How to set up row-level data security in BO XI r2

I need to get Data/Row level security into my BO XI r2 report.
A logged in user should be able to view info on pertaining to him without refreshing it.
how do i incorporate this feature into my report?
its possible to do this by setting a filter using the currentuser() function.
however it requires a refresh of the report.
hence the new user shall be able to view the data of the previous user. i need to enforce more security on the data. How do i do this???

Hi Anamika, here is a sample of what the cv_security view might look like:
create or replace view cv_security
as
select distinct sec."gid", sec."uid", sec."from", sec."to"
from
-- All users where NO LIMITS APPLY (sg.group = 1)
(select distinct
sg.group_id as "gid",
sg.user as "uid",
'----' as "from",
'ZZZZ' as "to"
from dual sr, sec_groups sg, sec_users su
where su.user(+) = sg.user
and su.status = 1
and sg.coding = 'GL'
and sg.group = 1
union all
--All users with specified sec_ranges
select distinct
sg.group_id as "gid",
sg.user as "uid",
case when sr.from is NULL
then ' '
else sr.from
end as "from",
case when sr.to is NULL
then ' '
else sr.to
end as "to"
from sec_ranges sr, sec_groups sg. sec_users su
where su.user(+) = sg.user
and su.status = 1
and sg.coding = 'GL'
and sg.group_id(+) = sr.group_id) sec
grant select on cv_security to ROLENAME
Notes about cv_security:
1) For those users with NO LIMITS APPLY (i.e. Admin staff) hard code an absolute range of RC codes from '----' to 'ZZZZ' to ensure you trap all possible alpha-numeric values.
2) For those users with NO LIMITS APPLY (i.e. Admin staff) substitute the sec_ranges table with dual
3) su.status = 1 to a filter to report on only active users
4) sg.coding = 'GL' is assessing the General Ledger coding dimension of the multi-dimensioned security matrix of our Financial system (this may not apply to you)
Responses to your questions:
Q- Does it involve self join between view cv_secured_detail? A- Yes, the 1:N cardinality is a self join between view cv_secured_detail and itself.
Q- What is the difference between steps 3) and a) below it. A- Step 3a) is simply the act of importing the cv_secured_detail Oracle View as a BO Universe Class, with it's columns known to the BO Universe as Objects
Q- Can the tables from which report data is fetched be included in the Universe? or should they be part of cv_secured_detail view.
A- I'm not sure if I understand your question, but I might phrase it another way - Once you create the cv_secured_detail view, and the Universe from this view, with the user = 'BOUSER' limiter. The universe is then used to design the CR, by virtue of it belonging to the CMS Repository, you as the report designer have to log into the CMS repository using your LDAP credentials, if a match is found against the cv_security view your data is automatically row-level secured. In outher words, whatever is declared in the view, is in the universe, and is ultimately available to the report.
Does this help?
Bill.

Similar Messages

  • How to set Max Rows Retrieved by user security profile in CMC?

    Hi
    As we know, it is possible to set Max Rows Retrieved with query property (in the area 'Limits').
    However, it is mentioned in official documents that this setting can be overwritten by the BOE administrator in user security profile. Could any one tell me how this is done in CMC?
    Thanks in advance!
    Qing

    Hi Rishit,
    Thanks for your answer!
    Had a long holiday, so didn't give a feedback in time. Sorry for that!
    There is a tab 'Controls' in Universe Parameter, where there is a setting used to limit the size of result set.
    Then what's the priority between this setting and the similar setting in WebI query properties?
    However, acutally my question is how to set the limitation by user security profile in CMC.
    Do you have any idea about it?
    Qing
    Edited by: Qing Zhou on Jun 21, 2010 11:12 AM

  • Relationship between header and row level data.

    Hi all
    I need to know how to relate a field in the header level and the row level...
    On my row level i want the route id to be related to the route name field at the header level...instead of showing this route id  it must show only the header so...based on the row level data the header must change...
    I tried insertin the field but when i do a relate to on either fields its showing me only fields on that catagory ( Header only or Row Level only)
    Thanks

    The Header is evaluated and printed first and then only Repetitive area is computed and printed. You cannot try to arrive header based on the Repetitive area.
    Please explain in detail which screen etc.. so that we can suggest some work arounds

  • How to set max rows in flowed textfield?

    Is there a way to limit the rows allowed to input on a flowed textarea? I now we can limit the length of max chars, but that would not help me.

    Hi Rishit,
    Thanks for your answer!
    Had a long holiday, so didn't give a feedback in time. Sorry for that!
    There is a tab 'Controls' in Universe Parameter, where there is a setting used to limit the size of result set.
    Then what's the priority between this setting and the similar setting in WebI query properties?
    However, acutally my question is how to set the limitation by user security profile in CMC.
    Do you have any idea about it?
    Qing
    Edited by: Qing Zhou on Jun 21, 2010 11:12 AM

  • How to set page number & current date in sqlplus result

    how to set page number & current date in sqlplus result

    Hi,
    Use the TTITLE command. For example:
    SET     PAGESIZE     15
    TTITLE     LEFT  &_date     RIGHT  "Page:" FORMAT 999 sql.pno     SKIP 2
    SELECT     ROWNUM
    ,     ename
    FROM     scott.emp
    ;Output:
    12-Jan-2011                    Page:   1
        ROWNUM ENAME
             1 SMITH
             2 ALLEN
             3 WARD
             4 JONES
             5 MARTIN
             6 BLAKE
             7 CLARK
             8 SCOTT
             9 KING
            10 TURNER
    12-Jan-2011                    Page:   2
        ROWNUM ENAME
            11 ADAMS
            12 JAMES
            13 FORD
            14 MILLER 
    I hope this answers your question.
    If not, post a little sample data (CREATE TABLE and INSERT statements, relevant columns only), and the results you want from that data. If your question is based on commonly available tables, like those in the scott schema, then you don't have to post any sample data: just post the output.
    Explain how you get those results from that data.
    Always say what version of Oracle (and other relevant softward, SQL*Plus in this case) you're using.

  • How to set special rows in jtable not selectable

    Hello programmers,
    anybody knows how to set special rows(p.E. row 0) in jtable not selectable.
    in advance thanks for your answers

    table = new JTable(...)
         public void changeSelection(int row, int column, boolean toggle, boolean extend)
              if (row == 0)
                   return;
              else
                   super.changeSelection(row, column, toggle, extend);
    };

  • How to set default value to date type attribute.

    Hi,
    How to set default value to date type attribute.
    E.g I want to set u201C01/01/1999u201D to date attributes.
    First i want to set value and then i want to fetch the same & want to check equals.
    please suggest solution.
    Regards,
    Smita

    Hi,
    In wdinit() method u can set the date
    DateFormat df = new SimpleDateFormat("MM/dd/yyyy");
    Date today = Calendar.getInstance().getTime();
    String reportDate = df.format(today);
    wdContext.currentContextElement().setFromDate(reportDate);
    Another way you have set the this formate like that
    1. Create a Simple type under "Dictionaries->SimpleType" called DateFormat
    2. Select the type as "date"
    3. Go to the "Representation" tab and set the format as "dd/MM/yyyy" (or whatever u want, but month should be MM)
    4.Bind the context attribute to the type created now.
    Hope this helps u.
    Best Regards
    Vijay K

  • How to set transaction isolation level for a method in a Local Interface

              By reference at:
              http://e-docs.bea.com/wls/docs61/ejb/reference.html#1071267,
              the value for method-intf can only be "Remote" or "Home".
              My question is--
              How to set transaction isolation level for a method inside a Local Interface or
              Local_Home Interface?
              Thanks.
              Xing
              

    I'd try 6.1SP2. I'm pretty sure this works now.
              -- Rob
              Xing wrote:
              > I tried "Local", but got an error when deploying the EJB jar, saying that only
              > "Remote" or "Home" is allowed.
              >
              > Any idea?
              >
              > Xing
              >
              > Rob Woollen <[email protected]> wrote:
              > >
              > >
              > >Use LocalHome or Local.
              > >
              > >-- Rob
              > >
              > >Xing wrote:
              > >
              > >> By reference at:
              > >> http://e-docs.bea.com/wls/docs61/ejb/reference.html#1071267,
              > >> the value for method-intf can only be "Remote" or "Home".
              > >>
              > >> My question is--
              > >>
              > >> How to set transaction isolation level for a method inside a Local
              > >Interface or
              > >> Local_Home Interface?
              > >>
              > >> Thanks.
              > >>
              > >> Xing
              > >
              > >--
              > >
              > >----------------------------------------------------------------------
              > >
              > >AVAILABLE NOW!: Building J2EE Applications & BEA WebLogic Server
              > >
              > >by Michael Girdley, Rob Woollen, and Sandra Emerson
              > >
              > >http://learnWebLogic.com
              > >
              > >
              > >
              > >
              > ><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
              > ><html>
              > >Use LocalHome or Local.
              > ><p>-- Rob
              > ><p>Xing wrote:
              > ><blockquote TYPE=CITE>By reference at:
              > ><br>http://e-docs.bea.com/wls/docs61/ejb/reference.html#1071267,
              > ><br>the value for method-intf can only be "Remote" or "Home".
              > ><p>My question is--
              > ><p>How to set transaction isolation level for a method inside a Local
              > >Interface
              > >or
              > ><br>Local_Home Interface?
              > ><p>Thanks.
              > ><p>Xing</blockquote>
              > >
              > ><pre>--
              > >
              > >----------------------------------------------------------------------
              > >
              > >AVAILABLE NOW!: Building J2EE Applications & BEA WebLogic Server
              > >
              > >by Michael Girdley, Rob Woollen, and Sandra Emerson
              > >
              > >http://learnWebLogic.com</pre>
              > > </html>
              > >
              > >
              AVAILABLE NOW!: Building J2EE Applications & BEA WebLogic Server
              by Michael Girdley, Rob Woollen, and Sandra Emerson
              http://learnWebLogic.com
              [att1.html]
              

  • How to set max row display rows in PO's PLD

    Hi,
    How to set max row display rows in PO's PLD
    Thanks and Best Regards
    Bruce

    Hi
    Max. Rows per Page is depend on PLD Settings and Depend on Repetitive Area Fieds Height.
    Try this,
    1st Case:
    ->> Administration Module.
    ->> System Initialization.
    ->> Open the Print Perferences Window.
    ->> Click General Tab on Print Perferences Window.
    ->> Assign the Max. Rows per Page - 99 (or) your wishes.
    ->> Update the Print Perferences.
    2nd Case:
    ->> Open your PLD.
    ->> Choose Repetitive Area on Field Index Window.
    ->> Click Format Tab on Properties Area Window.
    ->> Assign the Lines in Repetitive Area - Your Wishes .
    ->> Save the PLD.
    Regards,
    Madhan.

  • Setting up Row Level Security in EPM 11.1.1.3

    I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
    i) Enable row level security in Workspace.
    Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
    Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
    Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
    Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
    Any log I can inspect for the connectivity error?
    ii) Configure Row Level Security setting
    I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
    thank you very much.

    I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
    i) Enable row level security in Workspace.
    Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
    Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
    Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
    Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
    Any log I can inspect for the connectivity error?
    ii) Configure Row Level Security setting
    I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
    thank you very much.

  • How to check the row level security in TOAD for oracle

    Hi ,
    for ex, i have 2 types of users
    normal user and super user
    super user can see the group set (some column name) created by normal user
    but normal user can not see the set created by super user
    this set crestion aslso has 3 types "U','P',S'
    P & S can be viewed by even normal user
    but U should not
    so here we are having some row level security for the normal user .....
    So, in TOAD for oracle how to check that......
    Let me know if i'm not clear

    Like
    I'm the super user....
    And some records are inserted to a table by different users ('a' , 'b', etc....)
    So,if user 'a' logins then he can be able to see only the records inserted by 'a' only...
    how to see in TOAD where such type of scripts (filter conditions) are written.....

  • How to implement Bursting(Row level security) in Xcelsius

    Hi,
    We are using Xcelsius 2008. We have created xcelsius dashboard using Qaaws but for authentication in qaaws we are suing enterprise authentication and default user.
    Now in my dashboard i have one combo box wich gives data fro diffrent states, now i need to restrict the user to see the state values. I implement the row level security in universe, when i create webi report and view that reprot in infoview, the row level security works. But when i publish the dashboard to infoview the row level security doesn't work.
    We are uisng XO 3.1 with SSO on IIS. So how and what are the diffrent option available to implement the row level security in Xcelsius Dashboard.
    Thanks for the help in advance.
    Thanks,
    Nimesh.

    Nimesh,
    Were you able to implement ? I have a requirement to use the same dashboard for 5 regional users.
    Row level security works.
    combo box intial value is Global , when I login as North America user, combo still shows Global but it will have the value of North America.
    i am curious to know how you implemeted this?
    Thanks
    Pushpa

  • How To Setup User Row Level Security In Answers From Values In Table

    I am trying to setup row level security when a user logs into BI Answers. Basically I want the user to create any report that they would like but only see the data that they are associated to being retrieved in the Answer Report results. I have users stored in an Oracle authentication table where they have multiple values for schools that they can view. I have data in my RPD file that contain tables with multiple rows for schools. What I would like is to capture the associated school values for the user logged into BI Answers and place a filter on the data being retrieved in the RPD file to only show rows for the user's associated schools. Can I add a WHERE clause on the Business Model and Mapping layer of the RPD that would retrieve the multiple associated schools in my authentication table and filter/match them (IN clause maybe) to the school values in the RPD data being retrieved?
    Thank you in advance for any information you my have to help me along,
    Kyle

    Turribeach,
    I appologize, I did not use those exact words to search on in the forum. I should have and what I did use didn't turn anything up for my situation.
    Thank you for the link. It helped me find the below link which describes the setup in detail and resolved my issue:
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    What I needed was a row-wise variable/initialization block that stored the multiple school values for my logged in user. I then edited the "Content" tab of the Logical Table Source with a WHERE/IN clause that filtered down the result set based on my variable/initialization block SQL query.
    This solution works great!
    Thanks again!

  • How to get a row level share lock

    Is it possible to acquire a row-level share lock, which would do all of the following?
    1. Prevent others from updating that row.
    2. Allow others to read that row.
    3. Allow others to update other rows in the same table.
    I have the following scenario where two transactions need to lock eachother out:
    Set-up:
    Insert into TABLE_A(value_a) values ('ok');
    Insert into TABLE_B(value_b) values ('ok');
    Transaction A:
    Select value_b from TABLE_B
    If value_b = 'ok', update TABLE_A set value_a = 'not ok'
    Transaction B:
    Select value_a from TABLE_A
    If value_a = 'ok', update TABLE_B set value_b = 'not ok'
    If transaction A runs first then the end result is "not ok" only in TABLE_A.
    If transaction B runs first then the end result is "not ok" only in TABLE_B.
    If the two transactions run concurrently, it is possible to get "not ok" in both tables. This is what I would like to prevent.
    One way to get what I want is to use "select for update":
    Transaction A:
    Select value_a from TABLE_A for update
    Select value_b from TABLE_B for update
    If value_b = 'ok', update TABLE_A set value_a = 'not ok'
    Transaction B:
    Select value_a from TABLE_A for update
    Select value_b from TABLE_B for update
    If value_b = 'ok', update TABLE_B set value_a = 'not ok'
    This way both transactions won't perform their update unless they know that the result if their select will still be the same after they commit. However, by using "select for update" Transaction A has gained an exclusive lock on the TABLE_B row. If a Transaction C with the same contents as Transaction A happens concurrently, then the two will block eachother even though all they both want is to read data from the same table.
    Another way is to use "lock table", however using that would block out not only writes to a specific row, but writes to all rows in the table. (In my example there is only one row, but obviously that's just a simplified example.)
    I have looked at the "serializable" isolation level, but that doesn't seem to help because the queries and updates involve more than one table.
    I know that "reads don't block writes" is a fundamental part of the Oracle design that makes Oracle what it is, but is there any way I can explicitly make it happen anyway? Or can anyone see some other solution to what I'm trying to achieve?

    Let me give a more real-world example to show what I'm talking about.
    Imagine a simple bug-reporting OLTP application. Each bug has 3 fields:
    1. Description
    2. Resolution
    3. Status (open/closed)
    The application also has some rules:
    A. If the Status is "closed", Description and Resolution cannot be changed.
    B. In order to change the Status to "closed", both a Description and Resolution must be specified.
    Now as long as only one person at a time updates a bug, everything is fine. However, if one person switches the Status to "closed" while another concurrently blanks out the Resolution you end up with a closed bug that has no Resolution. This is why some locking is necessary.
    If Description, Resolution, and Status are all stored in the same table row, then it makes sense for each transaction to simply select the whole row FOR UPDATE, and then UPDATE it after it ensures all the rules are passed. However, in my fictional bug-reporting application they are all stored in separate tables. Now, the transaction that is making the change to Resolution could lock the row in the Status table FOR UPDATE (as everyone so far has suggested). Transactions making a similar change to the Description should then also lock the row in the Status table FOR UPDATE for the same reason. The end result of this is that Description changes and Resolution changes lock eachother out (can't happen concurrently, are serialized) when they don't need to be. Description changes and Resolution changes don't affect eachother, but because they both need to (exclusively) lock the same row, they are serialized.
    If there was a way to acquire a share lock on the row in the Status table, then Description and Resolution changes would use that and not affect eachother. Status changes would still acquire an exclusive lock on the row, and would be blocked by (and block any further) concurrent Description and Resolution changes. This would be ideal.

  • How to hide certain rows of data?

    I am creating a table where there is an option for the particular to be hidden. What do I do in HTMLDB to make that particular row to stay hidden "forever"?
    Ex:
    ID Name Hide
    1 joe N
    2 john N
    Now after I edit the data of joe to Hide=Y I want the table to display:
    ID Name Hide
    2 john N
    anyone know what statements i need to do? thanks

    Views do not stop you from being able to update your data. You can use instead of triggers like others mentioned. However, if your view is simple enough, you can do updates, inserts and deletes directly against the view. For example, using your table above create the following view. This view allows inserts, updates and deletes.
    CREATE VIEW TESTER_VIEW
    (ID, NAME, HIDE)
    AS
    select "ID","NAME","HIDE"
    from tester
    where hide = 'N';
    VPD stand for Virtual Private Database. It enables you to put row-level security on your data. Look at this white paper for a good introduction: http://otn.oracle.com/deploy/security/pdf/twp_security_db_securityoverview_10r1_1203.pdf

Maybe you are looking for

  • Problem with socket cross domain

    Hi guys, This is my cross domain file: <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for xmlsocket://socks.example.com --> <cross-domain-policy>    <site-control permitted-cross-domai

  • How do I create a digital signature on a TCP or a UDP flow?

    I am trying to convert samples of a voice signal, which is intercepted from the microphone, into fixed length digital signature bytes (using Hash, or) and attach these fixed length bytes to a communication session between two terminals (UDP or TCP "H

  • How to use adapter to assign task to a specific user

    hi all, I'm currently trying to configure a task in an approval process so that it is assigned to a specific person according to the organization of the requester. I've written a little method which looks up the suitable username for the given organi

  • New Features in 2.1?

    According to - http://www.apple.com/iphone/softwareupdate/ *+Repeat alert up to two additional times for incoming text messages+* *+Option to wipe data after ten failed passcode attempts+* Sounds handy but I can't find either a setting on the iPhone

  • How to transfer itunes purchased movies to computer hardrive?

    I have just brought a movie from itunes and it has downloaded and is no in my movie libary in itunes. How can I copy it onto my hard drive like in a folder in finder or something?