Data level Security for Oracle Apps as Source

Similar Messages

• Data level Security with Oracle Apps as Source

  Hi all
  I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
  I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
  (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
  I have created Groups in rpd with same name as the responsibility in Apps.
  I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
  I have created Group in WEB with the same name as the Group name in rpd.
  If I say show all Users and Groups in WEB, I m getting the APPS Users.
  I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
  But in the Report, I m getting all the Business Group Ids,
  Plz advice if I m doing something wrong.
  ThanQ
  Anand

  You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
  Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
  I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

• Data level security for 30000 profir centers

  Hello Gurus
  I have a requirement to implement data level security for 30000 profit center . Now I can think of creating the groups and applying security filters ( both on Dimesion & Fact) on the top of that.
  But I cannot do so as I will have to create some 30,000 groups/roles which is not possible. because there are some users who have access to only one or two profit center and it forms a heirarchy.
  As a workaround what I did is created a user-profit center table and joined it with the profit center table which is actually a snowflaked with two more dimensions - gl_account & gl_segment.
  In the BMM layer , in the Content section of teh profit center dimension , I applied a where filter like below :
  "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_ID" in (1000163) and "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_NAME"='Profit_Centre' AND ( "Oracle Data Warehouse"."Catalog"."dbo"."PF_USER_MAPPING"."USER" = VALUEOF(NQ_SESSION.USER) OR 'UNMATCHED'=VALUEOF(NQ_SESSION.USER) )
  All is well if I create a report having Profit center as one of the dimension/component in the analysis (answers) .
  But when I don't take Profit center the roll up is happening with all the Profit center . Reason being I have not applied "security filter " in the fact table and I cannot do so because USER tabel is not directly joined with the fact table.
  Is there any workaround for this.
  Pls. advise.

  Hi,
  Yes, any dimension filters are applied only when you include that dimension in your analysis.
  As a workaround, you could create a filter as "Profit Centre" is not equal to 'Dummy Profit Centre' with "Protect Filter as ON" and add this filter to all of your analysis.
  So what it does is, even though you do not refer to profit centre dimension in your analysis, the filter in each analysis makes sure that the profit centre dimension is always mapped and the data restriction is applied.
  Hope this helps.
  Thank you,
  Dhar

• Data level security for Dashboard pages.

  Hi all,
  I have a question.I want to apply data level security to the data in Dashboard pages .
  Any Answers.
  Thanks Sunny.

  Thanks Srikanth and Aravind .
  I have studied abt the data level security for dashboard.
  My question is : Is there any way to apply dataleve security to dashboard pages . like id dashboard D1 has pages p1,p2,p3
  and if we want to implement datalevel security to page is that possible.
  Thanks
  Sunny.

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Sample implementation of Transport-level security for Oracle Service Bus (O

  I have a custom authentication library external to OSB.
  How can I secure transport channel (JMS/EJB/etc) using external java api. Is there some sample implementation of this out there.
  Thank you - version I am using is 11g

  Can you describe in detail that which API you want to use and how would you like it to work? You may consider visiting below links -
  http://docs.oracle.com/cd/E17904_01/doc.1111/e15866/message_level_cust_auth.htm#i1069719
  Regards,
  Anuj

• EBS Data Level Security

  We would like to implement Data Level Security on BI Apps 7963 with EBS R12.1.3.
  Is "EBS Single Sign-on Integration" Initialization Block required to do so?
  I also found "Authorization" need to modified SQL statement to adapt security for EBS. Is it right?
  The default value seems for Siebel CRM system.
  Can anyone confirm those questions?
  Any response will be very appreciated.
  Best Regards,
  Roger

  Hi,
  1. Yes, you need to enable the Initialization Block "EBS Single Sign-on Integration" and leave the OOTB definition
  2. You need to disable the Siebel "Authorization" Init Block and create a new one for EBS. You can find the SQL in the BI Apps 7.9.6.3 Bookshelf, section "Integrating Security for Oracle BI Applications", 2.6.1 Oracle BI Application Authorization for Oracle EBS
  Hope this helps,
  Tarik.

• Authorization: data level security by cost center to finance line items

  We have a business unit request requiring implementation of cost center data level security through FI transaction codes for financial line items.  Example requirement:  Cost center manager can execute FS10N GL account line item display, drill into the balance and only return those line items to which the cost center manager has access.   Cost center managers currently report their cost center expenses via cost center accounting report and through those reports are able to drill into the FI line items to display document and line item details.  Cost Center managers, due to their varied responsibilities, also have access to tcode FS10N, from which if they execute reports directly, can access data for cost centers which they are not responsible for.
  Our security team has stated that the determination of authorization objects which are checked at transaction code/program execution are not configurable.  We’ve found when debugging that it would be possible to implement user exits for additional authorization checks, but that in order for the authorization check to actually get called, the object must be set as ‘checked’ within SU22/SU24.
  Has anyone had a request to implement such cost center data level security for financial line items through Financial transaction codes?  If so, what steps were taken to be implemented?   Was this able to be accomplished via security configuration and PFCG security role updates or was custom code logic needed?  If custom  logic was needed, to what extent was this implemented (what tcodes/programs were included; how was the decision of what to include and exclude determined).   What was the duration of this effort?
  Has anyone had a request to implement such cost center data level security request for financial line items via Financial transaction codes and not implemented the request?  How was this communicated to the business that the request for data level security goes against SAP’s authorization design?
  Thank you in advance for your input,
  Becky Zick

  Hi Becky
  Have you tried with object K_REPO_CCA? You have available these fields to filter authorizations.
  I hope this helps you
  Regards
  Eduardo

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• What if I implement data level security using Selection formula?

  Hi All,
  I have a requirement to implement data level security for all the reports, the thing is, we donot have a front end application developed in java/.net or any other language, so we have only two options (as per me, if you think there are other alternatives then please share).
  1) Implement security at the database level (that is use user roles in where clause which will make the where clause really complicated and hence the performance of the query will eventually decrease).
  2) Retrieve the data with the flags of user role/permission on data. Use these flags in selection formula to select the needed records as per the user login.
  I have already in middle of implementing the second method, thought to take suggestion from you guys, I appreciate if you could tell me the drawbacks of the method I am using, and if there is an alternative method you could think of.
  Thanks,
  -Azhar

  Standaone Crystal Reports does not have any security option except to use Trusted Authentication when connecting to the DB. We use Microsofts NT or MS SQL Server Authentication only.
  Doing this in CR Designer using flags and formula will never be secure, the user could simply change the formula etc...
  Check with your DBA on how to configure AD authentication and then enable or add each user to SQL server. You may need to configure and mantain this manually depending on how you ahve your network configured.
  Thank you
  Don

• OBIEE BI Apps data level security involving multiple PeopleSoft Segments

  Has anyone implemented OBIEE BI Apps data level security involving multiple PeopleSoft Segments and can provide some tips?
  Our PeopleSoft security grants access by 2 segment combinations:
  All Segment 3 (Department)  and any Segment 6 (Project)
  Specific Segment 6
  Specific combinations of Segment 3 and Segment 6
  In addition, there is a flag to indicate if the user also has access to payroll data. Payroll access is a subset of the general finance access.
  We've got a security init blocks running successfully for general finance and payroll access. We've created Data filters on the Segments for general finance access and GL Account for payroll access.  We designed dashboards to use Dept and Project from the Segments on the general finance dashboards and pull Dept and Project from GL Account for the payroll dashboards.
  The problem is both data filters are being applied to the general finance dashboards since the joins behind the scenes on the general finance dashboards use GL Account.
  Does anyone have a suggestion?

  Business Intelligence Applications

• Data level Security in SSO

  Hi
  I need to implement Data level Security (OBIEE) in Single Sign On with Apps as Source...
  Since it is SSO, we have users in the Apps but not in the OBIEE rpd. How to use those responsibility in our rpd and apply filters on the logical columns.
  I need to filter based on the business group... Please explain in detail...
  thanx

  Metalink3.oracle.com
  then search for the note number
  Also you may check doc. http://download.oracle.com/docs/cd/E14847_01/bia.796/e14846.pdf
  Edited by: user634293 on Apr 5, 2010 2:47 PM

• Order Management Data Level Security

  Hi All,
  I have worked on OBIEE standalone and implemented data level security from custom data warehouse but never worked on BI Apps.Currently I am working Order Management and trying to implement data level security but I have no clue which OOTB init block to use for it.When i check the Order Management Group's--> permission there is no filter condition on them which i am thinking there no data level security on OM may i thinking wrong.Here is req users must able to see data by Division and Region they belong to and I am trying use OOTB security option for it OR do i need to build custom init block and related keys in all the sales order fact tables to implement it.
  Any documentation or links or information will be appreciated.
  This might be silly question but I would find a way better way.Please let me know if you need any information.
  Thanks

  Forgot to mention :Soruce is Oracle EBS

• Data Level Security In OBIEE 11g based on the filters setup in RPD

  Hello All,
  We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
  Regards,
  -Amith.

  A.Y wrote:
  Hello All,
  We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
  Regards,
  -Amith.Not sure, if anyone has yet ran into this issue, but the workaround we have implemented is to build a report in OBIEE and use the analysis query as the source for BI Publisher.

• How to setup JNDI Name for Oracle Apps adapter?

  Hello,
  I am learning Oracle SOA 11g and trying to do some tutorial on Oracle Application Adapter.  I know how to configure JNDI for DBadapter and I did that successfully. I followed same steps to create New JNDI for Oracle Apps Adapter.
  1. I Created new data source using Path Services->Data Sources -> New Genric Data Source. Connection to database was successful and created new JNDI Name: jdbc/PKDTAPPS.
  2. Then Deployment-> OracleApps Adapter-> Configuration-> Outbound Connection Pools -> New and created JNDI Name eis/Apps/PKDTAPPS.
  However I did not find newly created JNDI Name in step 2 under Deployment-> OracleApps Adapter-> Configuration-> Outbound Connection Pools -> javax.resource.cci.ConnectionFactory.
  Please let me know if am I following correct steps to create new Oracle Apps Adapter JNDI Name or not.
  Since above approch did not work I created new JNDI for DBAdapter with same database connection details. And then latter on use that JNDI Name while creating Oracle Application Adapter in JDeveloper composite. And it allowed me to access Oracel Apps open interface. However while deploying the application it gave me following error.
  <Feb 16, 2015 10:50:59 AM CST> <Error> <oracle.integration.platform.blocks.deploy.servlet> <SOA-21537> <Sending back error message: There was an error deploying the composite on AdminServer: [JCABinding]
  [adapter-Apps-101-JournalImport.InsertJournal/1.0]Unable to complete unload due to: Cannot locate Java class oracle.tip.adapter.apps.AppsTableWriteInteractionSpec: Cannot locate Java class
  oracle.tip.adapter.apps.AppsTableWriteInteractionSpec..>
  Since I have no past experience kindly suggest me what is right way to do this.
  Thanks,
  Shri

  Hi shri,
  Can you check the targets of oracle apps adapter that is it deployed on both cluster and admin server both.
  Deployment-> OracleApps Adapter-> Targets
  Regards,
  Anshul