Row level security in dashboard
Hello Experts,
We have a scenario where in my dev team is designing dashboard based on SAP BW (bex query) via OLAP universe -> Webi reports -> Xcelsius. We need to implement data security(row level) in the dashboard i.e : The user when he sees the dashboard, should see data w.r.t only to his context.
What are the different possible ways to handle such a situation?
Can we use Xcelsius publishing plug in?
Cheers,
AK
Hi Ingo,
Thanks for your reply.
So Xcelusis publishing plug in will not solve my problem right? & I need to have BI authorizations defined in SAP system?
I am having tough time convincing my customer about this.
Thanks
Cheers,
AK
Similar Messages
-
Row level security in Xcelsius through scheduled reports?
Hi Experts,
Our requirement is to implement row level security in Xcelsius dashboards from SAP BW source through Bex queries which would have authorization variables. We have seen that these Bex authorization variables work in Webi reports and security is applied appropriately. But do they work in upto Xcelsius as well, if we use Live Office Parameter binding option? If it does, then do we need to create prompts agian in Webi?
We have also seen that security is applied if we use the BICS (SAP Netweaver native connectivity) option. However our objective is to schedule as many reports as possible in the dashboard to save on report refresh time at run-time, which is not possible is BICS or QAAWS. Therefore the best option for us would have been if we could apply row level security on scheduled reports.
Can you please advise on the best approach? Your help is greatly appreciated.
Thanks,
SougataSince you are using BEx queries as data sources authorization variables is the only way to apply row level security. This will work fine also for XCelsius dashboards that run in the InfoView (in an SAP logon context eg. when the user uses it's SAP credentials to login into the InfoView) and fetch data on-demand over LO from your WebI reports. Just make sure that the underlying webi reports are set to use SSO.
If you are using scheduled report instances no row level security is applied depending on the context of the user that started the dashboard. XCelsius will get the data that have been saved in the instances. In this case the row level security has been already applied at the moment the report instance was created BUT for the user who scheduled the reports to run.
Regards,
Stratos -
Object Level Security,Data Level Security&Row level Security
can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
Thanks in advance,
KumarHi Kumar
Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
Please mark Correct or helpful if this clears -
How to implement Bursting(Row level security) in Xcelsius
Hi,
We are using Xcelsius 2008. We have created xcelsius dashboard using Qaaws but for authentication in qaaws we are suing enterprise authentication and default user.
Now in my dashboard i have one combo box wich gives data fro diffrent states, now i need to restrict the user to see the state values. I implement the row level security in universe, when i create webi report and view that reprot in infoview, the row level security works. But when i publish the dashboard to infoview the row level security doesn't work.
We are uisng XO 3.1 with SSO on IIS. So how and what are the diffrent option available to implement the row level security in Xcelsius Dashboard.
Thanks for the help in advance.
Thanks,
Nimesh.Nimesh,
Were you able to implement ? I have a requirement to use the same dashboard for 5 regional users.
Row level security works.
combo box intial value is Global , when I login as North America user, combo still shows Global but it will have the value of North America.
i am curious to know how you implemeted this?
Thanks
Pushpa -
Row Level Security not working for SAP R/3
Hi Guys
We have an environment where the details are as mentioned below:
1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
2. The SAP roles are imported in Business Objects CMC.
3. Crystal Reports are published on the Enterprise as well.
3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
Any help in this issue is greatly appreciated.
Thanks and Regards
KamalHi,
In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server. This is a server side tool which the Integration solution for SAP offers as a transport.
This tool defined which tables are to be restricted based on authorizations.
However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview. If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
thanks
Mike -
Row level security at universe design level
Hi,
I am creating a Universe layer on top of non SAP OLAP cube ( from MS Analysis Services 2005 ) .
My concern is that can we maintain the row level or data level security at universe design level or if i am using that universe in creation of WEBI report so is there any possiblity to maintain this security at WEBI level.
Regards,
Mishra Vibhav.Thanks for the reply.
Much Appriciated.
My only concern is that i read in the Universe Designer developer guide that it does the row level security so can eloborate a bit about how we maintain at Universe level.
Warm Regrads,
Mishra Vibhav -
Row level security in BI Publisher
Hi All ,
I am using BI publisher for reporting on Siebel system.The issue I am facing is regarding row level security.Even if I am logging with Employee Id, when I generate report ,I have acess to all the information of the other employees.
e.g. If as a cashier I made some entry , when I generate report on collection made by me, its bringing me all the collections made by other cashiers also.
I am generating these report from siebel side.I am not sure if we can apply the rowlevel security to BI Publisher.
Does anyone has used Siebel or EBS with BI Publisher and have row level security ? I am also not sure How to see the reports by loging into BI Publisher .If I am using Siebel or EBS, what is going to be my Data Model or Data Set.
Can anyone help me on this?
Thanks!!Oracle HRMS has its own security built-in to the schemas. Other modules you will need to customize for your own use.
-
Setting up Row Level Security in EPM 11.1.1.3
I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
i) Enable row level security in Workspace.
Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
Any log I can inspect for the connectivity error?
ii) Configure Row Level Security setting
I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
thank you very much.I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
i) Enable row level security in Workspace.
Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
Any log I can inspect for the connectivity error?
ii) Configure Row Level Security setting
I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
thank you very much. -
How to check the row level security in TOAD for oracle
Hi ,
for ex, i have 2 types of users
normal user and super user
super user can see the group set (some column name) created by normal user
but normal user can not see the set created by super user
this set crestion aslso has 3 types "U','P',S'
P & S can be viewed by even normal user
but U should not
so here we are having some row level security for the normal user .....
So, in TOAD for oracle how to check that......
Let me know if i'm not clearLike
I'm the super user....
And some records are inserted to a table by different users ('a' , 'b', etc....)
So,if user 'a' logins then he can be able to see only the records inserted by 'a' only...
how to see in TOAD where such type of scripts (filter conditions) are written..... -
Row level security in Hyperion System 9 - 9.3.1
Hi Gurus,
I have a requirement where the users get to see records in a table based on their localization code. This is currently implemented using views.
The view has a set of conditions which checks the localization table with te employee table. For example, if any of the first manager, second manager etc.. localization code
matches then they get to see records for that location.
The RLS in Hyperion uses Groups to assign security rules. But in my case, the determination is dynamic based on the localization code. And these things change depending on employee movement, transfer, promotion etc..
In such a scenario, can I use RLS only if I know a set Groups of users and where they belong to? Can RLS accomodate my above said requirement?
zFollow the steps in the following link to set up OID and Row level security:
http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
Instructions for the link above:
1.In place of Edit Data Source as database you have to select LDAP,define the groups and default initializer as filter expression.
2.A more simpler approach ,is to create the groups explicitely using the Security Manager in BI Administrator, add filters to those groups, and assign users to those groups.
Otherwise follow Matt's view
Thanks,
Amrita -
Crystal reports LOV cascading prompts row level security not working
Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
Using XIR2 environment.
Appreciate the response.
Thanks
ChenthilHi Chen,
In terms of what could be done on the Crystal Reports end, there is no such controls available. However, your question may be better answered if it was posted to our Business Objects Enterprise forum.
It is at "BusinessObjects Enterprise Administration" section of the forums.
FYI. -
Obi 11g row level security not working
All,
I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
Very frustrated... ;(Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
1) I created a test user
2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool. -
Row level security not working if I hit the aggregate
I have applied row level security on presentation layer , however it does not work if the report hit the aggregate any idea on this...
Hi Ingo,
Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
This custom auth object is maintained for the PA0001 table.
This object is added at the role level with the restricted access to the Company Code.. -
Row Level Security Not working for the ECC table.
Hi All,
We have created a crystal report using SQL Driver.
We have set the row level security on PA0001 table so that we can restrict the query based on Company Code.
But when I run the report, it bypasses the row level security and gives access.
Am I missing some configuration?Hi Ingo,
Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
This custom auth object is maintained for the PA0001 table.
This object is added at the role level with the restricted access to the Company Code.. -
Row level security in OBIEE 11g: Which is better: VPD or RPD
We can apply row level security in OBIEE by 2 ways.
1. by Creating Initialize Block in RPD
2. or Applying VPD in Database, which restricts source tables
Which one is more efficient and why?
Thanks,
Sunil Jenayou will have some degree of performance degradation with either approach since you are adding additional filters so I would not use that as the main factor to decide. You need to assess your actual requirements. What is the basis by which you are planning on doing the security. Is LDAP the main basis for the security? Do you plan to use certain roles? if your security is more based on roles at the application level, then it may be easier to define at the Application level (OBIEE)...if its just based on a certain user ID for a set of tables, then perhaps VPD can work. If helpful, pls mark.
Maybe you are looking for
-
Satellite 5100 - Question about dead pixels. Is it really dead pixel problem?
Hi, I've got Satellite 5100-603. There have been some dead pixels on display. I don't know is it really dead pixel problem or not because the black area seems to be behind the screen. When i move left and right sides, the black area moves left and ri
-
My iphoto quites unexpectedly everytime I open it and says closes while using the eOkaoFr.dylib plugin. Does anyone know how to fix this? iphoto won't stay open for more than 1 minute at a time. Help anyone?
-
Code Insight.... Cloumn Names?
Hi Guys, I was recently using SQL Worksheets and toyed with the code insight, and noticed that if I type in the schema name, code insight kicks in an provide a list of table names in that schema. But when I reach the where section of my SQL and the c
-
Disabling push button column cell on alv grid control (OOABAP)
Hello All, I have a requirement where I need to add one column as pushbutton in alv grid display. I have done that and it's triggering button_click event also. The problem here is that I want the few <b>push button cells</b> of that column to be disb
-
HT4108 iOS 6.1.3 and av adapter issue
A few weeks ago bought the Apple Digital AV Adapter, Model # A1422, for use with an iPad 2 (wi-fi only). It worked without issue for about two weeks until I updated the iPad to iOS 6.1.3 in connection with my purchase of a new MacBook Air. Now I ha