CRM 2015 - How to limit Field Level Security based on unit/subunit ?

Similar Messages

• How to implement row level security?

  Hi all,
  There is a database which is for 3 companies to use it and how to use row level security to make sure that they can only manipluate their own data? For example, "employee" table, for each company they just can see their own employees information. How to use dynamic view to do it?
  Many Thanks
  Amy

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.

• How to implement Dimension Level Security on Tabular?

  Not possible on SQL Server 2014 SSAS Tabular? How to work around?
  Kenny_I

  Hi Kenny_l,
  According to your description, you want to implement dimension security in SSAS 2014 tabular. Right?
  In Analysis Services Tabular mode, dimension level security (based on role permission) is not supported. This security can only used in Multi-dimension mode. In tabular mode, we can only use row-level security based on role permission.
  Please refer to links below:
  Implement Dynamic Security by Using Row Filters
  Reference:
  Comparing Tabular and Multidimensional Solutions (SSAS)
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  TechNet Community Support

• How to Migrate Row Level Security Configuration

  Hi Guys,
  Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
  Thank you in advance,
  Bob

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.

• How to implement data level security

  How to implement data level security in BI Publihser?. I am using Obiee enterprise edition and bi publihser. My requirement is to show data based on User- Region relation ship.
  User A - belongs to Eastern Region
  User B - belongs to Southern Region
  so if user A logged in he should see only Eastern Region report. If user B logged in He should see only Southern region. I am using direct sql to my oralce database as data source.
  i appriciate your help

  I am using a common database username and password for jdbc connection. what i am looking is based the BI Publihser login, is there any way?
  say i have userregion table joined with fact. so that i can write a query to get the data
  select c1,c2,c3
  from userregion, fact
  where fact.region=userregion.region
  and userregion.user = BIPUBLIHSERUSER
  but my question is ithere any variable to tell who is logged in BI Publisher? Any server varaibles?
  Other related question is, In every report i want to show User name who is running the report. How can i get this?

• How to implement row level security using external tables

  Hi All Gurus/ Masters,
  I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
  I can use a filter condition in my user level so that he can access his data only.
  But when i have 4 tables in external tables
  users
  groups
  usergroups
  webgrups
  Then in which table I need to give the filter conditions..
  Pl let me know this ...

  You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
  Hope this helps

• How to provide page-level security..

  HI,
  I have a requirnment that a single report having multiple pages is generated such that each or some of the pages have security tags that are compared to a security identifier list of a particular user that acts as a security clearance for that user. How to do this programatically.
  Through this comparison, a subset of pages from the report is formed which makes up a "report" from the user's point of view that contains only data the user is allowed to see. This allows multiple users to view only authorized portions of a single report having page-level security determined by level breaks in the data.How to do this also programatically.
  including both the task is one requirnment. if any one know how to do this using java program or xml, please reply as soon as possible.
  thanks in advance.

  How does you post have anything to do with SQLJ/JDBC? If this is an Oracle Report then post it to the Oracle Reports forum. Otherwise, look at the JDeveloper forum.

• How to do data level security on users based on region

  Hello guys
  I currently have created a report with dashboard prompt on column "state" with a default value "CA"
  Now, the requirement is to perform data level security on this report, so different users based out of different state will log in to the dashboard and this prompt will change its default value accordingly so the user will have the report on only users home state prompted, and users can't see other state data..
  I have thought of creating session variables to achieve the same, but how should i set up the initialization string?
  Do I need to create a new table called "user table" that stores username/password and state columns and make that user table join to the fact table in the db?
  If so, how should I configure the session value so that users get filtered date based on its state location?
  PLease provide guidance
  Thanks

  Here’s an idea off the top of my head (untested):
  First, set up your security constraints normally using Manage…Security in the Administration Tool, so that each user can only see his/her state. Refer to the previous responses to this post for guidelines.
  Then, in your dashboard prompt, for the “Default Value”, write a tiny bit of logical SQL to query the “state” column from the presentation layer. If your security constraints are properly in place, the SQL should only return one value.
  To get an idea of what the logical SQL should look like, select “All Values” as the default value, then switch it to ‘SQL Results’. That will show you the basic format of the logical SQL. It’s really just normal SQL (select <this> from <that> where <the other>), but referring to presentation layer objects rather than to physical tables and columns.
  Untested. Please reply back and let us know how it goes.

• How to provide Responsiblity level security in OBIEE 11g

  Hi all,
  Can any one tell me how to provide the responsibility level security in OBIEE 11G.

  Hi,
  You need to create group of users and then apply filters over that groups.
  you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
  - Manage -> Security...
  - Groups -> click right group1 and select propierties.
  - Select button 'Permissions...'
  - Select tab 'Filters' -> add new filter.
  - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
  you should add the Customer table to your Sales-fact LTS add apply the filter to this combined LTS as well
  For more:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  also try http://www.biblogs.com/1969/12/31/obiee-11gr1-security-explained-an-11g-security-overview/
  http://forums.oracle.com/forums/thread.jspa?threadID=1120336
  Thanks
  Deva
  Edited by: Devarasu on Oct 11, 2011 6:08 PM

• How to create Database level Security in OBIEE

  Dear Experts,
  Can you kindly tell me the steps on how to create a database level security on OBIEE.
  Please can some one give me the scripts and tell me how to implement tht in the RPD.
  Thanks in advance,
  Anand

  If you are looking for Database Level security in OBIEE the only route to truly accomplishing this is using the Oracle Virtual Private Database concept.
  http://obieeblog.wordpress.com/2008/12/29/obiee-and-virtual-private-database-vpd/
  http://gerardnico.com/wiki/dat/obiee/vpd

• Setting field level security

  I have created a form in LiveCycle in which two fields (Header and an Image block) need to be editable by one user type (e.g. power user), but should not be changeable by the end users.  They will only be able to fill in other fields in the form.  So far I have only been able to set form level security.  Is there a way to apply security to just these two fields, perhaps requiring a password, so that the power user can update these two fields as needed?
  Thanks for any ideas you might have!

  Hi Diego,
  Thanks for responding.  We aren't using the LC PM module, so that takes one suggestion out of the running.
  We tried some Javascript we found on the Acrobat forum (see below for what we used) - using it as an action with a bookmark, but it didn't work.  The guy who wrote the script on that forum looked at our file and thought that the problem was likely because the form was developed in LiveCycle.  We are not Java experts (or even close!), so we have no clue where to start.  And unfortunately if we cannot find a solution for this dilemma, we will have to decline a project from a client. 
  So again, any thoughts or suggestions on where to go from here are greatly appreciated!
  (function () {
      // Get one of the fields in the group
      var f = getField("private.name");
      // Determine new readonly state, which
      // is the opposite of the current state
      var readonly = !f.readonly;
      var readonly_desc = readonly ? "deactivate" : "activate";
      // Ask user for password
      var resp = app.response({
          cQuestion: "To " + readonly_desc + " the fields, enter the password:",
          cTitle: "Enter password",
          bPassword: true,
          cLabel: "Password"
      switch (resp) {
      case "your_password": // Your password goes here
          getField("private").readonly = readonly;
          app.alert("The fields are now " + readonly_desc + "d.", 3);
          break;
      case null : // User pressed Cancel button
          break;
      default : // Incorrect password
          app.alert("Incorrect password.", 1);
          break;
  In this example, the fields that are controlled by this all have a field name prefix of "private", for example "private.name", "private.address", etc. This makes it easier to control the fields as a group, as I do in the line of code that begins: getField("private").readonly  If you don't use such a field naming convention, you'd have to have a separate such line for each field in the group.
  Replace "your_password" above with one of your own. The first and last lines are not necessary, but do prevent the needless creation of document-global variables, which is a good thing.

• How to use Item Level security

  I am working on portal 9.0.2.6.18.
  I have a folder with 1000 items. I want to grant groupA
  access to 997 items and
  (Group B,GroupA) access to 3 items.
  How do i do this.
  Here is what i tried:
  1.enabled item level security on folder
  2.granted folder level access to groupA and groupB
  3.Changed access of 997 items to grant access to GroupA
  4.Did nothing to the 3 items which i wanted to give access to GroupA,GroupB
  Is there a better way of achieving this?
  I am not really comfortable granting folder level access to groupB, because if i miss overwriting privileges of an item (in step 3), then groupB will have access to that item. I would love to change just 3 items because they are the exception.
  How is this feature supposed to be used?
  Thanks
  Harish

  Martin,
  Thanks for the reply. I just cited 1000 items folder as an example. We have various complex combination of security requirements for folders and items. So creating sub-folders for each combination will not work for me.
  Everytime the security requirements change we have to move the items around, which can confuse users. And sometimes we have to create sub-folders to workaround the item-level security problems even when there is no logical business classification to a set of items.
  Harish

• How To Apply Row level security ??

  Hi all,
  I want to apply row level security on one of my custom objects created in PO schema in R12. How to do that??
  Thanks and Regards
  Raj

  Thank You Gaurav
  --Raj                                                                                                                                                                                                                                       

• How to get object level security in Universe?

  Hi,
  I need to get the object level security for an Universe. I'm able to get the list of objects and its security access level (Public / Controlled / Restricted / Confidential / Private / )  from the (.Unv) file using the Designer SDK.
  But I need to get the list of users who has the object level security in the universe. In the CMC, by clicking the Universe and click on the Object Level Security tab, we can see the list of users there.
  I need to get the same using BOE SDK.
  I have used the following query to get the universe from the repository,
  "select * from ci_appobjects where si_kind='universe' "
  But I'm not able to get the list of users having obj. level security for that universe.
  Kindly help me to proceed.
  Thanks.

  The access security level is encapsulated in the SI_KIND='Overload' object. 
  Look for those types of objects, and the doc for the Overload class.
  An Overload references the Universe to which it's associated, and User/UserGroup objects are associated with the Overload via SecurityInfo.
  Sincerely,
  Ted Ueda

• How to apply row level security against the database administrator

  I would like an advice in applying row level security against the database administrator. We need to prevent DBA from editing data in some table rows or have any indication that data was corrupted.
  There is no problem in viewing the data so we considered one way hash function or digital signature which will be stored in the same table, but we see following disadvantages:
  HASH - DBA may use the same hash function to update the stored data after he changes the sensitive row.
  Digital signature - the is a need to manage and keep the private key in a safe place outside of DB
  Is there additional ways to achieve the aim?

  Does VPD helps to prevent from DBA to edit/view a data in specific rows?Yes.
  If I correctly understand, DBA has full access to security policy used by VPD to control the access and can grant himself privileges that I don't want.You can to define which users can be exempt of the politics, for the context or by Grant EXEMPT.
  This includes DBAs.
  The simple fact of being DBA doesn't guarantee the exemption.
  Everything goes to depend of the VPD config.