Database Level Security not working ???

The 10 g (10.1.2.1) documentation states the following:
Chapter 7 Controlling access to information:
"Regardless of the access permissions and task privileges that you set in Discoverer Administrator, a Discoverer end user only sees folders if that user has been granted the following database privileges (either directly or through a database role):
ex: SELECT privilege on all the underlying tables used in the folder "
So how come a folder (view in my case - not table) cannot be queried directly by a user, but the folder still shows up a choice when building a report using PLUS ? I am misreading the above ? For is sounds lilke to me if the user account does not have SELECT privilege then they will not see the folder in Discoverer ?
Anyone run into the same issue or have an explanantion ?
thanks
OBX

I think the user has access to see all the folders in the business area in Discoverer if he has permission to do so. This is a Discoverer level security to filter people who should not have access to the business area at all. You'll find that although they can see these Discoverer folders because the permission is set in Discoverer Administrator, that the database tables they are based on will not allow the users to see any of the data if they don't have those rights at the database level.

Similar Messages

  • Item level security not working when placed in a portlet page

    I have three page links linking to separate pages and have two of them with item level security turned on for specific groups with view privilges. I have the access for those groups with view privilges in the page level as well. I have published that as portlet and placed the portlet in another page which has view priviliges for the groups specified in item level as well.
    But I notice that when i place the portlet in a page, the item level security is not working.
    Item Level Security Not Working for Items Placed on a page and published as portlet and placed in another page. Is there some work around for this.
    Thanks
    Valli

    Would you please clarify for me? Is the problem that unauthorized people can see the portlet, or that unauthorized people can see the links?

  • Row Level Security not working for SAP R/3

    Hi Guys
    We have an environment where the details are as mentioned below:
    1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
    2. The SAP roles are imported in Business Objects CMC.
    3. Crystal Reports are published on the Enterprise as well.
    3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
    Any help in this issue is greatly appreciated.
    Thanks and Regards
    Kamal

    Hi,
    In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
    This tool defined which tables are to be restricted based on authorizations.
    However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
    You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
    thanks
    Mike

  • Item Level Security not working with Tabs

    I've Portal 9.0.2.2.22
    This issue is with Item Level Security with Tabs. Here is what I've have:
    Page Group: MyPagegroup (Privs: portal => Manage All)
    Page: MyTestPage (Privs: portal => Manage All,
    testUser => View)
    There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
    Now here are the two scenarios that I'm having problem with:
    1) MyTab (portal => Manage All, testUser => view)
    image1 (ILS enabled: portal => Manage All)
    image2 (ILS enabled: portal => Manage All,
    testUser => View)
    When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
    2) MyTab (portal => Manage All)
    image1 (ILS enabled: portal => Manage All,
    testUser => View)
    image2 (ILS enabled: portal => Manage All)
    When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
    Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
    If I don't put the items under a tab, then things work as expected.
    thanks
    Lalit Agarwal
    Vienna, VA
    703-521-5200 x3610

    This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
    Regards,
    Jerry
    PortalPM

  • Object Level security not working on OBIEE 11g 11.1.1.7

    Hi,
    I am experiencing problems with object level security applied on application role in 11.1.1.7 version. If i create a user and assign that user to a application role and give that application role permission to Access Answers in Manage previleges, it is not working. If i directly add a user to permission list in Manage previleges section then user is able to access the answers. I added that application role in "Access to Answers" section in Manage previleges section. Permission for Authenticated users is denied.
    We recently upgraded from 11.1.1.5 to 11.1.1.7. Please can someone confirm if it a bug in 11.1.1.7 or it is because of the upgrade process.
    Regards,
    Sandeep

    Hello Sandeep,
    I have just verified the below scenario as you said but didnt find any issue.
    I have just created a User, Group and Applictaion Role under default authentication provider . Assigned user under group and group under newly created application role and provided access to answers for new application role under manage privilages and I am able see it.
    This might not be a 11.1.1.7 bug check it from upgrade end.
    Regards,
    Srikanth

  • Crystal reports LOV cascading prompts row level security not working

    Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
    Using XIR2 environment.
    Appreciate the response.
    Thanks
    Chenthil

    Hi Chen,
    In terms of what could be done on the Crystal Reports end, there is no such controls available.  However, your question may be better answered if it was posted to our Business Objects Enterprise forum. 
    It is at "BusinessObjects Enterprise Administration" section of the forums.
    FYI.

  • Obi 11g row level security not working

    All,
    I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
    Very frustrated... ;(

    Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
    1) I created a test user
    2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
    3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
    4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
    5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool.

  • Row level security not working if I hit the aggregate

    I have applied row level security on presentation layer , however it does not work if the report hit the aggregate any idea on this...

    Hi Ingo,
    Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
    This custom auth object is maintained for the PA0001 table.
    This object is added at the role level with the restricted access to the Company Code..

  • Group Level Data Level Security not working

    I'm trying to test the data level security at the group level.
    Here's what I did
    1. Went to the security -> Groups -> Permissions -> Filters
    2. In Name added the Fact table on which I want to filter.
    3. Selected "Enable"
    4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
    When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
    Am I missing something in the creation of filters?
    Thanks in Advance.
    Rama.

    Hi,
    If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
    Hope this helps.
    Regards,
    Sandeep

  • Row Level Security Not working for the ECC table.

    Hi All,
    We have created a crystal report using SQL Driver.
    We have set the row level security on PA0001 table so that we can restrict the query based on Company Code.
    But when I run the report, it bypasses the row level security and gives access.
    Am I missing some configuration?

    Hi Ingo,
    Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
    This custom auth object is maintained for the PA0001 table.
    This object is added at the role level with the restricted access to the Company Code..

  • Access Control Mechanism (data level security) not working properly

    Hi Experts,
    I have done datalevel security for groups by help of a database table. This table contains UserId, Dept. code, GroupName column. UserID are verified by LDAP server during logging into Dashboard. I have made two init blocks for GroupName and Dept.Code .
    Query is :
    SELECT 'Group', GroupName from TABLE
    Where
    UserId = ':USER'
    Similiar query is for Dept Code.
    There are two groups ; 1. CC_User 2. Full_User. I have applied filter in PERMISSIONS for CC_User on Fact table on Dept Code. So, user in this group may see data for Dept Code aligned to him in the table. All_User may see whole data for All Dept Codes as NO filter is applied on this group.
    Dept Code , UserId and GroupName are Varchar.
    Now problem is this when a user have membership of one group , it works fine. For CC_user it shows data for its Dept Code and All_user may see whole data.
    But When A user have permission of both the groups , only data related to CC_User group is visible. But, in my view , maximum permmision out of the both groups must be applied to the user if he belongs to more than one group.
    So , here , he must see whole data, as All_user group can see full data.
    Does least restrictive permmission happens in case of membership of more than one group in OBIEE.

    848839 wrote:
    Does least restrictive permmission happens in case of membership of more than one group in OBIEE.Indeed it does. The most restrictive filters get applied if a user belongs to multiple groups that have filters at various levels of data because its always an AND clause in the where condition. This is the sort of behavior in various tools I have seen apart from OBIEE.
    Hope this helps.
    Regards,
    -Amith.

  • Creation of a Database Schema is not working (Into a Sync Group)

    Hello,
    We have in: Sql Databases > Sync > Sync Group, a group called "SyncGroupViviendasProyectosVentasPruebas"
    If we go to "Sync Rules" and click "DEFINE SYNC RULES", no matter the databse we choose (there are 2), when we click in "REFRESH
    THE DATABASE SCHEMA" it dont works!
    It seems to be working but minutes later there is no Schema created.
    Why? Why the Create Database Schema is not working?
    Thanks,

    The detail error log from our service backend is:
    'Type=Microsoft.SqlServer.Management.Sdk.Sfc.InvalidVersionEnumeratorException,Message=Operation not supported on version 11.0 SqlAzureDatabase.,Source=Microsoft.SqlServer.SqlEnum,StackTrace=   at Microsoft.SqlServer.Management.Smo.XmlReadDoc.LoadFile(Assembly
    a, String strFile)
       at Microsoft.SqlServer.Management.Smo.SqlObject.LoadInitDataFromAssemblyInternal(Assembly assemblyObject, String file, ServerVersion ver, String alias, StringCollection requestedFields, Boolean store,
    StringCollection roAfterCreation, DatabaseEngineType databaseEngineType)
       at Microsoft.SqlServer.Management.Smo.SqlObject.LoadInitData(String file, ServerVersion ver, DatabaseEngineType databaseEngineType)
       at Microsoft.SqlServer.Management.Sdk.Sfc.ObjectCache.LoadElement(ObjectLoadInfo oli, ServerVersion ver, DatabaseEngineType databaseEngineType)
       at Microsoft.SqlServer.Management.Sdk.Sfc.ObjectCache.GetElement(ObjectLoadInfo oli, ServerVersion ver, DatabaseEngineType databaseEngineType)
       at Microsoft.SqlServer.Management.Sdk.Sfc.ObjectCache.GetAllElements(Urn urn, ServerVersion ver, DatabaseEngineType databaseEngineType, Object ci)
       at Microsoft.SqlServer.Management.Sdk.Sfc.Environment.GetObjectsFromCache(Urn urn, Object ci)
       at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.GetData(Object connectionInfo, Request request)
       at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.Process(Object connectionInfo, Request request),'
    It might be a collation/SMO issue after I do some research, so may I know that have you change the collation of you SQL Azure database? If yes, please try to use default collation and try again.
    Regards,
    Bowen

  • Web Database Level Security

    Is there any tools in an Oracle database or by Oracle to encrypt data in the database in 8.05 database or earlier?
    How to be secure my database from hacking people???
    If anybody have an ideas about Database Level Security, Please send message to my [email protected] id...

    Hi Soni,
    Yes, you could.
    Two options I can think of:
    - Program WS-Security for your specific web service
    - Use Oracle Web Services Manager
    With respect to the latter: I believe there is no OWSM policy step to handle your requirement out of the box. OWSM comes with policy steps for file-based authentication as well as for authenticating against Active Directory or a generic LDAP directory.
    In this case you could opt for the creation of a custom policy step.
    Hope this help.
    Sjoerd

  • How to create Database level Security in OBIEE

    Dear Experts,
    Can you kindly tell me the steps on how to create a database level security on OBIEE.
    Please can some one give me the scripts and tell me how to implement tht in the RPD.
    Thanks in advance,
    Anand

    If you are looking for Database Level security in OBIEE the only route to truly accomplishing this is using the Oracle Virtual Private Database concept.
    http://obieeblog.wordpress.com/2008/12/29/obiee-and-virtual-private-database-vpd/
    http://gerardnico.com/wiki/dat/obiee/vpd

  • Finger print security not working

    Finger print security not working for probook 4540s 64 bit windows8(now updated to 8.1)

    Hi shabin919,
    Your ProBook 4540s is a commercial product and to get your issue more exposure I would suggest posting in the commercial forums. Here is a link to the Commercial Notebook forum.
    Thank you,
    Please click “Accept as Solution ” if you feel my post solved your issue.
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    Thank you,
    BHK6
    I work on behalf of HP

Maybe you are looking for

  • Can I Network My Mac With Windows XP Pro With This Setup?

    Hey Folks. I have an iBook G4, OSX 10.4.7 and I want to network and or remote access with a Windows XP Pro laptop. In the household, we have DSL with SBC Global. We have a Linksys router. I have an Airport Extreme wifi card, the PC is hooked directly

  • Multiple Corner Types (Miter, bevel, round) in one path

    I'd like to be able to have multiple types of corners within one path. I'd like to have a path where the first point is a bevel corner type, the second point is a miter corner and the third is a bevel again. Of course switching between any corner typ

  • HELP- Itunes update has deleted music

    I've just updated to Itunes version 7.3.1.3 and my music has gone from 4500 songs to 1800 songs. Any help would be greatly appreciated as I can't find them anywhere. Thanks

  • Cover flow in Safari 4.0.3

    I'm running Safari 4.0.3 in Snow Leopard without too much trouble. I like cover flow (though I know it's mostly cosmetic) but many of my bookmarked sites won't show even after directly visiting them. Cover flow just displays a blank, though other sit

  • How to switch from Picasa to Aperture?

    Picasa for Mac does not perform too well with a large photo collection and I would like to try Aperture. How do I transfer my albums and starred images to Aperture? I have put hundreds of hours of work into my Picasa collection and don't want to loos