Best Practice to implement row restriction level
Hi guys,
We need to implement a security row filter scenario in our reporting system. Following several recommendations already posted in the forum we have created a security table with the following columns
userName Object Id
U1 A
U2 B
where our fact table is something like that
Object Id Fact A
A 23
B 4
Additionally we have created row restriction on the universe based on the following where clause:
UserName = @Variable('BOUSER')
If the report only contains objects based on Fact table the restriction is never applied. This has sense as docs specify that the row restrictions are only applied if the table is actually invoked in the SQL statement (SELECT statment is supposed).
Question is the following: Which is the best practice recommended in this situation. Create a dummy column in the security table, map into it into the universe and include the object in the query?
Thanks
Edited by: Alfons Gonzalez on Mar 8, 2012 5:33 PM
Hi,
This solution also seemed to be the most suitable for us. Problem that we have discover: when the restriction set is not applied for a given user (the advantage of using restriction set is the fact that is not always applied) the query joins the fact table with the security table withou applying any where clause based on @variable('USER'). This is not a problem if the secuity table contains a 1:1 relationship betwwen users and secured objects , but (as in our case) relathion ship is 1:n query provide "additional wrong rows".
By the moment we have discarded the use of the restriction sets. The effect of putting a dummy column based on the security table may have undesired effects when the condition is not applied.
I don't know if anyone has found how to workaround this matter.
Alfons
Similar Messages
-
Best practice to implement different Xcelsius dashboard for different users
I'm implementing an Xcelsius dashboard that requires to show each individual user with different content (e.g. When a user logins in, the dashboard shows her name and job title, her performance and her subordinate's performance). I'm just wondering what's the best practice to implement scenario like this? Thanks.
Hi Thomas
What you are looking at is "Row Level Security" within BusinessObjects and the options you have are determined by what type of data you are reporting off of (relational data, OLAP data, BW data, etc.)
For instance, if you are using relational data with a Universe you could setup a database table with the BusinessObjects username to correspond with their e-mail address or other unique identifier. From there, you could add security to your universe using the @variable('BOUSER')
That way, any objects created off of the universe (whether it is a Crystal Report, Web Intelligence, BI Web Service, QaaWS, LiveOffice, etc.) will filter the data based on this security model. So any Xcelsius dashboard based on this underlying data will also be filtered.
And that is just one of the options you have, depending on your data source. -
Best Practice to implement Reporting Exits
Hello,
I want to know the best practice to implementing reporting exits.
We have a case statement there and i_vnam.
THen we write like
WHen i_vnam
Code for filling the variable values.
The above method has a drawback that if one person is changing the program another person cannot at the same time and if one person transports it all the other changes are also transported. So if there is some code which is not ready to be used even it will be transported.
Another option is if we creae an include for each variable eg. ZBW_'variable name'...
And then for each variable we just have to transport the include and not the entire exit...
Do you see any drawbacks in this method or is there any other better way?Hi,
You can create your program in SE38 for your own variable & call ZXRSRU01 program in it & pass the value to a variable which will in turn pass to to variable for CASE ivnam = "".
in this way the ZXRSRU01 will become accessible & can be called in any program.
But it will impact all the variables.
Its a good practice so that ZXRSRU01 is not impacted after that.
Hope it helps.
Thanks,
Rashmi. -
Best Practice to implement Business Packages
Hello All,
Need some clarification -
What is the best practice to implement ESS/MSS Business Package onto Portal -
(1) Should I just import and configure the content OR
(2) Should I import, create a copy and then configure it? If yes, are there any points to be kept in mind?
All blogs/articles that have been published show to configure the standard content.
The requirement is to maintain a different prefix/namespace for each Portal content that comes along the business package?
Thanks,
RituHi Paul,
I also build my own roles. The only time I might use the standard roles is for demo purposes early in a project. You will find that in some cases the business packages like MSS don't always even include standard roles, so you have no choice but to build.
I never change any of the standard iViews/Pages/Worksets - ever.
The most contentious issue seems to be whether to do a full or delta link copy of the standard objects. I tend to initially do a full copy of the objects into a custom folder set in the PCD and modify those. Then I only use delta links from Page to iViews where I need the option of setting different properties for the same iView if it appears in multiple pages. Delta links can be a bit flakey at times, so I tend to only use them where I have to. I suspect that I may get to a point where I don't use them at all.
Just my 2 cents worth....
Regards,
John -
Best practice for implementing Manufacturing Cost Planning ( MCP)
is there any best practice for implementing Manufacturing Cost Planning ( MCP) using BI-IP?
Hi:
Both options are viable. If you reverse posting in FB50 then FI GL account postings will also be reversed and along with cost center postings. Hence here advantage is that cost center reversal will be with referenced to the original document with which wrong posting were made. Disadvantage here is that you will to post the entry again in FB50 . In KB11N you will simply transfer cost center amount from wrong to new one that should be in place of it but here you will have no reference . I personally think reversing posting through FB50 is viable options , reverse postings can be seen in KSB1 as well against that cost center.
Regards -
Best practice for implementing a scalable ecommerce solution
Hi,
I'm new to SAP Business One, is there a white paper on the best practice of implementing a scalable ecommerce solution with SAP Business One using IIS/ASP.NET? What licensing and software(version)is need to implement a scalable ecommerce solution. How to integrate with trade partners via BizTalk server? Any help on these topics would be most helpful. Thanks in advance.
Best Regards,
VietThere already is a very robust ecommerce package certified by SAP that runs on ASP.Net and integrates into Business One. It is called NetPoint Commerce and it is made by Praxis Software Solutions. http://www.praxissoft.net you can see a working B2C site of it at http://www.yakpak.com and it also has robust B2B functionality you can email [email protected] for a demo. The cost is only a little more than it would cost to cover all appropiate licenses with SAP (included in the NetPoint cost) plus it works with SBO 6.5 and SBO 2004 and the DI Server is only available with SBO 2004
-
Best practices in implementation of MDM
Hi ALL,
What are the best practices for implementation of MDM?
Regards,
PramodDear Pramod,
Pls go throught those links.
My Best are
1. Step by Step approach
2. Data Governance
[Top 10 CDI-MDM Best Practices|http://www.dmreview.com/specialreports/20061019/1064839-1.html]
[Seven master data management best practices|http://searchsap.techtarget.com/news/article/0,289142,sid21_gci1219185_tax305408,00.html]
[Technical Best Practices for Master Data Management|http://www.tdwi.org/publications/display.aspx?id=8148]
Hope this helps,
+ An -
Graphical display of best practice for implementing SAP NetWeaver
Hi,
in a presentation I need to show best practice to implement SAP NetWeaver is evaluating required KPIs, characteristics and so on and subsequently verifying the Business Content functionality and objects against these requirements.
Can anybody provide a presentation or PDF document in which this process is displayed graphically? I am looking for a significant picture / diagram ...
Any document or link to public SAP material which demonstrates the described process would be highly appreciated.
[email protected]
Best regards,
BjörnHi,
https://www.sdn.sap.com/irj/sdn/developerareas/bi?rid=/webcontent/uuid/e78a5148-0701-0010-7da9-a6c721c6112e [original link is broken]
Regards,
San! -
Best Practices for Implementing Cryptographic VPN
With Marcin Latosiewicz
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about implementing cryptographic VPN and how to prepare it for the future with expert Marcin Latosiewicz.
Marcin will share his best practices for implementing cryptographic VPN as well as advise those customers who are looking to build a new or update their existing setups how to maximize their potential. Additionally, Marcin will provide insight into which technologies could be applicable for new deployments and exciting new technologies that will be available in the next few months.
Marcin Latosiewicz is a customer support engineer at the Cisco® Technical Assistance Center in Belgium, with more than 6 years of experience with Cisco Security products and technologies including IPsec, VPN, internetworking appliances, network and system security, Internet services, and Cisco networking equipment. Prior to joining Cisco, he operated, administered, and ran UNIX and Microsoft networks for 14 years. Latosiewicz holds bachelors and masters degrees in engineering from Warsaw University of Technology. He also holds CCIE® certification in Security (No. 25784) and CCDP® certification.
Remember to use the rating system to let Marcin know if you've received an adequate response.
Because of the volume expected during this event, Marcin might not be able to answer every question. Remember that you can continue the conversation in the Security community, subcommunity, VPN, shortly after the event. This event lasts through September 20, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.Jouni,
Good question. And answer is complex, there is in depth and there is in depth.
Most people would be satisfied by reading a summary of all the different components - encryption, hashing, signing, PKI, how IPsec and SSL/TLS work. This group also counts most of security CCIEs.
To this extent CCIE Security Study Guide (by Henry Benjamin) was a good read, if a bit outdated today.
Most people who are in depth will look first into specification.
RFC 4301 (IPsec architecture)
RFC 2246 (TLS 1.0)
Are a good start and contain references to other documents worth reading.
This is where the good folks will base their knowledge of off.
The really in depth people will look into the math behind it and will conquer topics like
Elliptic Curve Crypto ( http://en.wikipedia.org/wiki/Elliptic_curve_cryptography ) and difference between CCM, GCM and CCB, to which you have really good materials published by universities.
There are relatively a few who know this.
To start with I can suggest:
- http://www.cl.cam.ac.uk/~rja14/book.html (Ross' Anderson book is free, informative and suprisngly entertaining, this is a definitely a must-read for security/VPN).
- Have a look at books recommended by Richard Bejtlich or Bruce Scheiner - while they might not be VPN specific it's a good security read most of the time.
I'll have a look at the books at home see which one can be interesting to read, and edit this post.
M. -
Best Practice for Implementing Exception Handling in BPEL
Hi All,
what is the best practice and the approach to follow Exception Handling in BPEL.
1) Do we need to implement Exception Handling in BPEL as we do in Java, means
method 3 throws error to method 2 (if any) and
method 2 throws error to method 1 (if any) and
finally method 1 throws error to the main Class.
If we replicate the above scenario to BPEL
In BPEL main Scope have Custom Fault, Catch ALL
Each Invoke is surrounded by a Scope Activity with Remote Fault, Binding Fault & Custom Fault
and follow the paradigm of Java, assuming we have Inner Scopes
[ OR ]
2) In BPEL main Scope have all exceptions defined like
Remote Fault,
Binding Fault,
anyOther System Fault (selectionFailure / forcedTermination),
Custom Fault (if required) and
CatchALL
and also
each Invoke is surrounded by a Scopes Acitivity with Custom Fault (business fault) exception Handling
I feel 1st one may not be a good practice, may be i am wrong...
Any Suggestions from experts.
Thanks in Advance
anvv sharmaHi-
In you can create different scope and use catch branch to catch binding, remote, custom faults, business faults etc. If an error happens in a scope it will not move to the next scope( eg: you have 3 scope, error occured in 2nd scope then it will not propogate to the 3rd scope. One thing to be noticed here is your transaction in the 1st scope doesnt gets commited when an error happens in 2d scope).
You can have a catch all to catch error which are not being caught at catch level. So if any error happens which is not defined in catch block then then it will be caught in catch all branch.
Edited by: 333333 on Apr 12, 2011 9:39 AM -
Best practice in implementation of SEM-CPM
Is someone have the experiance of implementing SEM-CPM using best practice. and if so, does it reduces implementation time?
We should be able to adopt the best pratices when the software finally gets integrated into netweaver.
Ravi Thothadri -
Best Practices for Implementing BI7.0
Dear all,
We are currently in BI 3.5 and have planned to go for BI 7.0.I have a few questions
1. Is the BI in Netweaver 2004s is BI7.0?
2. What are the best practices to go for BI 7.0? I found few documents regarding the Best Practices in service.sap.com
3. Where can I find more detailed information and documents for implementing BI7.0?
If you have any document can you please send it to
(yo - no email addresses in here buddy boy)
Thanks & Regards,
Chandran Gansan
Message was edited by: Ron SilbersteinDear Chandran,
1. Is the BI in Netweaver 2004s is BI7.0?
>> I read some posts before that the correct term should be SAP Netweaver 2004s; Whereas the SAP BW3.5 is referred to SAP Netweaver 2004. I hope I am not mistaken.
2. What are the best practices to go for BI 7.0? I found few documents regarding the Best Practices in service.sap.com
3. Where can I find more detailed information and documents for implementing BI7.0?
>> Since you have access to the SAP service marketplace, kindly check under the categories: bi, bifaq, sevices & implementation.
Hope this helps..
Thanks... -
Best Practice? - Implementing different sap portals on the same hardware
We have a very large intranet portal implementation today spanning multiple boxes with 30k+ users on it.
A different business group is asking us to build a sap vendor portal system, but would like to know if we can run it on the same equipment.
The intranet uses ldap where the vendor will authenticate/authorize against the database. Aside from this, other configurations will be different. My gut feel is that this is something we should not do (mixing both intranet and vendor systems on the same hardware with different config's).
Is there a best practice document that outlines if this is something that should be done or avoided. Also, if you have run into this and have an answer, would appreciate the feedback.
Thanks in advance for the assistance,
ToddHi Todd,
Technically there isn't a reason you couldn't run both portals on the same hardware assuming it is sized properly. You could even use the same portal if you wanted to.
The thing I would be concerned with is security. I assume you have more stringent security requirements for external facing applications than internal applications like the need for additional firewalls and reverse proxies. Usually if you pursue the security requirements you will find the need for separate portal hardware.
Hope this helps
John -
Best practice to implement Query By Form
Hi,
We have some scenario where we have more than 6 optional fields in the request and need to create a dynamic query joining diffrent tables based on the optional fields.
Is there any Best practice in ALDSP to Achieve this ?
ThanksHi,
I am using adhoc query now , Every time a different XQuery is genereted depending on the parametes and its woking fine. Since every time the query plan is changing will this create any performance issue ? -
Best practices for implementing OIM
We plan on putting OIM servers behind LB (hardware). When I develop OIM client I am required to specify OIM endpoint(s) via property java.naming.provider.url. In case of LB I'd specify a virtual host there. The question is what is the best practice for configuring LB - timeout, persistence, monitoring? I don think LB vendor is relevant, but just in case, I have a choice of F5 BigIP and Citrix Netscaler.
My understanding is that Java class tcUtilityFactory is supposed to be instantiated once (in a web client) and maintain the connection, but LB will close the connection after timeout is exceeded. So another question is if I want to use LB I have to take care of rebuilding connection when it is expired, or open/close connection every time tcUtilityFactory is needed. Any advice will be appreciated.
Thanks,
AlexNo i was not going to sync timeouts - just let it close connections after say, 5 min of inactivity. The reason is that performance data is horrible - from my desktop environment, initialization takes almost 9 sec, while reading data from OIM - only 150 milliseconds. I can't afford more than .5 sec on the whole OIM operation, as we are talking about customer experience.
Thanks,
Alex
Maybe you are looking for
-
Is it possible to add an extra Graphics card: ATI X300 SE PCI express
I have a PowerMac G5 with ATI Radeon 9600 XT(AGP) installed. Recently my friend gave me a ATI X300 SE PCI express card and I am wondering whether I can add this card in the G5 and hook up another monitor to it. The ATI and Apple websites didn't menti
-
I've been hacked and I changed my password but he still finds away to get into my Game Center and change my bio. I need serious help
-
I have an iPhone 5 IOS 8.1.2; for the past 13 weeks I get the message that "this phone has not been backed up on the cloud". However, every night it is connected to wifi, phone is connected to power, and the screen is locked. Any idea why back-up is
-
Using iMac 27 as a display for a PC, is it possible?
is there a way to connect my PC (HD 4870 dvi) to the imac 27 to use it as a display? and if so, what cables and adapters do i need? thanx ilya
-
How do I align a flex field segment using personalizations?
This is my first attempt at an OAF form personalization. I added three DFF segments (read only) to the requisition headers portion of the iProcurement requisitions form. I'll do my best here to try and show what has happened, I hope this will maint