Cube cell-level security

Similar Messages

• How to query Cell level Security in 11g AW

  Are there any views/tables that we might be able to use to query the Security settings in 11g AW?
  In AWM 11g we have the ability to grant users/groups security at a cell level, with this functionality there is no need for us to maintain the PERMIT_WRITE program to manage Write access to users. I could not find any document that states how we can manage/view the security outside the AWM tool.

  For Oracle 11.1, there is a dba-level view called
  DBA_XDS_INSTANCE_SETS which provides the data security definitions
  for both rdbms table-based and olap dimension/cube-based data security
  documents. The actual definition of data security is stored in the XML DB
  repository under the XDB schema.
  SQL> desc dba_xds_instance_sets
  Name Type
  SCHEMA_NAME VARCHAR2(30)
  OBJECT_NAME VARCHAR2(30)
  INSTANCE_SET VARCHAR2(30)
  DESCRIPTION VARCHAR2(4000)
  STATIC VARCHAR2(5)
  EVAL_RULE VARCHAR2(4000)
  ACLIDS SYS.XMLTYPE
  There is no way to actually manage the data security documents outside of
  AWM for 11.1 in terms of creating/editting/deleting the data security documents
  at least none that is documented.
  Here is an example of what the DBA_XDS_INSTANCE_SETS view returns:
  SQL> select * from dba_xds_instance_sets;
  SCHEMA_NAME OBJECT_NAME INSTANCE_SET
  DESCRIPTION
  STATI
  EVAL_RULE
  ACLIDS
  GLOBAL TIME DEFAULT_POLICY
  false
  1 = 1
  <aclids xmlns="http://xmlns.oracle.com/xs">
  <aclid>4C96964E68CC309FE040578C550414E2</aclid>
  </aclids>
  GLOBAL TIME policy1
  false
  GLOBAL."TIME".DIM_KEY IN ('186', '176', '133', '134', '135', '177', '136', '137', '138')
  <aclids xmlns="http://xmlns.oracle.com/xs">
  <aclid>4C96964E68CF309FE040578C550414E2</aclid>
  </aclids>
  Have you created data security in AWM on dimensions/cubes in 11.1?
  Any feedback about your experiences with AWM around data security would
  be welcome.

• Row level Security for BI Author Role

  Hi All,
  We are using OBIEE 11.1.1.5 in our project. We have a requirement where we need to configure row level security on certain column.
  We are currently using external table and session variable approach to configure this. This security works fine for the users with BI Consumer
  roles. But we are facing issue with configuring row level security for BI Author role.
  BI Author can create any analysis in BI Answers and suppose he/she creates a report which does not contain the column on which row level
  security is applied than he can see all the data. For eg.
  We have one dimension Products having two levels Product Division and Brand. I want to configure security based on Product Division column.
  But if BI Author create a report with only Brand and Measures than row level security is not working.
  Does anyone has face this issue before.
  Please let me know if you want any other information from my side.
  Regards,
  Vikas

  If you are using a multidimensional cube you can use the "permit" command to control access to dimension members or provide cell level security within the cube. The OLAP database documentation provides on how to use the PERMIT command.
  If you are using relational tables and/or views with additional CWM metadata mapped using OEM then you need to refer to the database documentation relating to Virtual Private Databases and Label Security
  Business Intelligence Beans Product Management Team
  Oracle Corporation

• How to enforce row level security on MSAS Cube

  We have to enforce row level security on MSAS Cube based on BOUSER.
  We are using a security table which contains BOUSER ID and Location ID
  We need help in joining the security table with MSAS Cube.
  Thanks

  HI,
  I haven't worked with cubes. But the will the knowledge I have in Universe, could probably help you.
  As you already have a table which maintains BOUSERID and location id, you could probably join location id with MSAS cube id.
  If you don't want to use this userdefined security table, you can use the inbuilt Row level security option.
  Go to Tools -> Manage access REstrcitions --> Create a new restriction --> Rows tabe ---> give a expression with BOUSER
  Hope this helps.

• Migrate SQL 2008 Analysis database to 2012 AS database along with data level security defined in current production cube

  I want to migrate Analysis Services 2008 database to 2012 AS database along with data level security defined in current production cube
  Note: Only Production environment have security, while no security is defined in development environment
  Potential Approach:
  1 - Using Synchronization Wizard: Gives me error : "The OLAP element at line1 can not appear under envelope......" and this is because Synchrinzation works only for same version
  and in my case, there are different versions of SQL (SQL 2008 and 2012)
  2 - Using Visual studio conversion wizard - Convert SQL 2008 AS project to 2012 and then process cube, so I can get the cube working but then how can I get data level security since 100's of data level security is defined in production Cube, so how can I
  migrate that across
  3 - Script out XMLA and deploy cube - But then again having issues with how can i script SSAS security
  4 - Would taking backup of SSAS 2008 database and restore to SSAS 2012 will help ?
  Any suggestions would be appreciated
  Thanks,
  Mihir

  Hi Mihir,
  According to your description, you want to migrate the SQL Server Analysis Services (SSAS) 2008 database which have some security setting with it to SSAS 2012, right? We can migrate existing Analysis Services databases either during Setup, by upgrading an
  existing instance of Analysis Services, or after Setup, by running the Migration Wizard. Generally, when migrating a database to another server, all the setting will be migrated. So in your scenario, you can refer to the steps on the links below to migrate
  your SSAS database.
  How to: Migrate Analysis Services Databases
  Migrating Existing Analysis Services Databases
  Regards,
  Charlie Liao
  TechNet Community Support

• Row level security at universe design level

  Hi,
  I am creating a Universe layer on top of non SAP OLAP cube ( from MS Analysis Services 2005 ) .
  My concern is that can we maintain the row level or data level security at universe design level or if i am using that universe in creation of WEBI report so is there any possiblity to maintain this security at WEBI level.
  Regards,
  Mishra Vibhav.

  Thanks for the reply.
  Much Appriciated.
  My only concern is that i read in the Universe Designer developer guide that it does the row level security so can eloborate a bit about how we maintain at Universe level.
  Warm Regrads,
  Mishra Vibhav

• Column Level Security - Grand Total row

  Hello All, I have a question about Column Level Security in a report where Grand Total is turned on. I am working inside of the OOTB Paint rpd and I am looking at the 'Finish Sales Trend for Current Year' report on the Brand Analysis dashboard page. Inside of the Admin Tool I added column level security on the Units presentation column in the Sales Measures table. I implemented security that will not allow the Central Region Manager group to view the Units column. When I access the report I noticed that the Grand Total row of the table is slightly skewed because the Units column is hidden. The Grand Total row is showing, however all the results are off by 1 cell.
  The forum is not allowing me to attach pictures to this post.
  Thanks for your help

  Hi User,
  It is an bug refer the metalink,
  Bug.9576412 - GRAND TOTAL NOT WORKING WHEN COLUMN LEVEL SECURITY IS IMPLEMENTED
  For eg:
  consieder a report with following columns,
  Year Product Measure1 Measure2
  In this if for measure1 the column level security is enabled (user1 who is not supposed to see the data).
  Then grand total value of measure2 will be in the grand total of measure1. (for user1)
  When column level security is enabled, that column will be pushed to the end of the table view.
  So that it is happening.
  By using case statements with groups or users we can get it work without enabling the column level security.
  Thanks,
  Vino

• SAP-BO SSO and Row Level Security

  Hi,
  We can configure the SAP authentication and able to login InfoView via SAP user name and password. And also, we can import the roles from the SAP system.
  When we create a connection to BW cubes from designer, we want to use "Use Single Sign On when refreshing reports at view time" to apply row-level security which is defined at the BW cubes.
  In our tests, we use "Use BusinessObjects credential mapping" while creating connection from designer to test the row level security. As you can guess, after importing the SAP user, in CMC screen > Users and Groups > Users, we manually enter the password of the user to the Database credentials part. However, as you can guess, the password of the user's is not static and that is not a good solution.
  My question is that, do I need to configure SSO between SAP and BO system or how can I enable row level security?
  System Information
  Business Objects XI 3.1
  SAP Intg. Kit 3.1
  Thanks a lot,
  Omer

  Hi Omer,
  please note that only row-level security implemented through authorization variables in BW queries can be used in BusinessObjects. Row-level security defined at cube level will not be applied.
  As long as you have used the SAP authentication to log on your BOBJ server, the SAP credentials will be used automatically to get the data from your SAP BW source as long as the "Use Single Sign On when refreshing reports at view time" option  is selected in the Database configuration panel (Found in the CMC when viewing the properties of your report) and the option "Use BusinessObjects credential mapping" is selected in your universe connection.
  Please note that this will only work for reports that are invoked directly in the infoview. If a user schedules such a report, she/he has to enter her/his SAP credentials explicitely in the Database Configuration Panel appearing in the scheduling assistant window. In this case you can activate SNC trust between your two servers in order to avoid entering a password when the report is scheduled.
  Regards,
  Stratos
  Edited by: Efstratios Karaivazoglou on May 5, 2009 10:16 AM
  Edited by: Efstratios Karaivazoglou on May 5, 2009 10:23 AM

• What is Row level security in SSAS?

  Hi All,
  What is row level security in SSAS?
  How many ways to provide security to a cube?

  Implement Dynamic Security by Using Row Filters
  Getting Started with Row Level Security
  Andreas Wolter (Blog |
  Twitter)
  MCM - Microsoft Certified Master SQL Server 2008
  MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
  www.andreas-wolter.com |
  www.SarpedonQualityLab.com

• Column level versus row level security in SAP BI

  This is a question. Sorry about the terminology clarification but it really does get to a question. Thanks for your patience and help.
  There is some confusing terminology among BI users so let me explain terms. The terms appear to have some currency in the BOBJ world.
  Row level security = the ability to control access to some data based on the values of a characteristic. Only the data authorized will be selected.
  Column level security = the ability to exclude certain characteristics from display by any user.
  In SAP BI row level security is managed by analysis authorizations (RSECADMIN).
  To the extent of my experience (and I am unable to test it for about a month) column level security can only be managed by authorization object S_RS_IOBJ excluding the infoobject to be controlled with the sub-object DATA).
  However my experience is that any query that reads an infoprovider that contains that infoobject will fail. It won't exclude and present to the user all the other infoobjects (i.e. columns).
  Is this really so and if so is there any mechanism that can exclude columns without forcing the developer to either design an infoprovider or multicube that excludes the infoobject?
  Edited by: Corwin Slack on Dec 14, 2009 2:07 PM

  Two things
  1. I would prefer not to have to rely on developers to implement a restriction in a query. Then I have to police every query.
  2. I am not certain that the authorization isn't checked anyway because the query accesses the cube. (Sorry no test environment available until mid January)
  My preference is that any queries that contain this authorization object just bypass the displaying the characteristic. My frecollection to date is that this isn't what happens. The query fails entirely.

• Row Level Security not working for SAP R/3

  Hi Guys
  We have an environment where the details are as mentioned below:
  1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
  2. The SAP roles are imported in Business Objects CMC.
  3. Crystal Reports are published on the Enterprise as well.
  3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
  Any help in this issue is greatly appreciated.
  Thanks and Regards
  Kamal

  Hi,
  In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
  This tool defined which tables are to be restricted based on authorizations.
  However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
  You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
  thanks
  Mike

• Object Level Security in OBIEE 11.1.1.5

  Hi All,
  I am trying to implement object level security for certail groups. We have BI Apps 7.9.6.3 implemented in whch obiee 11.1.1.5 is integrated with EBS R12. Users are able to login through diffrent responsiblities to OBIEe. I need insight into how to implement object level security. Below are the steps whihc i have followed but still i am facing strange issues i.e. some users are able to see dashboards which they have no access with view display error. I checked in dashboard permission. They do not have access
  1) Created application roles in OBIEE with the same resposiblity names
  2) Grouped the application roles in diffrent groups. I.e. if application roles a,b,c should have access to dashboard x then i made b and c member of a.
  3) Configured security in manage previleges and catalog for these application roles i.e. i used application role a mentioned in step 2 in manage previleges etc.
  4) Restarted the BI server and presentation servers.
  Are there any other steps which should be followed apart from above mentioned steps. Do i have to make use of groups.
  Regards,
  Sandeep

  Sandeep Saini wrote:
  I checked the inheritance. I did a lot of investigation but it is weird. My purpose of asking the question was to find out if there are any bugs in version 11.1.1.5 otherwise i didn't see any issues.
  There are a couple of bugs related to the issue but I have checked that on 11.1.1.5.5 and its works as expected.
  Bug 13982971 : PERMISSIONS ON WEB CATALOG OBJECTS NOT APPLIED IMMEDIATELY
  In case you see anything like this -> QA:USER WITH NO ACCESS OVER A FOLDER IS ABLE TO RUN ANALYSIS REPORT CONTAINED then [Patch ID 15626966]
  1) I want to check if there are any components i.e. BI server, presentation server or any other service that should be started after creation of application roles. I started only BI server after creating application rolesAny changes made to the Application policies should need a restart of admin and managed server however if you are not creating policies just Roles with similar names OPMN restart should be good to see the changes made.
  2) I made use of application roles throughout in object level security . Is it the correct approach ?Yes that is the right approach to use application roles for defining object level permission settings throught, do not go for catalog groups its makes it nasty to manage. Here is the quote from Sec Guide : " Using catalog groups is not considered a best practice and is available for backward compatibility in upgraded systems."
  3) To check if there are any object level security related bugsThere might be more than once mentioned above since 11.1.1.5 .. I do not trust that version it bites a lot ;)
  And to explain step 2 lets say there are n number of application roles which should have same object level security but diffrent data level security. In that case i made all such application roles member of another application role and configured object level security for that group only. For ex in manage previlege i configured "Access to Answer" for one application group and made other application group member of this group. I hope its clear now .Grouping of Roles with other similar roles is what needs to done to get functionality like catalog groups.However a reference of the 5 basic rules is always a lifesaver : [Rules for Inheritance for Permissions and Privileges|http://docs.oracle.com/cd/E29505_01/bi.1111/e10543/mgrgrpsusers.htm#autoId16]
  Hope this helps.!
  SVS

• Dimension Level Security on a Data Form

  Hi,
  Is there any other way in Hyperion Planning to know where the dimensional level security is missing when you get the following error - (other than manually going to the dimensions and checking it)
  "Security and/or filtering has resulted in a required dimension not being represented on the data form"
  Please let me know !
  ~ Adella

  Alp, I did try to work with your idea and it did help. Thank you so much for your input.
  Anyways, for now I think I got an answer to my question..but please do let me know of other ideas if you come across any :)
  ~ Adella

• Data level Security issue in obiee 11g

  Hi,
  We are trying to implement data level security, let me explain the issue
  The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
  We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
  Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
  SQL used in session variable -
  select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
  and job_desc1 = 'Principal High School - KPI'
  Any suggestions please ??
  Thanks,
  VRP

  Hi,
  I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
  Thanks
  [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
  -------------------- SQL Request:
  SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
  SELECT
  0 s_0,
  "High School KPI"."- Date"."School Year" s_1,
  "High School KPI"."- Grade"."Grade Level" s_2,
  "High School KPI"."- School"."School Name" s_3,
  "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
  "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
  "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
  CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
  CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
  REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
  FROM "High School KPI"
  WHERE
  (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
  ) djm ORDER BY 1, 2 ASC NULLS LAST
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
  Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1)
  select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
  case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
  case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
  case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
  D1.c3 as c5,
  D2.c2 as c6
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  order by c1, c2, c3
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1),
  SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
  case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
  select D2.c11 as c1,
  D2.c12 as c2
  from
  SAWITH6 D2
  order by c2
  Edited by: 965968 on Oct 17, 2012 11:49 AM

• Row level security in BI Publisher

  Hi All ,
  I am using BI publisher for reporting on Siebel system.The issue I am facing is regarding row level security.Even if I am logging with Employee Id, when I generate report ,I have acess to all the information of the other employees.
  e.g. If as a cashier I made some entry , when I generate report on collection made by me, its bringing me all the collections made by other cashiers also.
  I am generating these report from siebel side.I am not sure if we can apply the rowlevel security to BI Publisher.
  Does anyone has used Siebel or EBS with BI Publisher and have row level security ? I am also not sure How to see the reports by loging into BI Publisher .If I am using Siebel or EBS, what is going to be my Data Model or Data Set.
  Can anyone help me on this?
  Thanks!!

  Oracle HRMS has its own security built-in to the schemas. Other modules you will need to customize for your own use.