How to do data level security on users based on region

Similar Messages

• How to implement data level security

  How to implement data level security in BI Publihser?. I am using Obiee enterprise edition and bi publihser. My requirement is to show data based on User- Region relation ship.
  User A - belongs to Eastern Region
  User B - belongs to Southern Region
  so if user A logged in he should see only Eastern Region report. If user B logged in He should see only Southern region. I am using direct sql to my oralce database as data source.
  i appriciate your help

  I am using a common database username and password for jdbc connection. what i am looking is based the BI Publihser login, is there any way?
  say i have userregion table joined with fact. so that i can write a query to get the data
  select c1,c2,c3
  from userregion, fact
  where fact.region=userregion.region
  and userregion.user = BIPUBLIHSERUSER
  but my question is ithere any variable to tell who is logged in BI Publisher? Any server varaibles?
  Other related question is, In every report i want to show User name who is running the report. How can i get this?

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• Data level security in ldap

  Hi Experts,
  I am new to obiee
  can you any one explain how to give data level security if we use LDAP authentication
  it would be great help for me.
  thanks in advance.
  reg,
  jell

  Hi,
  Security LDAP.
  For Authentication purpose we can use LDAP.
  For Data level security purpose you can use external table.
  Ex: user's comming from LDAP for Authentication purpose
  Please refer the below link.
  http://satyaobieesolutions.blogspot.com/2012/06/dataobjectcolumn-level-security-in.html
  http://satyaobieesolutions.blogspot.com/2012/06/external-table-authentication-and-row.html --- External Table.
  Hope this help's
  Thanks
  Satya

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Data level Security in Essbase

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  Please tell me how to do it?
  Regards,
  Suman

  to make your security maintenance easier, I would suggest putting the users into groups and assigning the filters to the group. If you do it at the indivual level, the user can only have one filter assigned to them, but each group could have a different filter. So for someone who should see Americas and Asia have a group calle America and one called asia. put the user into both groups and assign the america filter to the first group and asia filter to the second group

• How to implement row level security?

  Hi all,
  There is a database which is for 3 companies to use it and how to use row level security to make sure that they can only manipluate their own data? For example, "employee" table, for each company they just can see their own employees information. How to use dynamic view to do it?
  Many Thanks
  Amy

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.

• Authorization: data level security by cost center to finance line items

  We have a business unit request requiring implementation of cost center data level security through FI transaction codes for financial line items.  Example requirement:  Cost center manager can execute FS10N GL account line item display, drill into the balance and only return those line items to which the cost center manager has access.   Cost center managers currently report their cost center expenses via cost center accounting report and through those reports are able to drill into the FI line items to display document and line item details.  Cost Center managers, due to their varied responsibilities, also have access to tcode FS10N, from which if they execute reports directly, can access data for cost centers which they are not responsible for.
  Our security team has stated that the determination of authorization objects which are checked at transaction code/program execution are not configurable.  We’ve found when debugging that it would be possible to implement user exits for additional authorization checks, but that in order for the authorization check to actually get called, the object must be set as ‘checked’ within SU22/SU24.
  Has anyone had a request to implement such cost center data level security for financial line items through Financial transaction codes?  If so, what steps were taken to be implemented?   Was this able to be accomplished via security configuration and PFCG security role updates or was custom code logic needed?  If custom  logic was needed, to what extent was this implemented (what tcodes/programs were included; how was the decision of what to include and exclude determined).   What was the duration of this effort?
  Has anyone had a request to implement such cost center data level security request for financial line items via Financial transaction codes and not implemented the request?  How was this communicated to the business that the request for data level security goes against SAP’s authorization design?
  Thank you in advance for your input,
  Becky Zick

  Hi Becky
  Have you tried with object K_REPO_CCA? You have available these fields to filter authorizations.
  I hope this helps you
  Regards
  Eduardo

• Data level security in OBIEE

  We have implemented data level security by applying filters on groups in Obiee Administration tool. Here we have set filter on division(which is a column in Customer table). This is done so that user can see data for division for which he has access.
  When user creates report which consists of division column filter is working fine. E.g. if user1 has access to division1
  and when user1 cretes a report for (customerName,division,sales columns) he can see sales of customers belong to division1. But if user1 cretes report which does not contain division column e.g.(customerName,sales columns report) he can see all the customers sales data. How can we aoide that. We want User1 to see division1's data only irrespective whether division column is there in report or not.
  Can any one suggest what should be done to achive this.
  Thanks,
  Avdhut

  Hi friend,
  You need to create group of users and then apply filters over that groups.
  you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
  - Manage -> Security...
  - Groups -> click right group1 and select propierties.
  - Select button 'Permissions...'
  - Select tab 'Filters' -> add new filter.
  - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
  I hope this can help you.
  Good luck.

• Data level Security for Oracle Apps as Source

  Hi all
  I need to implement Data level Security on Apps Users in OBIA
  We are using Apps as source with Single sign On. I need to apply Data level security on Business Group Field.
  We dont have users in OBI, we need to register apps users in OBI.
  Could anybody tell me how to register Apps users in OBI???
  OR tell me if you know some other way to implement D L Sec on Single sing On and Apps as source.
  Thanks in avd
  V P

  You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
  Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
  I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

• Data level Security with Oracle Apps as Source

  Hi all
  I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
  I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
  (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
  I have created Groups in rpd with same name as the responsibility in Apps.
  I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
  I have created Group in WEB with the same name as the Group name in rpd.
  If I say show all Users and Groups in WEB, I m getting the APPS Users.
  I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
  But in the Report, I m getting all the Business Group Ids,
  Plz advice if I m doing something wrong.
  ThanQ
  Anand

  You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
  Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
  I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

• Data Level Security in OBIEE  Enterprise Edition

  HI,
  would like to know how to implement row-level security in OBIEE Enterprise Edition
  Setting up the context right here, considering a hierarchy of an organization that goes up to 4 levels as below:
  VP >Senior manager>Manager>clerk
  Now, the situation is such that a manager should be able to view its subordinates data but not the data of any other team to which he does not have access. And also the manager should view only his regions data.Same goes for other hierarchies in the organization.
  Any pointers in this regards i.e OBIEE ADMIN TOOL: SECURITY AUTHENTICATION THROUGH EXTERNAL DATABASE would be of great help.
  Source system is SIEBEL CRM 7.8
  THanks
  Gutha

  Hi,
  I can help you for Authentication using BI Server.
  For teh same you can use admin tool then manage>security> users and Groups.
  You can create different groups as well as users accrording to you hierarchy and then provide privilages users or groups according to your need like particular user can view the data of particular level.
  When you create users then in the user page you can provide the filter conditions in filter tab and same as in groups.
  Regards
  Tarang Jain

• Object Level Security,Data Level Security&Row level Security

  can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
  Thanks in advance,
  Kumar

  Hi Kumar
  Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
  lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
  Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
  Please mark Correct or helpful if this clears

• What if I implement data level security using Selection formula?

  Hi All,
  I have a requirement to implement data level security for all the reports, the thing is, we donot have a front end application developed in java/.net or any other language, so we have only two options (as per me, if you think there are other alternatives then please share).
  1) Implement security at the database level (that is use user roles in where clause which will make the where clause really complicated and hence the performance of the query will eventually decrease).
  2) Retrieve the data with the flags of user role/permission on data. Use these flags in selection formula to select the needed records as per the user login.
  I have already in middle of implementing the second method, thought to take suggestion from you guys, I appreciate if you could tell me the drawbacks of the method I am using, and if there is an alternative method you could think of.
  Thanks,
  -Azhar

  Standaone Crystal Reports does not have any security option except to use Trusted Authentication when connecting to the DB. We use Microsofts NT or MS SQL Server Authentication only.
  Doing this in CR Designer using flags and formula will never be secure, the user could simply change the formula etc...
  Check with your DBA on how to configure AD authentication and then enable or add each user to SQL server. You may need to configure and mantain this manually depending on how you ahve your network configured.
  Thank you
  Don

• How to Migrate Row Level Security Configuration

  Hi Guys,
  Does anybody know how to migrate row level security configuration? I suppose PeopleSoft provided a data mover script, like securityexport.dms.
  Thank you in advance,
  Bob

  Here are two options to achieve what you want.
  A. You can do this by coding, that's if you are ready to. Are you? If yes then try the steps below:
  1. create a security codes table. Say for example
  001 - company a
  002 - company b
  2. create a security table that will list all users and which company they should have access to. You can also implement this by roles.
  3. alter all tables in the application schema to add a security code column. This will be a foreign key reference to table created in 1 above.
  4. update all data in the tables according to which company they belong to.
  5. write a procedure or package that does a validity check whenever a user requests for data. This procedure/package determines which company data the user has access/rights to.
  With this, you should be able to achieve what you want if you do not want to spend on VPD and FGAC. The problem comes where there are users who would have cross access to data from both companies. In this regard, then you have to modify your security table a little bit to handle this.
  B. This option i will admit is not so clean. You can also achieve this by two different views for every table in the application schema. And on each of these views, create a private synonym for every user. For illustration purposes:
  Table name = Employee.
  Create a view employee_a on employee
  create a view employee_b on employee
  Let's say you have users x and y. X has access to employees of company a and y has access to employees of company b. You can now create private synonyms for each of these users as follows:
  create synonym employee on employee_a in x schema.
  create synonym employee on employee_b on y schema.
  This i have not tried but believe should work.
  Hope one of these options serve your purpose.