Data Level Security from rpd to Weblogic Server

Hi,
Req: To implement data level security through weblogic or external authenticator OID
Current implementation: Created a grop in rpd UserG and configured permission settings with respect to subject area and assigned this group to users.
such that, When User1 log in he will see his data and when User2 log in repective data
New implementaion: We have to achive this data level security through weblogic or external authenticator OID
How to acheive this?
Thanks in advance!
Satheeshkumar

You can choose where to get the groups from either database or any provider and map them to Application roles in EM, but you would have to set up your data restrictions thru Application roles in RPD on your Facts and Dims based on your requirement.
Now if your looking for bringing External groups using BISQLGroupProvider then refer to:
How-to: OID Authentication with Groups Stored in an External Database Table - OBIEE 11g ~ Ask John OBIEE - Oracle Busine…
For database groups with users mapped in it those tables then you can refer to:
Jonathan's Tech Journey: OBIEE 11g Security part 1
Hope this helps.
SVS

Similar Messages

  • Order Management Data Level Security

    Hi All,
    I have worked on OBIEE standalone and implemented data level security from custom data warehouse but never worked on BI Apps.Currently I am working Order Management and trying to implement data level security but I have no clue which OOTB init block to use for it.When i check the Order Management Group's--> permission there is no filter condition on them which i am thinking there no data level security on OM may i thinking wrong.Here is req users must able to see data by Division and Region they belong to and I am trying use OOTB security option for it OR do i need to build custom init block and related keys in all the sales order fact tables to implement it.
    Any documentation or links or information will be appreciated.
    This might be silly question but I would find a way better way.Please let me know if you need any information.
    Thanks

    Forgot to mention :Soruce is Oracle EBS

  • Data Level Security In OBIEE 11g based on the filters setup in RPD

    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.

    A.Y wrote:
    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.Not sure, if anyone has yet ran into this issue, but the workaround we have implemented is to build a report in OBIEE and use the analysis query as the source for BI Publisher.

  • Data level security filter to groups imported from database

    The groups that a user belongs to are stored in a table in the database. How do I create a group in the rpd to define data level security filters when the group name is retrieved from the database table depending on who logs in. One user can be a part of several groups.
    Please help.

    I created the groups manually in the rpd first and assigned security filters to the group. The same group was created in the presentation services assigning some object level security (dashboard pages visibility). But the user picks the groups (row wise initialization) correctly and not the security filters applied to the group in the rpd. The privileges to the group in the presentation services works fine. Why is the group definition in the rpd being bypassed.

  • Data level Security with Oracle Apps as Source

    Hi all
    I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
    I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
    (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
    I have created Groups in rpd with same name as the responsibility in Apps.
    I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
    I have created Group in WEB with the same name as the Group name in rpd.
    If I say show all Users and Groups in WEB, I m getting the APPS Users.
    I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
    But in the Report, I m getting all the Business Group Ids,
    Plz advice if I m doing something wrong.
    ThanQ
    Anand

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • Data Level Security issue

    Hello Gurus:
    I am having a problem with Data Level security.
    I copied my Production RPD and Webcat in Test, changed connection pool DSN and user/passwords.
    Now the problem is, a user who has same rights in Prod and Test, is seeing properly in Production, but sees nothing in Test.
    I am using initialization block from Siebel CRM Application. So customers are assigned to users based on their responsibility from S_RESP and S_USER.
    based on that, users can see the list of customers. Authentication is LDAP, same server for production and Test.
    Now, a user sees properly assigned list in Production, but not in Test. I dont know how to solve it. I searched query logs and stuff, but couldnt find anything.
    Please help me how should I investigate this issue.
    Thanks.
    Vinay

    Thanks for quick reply Stijn:
    Here are my inputs..
    1)"they see nothing"? means the dont see any customers in drop down. This is data level and not related to column or subject area. The only filter I use is
    "ATLAS Reports"."Dim - Accounts Hierarchy".LVL1ANC_ID = VALUEOF(NQ_SESSION."ORGS")
    This filter is applied to Customer hierarchy and couple of sensitive facts.
    The users are able to see all products because filter is not applied. I disabled the filter, and users could see everything. But I cant disable this in Production.
    2) What is the physical sql generated by the report? Set the loglevel of a user to a higher level in order to seet this.
    I am not able to set higher loglevel because i dont see the user in repository. All I see is GROUP, and they are assigned to particular groups based on GROUP session variable. Then filters are set on particular groups. How do I set logging level at Group level?
    3)Can you copy the query and run it against the test database. What results do you get?
    I can not see the query because of above reason.
    4)Does the user get the proper groups assigned? Yes. I put the session variable in title view to verify this.
    5) Are S_USER and S_RESP in Test equal to S_USER and S_REPS in Production? Yes.
    Let me know if you need more information.
    ~Vinay.

  • BIP Security - Data Level Security / Init Blocks

    Hello, I am using BIP 11.1.1.5. I am aware that in OBIEE data-level security can be implemented by placing permissions on a application role. However, I am wondering if this can be accomplished in BIP if I use a BI Analysis or SQL as the datasource for my data model. I have a catalog of 100 BIP reports and was wondering if I can implemented data-level security via the RPD. I am exploring the various options of executing this type of security. I already performed some research and found Oracle's whitepaper on Row Level Security with BI Publisher.
    Another Question: Does session init blocks work with BIP? I flipped the switch for BIP security model to 'Oracle BI Server' on the Admin security page. Next, I went to the RPD in online mode and created a simple query inside a init block. However, when I logged into BIP I didn't see the variable from the session init block in the Manage Sessions window.
    Thanks

    Look at the below link..It has three options. this one is from veeravalli I believe..I personally like the second option if there are not many reports to work with.
    cool-bi.com

  • Data level Security issue in obiee 11g

    Hi,
    We are trying to implement data level security, let me explain the issue
    The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
    We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
    Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
    SQL used in session variable -
    select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
    and job_desc1 = 'Principal High School - KPI'
    Any suggestions please ??
    Thanks,
    VRP

    Hi,
    I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
    Thanks
    [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
    -------------------- SQL Request:
    SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
    SELECT
    0 s_0,
    "High School KPI"."- Date"."School Year" s_1,
    "High School KPI"."- Grade"."Grade Level" s_2,
    "High School KPI"."- School"."School Name" s_3,
    "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
    "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
    "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
    CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
    CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
    REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
    FROM "High School KPI"
    WHERE
    (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
    ) djm ORDER BY 1, 2 ASC NULLS LAST
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
    Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1)
    select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
    case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
    case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
    case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
    D1.c3 as c5,
    D2.c2 as c6
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    order by c1, c2, c3
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1),
    SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
    case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
    select D2.c11 as c1,
    D2.c12 as c2
    from
    SAWITH6 D2
    order by c2
    Edited by: 965968 on Oct 17, 2012 11:49 AM

  • Data Level Security implementation question

    I had a quick data-level security scenario and wanted to solicit any input from the experts.
    In our current Subject Area we have one Presentation Layer using one Business Model. In this Subject Area have a Task and Employee Dimension. There is row-level Security on the Task Dimension that is done in the Business Model on the LTS Content tab. There are a batch of reports built off this Subject Area.
    There is now a request to build a new batch of reports, however, they want to now filter on the Employee Table and NOT filter on the Tasks. So the opposite of what has been applied above.
    From my perspective there are only a few ways this Security can be applied
    Business Layer: Basically either create an Alias of Employee and Task or build a second LTS for both. Then create new columns and map to these accordingly. Basically have 2 of each column in the Business Layer. One with Security applied and one without.
    Presentation Layer: Created a second Presentation Subject Area and apply the security at the Presentation Layer and remove it from the Business Layer.
    I know a third option could be put security on the Role/Group but for this case these reports are open to everyone.
    I'd just like to verify from the experts that I may have covered all solutions for this scenario or if there are any other suggestions?
    Thanks!

    Alright...
    If you have two LTS say A & B (basically duplicate) then add a column say LTS Indicator and assign 'A' for LTS A and 'B' for LTS B. Add the fragmentation content and apply the security filter and you can also create two different Presentation folders under same Subject Area if users have Answers Access so that the users know if they are querying for LTS A or LTS B.
    Similarly, build your reports making use of LTS indicators which will BI server to pick correct LTS. Say, where you want LTS A to be picked...use filter of LTS Indicator = 'A' and thats it.

  • What if I implement data level security using Selection formula?

    Hi All,
    I have a requirement to implement data level security for all the reports, the thing is, we donot have a front end application developed in java/.net or any other language, so we have only two options (as per me, if you think there are other alternatives then please share).
    1) Implement security at the database level (that is use user roles in where clause which will make the where clause really complicated and hence the performance of the query will eventually decrease).
    2) Retrieve the data with the flags of user role/permission on data. Use these flags in selection formula to select the needed records as per the user login.
    I have already in middle of implementing the second method, thought to take suggestion from you guys, I appreciate if you could tell me the drawbacks of the method I am using, and if there is an alternative method you could think of.
    Thanks,
    -Azhar

    Standaone Crystal Reports does not have any security option except to use Trusted Authentication when connecting to the DB. We use Microsofts NT or MS SQL Server Authentication only.
    Doing this in CR Designer using flags and formula will never be secure, the user could simply change the formula etc...
    Check with your DBA on how to configure AD authentication and then enable or add each user to SQL server. You may need to configure and mantain this manually depending on how you ahve your network configured.
    Thank you
    Don

  • How to implement data level security

    How to implement data level security in BI Publihser?. I am using Obiee enterprise edition and bi publihser. My requirement is to show data based on User- Region relation ship.
    User A - belongs to Eastern Region
    User B - belongs to Southern Region
    so if user A logged in he should see only Eastern Region report. If user B logged in He should see only Southern region. I am using direct sql to my oralce database as data source.
    i appriciate your help

    I am using a common database username and password for jdbc connection. what i am looking is based the BI Publihser login, is there any way?
    say i have userregion table joined with fact. so that i can write a query to get the data
    select c1,c2,c3
    from userregion, fact
    where fact.region=userregion.region
    and userregion.user = BIPUBLIHSERUSER
    but my question is ithere any variable to tell who is logged in BI Publisher? Any server varaibles?
    Other related question is, In every report i want to show User name who is running the report. How can i get this?

  • OBIEE Data level security - OR condition among multiple filters

    Hi All,
    we have an requirement in OBIEE 11.1.1.5 to apply data level security based on mutiple dimension ( for example: Product, Geography and Customer). we have implemented by creating 3 groups one for each dimension,
    added appropriate filters for each group and applied on presentation layer. But when we see the query generated by OBIEE server all filters are getting applied with OR condition instead of AND.
    Could someone explain why this is happening so.. is this the actual behaviour of OBIEE or am i doing something wrong !!!!
    Example of the conditions added is
    Select * from table
    where Country='XYZ' OR Customer ='ABC' OR Product='123'
    Expected behavior is
    Select * from table
    where Country='XYZ' AND Customer ='ABC' AND Product='123'
    Thanks in advance..!
    Thanks & Regards
    Subhakar Parigi

    Hi,
    Any suggestion would be helpful.
    Regards,
    Subhakar P

  • Regarding Data Level Security in OBIEE

    Hi,
    We are currently implementing Data level security in our project. We have created multiple groups in the repository and put business filters in the permissions tab for each of the groups. When a user belongs to more than one group then the backend SQL fired by the BI server has an OR condition between the business filters from different groups. Is there a way to force an AND condition between the filters passed from different groups?
    Thanks,
    Kartik

    Try this link
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    If the business unit is a column then try this
    Repository --> presentation Layer --> column --> properties --> permissions --> Give access to the user/group,for others disable the permission.
    Thanks
    Don

  • Data level Security in Essbase

    I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
    Asia and America are defined in my location dimension.
    Please tell me how to do it?
    Regards,
    Suman

    to make your security maintenance easier, I would suggest putting the users into groups and assigning the filters to the group. If you do it at the indivual level, the user can only have one filter assigned to them, but each group could have a different filter. So for someone who should see Americas and Asia have a group calle America and one called asia. put the user into both groups and assign the america filter to the first group and asia filter to the second group

  • Group Level Data Level Security not working

    I'm trying to test the data level security at the group level.
    Here's what I did
    1. Went to the security -> Groups -> Permissions -> Filters
    2. In Name added the Fact table on which I want to filter.
    3. Selected "Enable"
    4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
    When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
    Am I missing something in the creation of filters?
    Thanks in Advance.
    Rama.

    Hi,
    If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
    Hope this helps.
    Regards,
    Sandeep

Maybe you are looking for

  • I want to understand when it is beneficial to reanalyze motion

    I want to stabilize/smooth some clips. I know that any time I push Movement: Analyze, Motion will happily chug away and reanalyze the clip. This can take minutes or hours, depending on the size of the clip. My question, when is it beneficial to do so

  • Packet Loss to First Hop

    Hello, For about the last 10 days now or so I have been experiencing severe packloss which seems to be caused by the first hop my connection goes through. I exchanged my modem for a brand new one last week to no avail. and had an extremely helpful te

  • Workflow display name coming up with .AMERICAN at the end

    Hi For a couple of employees created in our system, the workflow display name is coming with 'AMERICAN' at the end which clearly looks like is the language setting for the user. ORIG_SYSTEM for this users in WF_LOCAL_ROLES is WF_LOCAL_USERS. How can

  • Urgent !!! Line breaks using Oracle email option

    Dear All, I need an urgent help. My query is some what confusing so please do let me know if you need any clarification. What I want to do is that I am using the Oracle email option. when I perform a backup the server sends an email to all the concer

  • What are the little plastic pieces that come with iPod Touch used for?

    One piece is white and the other is clear. Can someone show me how to use them?