Role based Report Links

Hi All,
I have created three roles A,B,C and some reports.
How can I restrict report links as
Role A- Analyze, Edit, Refresh, Print, Export, Add to Briefing Book, Copy
Role B- Analyze, Refresh, Export, Add to Briefing Book
Role C- Analyze, Refresh
Help me as soon as possible.
Thanks in advance.
Haree

Hi,
create three different sections for these reports in dashboard edit. now
provide access to section 1 for Role A
provide access to section 2 for Role B
provide access to section 3 for Role C
provide respective previlleges as per your req in admin manage previlleges and also in properties of report in dashboard section.
so each Role C user can only see section 3 in dashboard and he will have only access to Analyze, Refresh
got it?
Thanks
Jay.

Similar Messages

  • OBIEE SSO enabling and role based reporting

    Hi,
    I had installed SOA10.1.3.1.0 and OBIEE10.1.3.4.0 already on my WINDOWS. I understand that I need to install 10.1.4 infrastructure to enable SSO in OBIEE, can you please tell me what is 10.1.4 infrastructure? is it equivelent to Oracle Identity Management Infrastructure and Oracle Identity Federation 10.1.4? I tried to download this from OTN since last night, but the page is always unaccessible. Where can I download 10.1.4 infrastructure except otn?
    I have another question regarding to the role based reporting with SSO. We want users to see different reports based on their roles once they login. What options do we have to implement this? From my understanding, we need to maintain a user role mapping table in our database, create groups in OBIEE and map the user role with the group in OBIEE? Is it true? Are there other options? Is there a existing product we can use to implement this?
    Thanks,
    Meng

    have a look on page 137 and further http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b31770.pdf

  • Sales hierarchy . role based reports and Data access, Best practice and sol

    Dear all,
    Currently working on a solution for Sales. There a geography and sales position hierarchy.
    e.g. (USA,EU,ASIA) --> EU head -->UK head -->Northern UK head -->London head -->East london--> Postal codes in east london.
    so altogether 7 roles and 7 positions, all these users can see data at it's level and below.
    Also the summary report/ Prompts/ subject area columns for each of these users must be at their corresponding level and just 1 level below.
    e.g. EU head by default must see column EU and country UK, UK head will see report only for UK and Northern UK region and so on.
    After lots of thinking i am planing to take approach of creating 6 sets of similar dashboard/ different prompts/ different global filters/ reports.
    Data level access is not at all issue i am easily able to manage.
    Request experts to guide is there is any other better approach to take for objects in catalog.?
    many thanks in advance.
    Regards,
    Yogen

    Dear Srini,
    Data level Security is not at all issue for me. Have already implement it and so far not a single bug in testing is caught.
    It's about object level security and that too for 6 different types of user demanding different reports i.e. columns and detailed drill downs are different.
    Again these 6 types of users can be read only users or power users (who can do ad hoc analysis) may be BICONSUMER and BIAUTHOR.
    so need help regarding that...as we have to take decision soon.
    thanks,
    Yogen

  • Role-Based Security In SQL Server Reporting Services

    Hi
    I have created Reports,
    Now I need to assign Role-Based Security, ie like some particular clients can access only some particular report.
    http://localhost/reports/Pages/Folder.aspx
    Here in the above link i can see the property tool bar where i need to set the user assignement roles.
    could any one please help me out how to set different login assigned to a set of report.
    Or is there any tutor links for this.
    Thanks a lot.
    Shan

    Create folders under the Home page (the link you have there).  For each folder set group athentication (AD) or harder managed, user account roles for the folders and the reports under the folder.
    If you set security at that home level you will not be able to control what reports they see or can't see.  You'll need to go all the way to the folder/report level.
    It's also not best practice to deploy reports directly to the home level.  Not best practice in it creating a very hard to manage security level.  Think of the levels in security as such to SQL Server.  Set the connect to sql level, database level and then down to the objects in them.  Same priciples apply to SSRS.
    Here is a cast going through some security settings as well http://technet.microsoft.com/en-us/sqlserver/dd391734.aspx fro creating your roles and utilizing them
    Ted Krueger Blog on lessthandot.com @onpnt on twitter

  • Sub report linking definition based on result, not on parameter value

    Dear all,
    I have created a report with CR 2008 SP6. The parameters from the referring BI query are period and customer. After the user enter parameter values, the report provides then Customer and product information.
    I have add a sub report with additional information for product. I can transfer the parameter value (user input) for Customer to the sub report, but not for product, due to the fact that in the main report Product is not selected as parameter, but is a result set after the report is executed.
    Is there a way to define in the Sub report linking exactly these result values of Product as new parameter for the sub report.
    In the sub report linking definition I only see the possibility of defining the parameter as linking object, but not the report result set. See also the screenshot.
    Any idea would be great. Best regards,
    Stefanos from Munich/Germany

    Hi Stefanos,
    Where is the Subreport placed on the report?
    Do you have a prompt in the Subreport for 'product'?
    If yes, then here's open the 'Change Subreport Links' window > Move the Product field to the Pane on the right > From the drop down at the bottom left that says 'Subreport parameter field to use', choose the Product prompt.
    If you don't have a prompt for product in the Subreport, then just move the Product field to the Pane on the right > From the drop down at the bottom right that says 'Select data in Subreport based on field', choose the Product field from the drop-down.
    -Abhilash

  • Reports based on Linked Universes in BOXI 3.0 do not work

    We have noticed that reports based on linked Universes do not work. We have imported our (BO) documents/Universes into the BOXI R2 environment, upgraded to BOXI 3.0 and now found this issue in InfoView which affects a lot of our reports, details as follows:
    When refreshing a (Deski) report in InfoView, get a dialogue box titled "Refreshing Data" with no error message;
    Click on OK, and it seems the report does not get refreshed;
    Click on Refresh again, this time get prompt dialogue box;
    Enter prompt, click on Run Query;
    Get another dialogue box titled "Prompts" with message "SetPrompts failed - click on OK;
    Click on a TAB in the report - get error message, title "Report" with message "The document instance is no longer available. Please reopen the document (Error:RFC 00421);
    Click on OK it throws you out of the report and takes you back to the document list;
    Try another report:
    Click on Refresh Data;
    Error message - title "Refreshing Data", message "Cannot load linked universes. (UNV0011) - click on OK;
    Help !!!!

    Hello Dahya,
    Please post this query to the [dedicated BusinessObjects Enterprise Administration|BI Platform; forum:
    That forum is monitored by qualified technicians and you will get a faster response there.
    Also, all BusinessObjects Enterprise Administration queries remain in one place and thus can be easily searched in one place.
    Thanks a lot,
    Falk

  • Role based data visibility is not working in Round manager

    I am looking for role based data visibility in Syclo round manager application where technician will see the data which is assigned to his name only (not all the data)  I have created one custom role in SAP system and it's working fine .It's showing the below message :
    Now I want to implement the same in syclo round manager .So I went to the SAP configuration panel and set the same user role on the security setting in class handler .Z_SYCLO_RM_ROLE is the custom role which I mentioned earlier .I tried with different option in this tab but it's not working .
    Please let me know if I missed something to mention or is there any other process I need to follow .
    Tags edited by: Michael Appleby

    is not working Insufficient information. In what way is it "not working"? The page doesn't render as required? There's an error message? The browser crashes? The server room has been trampled into dust by a herd of buffalo?
    >
    I am unable to make it as page form / report.
    v1 := v1 || ' ' ||'<input inline type =submit style="color:BLUE;background-color:RED" value='||c2.plot_id||'>';
    ...It is not possible to generate form elements in an APEX page in this way. The [APEX_ITEM API|http://download.oracle.com/docs/cd/E14373_01/apirefs.32/e13369/apex_item.htm#CACEEEJE] is the only way to create APEX items in PL/SQL. However it contains no procedures to generate button items, so an alternative design is required in this case, e.g. a report with links.
    (Also what is the intention of "inline" in the above code? [There is no *inline* attribute|http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.4].)

  • Add to briefing book in report links

    Hi all,
    I have given Print,Refresh,and Add to briefing books for a report. While running dashboard print and refresh links only displayed.
    Add to briefing book not displayed.
    Please reply as soon as possible.
    Thanks in advance.

    Hi,
    Its based on the users role permission.please give Access to Briefing Books via
    http://IPaddress:9704/analytics/saw.dll?PrivilegeAdmin
    Click on administration--->Manage Privileges -->Access--->Access to Briefing Books --->select conumer role name or required roles here if its is setted already please make sure
    Go to edit dashboard -->Tools(next to preview icon)-->Click on dashboard properties--->
    Edit -->Dashboard Report Links -->Set report links -->Briefing Books then its will apply entire dashboard. then save it and test it with weblogic user first and confirm it and then try with some other user.
    Note:must save your briefing book content into sahred folder and give access to all required users and roles.
    Thanks
    Deva

  • What is the mean of using Portal with Role Based security as entry point

    Hi Experts we have requirement of integration of Portal and MDM
    I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
    1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
    2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
    Please give me the clarity of what is the meanin of second point
    Regards
    Vijay

    Hi
    It requires the entire land scape like EP server and MDM server both should be configured in SLD.
    Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
    Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
    Please go through this link
    http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
    You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
    The estimation involves as per your requirement clearly
    Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
    Regards
    Kalyan

  • Role Based FireFighter with GRC 10.0 (CEA)

    Does anyone know how the Role Based functionality of FireFighter exactly works besides putting the application type parameter to Role Based in SPRO?
    The manuals explain that the FF users log in to the remote system with their own users, but how are the FF roles or roles that are enabled for Firefighting assigned to these users and how will the log file know which activity to record?

    Good question, and the answer is not pretty.
    In Role-Based Firefighter Application, the firefighter ID on the target system contains the user's regular access plus his/her firefighter access.
    Reporting turns on when the user runs a transaction in the firefighter role.
    If the transaction is in both the user's regular access and the firefighter role, reporting will turn on because the firefighter role access is in use.
    The reports only track firefighter role usage.  So if a user runs a firefighter transaction but also uses access defined in the user's regular access, the only thing recorded is the transaction.
    If your company is not completely married to the idea of using Role-Based Firefighter Application, I suggest you consider the ID-Based Firefighter Application.  In this, there are separate firefighter IDs on the target system and a firefighter gains access to them by going into GRC and completing a form showing how the firefighter ID will be used, and then the GRC system will let the firefighter into the target system using that firefighter ID.

  • Key figures in Cost elemnt based report

    Dear All,
    I have created a Cost Element based Report for the Project using report painter. In this same report, I want to pull a key figure(the key figure is 'remaining forecast planned costs") which is coming from cost forecasting report (Report 12CTC1 from transaction CJE0).
    The issue is this 'key figure' is not available for report made in report group 6P3(report group for cost element based report). Is there anyway I can pull this particular key figure in my report.
    Thanks in advance !
    Regards,
    Mahendra Dighe

    Also if you're using HR data, the employee data is time dependent, so that for each employee number there are any number of records. This may be causing the aggregate reporting condition that you mentioned. In BW it's important to recognize that the master data also can play a role in how many records are returned. The infoprovider is not the only source of additional records. For example:
    Employee has three records in the time range.
    Salary infoprovider has only one.
    Results will contain THREE records, one for each employee record, all with the same salary record. On an aggregate basis, the salary results will be multiplied by three.
    Time dependent master data can be a source of much confusion. For some HR reporting, I have created a 'most current' employee master data record that is not time dependent, and is loaded daily. I then use that for data models such as salary or other separate infoproviders.

  • Key figures in cost element based report

    Dear All,
      I have created a Cost Element based Report for the Project using report painter. In this same report, I want to pull a key figure(the key figure is 'remaining forecast planned costs") which is coming from cost forecasting report (Report 12CTC1 from transaction CJE0).
      The issue is this 'key figure' is not available for report made in report group 6P3(report group for cost element based report). Is there anyway I can pull this particular key figure in my report.
      Thanks in advance !
    Regards,
    Mahendra Dighe

    Also if you're using HR data, the employee data is time dependent, so that for each employee number there are any number of records. This may be causing the aggregate reporting condition that you mentioned. In BW it's important to recognize that the master data also can play a role in how many records are returned. The infoprovider is not the only source of additional records. For example:
    Employee has three records in the time range.
    Salary infoprovider has only one.
    Results will contain THREE records, one for each employee record, all with the same salary record. On an aggregate basis, the salary results will be multiplied by three.
    Time dependent master data can be a source of much confusion. For some HR reporting, I have created a 'most current' employee master data record that is not time dependent, and is loaded daily. I then use that for data models such as salary or other separate infoproviders.

  • EAM ID based or Role based? Why settle for just one?

    G'Day All,
    I've raised a question in the following blog, however I would like to open it up to other people as well so they might get something out of it and in the process might share their own thoughts on the matter at hand.
    ID-Based Firefighting vs. Role-Based Firefighting
    So this is where I am at this point:
    From what I can gather so far, my understanding of EAM ID/ROLE based is as follows:
    - Id Based: Logs in using own U.ID and through GRAC_SPM accesess FFID from the GRC Server and logs into the system assigned to them (ECC, SRM, CRM etc)
    Only one user at a time can use a FFID.
    Firefighter need not exist in every system assigned to them due to central logon however they need to exist in the GRC system
    Knows exactly when FFID is being used as he/she has to login so has a psychological effect (good thing)
    Better tracking of FF tasks - Specific log reports with Reason Codes. Bonus point from Auditors!
    Two Log ins so potential to commit fraud. (1 action using own UserID and 1 action using FFID)
    Could be hard to track and find out when a fraud has been committed so can be a problem with auditors.
          ID Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFIDs assigned to you
          ID Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> You can see  the FFIDs assigned to you
    - Role Based: Logs into the remote system only using U.ID, so everything gets logged against that one ID. 
    Multiple users can use the FFROLE at once.
    Firefighter has to exist in every system assigned to them - so multiple logons.
    Hard to differentiate between FF tasks and normal tasks as no login required  So easy to slip up
    Time consuming to track FF tasks - No Specific log reports. No Reason Codes
         R.Based -> GRAC_SPM : TCode for Centralised FFighting -> You will see FFROLEs
         R.Based -> /n/GRCPI/GRIA_EAM : TCode for DCentralised FFighting -> Not applicable so wont work
    So based on this there are pros and cons in both however according to SAP only one can be used. To me personally,  it makes more sense to get the best of both the worlds right? So here is my question why can’t we just use both?
        . Really critical tasks -> FFID
        . Normal EAM tasks -> FFRole
    Alessandaro from the original post pointed this out:
    "Per design it isn't possible to achieve both types of firefighting at the same time. It's a system limitation and hence to configurable."
    Well this is what I can't seem to get my head around. For a FFID, there is a logon session so it has to be enabled and as far as I can tell there is no way around it.
    However for FFRole, there isn't such limitations/restrictions like starting a separate session. FFRole is just assigned to an end user for him/her to perform those tasks using their own user ID.
    So in what way is it different from any of their other tasks/roles, other than the fact that they've got an Owner/Controller assigned to the FFRole? and
    What is stopping us from using it when ID based is the default?
    If I were to do the following does it mean I can use both ?
        . Config Parameter: 4000 = 1 (GRC System) -> ID Based
        . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
    Please excuse me if my logic is a bit silly, Role Based firefighting is only done on Plug-in systems so the following should work just fine:
       . Config Parameter: 4000 = 2 (Plug-In)  - > Role Based
    However for ID based, it is a Central Logon, so the following is a must:
        . Config Parameter: 4000 = 1 (GRC System) -> ID Based
    Which means both ID/Role based can be used at the same time, which seems to be working just fine on my system. Either way I leave it you experts and I hope you will shed some light on it.
    Cheers
    Leo..

    Gretchen,
    Thank you for thoughts on this.
    Looks like I'm failing to articulate my thoughts properly as the conversation seems to be going in a different direction from what I am after. I'll try once more!
    My query/issue is not in regards to if/what SAP needs to do about this or why there isn't more support from Companies/Organizations and not even, which one is a better option.
    My query is what is stopping us(as in the end users ) from using both ID/Role based at the same time?
    Now before people start referencing SAP documentation and about parameter 4000, humour me with the following scenario please. Again I would like to reiterate that I am still in the learning phase so my logic might be all wrong/misguided, so please do point out to me where I am going wrong in my thought process as I sincerely would like to know why I am the odd one out in regards to this.
    Scenario
    I've created the following:
    FFID
    FFROLE
    Assigned them to, two end users
    John Doe
    Jane Doe
    I set the Configuration Parameters as follows: 
    IMG-> GRC-> AC-> Maintain Configuration Settings -> 4000:1 - ID Based
    IMG-> GRC (Plug-in)-> AC-> Maintain Plug-In Configuration Settings-> 4000:2 - Role Based
    User1
    John Doe logs into his regular backend system (ECCPROD001)-> executes GRAC_SPM-> Enters the GRC system (GRCPROD001)-> Because the parameter is set to ID based in the GRC Box, so he will be able to see the FFID assigned to him-> and will be presented with the logon screen-> Logs in -> Enters the assigned system (lets say CRMPROD001) At this point the firefighting session is under progress
    User2
    Jane Doe logs into her regular backend system (ECCPROD001) -> (can execute GRAC_SPM to check which FF Role has been assigned to her but she can see that in her regular menu, so there is no point) -> Executes the transactions assigned in FFROLEThis is done at the same time while FFID session is in progress
    So all I want to know is if this scenario is possible? if the answer is No, then why not?
    I physically carried out this scenario in my system and I had no problems(unless I am really missing the plot here), which brings me back to my original question: Why settle for just one?
    Again to reiterate I am not getting into the efficacy or merits of this or even if one should use this. Just want to know if it is possible/feasible or not.
    So there you have it. That's the whole enchilada(as they say there in Texas). I tried to word my thoughts as concisely as I can, if there are still any clarifications, more information you or anyone else reading this would like, please do let me know.
    Regards,
    Leo..

  • Role Based FireFighter

    Greetings All,
    We are doing SAP GRC Access Control implementation in our company. We have Modulewise Master Roles working as firefighter Roles. In emergency we assign it to a user for 24 hours. Now when we are implementing FireFighter we want to keep existing Role Model but use the funcationality of FF. Have anyone gone through this scenario, do let me know the steps we need to configure the existing model with new FF Model and AE.
    Thanks in advance,
    Regards,
    Sabita Das

    Try Firefighter roles instead of Firefighter users.
    FF access via role assignments can be approved and provisioned in Access Enforcer (AE). Firefighter access can also be removed via Access Enforcer by submitting a request to remove the firefighter roles. FF access approvals are captured in the AE audit trail. The business reason for requesting/approving the access can also be captured in the comment section of AE.
    FF access could be granted only after appropriate approvals EVERY time a user needs FF access. Each time a request for the FF role through AE (the request could go through a separate workflow path) and the request will be approved before being provisioned to the user. The approver can change the validity dates on the role assignment so that it can be provisioned for one day, for a week, a month, etc... An audit trail in AE will provide the approver information for historical purposes. This meets the policy of approvals every time FF access is provided instead of the 24/7 master data set-up in the original Firefighter process.
    When running an SOD risk analysis on the user, the report will show the SODs the user has including their Firefighter access. (These SODs would then be mitigated per user even though they are a Firefighter.) There is a risk to the company when a firefighter can do one half of the risk on their own user ID and the second half of the risk on their Firefighter ID. Although this could still be caught, it would take some manual analysis. By using role-based Firefighter, all activities are performed and recorded under the user's normal user ID.
    The Firefighter does not need to "check-out" a Firefighter ID the access is on their normal user ID.
    The standard SAP audit trails have the user IDs instead of the firefighter IDs, so when researching the change, the firefighter logs don't need to be analyzed to see which user had used that Firefighter ID at that time.

  • Role based Firefighter approach in AC 10

    I am in the process of implementing "role based" FF (ID based approach not implemented as users are not comfortable to login to GRC system to execute the tcodes).  I have a query about it.
    If we maintain the role based FF logins, and we run risk report, still all the conflicts are found associated with that FF ids as they have the conflicting role assigned to them in SU01.  So is it ok, to live with these conflict found related to FF ids.  what will be the case during audit, will they accept these risks occuring for the FF can be ignored.

    Hello,
    I think the best approach is to mitigate the risk as Alexander describes here:
    Why Role based Firefighter
    Cheers,
    Diego.

Maybe you are looking for

  • Tour Smartphone 9630 not synching. Getting "unknown error message"

    After 6 months of no problems, I am now unable to sync my Blackberry to my computer. I am getting an "unknown error message" what's going on?

  • I can't complete my new iPhone 4s set up.

    I have plugged in a new iPhone 4s to my Mac. As iTunes attempts to set up the new device, I am stuck on the Set Up page.  The iTunes message says "this computer has previously been synced with an iPhone (which is my wife's iPhone).  It then appears t

  • How to import a text file created in Pages (iWork '08) to Photoshop Elements

    I am totally a novice at working with Photoshop Elements.  I need help.  I want to create my business card in Photoshop Elements with a background image and then a text layer over the background layer.  The logo and text was created in Pages (iWork '

  • Structures and Data

    hello, i have a question. i think i know the answer already just want to make sure with you gurus. someone told me that structures don ot contain data. but i have seen code where people enhance structures that are on LBWE screen. so if they append st

  • ABAP code help to replace one field with another

    Hi All, I have one DSO which is holding data for fields WBS(Old) and Company Code(Old). and I have one table which holds the information for Ols WBS and Ols Comp Code along with their New WBS and New Comp code. for eg: In DSO : Old WBS , Old Comp.Cod