Implementing data access/security in OBI EE

Hi Everyone
I have got a requirement to introduce data level security in OBI sitting on two data sources : SQL Server and ESSBASE.
The requirement is as such that if a user has access to region ASIA he can see only ASIA data but the problem is the ASIA data is filled in both SQL server and ESSBASE.
Also how I can intrduce data level security in Cube.
Pls.. guide.

Tnx...
Could you pls tell me where in rpd I can find security manager / security filter as described in the blog ..i can go to Manage --> Security ..but there i cant find any security manager.
Also could you guide me some link / docs where I can find the elaborated steps for doing the same starting from table creation to writing variables and ini. block specuifically for data level secutiry.
Tnx for ur help..

Similar Messages

  • What if I implement data level security using Selection formula?

    Hi All,
    I have a requirement to implement data level security for all the reports, the thing is, we donot have a front end application developed in java/.net or any other language, so we have only two options (as per me, if you think there are other alternatives then please share).
    1) Implement security at the database level (that is use user roles in where clause which will make the where clause really complicated and hence the performance of the query will eventually decrease).
    2) Retrieve the data with the flags of user role/permission on data. Use these flags in selection formula to select the needed records as per the user login.
    I have already in middle of implementing the second method, thought to take suggestion from you guys, I appreciate if you could tell me the drawbacks of the method I am using, and if there is an alternative method you could think of.
    Thanks,
    -Azhar

    Standaone Crystal Reports does not have any security option except to use Trusted Authentication when connecting to the DB. We use Microsofts NT or MS SQL Server Authentication only.
    Doing this in CR Designer using flags and formula will never be secure, the user could simply change the formula etc...
    Check with your DBA on how to configure AD authentication and then enable or add each user to SQL server. You may need to configure and mantain this manually depending on how you ahve your network configured.
    Thank you
    Don

  • How to implement data level security

    How to implement data level security in BI Publihser?. I am using Obiee enterprise edition and bi publihser. My requirement is to show data based on User- Region relation ship.
    User A - belongs to Eastern Region
    User B - belongs to Southern Region
    so if user A logged in he should see only Eastern Region report. If user B logged in He should see only Southern region. I am using direct sql to my oralce database as data source.
    i appriciate your help

    I am using a common database username and password for jdbc connection. what i am looking is based the BI Publihser login, is there any way?
    say i have userregion table joined with fact. so that i can write a query to get the data
    select c1,c2,c3
    from userregion, fact
    where fact.region=userregion.region
    and userregion.user = BIPUBLIHSERUSER
    but my question is ithere any variable to tell who is logged in BI Publisher? Any server varaibles?
    Other related question is, In every report i want to show User name who is running the report. How can i get this?

  • Implementing Data level Security ?

    I would like to Impelement Data level Security in Universe level itself. I have Set For users belonging to Branch (Mumbai, Delhi Etc) And One set of Users Belonging to Segment (CWG, IFA Etc) and  Set of users that are combination oif Branch and Segment.
    In the Universe I need to set the Security so that only the data related to them can be viewed. When I use a restriction I have to create many restirction and implement the same in Objects as required.
    This consumes a lot of time. Is there a easier way out.
    I have already Tables in the Database where the secuity values for the users are already stored.
    Any help is welcome
    Thanks in advance
    Suresh

    Hi Alan,
    Ok....But How Can I use the Restriction I have created in All the objects of the universe.
    For e.g.. I have Two Classes Named Channel and Relation Manager respectively.
    The Channel Class has the following Objects Namely : Channel Type, Channel Country, Channel Zone, Channel State, Channel City and Channel Name. and is Derived from BIDIMCHANNEL Table
    The Relation Manager Class has following Objects Namely: RM Segment, RM City, RM Branch RM Name. and is Derived from BIDIMRM Table.
    I have Created the a Restriction on Channel name By Using the Clause  "BIDIMChannel.ChannelName = 'AHMEDABAD' and have assigned it to an BO User.
    While using WEBI whenever I Select Anything regarding the Channel Class the restriction works fine. When We I Exclusively Select "Relation Manager" Class, the restriction is Not Applied and the entire data is visible.
    Can you Suggest a manner in which the restriction given above can be applied for all the objects belonging to the universe and not just to the class objects where the restrictions are being applied.
    Regards
    Suresh

  • Data level security in OBIEE

    We have implemented data level security by applying filters on groups in Obiee Administration tool. Here we have set filter on division(which is a column in Customer table). This is done so that user can see data for division for which he has access.
    When user creates report which consists of division column filter is working fine. E.g. if user1 has access to division1
    and when user1 cretes a report for (customerName,division,sales columns) he can see sales of customers belong to division1. But if user1 cretes report which does not contain division column e.g.(customerName,sales columns report) he can see all the customers sales data. How can we aoide that. We want User1 to see division1's data only irrespective whether division column is there in report or not.
    Can any one suggest what should be done to achive this.
    Thanks,
    Avdhut

    Hi friend,
    You need to create group of users and then apply filters over that groups.
    you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
    - Manage -> Security...
    - Groups -> click right group1 and select propierties.
    - Select button 'Permissions...'
    - Select tab 'Filters' -> add new filter.
    - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
    I hope this can help you.
    Good luck.

  • Data level Security for Oracle Apps as Source

    Hi all
    I need to implement Data level Security on Apps Users in OBIA
    We are using Apps as source with Single sign On. I need to apply Data level security on Business Group Field.
    We dont have users in OBI, we need to register apps users in OBI.
    Could anybody tell me how to register Apps users in OBI???
    OR tell me if you know some other way to implement D L Sec on Single sing On and Apps as source.
    Thanks in avd
    V P

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • Data level Security with Oracle Apps as Source

    Hi all
    I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
    I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
    (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
    I have created Groups in rpd with same name as the responsibility in Apps.
    I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
    I have created Group in WEB with the same name as the Group name in rpd.
    If I say show all Users and Groups in WEB, I m getting the APPS Users.
    I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
    But in the Report, I m getting all the Business Group Ids,
    Plz advice if I m doing something wrong.
    ThanQ
    Anand

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • Data Access control in J2EE technologies/apps

    Hi Guys,
    I am working on a project that requires that i implement a mechanism for controlling data access to the content that is displayed on the pages of a Struts based web application.
    First off to clarify, i am not refering to the ability for different users to log on to a specific page and or view specific pages. That is a different type of access control. I am more interested in the "Data Access" i.e. where multiple users can view the same page but the data that is displayed depend on the data access control privileges they have.
    I am intersted to know of the different approaches/frameworks out there to implementing "data access" control. Is there a framework out there for this kind of thing?
    Im thinking to do this the controls/privileges need to be configured (i.e. data access categories, users etc) somewhere probably in the database. The rules can get quite complicated so im wondering whether there is already a framework that i can use to accomplish this rather than implementing it from scratch.
    Thinking about how it will work, the rules the govern the access are very specific to our business domain so i am not really sure whether it is possible if there is any third party framework that i can use that is very generic and will allow the rules to be configured.
    Thanks

    you are right, access control is very application dependent, and is therefore not a good target to turn into a generic framework.
    In my opinion the king of security frameworks is Spring Security, so you could take a look at that.
    [http://static.springsource.org/spring-security/site/|http://static.springsource.org/spring-security/site/]
    Other than that, I have used a simple setup using Javaserver Faces. I had a user bean with a set of boolean flags indicating the user's capabilities (directly mapped to a database table) and in the components I would have rendered="#{user.userRole}" attributes where necessary, to conditionally switch off elements when the user wasn't allowed to see it, in some cases rendering a readonly view in stead.
    Its a chore to test, but quite easy to maintain and to read IMO.

  • Data level security for 30000 profir centers

    Hello Gurus
    I have a requirement to implement data level security for 30000 profit center . Now I can think of creating the groups and applying security filters ( both on Dimesion & Fact) on the top of that.
    But I cannot do so as I will have to create some 30,000 groups/roles which is not possible. because there are some users who have access to only one or two profit center and it forms a heirarchy.
    As a workaround what I did is created a user-profit center table and joined it with the profit center table which is actually a snowflaked with two more dimensions - gl_account & gl_segment.
    In the BMM layer , in the Content section of teh profit center dimension , I applied a where filter like below :
    "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_ID" in (1000163) and "Oracle Data Warehouse"."Catalog"."dbo"."Dim_W_GL_SEGMENT_D_Segment11"."SEGMENT_LOV_NAME"='Profit_Centre' AND ( "Oracle Data Warehouse"."Catalog"."dbo"."PF_USER_MAPPING"."USER" = VALUEOF(NQ_SESSION.USER) OR 'UNMATCHED'=VALUEOF(NQ_SESSION.USER) )
    All is well if I create a report having Profit center as one of the dimension/component in the analysis (answers) .
    But when I don't take Profit center the roll up is happening with all the Profit center . Reason being I have not applied "security filter " in the fact table and I cannot do so because USER tabel is not directly joined with the fact table.
    Is there any workaround for this.
    Pls. advise.

    Hi,
    Yes, any dimension filters are applied only when you include that dimension in your analysis.
    As a workaround, you could create a filter as "Profit Centre" is not equal to 'Dummy Profit Centre' with "Protect Filter as ON" and add this filter to all of your analysis.
    So what it does is, even though you do not refer to profit centre dimension in your analysis, the filter in each analysis makes sure that the profit centre dimension is always mapped and the data restriction is applied.
    Hope this helps.
    Thank you,
    Dhar

  • Regarding Data Level Security in OBIEE

    Hi,
    We are currently implementing Data level security in our project. We have created multiple groups in the repository and put business filters in the permissions tab for each of the groups. When a user belongs to more than one group then the backend SQL fired by the BI server has an OR condition between the business filters from different groups. Is there a way to force an AND condition between the filters passed from different groups?
    Thanks,
    Kartik

    Try this link
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    If the business unit is a column then try this
    Repository --> presentation Layer --> column --> properties --> permissions --> Give access to the user/group,for others disable the permission.
    Thanks
    Don

  • Data level Security issue in obiee 11g

    Hi,
    We are trying to implement data level security, let me explain the issue
    The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
    We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
    Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
    SQL used in session variable -
    select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
    and job_desc1 = 'Principal High School - KPI'
    Any suggestions please ??
    Thanks,
    VRP

    Hi,
    I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
    Thanks
    [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
    -------------------- SQL Request:
    SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
    SELECT
    0 s_0,
    "High School KPI"."- Date"."School Year" s_1,
    "High School KPI"."- Grade"."Grade Level" s_2,
    "High School KPI"."- School"."School Name" s_3,
    "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
    "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
    "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
    CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
    CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
    CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
    REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
    FROM "High School KPI"
    WHERE
    (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
    ) djm ORDER BY 1, 2 ASC NULLS LAST
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
    Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1)
    select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
    case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
    case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
    case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
    D1.c3 as c5,
    D2.c2 as c6
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    order by c1, c2, c3
    [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
    WITH
    SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T29835.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
    from
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
    where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    D1.c2 as c2,
    count(distinct D1.c6) as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH0 D1
    group by D1.c2, D1.c4, D1.c5),
    SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH1 D1),
    SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
    T26564.GRADE_LONG_DESC as c4,
    T26686.SCHOOL_NM as c5,
    T26023.STDNT_WID as c6,
    ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
    from
    W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
    W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
    W_KPI_QTR_DAY_D T30647,
    W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
    W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
    where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
    SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
    count(distinct D1.c6) as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH3 D1
    group by D1.c3, D1.c4, D1.c5),
    SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
    D1.c2 as c2,
    D1.c3 as c3,
    D1.c4 as c4,
    D1.c5 as c5
    from
    SAWITH4 D1),
    SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
    case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
    from
    SAWITH2 D1,
    SAWITH5 D2
    where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
    group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
    select D2.c11 as c1,
    D2.c12 as c2
    from
    SAWITH6 D2
    order by c2
    Edited by: 965968 on Oct 17, 2012 11:49 AM

  • Data level Security in Essbase

    I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
    Asia and America are defined in my location dimension.
    Please tell me how to do it?
    Regards,
    Suman

    to make your security maintenance easier, I would suggest putting the users into groups and assigning the filters to the group. If you do it at the indivual level, the user can only have one filter assigned to them, but each group could have a different filter. So for someone who should see Americas and Asia have a group calle America and one called asia. put the user into both groups and assign the america filter to the first group and asia filter to the second group

  • Data level Security

    I need to implement data level security on the dashboards for users based on job hierarchy and region location
    since i have multiple subject areas this needs to be implemented on one subject area and reports and dashbord from the same subject area .
    any ideas or links how one can achieve this

    Check this URL
    http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
    Mark as correct if it is helpful
    Thanks

  • Data level Security in SSO

    Hi
    I need to implement Data level Security (OBIEE) in Single Sign On with Apps as Source...
    Since it is SSO, we have users in the Apps but not in the OBIEE rpd. How to use those responsibility in our rpd and apply filters on the logical columns.
    I need to filter based on the business group... Please explain in detail...
    thanx

    Metalink3.oracle.com
    then search for the note number
    Also you may check doc. http://download.oracle.com/docs/cd/E14847_01/bia.796/e14846.pdf
    Edited by: user634293 on Apr 5, 2010 2:47 PM

  • Data Level Security OBIEE,PLEASE HELP

    How can we implement data level security in OBIEE. For example, a Sales officer should only see data for his customers, similarly a Sales Manager should only be able to see data for Sales Officers working under him....
    any help would be appreciated

    Hi there are many blogs on data level security..
    understand the concepts and try to implement, if you stuck up anywhere will help you out..
    http://obieeblog.wordpress.com/2009/01/15/obiee-data-security-column-level-security/
    Data level security in OBIEE

Maybe you are looking for

  • Adding new field to data source -can not see them

    Experts, I have added 4 fields to the data source 0FI_AA_11 . I can able to see these fields in the append structure or in RSA2,but i can not able to see in RSA6.I reactivated append structure ,still i can not see these fields in RSA6. Please advice

  • Why are my images suddenly desaturating when opening in Photoshop?

    HELP! When I am opening images in Photoshop now they are desaturated. I can open images that are 5 years old and it does it for every one. I thought it was a Photomatix issue but realized it happens with every image in my catalog Thanks!

  • Does anybody know of a good flash book?

    Hello, I'm very new to flash, and wanted to know if any of you knew of a good tutorial/referance book for FLASH CS4 that I could use to help teach myself flash. Thanks!

  • Converter Problem

    I am probably making a very simple error here, but I have checked the Forum and cannot find anyone who has had the same problem. I have written an applet called "Proposal" which I have created in a package called "proposal". (i.e. proposal.Proposal)

  • XSL must be an external file ? (PL/SQL)

    this my problem in PL/SQL : I have an XML and an XSL inside a table as CLOBs. I want to transform my XML with the XSL, but it seems like there is no function to do it. I've found some but the xsl must be external, not in a table... this is a sample o