Restrict Dashboard based on Role

Similar Messages

• Restrict data based on role ?

  There are several levels in on organization structure - how would i implement security such that folks in the org. tree can seen only data at/below their levels.
  ex;
  CEO->VP->DIR->MGR->DEPT
  The fact table carries dept only. So CEO should be able to see rollups at VP,DIR,MGR,DEPT levels. DIR should be able to see across all departments he manages.
  What facilities does discoverer provide to handle this kind of a requirement.
  The reports i have all need to present the same kind of information but the content should be based on the role.

  http://download-west.oracle.com/docs/html/B13918_03/security2.htm#sthref1002
  14.8.1 Introducing Virtual Private Databases, Single Sign-On, and Discoverer
  The Oracle9i Release 1 (and later) Enterprise Edition database's powerful Virtual Private Database (VPD) feature enables you to define and implement custom security policies. Among other things, the VPD feature enables you to enforce fine-grained access control based upon attributes of a user's session information (referred to as application context). This VPD functionality is commonly employed as a way of controlling access to data using the currently logged-on user's Single Sign-On (SSO) identity. For more information about setting up a VPD, see Oracle9i Application Developer's Guide - Fundamentals.
  If Discoverer has been configured to require SSO authentication, Discoverer can pass a Discoverer end-user's SSO user name to the database (as the CLIENT_IDENTIFIER attribute of the built-in application context USERENV). Providing a VPD policy based on SSO user names has been implemented in the database, the data returned to a Discoverer worksheet will be restricted to the data that the SSO user is authorized to access.
  You can optionally add user-defined PL/SQL statements to both database LOGON (and subsequent) triggers and to a Discoverer trigger (eul_trigger$post_login) to use the SSO user name to further control the data that is returned. You can use the database and Discoverer triggers separately or in conjunction with each other.
  14.8.2 Example showing how SSO user names can limit Discoverer data
  The Discoverer manager at Acme Corp. does the following:
  1.
  Configures the Discoverer middle tier machines so that SSO authentication is necessary to access the Discoverer URLs.
  2.
  Creates a Discoverer public connection called 'Analysis', that has access to a workbook called 'Sales'.
  3.
  Creates a VPD policy against the base tables of the workbooks. The VPD policy determines the data that is returned, based on the value of a variable called 'CONTEXT1'.
  4.
  Creates a database LOGON trigger that sets variable CONTEXT1 to the value of the SSO user name (extracted from the application context information passed to the database by Discoverer).
  The Sales workbook is used by two Discoverer users at ACME Corp., Fred Bloggs and Jane Smith. A typical workflow for these two users is shown below:
  1.
  User 'Fred.Bloggs' authenticates via SSO and accesses the top level Discoverer URL.
  2.
  Fred selects the public connection 'Analysis', and opens the workbook 'Sales'.
  3.
  Fred views the data in the default worksheet, and then logs out.
  4.
  User 'Jane.Smith' authenticates via SSO and accesses the top level Discoverer URL.
  5.
  Jane selects the public connection 'Analysis', and then opens workbook 'Sales'.
  6.
  Jane views the data in the default worksheet.
  Jane sees different data to Fred, despite the identical database connection, workbook, worksheet and database query. The difference is determined by the VPD policy being based on SSO user identities.
  FYI

• How to Restrict Search based on the Roles for External crawled sites

  I have a situation where the search results have to be restricted based on role
  When External sites are crawled, how can we restrict the search results based on roles,
  I know that we can restrict the search to a group or set of groups that can contain many users but if the group have different roles and if that group has given access to a web repository search, how can we restrict the document/search access based on roles for the same group?
  For Example an Index that has external site as data source and the permissions were set for a group and that group has 2 roles, lets say <b>"Admin" and "user"</b> and the external site have some documents when searched the documents should come up only for the "Admin" role during search, but should not come up for the "user" role
  Is it possible to achieve this? Is there a solution?
  Any advices are greatly appreciated and awarded
  Thanks,
  kk

  Is it possible to restrict on role based?
  Any suggestions are appreciated
  Thanks
  KK

• Dashboard based on Crystal Report's Latest instances for the logged in user

  Hi,
  I am trying design a dashboard based on LiveOffice-crystal report's latest instance for the logged in user. Also there is row level security in the universe on which the crystal reports is created.
  In the live office connection i have selected 'latest instance by current user' in the refresh option and published the dashboard to InfoView.
  when i open the dashboard in InfoView , i find the row level restrictions being applied for different users. But the data retrived is always on-demand data and not based on the latest instance of the logged in users.
  Can anyone throw some light on this issue.
  Thanks

  Hi,
  I am trying design a dashboard based on LiveOffice-crystal report's latest instance for the logged in user. Also there is row level security in the universe on which the crystal reports is created.
  In the live office connection i have selected 'latest instance by current user' in the refresh option and published the dashboard to InfoView.
  when i open the dashboard in InfoView , i find the row level restrictions being applied for different users. But the data retrived is always on-demand data and not based on the latest instance of the logged in users.
  Can anyone throw some light on this issue.
  Thanks

• BAM views based on roles

  Hi All,
             Is it possible to have single BAM view with all the necessary details and based on roles only specific field should be viewed.
  Thanks

  Hi ChampBoss,
  BAM  views are nothing but SQL views. You can't restrict users for certain fields in views. BAM activities relates to SQL tables and BAM views are SQL views. BAM views are meant to providing authorisation over the BAM-Activities. Restricting the views
  to the data of the BAM-activities based on the roles.
  You can't restrict the views of the BAM-view's fields.  But what you can do is
   create new multiple views of the BAM-activities. new Views with fewer fields which you want to show to user.
  Completely hide all the users from the existing view ( from which you want to restrict the users for the view-fields, if you don't want you can delete it. Otherwise just hide is from other roles.)
  Provide access to the news BAM-views based on the user role.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Restrict users based on Customers

  Hi ,
  In ECC system, we have general requirements to restrict users based on customer account group where customer account group is represented as Site/Store.
  Possible values for Customer Account group -
  - Reference Store
  - Head Store
  - Wholly Owner Store etc.
  Till this point everything is fine. However, Client has few additional External Stores which are represented as one Dummy Site and Customers belonging to that store are actual external Stores.
  Example, we have additional Value for Customer Account Group -
  - Dummy Site
  And now all the Customers part of dummy site is actual stores and we are needed to drill down our restriction to this Customer (So called Stores).
  To restrict used based on customer account group/Stores, we can utilize F_KNA1_GRP with filed KTOKD (Customer Account Group). However, is it possible to create roles based on individual customers of these Stores?
  If yes, how can we do that? 
  P.S. I had a look at authorization object F_KNA1_BED with filed BRGRU. Can this object help us in fulfilling our requirement? Or there is any other SAP provided authorization object which can help us to restrict on Customer values?
  Thanks,
  Sheenam

  You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
  It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
  Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
  Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM

• How to setup the security based on roles in Organization.

  Hi,
  How to setup the security based on roles in Organization.
  For example:Few users are Manager and a few user are Non Manager .Manager should have access to all work data including Non Manager and Non Manager should access based role.How to setup this? How OBI server identify the user role?
  kindly let me know.
  Regards.,
  CHR

  Hi,
  You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
  And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
  Hope this will solve your problem.
  Regards
  MuRam

• Switch Section in a dashboard based on the selection of Prompts (OBIEE 10G)

  Hi All,
  I have a requirement : I have to switch Section in a dashboard based on the selection of Prompts (OBIEE 10G).
  Lets say I have 1 report in section1 and another report in section2 of a dashboard. I have a dashboard prompt,now say when the user does not select any value in a prompt I have to show section1 and when he selects values in a prompt then I have to show section2 of the dashboard. I tries this using Guided Navigation Link and presentation variable but there is a limitation that I have to select only one value in the prompt as i have created presentation variable.
  But the client wants the prompt as Multi Select. in this case I can 't use the presentation variable.
  How can I fulfil this requirement.Please let me know.
  Thanks,
  Krishna

  How you create your multiselect prompt? Is it based on a column? Using multiselect prompt you'll get an issue in this case. The prompt behavior with choosing all values and choosing nothing is equivalent. But your requirement has different behavior lines.

• Workflow based on role

  Hi all,
  Please let me know, how to create a workflow based on specific Roles.
  I know it's a bit silly query, but i have got struck here.
  Thanks,
  Shash

  Hi Shashi,
  You can maitain the Approval limit in personilization tap "APPROVAL LIMIT" sothat workflow will
  pics Approvers based on role.
  Hope this is use full
  Bestregards

• Selection of people based on Roles

  Hi Experts,
  This is related to Appraisals. How to select people based on Roles in 360 degree Appraisals. For eg: If sales employee has to be appriased by external customers, vendors..how to select those people as part appraisers.
  Please advice..
  Thanks!

  hope ur problem cleared and let me know if anything
  hey in SDN greeting will be said by rewrding points sont forget that
  u can serach sdn for the materials
  thanks
  sikindar

• Worflows based on roles

  Hi,
  Is it possible to have multiple workflows and trigger them based on roles. For example, I have a workflow with, say, 6 steps and I want to trigger it when a person with 'Marketing' role tries to update a record. Then I have a different workflow with, say, 8 steps that I would like to trigger when a person with 'Power User' role tries to update a record. Is it possible to have different workflows for different types of roles?
  If it is not possible then what are the workarounds? Suggestions are welcome.
  Regards,
  -Y

  Hi,
      Yes, its always possible to assing workflow events to users depending upon there roles.  and its also possible to have n number of workflows with different users or roles assigned to each.
     Q: How its done?
     A: Firstly to create a workflow you need to select the workflow table from the drop down list of tables in the data manager(It will be the last table in the list).  then u right click in the right side area of the window and select ADD, this will add a new workflow to your repository.  The person using whose user id and password you logged in is the owenr of the workflow(Basically its the Admin).  Next when you go to the workflow diagram in MicroSoft Visco you can add different workflow events in that. when you assing an workflow event or activity then there you can specify who is process these step; it depends on the user name or the role.  When you requre it to be 'Marketing role'  select it from the drop down list.
  You have select roles where ever required.
  CHARAN
  Lead, Follow or Get out of Way

• FD32 restrict users based on a schedule of authority

  All,
  I have a requirement within FD32 to restrict users based on a schedule of authority.  For example, only allowing credit limits to be changed in a user's authorized dollar range.  I was able to restrict the Credit Limit field (change/display) by using field groups, but I have an extension of the requirement for a schedule of authority.  Can someone please  help?

  You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
  It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
  Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
  Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM

• Restrict users from changing roles

  Is there a way to restrict users from changing roles
  themselves? If a user goes to My Connections and then clicks Edit,
  they could, in theory, change to any group they want--except to the
  administrator group because you have to enter a password. If the
  admin isn't watching the site 24/7, the user can change their roll,
  let's say from a writer to a publisher, and publish something
  before the admin can notice.
  Is there anything that can be done to restrict that?

  You can use connection keys...this will only allow a user to
  change their name and email address (I think...I can check on this
  tomorrow). We use these at my work and it allows for a lot more
  control over who is assigned to the proper groups.

• Customize the privileges based on role i mean just assign the privileges to security gurop?

  how to create and configure privileges like how to assign privileges to help desk, server administrator, desktop administrator if any way to customize the privileges based on role i mean just assign the privileges to security gurop?

  Yes, you can read the Wiki you started here: http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx
  Mainly, you can create security groups, delegate them rights on your platforms and then just add/remove users to these groups.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Restrict printers based on security groups

  We have set up all of our printers on a server and deployed them via group policy.  I am looking for a way to restrict printing based on which security group the user is in.  We have got it working by setting permissions in the printer security tab
  in the server.  But I would like a more elegant solution, since the printers that the user can't print to are greyed out with an X over the icon.  I would like to have the printer not even show up in the printer list if that user isn't allowed to
  print there.
  Is this possible?
  We are running Windows Server 2008 R2 and our clients are all Windows 7.
  Thank you.

  Hi,
  Based on your description, we can use Security Filtering to apply the printer deployment GPO polices to the specific groups.
  Regarding this point, the following articles can be referred to for more information.
  Security filtering using GPMC
  http://technet.microsoft.com/en-us/library/cc781988(v=WS.10).aspx
  Filter using security groups
  http://technet.microsoft.com/en-us/library/cc779291(v=WS.10).aspx
  Besides, we can choose to deploy printers via GPP and use Item-level Targeting to filter out users who don’t need the printers.
  Regarding this point, the following blog can be referred to for more information.
  Deploying Printers with Group Policy Preferences (Complete Guide)
  http://deployhappiness.com/deploying-printers-with-group-policy-preferences/
  Regarding Item-level Targeting, the following articles can be referred to for more information.
  Preference Item-Level Targeting
  http://technet.microsoft.com/en-us/library/cc733022.aspx
  Security Group Targeting
  http://technet.microsoft.com/en-us/library/cc772471.aspx
  Best regards,
  Frank Shen