Data level Security issue in obiee 11g

Hi,
We are trying to implement data level security, let me explain the issue
The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
SQL used in session variable -
select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
and job_desc1 = 'Principal High School - KPI'
Any suggestions please ??
Thanks,
VRP

Hi,
I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
Thanks
[OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
-------------------- SQL Request:
SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
SELECT
0 s_0,
"High School KPI"."- Date"."School Year" s_1,
"High School KPI"."- Grade"."Grade Level" s_2,
"High School KPI"."- School"."School Name" s_3,
"High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
"High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
"High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
FROM "High School KPI"
WHERE
(("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
) djm ORDER BY 1, 2 ASC NULLS LAST
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
WITH
SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T29835.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
from
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
D1.c2 as c2,
count(distinct D1.c6) as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH0 D1
group by D1.c2, D1.c4, D1.c5),
SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH1 D1),
SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T26023.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
from
W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_KPI_QTR_DAY_D T30647,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
count(distinct D1.c6) as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH3 D1
group by D1.c3, D1.c4, D1.c5),
SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH4 D1)
select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
D1.c3 as c5,
D2.c2 as c6
from
SAWITH2 D1,
SAWITH5 D2
where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
order by c1, c2, c3
[2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
WITH
SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T29835.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
from
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
D1.c2 as c2,
count(distinct D1.c6) as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH0 D1
group by D1.c2, D1.c4, D1.c5),
SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH1 D1),
SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
T26564.GRADE_LONG_DESC as c4,
T26686.SCHOOL_NM as c5,
T26023.STDNT_WID as c6,
ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
from
W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
W_KPI_QTR_DAY_D T30647,
W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
count(distinct D1.c6) as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH3 D1
group by D1.c3, D1.c4, D1.c5),
SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
SAWITH4 D1),
SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
from
SAWITH2 D1,
SAWITH5 D2
where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
select D2.c11 as c1,
D2.c12 as c2
from
SAWITH6 D2
order by c2
Edited by: 965968 on Oct 17, 2012 11:49 AM

Similar Messages

  • Data Level Security issue

    Hello Gurus:
    I am having a problem with Data Level security.
    I copied my Production RPD and Webcat in Test, changed connection pool DSN and user/passwords.
    Now the problem is, a user who has same rights in Prod and Test, is seeing properly in Production, but sees nothing in Test.
    I am using initialization block from Siebel CRM Application. So customers are assigned to users based on their responsibility from S_RESP and S_USER.
    based on that, users can see the list of customers. Authentication is LDAP, same server for production and Test.
    Now, a user sees properly assigned list in Production, but not in Test. I dont know how to solve it. I searched query logs and stuff, but couldnt find anything.
    Please help me how should I investigate this issue.
    Thanks.
    Vinay

    Thanks for quick reply Stijn:
    Here are my inputs..
    1)"they see nothing"? means the dont see any customers in drop down. This is data level and not related to column or subject area. The only filter I use is
    "ATLAS Reports"."Dim - Accounts Hierarchy".LVL1ANC_ID = VALUEOF(NQ_SESSION."ORGS")
    This filter is applied to Customer hierarchy and couple of sensitive facts.
    The users are able to see all products because filter is not applied. I disabled the filter, and users could see everything. But I cant disable this in Production.
    2) What is the physical sql generated by the report? Set the loglevel of a user to a higher level in order to seet this.
    I am not able to set higher loglevel because i dont see the user in repository. All I see is GROUP, and they are assigned to particular groups based on GROUP session variable. Then filters are set on particular groups. How do I set logging level at Group level?
    3)Can you copy the query and run it against the test database. What results do you get?
    I can not see the query because of above reason.
    4)Does the user get the proper groups assigned? Yes. I put the session variable in title view to verify this.
    5) Are S_USER and S_RESP in Test equal to S_USER and S_REPS in Production? Yes.
    Let me know if you need more information.
    ~Vinay.

  • Data Level Security In OBIEE 11g based on the filters setup in RPD

    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.

    A.Y wrote:
    Hello All,
    We are trying to implement the data level security on a BI publisher report that is using BI server as the data source. The filters are created in the RPD based on user login ( session variable USER). From the documentation of BI publisher, I see that you have to enable the option Use Proxy Authentication to pass the user information down to BI publisher from OBIEE when using BI server as the data source to implement row-level security. After checking that option, the BI pub report does not render anymore. This is all in 11g. Can anyone help me with where I am going wrong?
    Regards,
    -Amith.Not sure, if anyone has yet ran into this issue, but the workaround we have implemented is to build a report in OBIEE and use the analysis query as the source for BI Publisher.

  • Alternative Data Level Security in OBIEE 11g

    Gurus - Wanted to put it out there if there are alternatives ways of achieving data level security as opposed to going the route of creating blocks that initialize session variables which can be applied onto tables through roles in the RPD? The main reason for asking was to try and prevent performance impact of having a significant number of init blocks running when an user logs into the application.
    Ganesh

    VPD [Virtual Private Database] would be an alternative for this.

  • Data level security in OBIEE

    We have implemented data level security by applying filters on groups in Obiee Administration tool. Here we have set filter on division(which is a column in Customer table). This is done so that user can see data for division for which he has access.
    When user creates report which consists of division column filter is working fine. E.g. if user1 has access to division1
    and when user1 cretes a report for (customerName,division,sales columns) he can see sales of customers belong to division1. But if user1 cretes report which does not contain division column e.g.(customerName,sales columns report) he can see all the customers sales data. How can we aoide that. We want User1 to see division1's data only irrespective whether division column is there in report or not.
    Can any one suggest what should be done to achive this.
    Thanks,
    Avdhut

    Hi friend,
    You need to create group of users and then apply filters over that groups.
    you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
    - Manage -> Security...
    - Groups -> click right group1 and select propierties.
    - Select button 'Permissions...'
    - Select tab 'Filters' -> add new filter.
    - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
    I hope this can help you.
    Good luck.

  • Data Level Security OBIEE,PLEASE HELP

    How can we implement data level security in OBIEE. For example, a Sales officer should only see data for his customers, similarly a Sales Manager should only be able to see data for Sales Officers working under him....
    any help would be appreciated

    Hi there are many blogs on data level security..
    understand the concepts and try to implement, if you stuck up anywhere will help you out..
    http://obieeblog.wordpress.com/2009/01/15/obiee-data-security-column-level-security/
    Data level security in OBIEE

  • OBIEE Data level security - OR condition among multiple filters

    Hi All,
    we have an requirement in OBIEE 11.1.1.5 to apply data level security based on mutiple dimension ( for example: Product, Geography and Customer). we have implemented by creating 3 groups one for each dimension,
    added appropriate filters for each group and applied on presentation layer. But when we see the query generated by OBIEE server all filters are getting applied with OR condition instead of AND.
    Could someone explain why this is happening so.. is this the actual behaviour of OBIEE or am i doing something wrong !!!!
    Example of the conditions added is
    Select * from table
    where Country='XYZ' OR Customer ='ABC' OR Product='123'
    Expected behavior is
    Select * from table
    where Country='XYZ' AND Customer ='ABC' AND Product='123'
    Thanks in advance..!
    Thanks & Regards
    Subhakar Parigi

    Hi,
    Any suggestion would be helpful.
    Regards,
    Subhakar P

  • OBIEE BI Apps data level security involving multiple PeopleSoft Segments

    Has anyone implemented OBIEE BI Apps data level security involving multiple PeopleSoft Segments and can provide some tips?
    Our PeopleSoft security grants access by 2 segment combinations:
    All Segment 3 (Department)  and any Segment 6 (Project)
    Specific Segment 6
    Specific combinations of Segment 3 and Segment 6
    In addition, there is a flag to indicate if the user also has access to payroll data. Payroll access is a subset of the general finance access.
    We've got a security init blocks running successfully for general finance and payroll access. We've created Data filters on the Segments for general finance access and GL Account for payroll access.  We designed dashboards to use Dept and Project from the Segments on the general finance dashboards and pull Dept and Project from GL Account for the payroll dashboards.
    The problem is both data filters are being applied to the general finance dashboards since the joins behind the scenes on the general finance dashboards use GL Account.
    Does anyone have a suggestion?

    Business Intelligence Applications

  • Regarding Data Level Security in OBIEE

    Hi,
    We are currently implementing Data level security in our project. We have created multiple groups in the repository and put business filters in the permissions tab for each of the groups. When a user belongs to more than one group then the backend SQL fired by the BI server has an OR condition between the business filters from different groups. Is there a way to force an AND condition between the filters passed from different groups?
    Thanks,
    Kartik

    Try this link
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    If the business unit is a column then try this
    Repository --> presentation Layer --> column --> properties --> permissions --> Give access to the user/group,for others disable the permission.
    Thanks
    Don

  • Dashboard prompts are getting cached and not working as per data level security

    Hi,
    Version: OBIEE 11.1.1.5 BP2
       We have dashboard prompts that have data level security defined in RPD - Content tab of an LTS.
    After clearing cache, the dashboard prompt applies the security properly. When another user who has a different security defined, is seeing the same prompt values on clicking the drop down of a prompt and also when they click search prompt popup.
    Issue is, for second user, I do not even see cached query in the session logs. Tried applying the DISABLE_CACHE_HIT=1 in the prompt sql results, no luck.
    But reports are applying the security correctly, issue is with prompts alone.
    Any thoughts on this?
    Thanks,
    Rajesh

    Just for others reference: We disabled caching on the table to avoid this issue.

  • Data-level security in user level

    Hi All,
    In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
    Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
    Is this possible to work in OBIEE 11g?
    Thanks.

    Hi,
    Yes it is possible,
    Please refer the below link.
    http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
    Hope this help's
    Thanks
    Satya

  • Data Level Security from rpd to Weblogic Server

    Hi,
    Req: To implement data level security through weblogic or external authenticator OID
    Current implementation: Created a grop in rpd UserG and configured permission settings with respect to subject area and assigned this group to users.
    such that, When User1 log in he will see his data and when User2 log in repective data
    New implementaion: We have to achive this data level security through weblogic or external authenticator OID
    How to acheive this?
    Thanks in advance!
    Satheeshkumar

    You can choose where to get the groups from either database or any provider and map them to Application roles in EM, but you would have to set up your data restrictions thru Application roles in RPD on your Facts and Dims based on your requirement.
    Now if your looking for bringing External groups using BISQLGroupProvider then refer to:
    How-to: OID Authentication with Groups Stored in an External Database Table - OBIEE 11g ~ Ask John OBIEE - Oracle Busine…
    For database groups with users mapped in it those tables then you can refer to:
    Jonathan's Tech Journey: OBIEE 11g Security part 1
    Hope this helps.
    SVS

  • Reg: Data Level Security

    Dear all,
    Need to implement data level security on particular column.
    for exmple: having one user called 'Bhargav' and he should able to see particular data like only one department called 'hyderbad'.
    when bhargav logged in he should see only hyderabad data.
    how can we implement this pls help me

    it would be help to you
    http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/

  • Object Level Security,Data Level Security&Row level Security

    can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
    Thanks in advance,
    Kumar

    Hi Kumar
    Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
    lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
    Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
    Please mark Correct or helpful if this clears

  • How to implement data level security

    How to implement data level security in BI Publihser?. I am using Obiee enterprise edition and bi publihser. My requirement is to show data based on User- Region relation ship.
    User A - belongs to Eastern Region
    User B - belongs to Southern Region
    so if user A logged in he should see only Eastern Region report. If user B logged in He should see only Southern region. I am using direct sql to my oralce database as data source.
    i appriciate your help

    I am using a common database username and password for jdbc connection. what i am looking is based the BI Publihser login, is there any way?
    say i have userregion table joined with fact. so that i can write a query to get the data
    select c1,c2,c3
    from userregion, fact
    where fact.region=userregion.region
    and userregion.user = BIPUBLIHSERUSER
    but my question is ithere any variable to tell who is logged in BI Publisher? Any server varaibles?
    Other related question is, In every report i want to show User name who is running the report. How can i get this?

Maybe you are looking for

  • Line attributes "stick"

    hi - I'm another Freehand holdout. 'nuff said. I'm using Freehand MX 11.0.2 on an iMac running 10.5.7 4 GB RAM. Anyway... I've found that I can't change the attributes like reducing the width of a line or removing (previously assigned) arrow points o

  • Why remote listener is used in RAc environment

    why remote listener is used in RAc environment

  • Premiere Pro CC wont activate

    I purchased Premiere Pro CC and tried to launch it but it keeps giving me a message saying my trial has expired and I need to license my software. When I clock to license the software it asks for a code which I don't have because its cc. I tried unin

  • New Article on Java Developers Journal

    "Java Data Object" by Teresa Lau http://www.sys-con.com/java/article.cfm?id=1899 We'd like to encourage SolarMetric's users to post their experiences with Kodo JDO on the JDJ newsgroup (same link as above) or work with us on developing a case study,

  • Trouble accessing legacy instruments in the Library in Logic 10

    If you just installed Logic 10 It's a simple bug to work around. First do it the hard way... In the inspector (left column) click on the instrument for your selected Instrument track. In the popup hover the mouse over Legacy and navigate to any instr