How to Apply Row level restrictions On objects

Similar Messages

• Applying Row level restrictions on a Table and Contexts

  Hi Techies,
  Here I have a question in applying the row level restrictions on a columns.
  Let me explain some more about the same,....
  I am working on Designer ( SAP BO XI3.1)
  In my universe, I have 6 Contexts , I have one main table in each context and I want to apply row level restriction on a column from each table involved in the context.
  When I am doing this only I am able to add the restriction on only one table from a context. and the rest other contexts are missing.
  here I want to apply the restrictions on all 6 tables in a single restriction to the group.
  Please help me on this....

  I think if you are applying row level restrictions on each tables that are being used in universe then u must be adding all the context in your webi reports.
  So I think you need to add tables and apply where condition on each tables and your restriction will work.
  I will create one demo universe and try to apply the same and revert you asap.

• How To Apply Row level security ??

  Hi all,
  I want to apply row level security on one of my custom objects created in PO schema in R12. How to do that??
  Thanks and Regards
  Raj

  Thank You Gaurav
  --Raj                                                                                                                                                                                                                                       

• How to apply row level security against the database administrator

  I would like an advice in applying row level security against the database administrator. We need to prevent DBA from editing data in some table rows or have any indication that data was corrupted.
  There is no problem in viewing the data so we considered one way hash function or digital signature which will be stored in the same table, but we see following disadvantages:
  HASH - DBA may use the same hash function to update the stored data after he changes the sensitive row.
  Digital signature - the is a need to manage and keep the private key in a safe place outside of DB
  Is there additional ways to achieve the aim?

  Does VPD helps to prevent from DBA to edit/view a data in specific rows?Yes.
  If I correctly understand, DBA has full access to security policy used by VPD to control the access and can grant himself privileges that I don't want.You can to define which users can be exempt of the politics, for the context or by Grant EXEMPT.
  This includes DBAs.
  The simple fact of being DBA doesn't guarantee the exemption.
  Everything goes to depend of the VPD config.

• How to apply row restrictions to universes generated via Universe builder

  I have a universe generated via Universe Builder. The source is SAP BW.
  Now I want to apply row restrictions using some external security tables available inside another schema of my datawarehose. Restrictions should be like:
  0 < (select count(*) from SECURITY_TABLE x   where x.name = @Variable('BOUSER')   )
  How I can do it ? How I can reference this external security table ?
  Thanks

  Umberto,
  Row level securtity does not seem to be avaible in Designer when using a SAP BW source.
  For the SAP BW related sources you would need to set the connection to use SSO and within BW apply authorisations on the objects/dimesions restricting users i.e implementing row level restrictions and use this object in universe and report so that the authorisations are honored in SAP BW.

• How to make Management of row level restrictions easy for webi reports?

  Hi all
  Our BO Product version is 12.3.0.601 (BO 3.1)
  We are applying row level security for webi reports at universe level...
  Since  Universes are more in Number we have to create same restrictions and apply it to the users lets take a restrictions on region....which is common across all universes.
  So the problem lies with the management of restrictions created at universe level.
  Can we have a setup in where we can centralized the restirctions at a place so that management would be easy ......???
  Shall we have to import the roles(restrictions) from R/3 or BW or Database level...?
  Then how we will restrict our report (webi) to a region?????
  So basically webi reports should run with the restrictions lets say region....How we will achieve this?/
  Thanks and Regards
  Ritu Raj

  Hi,
  what is your Datasource?
  If its SAP BW i would highly recommend you use the SAP Authentication in your  BOE XI 3.1 So the users log into BOE with their SAP Username and Password and than the Data restriction of your BW takes place when the users run their Reports.
  Informations on how to confiure the SAP Authentication you will find in the installation Guide of the SAP ITK.
  Regards
  -Seb.

• Row Level Restrictions on DeskI Report not working under InfoView

  When running/refreshing DesktopIntelligence XI r3 (Full Client) reports under InfoView, the row-level restrictions applied in the universe are not being included in the SQL (additional filtering is NOT happening). However, if a user creates a report using the same universe in WebIntelligence or if the user runs the same report in DesktopIntelligence, the row-level restrictions are working.
  It strikes me that the problem has to do with security rights granted (or not granted), but I can't figure out which settings would allow the proper running of a DeskI report under InfoView.
  Thanks for any assistance rendered!

  Mike,
  Do people connect to Infoview and Deski using the same authentication method and the same username?
  How does this compare to how your data restrictions are configured?
  Are you using @Variable('BOUSER') restrictions? Have you taken domain into account e.g. "Domain\UserName" vs "UserName"?

• How to implement row level security?

  Hi all,
  There is a database which is for 3 companies to use it and how to use row level security to make sure that they can only manipluate their own data? For example, "employee" table, for each company they just can see their own employees information. How to use dynamic view to do it?
  Many Thanks
  Amy

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.

• How to Migrate Row Level Security Configuration

  Hi Guys,
  Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
  Thank you in advance,
  Bob

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.

• How to apply Table level Break in the WEBi Report

  Hi,
  How we can apply the table level break in the WebI Report.
  I know a bit bt i dont know its right or wrong.. Initally we normally create a table(with the values(which has 2rows(1: for naming  and 2: for associating the object with it at down of it  ie., one above and one below)) and at the top of that present table we will insert a "ROW ABOVE" to the naming row and then we insert a "Row below" to the object values  and drag the first coloumn of the first row almost invisible(naming row) and then the same in next row(objects associating values for naming)... is this ryt.. if NO  thn let meknow the various ways to do it..
  Thank you in Advance....

  Hi,
  what is your requirement. if to show subtotal then create one table and select one column and apply break.
  Thanks,
  Amit

• How to implement row level secuirty at universe level

  Hi All
  How can we implement row level security in universe ?
  John

  HI,
  Can we try this?
  Open designer >>tools>>Manage security>Manage access retrictions
  Click on "new" under available restrictions area .
  Select "rows" tab click add select the table and an appropriate where condition.
  Click ok .
  Add a user\group on which the retriction is to be imposed Click Ok.
  Hope this will help
  Kultar

• How to implement row level security using external tables

  Hi All Gurus/ Masters,
  I want to implement row level security using external tables, as I'm not sure how to implement that. and I'm aware of using it by RPD level authentication.
  I can use a filter condition in my user level so that he can access his data only.
  But when i have 4 tables in external tables
  users
  groups
  usergroups
  webgrups
  Then in which table I need to give the filter conditions..
  Pl let me know this ...

  You pull the Group into a repository variable using a session variable init block, then reference that variable in the data filters either in the LTS directly or in the security management as Filters. You reference it with the syntax VALUEOF("NQ_SESSION.Variable Name")
  Hope this helps

• How to enforce row level security on MSAS Cube

  We have to enforce row level security on MSAS Cube based on BOUSER.
  We are using a security table which contains BOUSER ID and Location ID
  We need help in joining the security table with MSAS Cube.
  Thanks

  HI,
  I haven't worked with cubes. But the will the knowledge I have in Universe, could probably help you.
  As you already have a table which maintains BOUSERID and location id, you could probably join location id with MSAS cube id.
  If you don't want to use this userdefined security table, you can use the inbuilt Row level security option.
  Go to Tools -> Manage access REstrcitions --> Create a new restriction --> Rows tabe ---> give a expression with BOUSER
  Hope this helps.

• Applying row-level security to crystal report instance

  Hi
  we have created crystal reports based on sap r/3 data using open sql driver and imposed row level security and published to BOE.The user when opens report with view on demand can see the data which he is supposed to see.
  Is it possible to schedule a single instance of the crystal report and then all the users access the instance and see the data that they are supposed to see.If not what is the other way out.
  Thanks in advance.
  Kamal

  Hi,
  I didn't try it so far
  but I found this Link:
  http://neverknewthat.wordpress.com/2007/11/06/row-level-security-trick-with-crystal-reports/
  -> create Instance with full authorization
  -> Join CR-Result with Customer-Table: User Authorization
  Max

• [CS5] How to apply outside stroke to (united) objects without covering them?

  Hi guys,
  AI CS5 is brilliant, I love it - that's beyond any doubt. But I found one more issue which I cannot solve...
  I want to apply outside stroke (Align Stroke to Outside) on my just outlined copy but it covers other objects.Take a look at this preview.
  With CS4 I simply outlined and merged objects by using pathfinder. Also new Shape Builder tool won't work because these objects are all separated. Let me know if you have any ideas to solve this issue
  Thanks!

  Well i did not know how you prepared the file so thought you might have the stroke on top.
  Above the fill of the characters
  below the fill at the character level
  edit
  here it as compound paths