Issue in Implementing OR Logic in Security Filter for Essbase in OBIEE

I am implementing OBIEE using Essbase as the data source. The requirement is to implement OR logic in the security filter. And I got error message from the MDX query generated by OBIEE. Below is the details. Anyone knows how to solve this issue? Thank you very much.
1.     The “Booking Location” dimension has three hierarchies (ragged hierarchies).
http://img.photobucket.com/albums/v216/stewart_life/1.png
2.     I only want to take the first hierarchy, which is “Total booking”. Thus, I filter the Logical Table Source of “Booking Location” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/2.png
3.     The “Incorporation Country” dimension doesn’t have any multiple hierarchies.
http://img.photobucket.com/albums/v216/stewart_life/3.png
4.     Thus, I don’t filter the Logical Table Source of “Incorporation Country” in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/4.png
5.     I filter the permission of a user. This filter applied to the fact table (RISK) in the business model layer.
http://img.photobucket.com/albums/v216/stewart_life/5.png
6.     Then the filter applied so that the particular user can only see the data where the Incorporation Country level is Singapore OR the Booking Country level is Singapore:
"Risk"."Incorporation Country"."Country" = 'SINGAPORE (INC)' OR "Risk"."Booking Location"."Booking Country" = 'SINGAPORE (CBE)'
http://img.photobucket.com/albums/v216/stewart_life/6.png
7.     Here is the first report that is working fine if run by a user without any security filter.
http://img.photobucket.com/albums/v216/stewart_life/7.png
8.     The result of that report when run by the user whose security filter above has been applied to.
http://img.photobucket.com/albums/v216/stewart_life/8.png
9.     The MDX query generated from that report is shown below. Note that the error refers to the line 4, which is in bold below. Somehow, the query generated always include Incorporation Country and Booking Location in the “With” clause, since both of them are placed in the security filter.-----
Sending query to database named Risk-MI Essbase (id: <<399750>>):
With
set [Booking Location2|http://forums.oracle.com/forums/] as '{[Booking Location|http://forums.oracle.com/forums/].[Total booking|http://forums.oracle.com/forums/]}'
set [Booking Location4|http://forums.oracle.com/forums/] as 'Generate({[Booking Location2|http://forums.oracle.com/forums/]}, Descendants([Booking Location|http://forums.oracle.com/forums/].currentmember, [Booking Location|http://forums.oracle.com/forums/].Generations(4),SELF), ALL)'
*set [Incorporation Country4|http://forums.oracle.com/forums/] as ''*
set [Time3|http://forums.oracle.com/forums/] as 'Time.Generations(3).members'
set [Year2|http://forums.oracle.com/forums/] as 'Year.Generations(2).members'
member Measures.[MS1|http://forums.oracle.com/forums/] as 'Rank(Time.Generations(3).Dimension.CurrentMember, Time.Generations(3).Members)'
set [Axis1Set|http://forums.oracle.com/forums/] as 'crossjoin ({[Booking Location4|http://forums.oracle.com/forums/]},crossjoin ({[Incorporation Country4|http://forums.oracle.com/forums/]},crossjoin ({[Time3|http://forums.oracle.com/forums/]},{[Year2|http://forums.oracle.com/forums/]})))'
select
{Measures.[Netted EAD|http://forums.oracle.com/forums/],Measures.[Netted Nominal|http://forums.oracle.com/forums/],Measures.[Wt_LGD|http://forums.oracle.com/forums/],
MS1} on columns,
NON EMPTY filter({[Axis1Set|http://forums.oracle.com/forums/]}, [Incorporation Country|http://forums.oracle.com/forums/].currentmember IS [Incorporation Country|http://forums.oracle.com/forums/].[SINGAPORE (INC)|http://forums.oracle.com/forums/] OR [Booking Location|http://forums.oracle.com/forums/].currentmember IS [Booking Location|http://forums.oracle.com/forums/].[SINGAPORE (CBE)|http://forums.oracle.com/forums/]) properties ANCESTOR_NAMES, GEN_NUMBER on rows
from [http://RISK-P.RISK]
where ([CRG (ORG)|http://forums.oracle.com/forums/].[Good Book (ORG)|http://forums.oracle.com/forums/], Method.ADV)
+++stewart:370000:370021:----2009/02/17 13:56:06
Query Status: Query Failed: Essbase Error: Syntax error in input MDX query on line 4 at token '''

From what I have read on this forum, people have managed to get the DC In Board replaced for a little over US $100. This would be at an Apple authorized repair shop rather than by Apple itself. This is much less than the cost of a new MacBook. I don't know what might be available in your area, but it would be worth asking at a repair shop.
Good luck!

Similar Messages

  • Security filter for multip^e users

    Hi All,
    I created the security filter for 1 user ok its working fine but i want to give that filter for multiple users so we have so many users so how can we do that
    we have to creat the users manually is there any other way in ASO
    Plz help me on this
    Thanks in Advance

    Thanq for ur reply
    Im creatin in EAS i dont access for shared services thts not available in my desktop so i hav to creat in EAS so how can we create filters for multiple users
    can i create groups for multiple users is this the corect way plz tell me how can i create the groups explain me clearly
    it would be appriciated
    Thanks

  • Agent applying specific filter for each non-obiee user receipt

    Hi,
    I have a problem with a sales dashboard that Office need to deliver for non-obiee users (e-mails) in regionals. I'm using SA System solution to dynamically send e-mail to 220 receipts.
    I increase the rule below:
    Each receipt is responsible for one or more Business Strategic Unit (bits of regions of country) and this association is implemented in a database table, like this:
    * BSU is a Dimension in Sales Fact
    E-Mail | BSU
    [email protected] | 10001
    [email protected] | 10002
    [email protected] | 10003
    [email protected] | 10004
    [email protected] | 10005
    How can I implement these filters solutions in OBIEE Agents?
    ** I can't create OBIEE users for these receipts because my consumer is not allowed to create users for regionals (externals) employees.
    thanks,
    Fernando.
    Edited by: Fernando d'RG on 14/05/2013 06:17

    Any suggestion?

  • "OR" function in Security filter

    HI All,
    I am trying to implement "OR" function in security filter. i mean for security i have created on group and i am trying to implement following query i am getting error. if i replace "AND" with "OR" then report is showing data. but that is not perfect data because of AND
    "Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") OR T_CLBI_SV_VISIBLE_OPTY."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") OR T_CLBI_SV_VISIBLE_OFFICE."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”") AND T_CLBI_SV_VISIBLE_OFFICE.INHERITED_FLAG = 'F'
    my question is how i can i use OR in security filter.
    Please help me to solve this issue. really appreciate for your help.

    Thank you for your response.
    but it is not working even i did try with following simple query
    "Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”" OR T_CLBI_SV_VISIBLE_OPTY."Employee ID" = VALUEOF(NQ_SESSION."”EMPLOYEEID”")
    it is giving following error
    State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 14026] Unable to navigate requested expression: Pipeline Fact.Office ID. Please fix the metadata consistency warnings. (HY000)
    any idea?????????

  • Security Filter Problem

    Hi ,
    I am facing one problem related to security Filter for one user. We are on the Hyperion Version 11.1.2.1 Fusion Edition.
    We had one user created in Shared Services with ID : TESTUSER and added in the group. Initially access for this user was working fine. Later on we deleted this user from shared services as we no longer needed this.
    As per new requirement we are supposed to create a same user with same user name so we created again new user 'TESTUSER' and added into the same user group then we refreshed security from Planning Application through " Administration -> Application -> Refresh Database->Security Filters ". Refreshing security Filters created filter for above user and we checked this from EAS consol.
    However when we log in to the Application through Smart View we are getting the below Error.
    Cannot Open cube View.Essbase Error ( 1054060 ):Essbase Failed to select
    Application APP1, because TESTUSER@Native Directory is not\
    completely Provisioned by Planning.
    Could you please advice how could we resolve this issue.

    Check whether the user is only an Essbase user. (I don't think that is the case, but in case)
    Try changing the access type using
    alter user username add application_access_type Planning; (don't know whether this works in latest release)
    Try the stepsRAvery and _RahulS_mentioned.
    Tried that in 11.1.2.2 access_type Planning is defered.
    Regards
    Celvin
    http://www.orahyplabs.com

  • Security filter validation crashing essbase

    During security filter validation, Essbase froze and stopped responding. We had to re-start essbase service.We are on 6.2.3 and NT server. Any insights or similar problems with validating filters?Thanks

    We see same issue in 9.2.0.3, but only with 1 of our 5 applications. Was never able to get support to identify a cause, our resolution is to push users in small groups and save the essbase.sec file. Real pain. You could try stopping essbase service, using essbase.bak file and restarting then try to push and see if it works. I did identify issues with our openLDAP which I felt was the cause, I was able to clean it up in TEST and it works, but did same in Prod and worked once, then reverted back to crashing again, unless we push users in really small groups. Interested to see if you get a 'fix' from someone...

  • Issue with write Security filter in ASO 9.3.1

    Hello All -
    I'm having a strange security filter issue in system 9.3.1 ASO cube. We've the native users for the ASO cube and created several write security filters based on cost centers in that cube.
    For example, the below security filter sometime works, and sometime not:
    Write "Adjustments", @RELATIVE ("S532179", 0), @RELATIVE ("S587724", 0), @RELATIVE ("S525701", 0)
    There are total 8 standard dimensions in the cube. I tried all possible combinations to make it work constantly, but it doesn't. Even modified the filter like below so that it has all dimensions (using LEVMBBRS, IDESCENDANTS, RELATIVE) , still users can't load data at level 0 members.
    Write @LEVMBRS ("Chart of Accounts",0),@LEVMBRS ("Full Year",0),@LEVMBRS ("Business Unit",0),@LEVMBRS ("Fixed/Variable",0),@LEVMBRS ("Source",0),@LEVMBRS ("Products",0),@LEVMBRS ("Scenario",0),@LEVMBRS ("Cost Center",0)
    It looks like the user and filter association is not working. If I give the user direct write access to the cube (bypassing filter totally), the users can write fine. Please help!

    I didn't know that the logs didn't work; I tested it and they are not generated for ASO updates in 9.3.1. I didn't see any other setting that would cause them to be created; my guess is that the logs are created based on block manipulations that Essbase does internally using BSO. As there are no blocks in ASO then the same algorithm doesn't apply.
    We log Essbase changes in our Dodeca product but we use a different algorithm. We evaluate the update in our server before committing the changes and generate a relational log that has the datapoint information plus the old value, new value and standard 'who' information for the person making the update.
    Tim Tow
    Applied OLAP, Inc

  • Essbase Security Filter issue.

    Hi,
    Its regarding the security filter issue.
    The major problem is whosoever user is provisioned under that security filter, if the user is trying to connect to Application using Excel Addin / Smartview, it crashes the essbase server [Network Error [10061], timed out error)]
    When we figured out because of this filter essbase server is crashing, we tried to edit the filter. sometimes if we click on edit, it crashes the server or sometimes we can see some junk characters in the filter.
    We have applied the security on Entities dimension and problematic filter is ASP.
    Now the hirerachy is like this.
    Entities dimesnsion and then ASP member and under ASP we have our several members.
    Filter is like this:
    Write : @Idescendants("ASP")
    It was working fine for almost 15 days.
    Now if i edit the filter, i can see like this:
    Write : @Idescendants("ASP")
    Metaread:@Idescendants("*&^%?)
    Junk characters are coming in and no idea from where they are coming.
    I can't delete the filter also, again it crashes the essbase server.
    As a workaround i have created a temp filter and dome the assignation for this group, according to that.
    Everything is working fine.
    I just wanted to know, has anybody faced such kind of problem earlier.
    What cud be the root cause for this.
    How could I delete the filter.
    I have also get messages like security file is corrupted (we have restored it from old backup) but really worried about security file as we are moving the whole thing to production server this weekend.
    Please advise me on this, Please help me. Any help would be highly appreciated.
    I am really in trouble.
    Thanks,
    Pankaj Mehta.

    Try to edit the filter from MaxL command line using
    alter filter sample.basic.filt7 add write on '@IDescendants("ASP")';
    here sample=application
    basic=database
    filt7=filtername
    have good luck

  • Essbase security filter access issue

    Hi,
    we are facing access issue for users. we have provided the access as filter, its essbase only application. we dont see in display user table APP Access Type column essbase&Planning, only planning its showing..its 9.3.1 version. even sync native dir & essbase refresh done couple of times..but still issue persists.
    please help.
    :-):-)

    Hi John,
    I have done same thing, but its just showing filters only.
    In Projects->select server/app->selected user/grp->
    right click the essbase icon and select "assign access control" > select your user/grp, here i can see only filters which already there and calc (none,no update, all& calcs).
    I have selected one filter and none(calc option)->click on tick mark->save......but here i am getting message as "no changes to save" then done EAS refresh ....
    still users are not able to login.getting error
    "user <> not permitted to access application"
    Note: other users have same access can able to login & we are able to see those users in users table as "essbase&Planning", but for problem users its still showing that only 'planning'
    please help
    thanks

  • How to implement Oracle user/role security with Access front end?

    Hi,
    We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
    In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
    We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
    I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
    I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
    Can someone give me some assistance or point me in the right direction?
    Thanks in advance,
    Larry

    We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
    In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
    We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
    We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
    In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
    The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
    The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
    Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
    For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
    After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
    This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
    The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
    Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
    I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
    Larry

  • [OBIEE 11g] Enforce star-schema without security filter?

    I have imported my first OLAP cube using the instructions <a href = 'http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/11g/r1/olap/biee/createbieemetadata.htm'>here</a> and have applied the necessary security filter to force the star join between the cube and dimension views. However, the security filter does not apply to users in the BI Administrator user group. Is there any way to do this without a security filter, or somehow apply the security filter even when the user is an administrator?
    Edited by: islan on Jan 22, 2013 7:56 AM
    Edited by: islan on Jan 22, 2013 7:57 AM

    The link in your first posting points to the old-way of creating OBIEE metadata for OLAP objects.
    Starting with OBIEE 11.1.1.5, it is much simpler as Oracle-OLAP is one of the data sources in BI-Admin Tool.
    So do not use the old way.
    Start with this doc:
    http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/bi/bi11115/olap/olap.htm
    For your other issue, you need this troubleshooting doc:
    http://www.oracle.com/technetwork/database/options/olap/troubleshootingbieeconnections-504856.pdf
    Note that even though it says OBIEE 11.1.1.5, the above two docs are applicable to 11.1.1.6 and future releases.
    For security, you should define it in OBIEE instead of doing in OLAP.
    .

  • Essbase Security filter in OBIEE 11.1.1.6 request

    Hello Experts
    I have got a requirement whereby I need to apply Data Level Securityfor the Essbase sourced cube in OBIEE11g. But the issue is the dimension value where I need to apply security filter has 25K distinct values and is Unbalanced Hierarchy where the leaf members is distributed across differnet level . Actually it is ragged heirarchy in Cube which when imported in OBIEE becomes a Level Based Heirarchy where the leafs becomes shared across differnet level. Now the general OBIEE rule says - Create separate application groups for each lowest level dimension vales and apply security filters for each values respectively for each group and assign users in those groups.
    But the issue is :
    1. Here there are 25 K members in the dimesional value where I need to apply Data Level Security . So it is not possible to create 25K distinct group.
    2. The dimension which needs to be used for Data level security has Ragged Hierarchy where the lowest leaf (which would eb used in security filter) is shared across differnet levels.So there is no single column that I can select in RPD to apply security filter.
    Pls. suggest a solution.
    Is there a way that I can source the Essbase Filters to work as Data Level security in OBIEE 11.1.1.6

    You can upgrade to 11.1.1.7 and use Weblogic to assign security, then EAS to apply filters, and then OBIEE Enterprise Mgr to apply the application roles (i.e. via Essbase Filters). The gotcha is that you need to install OBIEE 11.1.1.7 and include the Essbase component as part of the install.
    If you need more info let me know.
    Daniel Poon

  • Financial Reporting prompt-Show only members as defined by security filter?

    Hello all,
    Maybe another simple question but i have been unable to perform this task so far-
    We have created a security filter against the Company dimension in essbase, assigned it to a user, and that works ok.
    We have a report that prompts the user to choose members from for the Company Dimension.
    We would like this prompt to present the users only the members that are accessible per the security filter (i.e. al the descendants of the 'Northwest' member) for that particular user, since by default it presents all members of the Dim.
    Is this possible to do?
    Thank you very much for your help
    Hector

    I think what you want are METAREAD filters.Not that you're on Planning, but Planning goes to Essbase (eventually) and when it does so, it inexplicably uses READ instead of METAREAD -- it's the same issue.
    Here's an overview of it: http://camerons-blog-for-essbase-hackers.blogspot.com/2009/07/fixing-plannings-filters.html
    It should be as simple as clicking on the filter type dropdown in EAS to test if it works.
    Regards,
    Cameron Lackpour

  • Security filter verification failed

    Hi All,
    We are trying to create security filter which is combination of 4 sparse dimensions.
    The relationship between members in the filter is AND (so the filter will be created under one row).
    We encountered the below error in applying security filter
    ====
    [Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
    Error parsing formula for [REGION DEFINITION]: status code [1130203] in function [@_U]
    [Mon Apr 13 03:42:16 2009]Local/GLOBAL///Error(1200467)
    Error parsing formula for []: status code [1130203] in function []
    ====
    It seems like if the combination of the members on the filter hit the limit of allocated memory, the filter got failed.
    Is there any way to calculate how many memory absorb in one filter?
    or is there any memory limitation for security filter?
    It will be great If anyone can share the experience of this issue.
    Thanks.
    Regards,
    Ai

    That's interesting, I have never head of a limit on the number of members that a filter can address. How many accounts do you have in your database?
    I took a look at the Limits section of the DBAG and found the following re filter limits:
    Filter name
    * Non-Unicode application limit: 30 bytes
    * Unicode-mode application limit: 30 characters
    Number of security filters
    * Per Essbase Server, 65535
    * Per Essbase database, 32290See: http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_esb_dbag/limits.htm#limits_1
    That's it -- nothing on the number of members that can be addressed in a filter. Of course it is possible (insert sacarsm, irony, or wonder per your personality) that the documentation is not correct.
    I have never run into what you described, but Essbase is vast and mysterious country, so perhaps that isn't so surprising.
    I'm glad you were able to find a workaround.
    Regards,
    Cameron Lackpour

  • Security filter couldn't refresh to Essbase from Planning but could create

    Please kind help on look at this issue.
    I updated some dimension access in Planning,and did a security refresh in management database menu.But the access didn't refresh to Essbase filter.
    Then created filter in management security filter menu,it refreshed to Essbase successfully.
    I would grateful if someone could tell me why the first way unsuccessful.
    Thanks,

    If you go to Oracle Support and search on "planning security refresh" you will see lots of articles on this subject.
    Cheers
    John
    http://john-goodwin.blogspot.com/

Maybe you are looking for

  • Java.lang.Exception: IOException is sending Request :: Connection refused

    Hi, everybody. Oracle Database Control 10g displays on the home page the following message -- java.lang.Exception: IOException is sending Request :: Connection refused after killing some database lock that is impeding the users to successfully carry

  • How to download the custom Tables to xls from the system?

    Hi How to download the custom Tables to xls from the system? Vijay

  • Lumia 620 auto focus not working?

    im using lumia 620 .recently ive updated with new os and after that its camera auto focus is not working....every time i capture somthing gives blurry image...how can i solve this problem..?

  • What data type do I use in MSA to handle CRM DEC data?

    Dear Geeks, We have a customer field 'ZZ_SUPPORT' on CRM (40 SP11) opportunities, which we flow down to mobile sales. It previously carried a NUMC2 value (a number from 1 - 99), and this worked fine... the data flowed fine in both directions. The dat

  • Mapping of oracle9i

    Hi,I installed the oracle9i database in e drive and because of some reasons i changed the drive name to d: but now i am not able to run oracle on pc.can someone please help me in changing the mapping of oracle path as i dont want drive to rename agai