,
Or you can do a combination of Sales org and Region. Create a custom authorization object and pass the Sales org and Region values to it. That way you can restrict the users as you want, plus you have a flexible enough model so that in future if some user wants to view the data for both the regions and sales orgs, you can accomplish the same by just putting in * for both values.
Cheers,
Kedar

Similar Messages

  • Authorization: data level security by cost center to finance line items

    We have a business unit request requiring implementation of cost center data level security through FI transaction codes for financial line items.  Example requirement:  Cost center manager can execute FS10N GL account line item display, drill into the balance and only return those line items to which the cost center manager has access.   Cost center managers currently report their cost center expenses via cost center accounting report and through those reports are able to drill into the FI line items to display document and line item details.  Cost Center managers, due to their varied responsibilities, also have access to tcode FS10N, from which if they execute reports directly, can access data for cost centers which they are not responsible for.
    Our security team has stated that the determination of authorization objects which are checked at transaction code/program execution are not configurable.  We’ve found when debugging that it would be possible to implement user exits for additional authorization checks, but that in order for the authorization check to actually get called, the object must be set as ‘checked’ within SU22/SU24.
    Has anyone had a request to implement such cost center data level security for financial line items through Financial transaction codes?  If so, what steps were taken to be implemented?   Was this able to be accomplished via security configuration and PFCG security role updates or was custom code logic needed?  If custom  logic was needed, to what extent was this implemented (what tcodes/programs were included; how was the decision of what to include and exclude determined).   What was the duration of this effort?
    Has anyone had a request to implement such cost center data level security request for financial line items via Financial transaction codes and not implemented the request?  How was this communicated to the business that the request for data level security goes against SAP’s authorization design?
    Thank you in advance for your input,
    Becky Zick

    Hi Becky
    Have you tried with object K_REPO_CCA? You have available these fields to filter authorizations.
    I hope this helps you
    Regards
    Eduardo

  • Direct database data access without data level authorization check

    Hello,
    My customer raised issue about direct database data access. Due to the customeru2019s strong security policy, it shouldnu2019t be allowed.
    To prevent this kind of illegal data access, customer ask me to list up all the possibilities to display data without data level authorization check.
    The things in my mind are
    SQL Command Editor (for Oracle based system) : ORASPACE, DB02, ST04
    Query Based : SQVI (Quick Viewer), SQ01/SQ02/SQ03 (SAP Query)
    Data Browser : SE11, SE12, SE16, SE16N, SE17
    Table Maintenance : SM30
    Function Module : RFC_READ_TABLE
    Function Module : DB_EXECUTE_SQL (DML)
    Anyone knows anything which is not listed above?
    Thanks

    HI,
        Generally in production user's should not be given all these authorizations.
    Ram.

  • Authorization at data element level

    Hi all,
    I have a requirement where i have to put a authorization check at data element BANKN .
    In all the transactions which use BANKN data element( e.g FK01 , FK02, FK03 etc) , i need to put an auth check for Bank number .
    Only those users who are authorized will be able to see the Bank number, other wise the field will be masked by ******* .
    I tried with field exit , howerever , it gets triigerrred only at Change (that too not completely satisfying the requirement.)
    Please provide me a solutiion for the same.
    Also , how to mask a particulat field based on a condition
    Thanks
    Supriya Murudkar

    As I said, most of the time, you should do modification of the standard. In 4.7, you only have SSCR.
    I don't know FK* transactions, so I can't tell you if there is a BTE for that.
    You should have better mentioned them in the title of your post to get more chance to have an answer, and do not mention "authorization at data element" (people wouldn't read it as it makes no sense in SAP).
    By the way, another solution would be to use authorizations at transaction level: authorized people would use FK* transactions where bank field would be displayed, while some other people would use ZFK* transactions where bank field is NOT displayed, using transaction and screen variants

  • EBS Data Level Security

    We would like to implement Data Level Security on BI Apps 7963 with EBS R12.1.3.
    Is "EBS Single Sign-on Integration" Initialization Block required to do so?
    I also found "Authorization" need to modified SQL statement to adapt security for EBS. Is it right?
    The default value seems for Siebel CRM system.
    Can anyone confirm those questions?
    Any response will be very appreciated.
    Best Regards,
    Roger

    Hi,
    1. Yes, you need to enable the Initialization Block "EBS Single Sign-on Integration" and leave the OOTB definition
    2. You need to disable the Siebel "Authorization" Init Block and create a new one for EBS. You can find the SQL in the BI Apps 7.9.6.3 Bookshelf, section "Integrating Security for Oracle BI Applications", 2.6.1 Oracle BI Application Authorization for Oracle EBS
    Hope this helps,
    Tarik.

  • Data Level Security at BO Infoview

    Hello,
    I am trying to test a report in BO Infoview to test the authorizations. I have created a query in BI and used the authrozation variable for the reagions, ran the report in BI and the security workked. 
    Secondly, I have created a universe with that same query and created an infoview out of that universe, the authrozations did not work. I am seeing everything. It works fine in SAP BI web report but it does not work on BO infoview.
    Do I need to do anything in the universe creating to make the authrozations work  in infoview.
    Please advise,
    Thanks..

    Hi AG,
    How did you resolved the data level security in BO issue you had ?
    your feedback will be greatly appreciated
    Thanks
    Eric

  • Edit Authorization at Entity Level

    Problem: I am trying to Edit Authorization at entity level but my changes are not getting saved.
    Discription:
    I have use case that I want to make an entity read only for a role defined in my jazn.
    To do so, I am opening my entity, and in struture window...on right clicking the entity name I get this option to Edit Authorization.
    On Edit Authorization window, I get name of all the roles listed and options to select Read, Update and Delete in from of each Role.
    When I select "Read" for the role I want only read access and close this Edit Authorization window...my changes are not getting saved.
    Does anyone know why this is happening? Or any other way I can restrict users of a specific role to change the data for an entity.
    Thanks
    Vikas Kumar

    Hi,
    not sure what you mean by "changes are not saved". Are you saying they are physically not saved in that they don't show in the jazn-data.xml file ? If so, then this sounds odd and you should file a bug. If it is only that authorization is not enforced,have a look at this video as authorization on entities is a two step task
    http://download.oracle.com/otn_hosted_doc/jdeveloper/11gdemos/AdfSecurity/AdfSecurity.html
    Frank

  • Can Oracle Access Manager (OAM) be used for configuring data-level access?

    Hi,
    Can OAM 10gR3 or 11g be used for configuring data-level access in PS 9.10 and OBI 11g.
    This would mean that data-level configuration are stored centrally within OAM database and PS 9.10 pulls these settings for its appropriate Row and ChartField security and OBI 11g queries OAM database tables to populate the initialization blocks during login.
    If you have configured this successfuly, please feel free to provide highlevel details/steps about the configuration and any complexities that can pre present.
    Thanks.

    I recently worked on an interesting implementation that utilized OAM configured against OID in which OAM was configured to control authentication/authorization and then all applications that were serviced by OAM utilized the users login to pass to the database at which point the Oracle database utilized VPD, which was configured against the same OID instance, to leverage user attributes/groups in order to configure fine-grained access control to data within the database. Not sure if this would work for you unless your requirements are similar but it worked very well for this particular implementation as it allowed them to have SSO for their own apps and for BI Publisher which then could pass allong the userid to be leveraged by the database to do fine grained access control.
    Edited by: oblix_fan on Jun 23, 2011 8:10 AM

  • How can I disable POST GOODS RECEIPT button in transactions VL31N/VL32N via Authorization or Role Level.

    How can I disable POST GOODS RECEIPT button in transactions VL31N/VL32N via Authorization or Role Level, There is a requirement from my client  and i propose two methode
    1- Creation of Ztcode ZVL32N and do changes ABAP program level
    2- Disablement via Authorization/Role level - but how can i find the auth object/ Authorization corresponds to POST GOODS RECEIPT button in VL32N

    I think you can make use of SHD0 - Transaction variant to achieve this. You can make it as grayed out while recording steps in SHD0.

  • SSAS Multidimensional Time Intelligence YTD calculation showing BLANK for Date level

    Hi there,
    I am working with SSAS Multidimensional Cube, basically I have defined a Time Intelligence calculations for just YTD in the Cube, the calculation was created in the Calculations tab of the cube as follows:
    /*Year to Date*/
        [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Year to Date],
    [Dimension Dim Time].[Year].Members, 
        [Dimension Dim Time].[Date].Members   
      =
      Aggregate(
                 { [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Current Dimension Dim Time] } 
                 PeriodsToDate(
                                [Dimension Dim Time].[Calendar].[Year],
                                [Dimension Dim Time].[Calendar].CurrentMember
    My Calendar hierarchy is as follows:
    Year -> Quarter -> Month -> Week -> Date
    The problem I have is that when I am at Date level I am not getting the cumulative YTD value, instead I am just getting blank cells:
    Could anyone help me defining a Time Intelligence YTD calculation that works for all levels including the Date (highlighted in yellow above)?
    Thanks and best regards,
    Joss

    The only strange thing is the MDX script, I would have used this one instead (sse below) - but if this is not the issue, I would suggest you to isolate the issue in a simpler MDX script removing any other calculation.
    Also take a look at the DateTool solution for these calculations - I really don't like the wizard provided by the development environment, it has other issues but not something that should affect your calculation:
    http://www.sqlbi.com/articles/datetool-dimension-an-alternative-time-intelligence-implementation
    /*Year to Date*/
        [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Year to Date],
        [Dimension Dim Time].[Calendar].Members, 
        [Dimension Dim Time].[Date].Members   
      =
      Aggregate(
                 { [Dimension Dim Time].[Calendar Dimension Dim Time Calculations].[Current Dimension Dim Time] } 
                 PeriodsToDate(
                                [Dimension Dim Time].[Calendar].[Year],
                                [Dimension Dim Time].[Calendar].CurrentMember
    Marco Russo http://ssasworkshop.com http://www.sqlbi.com http://sqlblog.com/blogs/marco_russo

  • Data level Security issue in obiee 11g

    Hi,
    We are trying to implement data level security, let me explain the issue
    The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
    We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
    Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
    SQL used in session variable -
    select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
    and job_desc1 = 'Principal High School - KPI'
    Any suggestions please ??
    Thanks,
    VRP

    Hi,
    I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
    Thanks
    [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
    -------------------- SQL Request:
    SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
    SELECT
    0 s_0,
    "High School KPI"."- Date"."School Year" s_1,
    "High School KPI"."- Grade"."Grade Level" s_2,
    "High School KPI"."- School"."School Name" s_3,
    "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
    "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
    "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
    CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
    CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
    REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
    FROM "High School KPI"
    WHERE
    (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
    ) djm ORDER BY 1, 2 ASC NULLS LAST
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
    Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1)
    select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
    case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
    case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
    case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
    D1.c3 as c5,
    D2.c2 as c6
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    order by c1, c2, c3
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1),
    SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
    case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
    select D2.c11 as c1,
    D2.c12 as c2
    from
    SAWITH6 D2
    order by c2
    Edited by: 965968 on Oct 17, 2012 11:49 AM

  • Data level Security in Essbase

    I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
    Asia and America are defined in my location dimension.
    Please tell me how to do it?
    Regards,
    Suman

    to make your security maintenance easier, I would suggest putting the users into groups and assigning the filters to the group. If you do it at the indivual level, the user can only have one filter assigned to them, but each group could have a different filter. So for someone who should see Americas and Asia have a group calle America and one called asia. put the user into both groups and assign the america filter to the first group and asia filter to the second group

  • Group Level Data Level Security not working

    I'm trying to test the data level security at the group level.
    Here's what I did
    1. Went to the security -> Groups -> Permissions -> Filters
    2. In Name added the Fact table on which I want to filter.
    3. Selected "Enable"
    4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
    When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
    Am I missing something in the creation of filters?
    Thanks in Advance.
    Rama.

    Hi,
    If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
    Hope this helps.
    Regards,
    Sandeep

  • Dashboard prompts are getting cached and not working as per data level security

    Hi,
    Version: OBIEE 11.1.1.5 BP2
       We have dashboard prompts that have data level security defined in RPD - Content tab of an LTS.
    After clearing cache, the dashboard prompt applies the security properly. When another user who has a different security defined, is seeing the same prompt values on clicking the drop down of a prompt and also when they click search prompt popup.
    Issue is, for second user, I do not even see cached query in the session logs. Tried applying the DISABLE_CACHE_HIT=1 in the prompt sql results, no luck.
    But reports are applying the security correctly, issue is with prompts alone.
    Any thoughts on this?
    Thanks,
    Rajesh

    Just for others reference: We disabled caching on the table to avoid this issue.

  • Data Level Security implementation question

    I had a quick data-level security scenario and wanted to solicit any input from the experts.
    In our current Subject Area we have one Presentation Layer using one Business Model. In this Subject Area have a Task and Employee Dimension. There is row-level Security on the Task Dimension that is done in the Business Model on the LTS Content tab. There are a batch of reports built off this Subject Area.
    There is now a request to build a new batch of reports, however, they want to now filter on the Employee Table and NOT filter on the Tasks. So the opposite of what has been applied above.
    From my perspective there are only a few ways this Security can be applied
    Business Layer: Basically either create an Alias of Employee and Task or build a second LTS for both. Then create new columns and map to these accordingly. Basically have 2 of each column in the Business Layer. One with Security applied and one without.
    Presentation Layer: Created a second Presentation Subject Area and apply the security at the Presentation Layer and remove it from the Business Layer.
    I know a third option could be put security on the Role/Group but for this case these reports are open to everyone.
    I'd just like to verify from the experts that I may have covered all solutions for this scenario or if there are any other suggestions?
    Thanks!

    Alright...
    If you have two LTS say A & B (basically duplicate) then add a column say LTS Indicator and assign 'A' for LTS A and 'B' for LTS B. Add the fragmentation content and apply the security filter and you can also create two different Presentation folders under same Subject Area if users have Answers Access so that the users know if they are querying for LTS A or LTS B.
    Similarly, build your reports making use of LTS indicators which will BI server to pick correct LTS. Say, where you want LTS A to be picked...use filter of LTS Indicator = 'A' and thats it.

Maybe you are looking for

  • Please help, Powerbook issues!

    Sorry if this is long. Hello everyone. I am having quite the time with my Powerbook. Here is a little background information. I purchased it in August of 2004 and I have Apple Care, so everything is under warranty. For the most part my laptop has bee

  • After releasing the order same screen user updating the quantity in process order  in sap pp

    Hi experts, After releasing the order in the same screen user updating the quantity in process order  in sap pp. How to control it. can any help in this regards Thanking you, Rishit.

  • C# Joystick interface with SlimDX.DirectInput

    I am trying to create a robot controlled by a joystick.  I am using a Logitech Rumblepad with two POV's and multiple buttons (a gamepad). using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tas

  • ERROR. NMO not setuid-root (Unix-only)

    I'm getting the following error when I try to change the Backup Settings on a new stand-alone install of 11.2.0.3.0 on Linux 5.7. Connection to host as user oracle failed. ERROR. NMO not setuid-root (Unix-only) I am NOT performing a Grid install and

  • Middle-Clicking not opening Bookmarks in New Tab

    Windows 7 just did an update that included a new mouse driver, and now, middle clicking on an entry in my Bookmarks menu does nothing, instead of opening the bookmark in a new tab. There's no driver rollback available, and no driver at the mouse's ma