Row Level Security in EPM Workspace 11.1.2.2

Hi All,
I'm facing an issue while implementing Row Level Security in Workspace.
The error goes like this: "Error Accessing Row level security information Server Error: 1012 Unable to acquire row level security information from repository ..........".
I have configured ODBC,DAS as per the documentation and enabled the RLS using Navigate option.Given below are windows and db info
OS:Windows Server 2008- 64 bit
DB:MS Sql Server 2008
DBUser: with full admin permission on database.
Thanks in Advance

Hi All,
Given below is the DAS log..
[2013-06-25T10:16:21.761-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host:] [nwaddr: 10.24.206.86] [tid: 20] [userId: epmt] [ecid: 0000JxqQx2C4ulmLwqH7iW1Hm49K00000D,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: xxxxxxxx] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] SQL API: [SQLExecDirectW], SQL RETURN: [-1], SQL STATE: [42S02], SQL NATIVE ERROR: [208], SQL MESSAGE: [[Microsoft][ODBC SQL Server Driver][SQL Server]Invalid object name 'RLSUser1.BRIOSECG'.][[
[2013-06-25T10:16:21.761-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host: xxxxx] [nwaddr: 10.24.206.86] [tid: 22] [userId: epmt] [ecid: 0000JxqQx2F4ulmLwqH7iW1Hm49K00000E,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: gmarichetty] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] Unknown exception handled in RequestProcessor::GetRowLevelSecurityInfo()@D:\talleyrand\views\buster_talleyrand_bi_code\v1_bi_code\services\com\brio\one\services\das\proc\reqproc.cpp:1284[[
[2013-06-25T10:16:21.762-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host: xxxxxx] [nwaddr: 10.24.206.86] [tid: 20] [userId: epmt] [ecid: 0000JxqQx2C4ulmLwqH7iW1Hm49K00000D,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: xxxxxxx] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] DAS Exception handled in IDataAccessServiceImpl::getRowLevelSecurityInfo()@D:\talleyrand\views\buster_talleyrand_bi_code\v1_bi_code\services\com\brio\one\services\das\idl\impl\idasimpl.cpp:1560[[
Exception Message: Unable to acquire row level security information from repository.
Please note that ODBC/DAS are configured as per the documentation.I am able to see BRIOSECG table in SQL Server,IR Studio and Web Client "Invalid object name 'RLSUser1.BRIOSECG'.][[" ,but when i select some fields from this tables in web client and process,then getting stated above error..
Any Suggestions are appreciated...

Similar Messages

  • Setting up Row Level Security in EPM 11.1.1.3

    I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
    i) Enable row level security in Workspace.
    Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
    Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
    Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
    Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
    Any log I can inspect for the connectivity error?
    ii) Configure Row Level Security setting
    I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
    thank you very much.

    I have been following the Administration guide but failed to setup row level security in EPM 11.1. Please advise which part of my steps are wrong. (note I am using MS SQL Server for the EPM Shared Services and Workspace database, everything under Windows env)
    i) Enable row level security in Workspace.
    Step 1) Define a ODBC Data Source named "EPM_WS" in Windows. The ODBC Data Source points to the MS SQL Server database of EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR) related to row-level-security.
    Step 2) Login to workspace, select "Administer"->"Configuration Console". Edit "Interactive Reporting Data Access Services" and add a data source with ODBC->MS SQL Server -> "EPM_WS" as the name of datasource. Restart "Interactive Reporting Data Access Services".
    Step 3) Login to workspace, select "Administer"->"Row Level Security". Check "Enable Row Level Security", Choose ODBC->MS SQL Server-> fill in "EPM_WS" as Data Source Name"-> Provide correct user name and password. Click "Save Properties"
    Step 4) It always prompt "Server error setting the Connectivity. Recommended Action: Logoff and logon again. If problem persists contact your local security administrator."
    Any log I can inspect for the connectivity error?
    ii) Configure Row Level Security setting
    I know that for Hyperion IR, there is a file row_level_security.bqy comes with the installation. User can use this bqy file to configure the actual row level security setting. However, I cannot locate this bqy file in the EPM 11.1 installation. What is the proper step for setting up the row level security configuration?
    thank you very much.

  • Tips on Implementing Row Level Security

    Dear All,I am currently trying to implement row level security in Hyperion Intelligent version 8.2. The user guide is straight forward on explaining the steps. However, when I tried it, the row level security does not filter the information at all eventhough I have set the row level security setting in System Administration. Is there Anyone who can share their problems and experience when implementing row level security in Hyperion Intelligent version 8?Regards,Ricky

    I don't believe you need the bqy file anymore, as you set up the ODBC to connect to the database of the EPM Workspace since it contains the 3 tables (BRIOSECG, BRIOSECP, BRIOSECR).
    (I don't have an EPM instance with IR installed to check currently).
    Note: from the docs quoted earlier:
    If you want to implement row-level security in Reporting and Analysis, keep these points in mind:
    At least one Hyperion Interactive Reporting Data Access Service instance must be configured to access the data source storing your row-level security information.
    The database client library should be installed on the computer where the Hyperion Interactive Reporting Data Access Service is running.
    The data source for the Reporting and Analysis repository that has the row-level security table information should be configured.
    For security reasons, the user name and password to access the data source should differ from that used for the Reporting and Analysis user account.
    Regards, Iain

  • Help with implementing Row Level Security in Interactive Reporting

    We're deploying Hyperion BI+ 9.3.1, using Workspace and Interactive Reporting. I'm researching how we can use the Workspace row level security option. I've read what's available for documentation in the Workspace Administrator Guide and the Interactive Reporting Users Guide. I understand the concept of setting up rules with row_level_security.bqy, but I'm confused about where these tables should go and what actually happens when I go to Workspace > Administrator > Row Level Security and turn it on.
    The Administrator's Guide tells me the "properties" are stored in the repository, but the "rules" are in the "data source". Does that mean my BRIOSEC* tables go in the database I'm running my reports from? If so, then what's the data source I'm filling in on Workspace > Administrator > Row Level Security?
    I have many different database connections going to different Oracle and SQL*Plus instances, and I don't want to apply row level security to all of them. How does Workspace tell the difference between them? If I enable rules but create a report from a database that doesn't have rules defined for it, what happens?

    The 3 tables used with the RLS are stored in the same schema as your repository by default.
    The RLS store all the Rules for any database that you are using.
    You define the rules based on the tablename (owner.tablename) and the column name.

  • Row Level Security not working for SAP R/3

    Hi Guys
    We have an environment where the details are as mentioned below:
    1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
    2. The SAP roles are imported in Business Objects CMC.
    3. Crystal Reports are published on the Enterprise as well.
    3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
    Any help in this issue is greatly appreciated.
    Thanks and Regards
    Kamal

    Hi,
    In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
    This tool defined which tables are to be restricted based on authorizations.
    However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
    You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
    thanks
    Mike

  • Row level security at universe design level

    Hi,
    I am creating a Universe layer on top of non SAP OLAP cube ( from MS Analysis Services 2005 ) .
    My concern is that can we maintain the row level or data level security at universe design level or if i am using that universe in creation of WEBI report so is there any possiblity to maintain this security at WEBI level.
    Regards,
    Mishra Vibhav.

    Thanks for the reply.
    Much Appriciated.
    My only concern is that i read in the Universe Designer developer guide that it does the row level security so can eloborate a bit about how we maintain at Universe level.
    Warm Regrads,
    Mishra Vibhav

  • Row level security in BI Publisher

    Hi All ,
    I am using BI publisher for reporting on Siebel system.The issue I am facing is regarding row level security.Even if I am logging with Employee Id, when I generate report ,I have acess to all the information of the other employees.
    e.g. If as a cashier I made some entry , when I generate report on collection made by me, its bringing me all the collections made by other cashiers also.
    I am generating these report from siebel side.I am not sure if we can apply the rowlevel security to BI Publisher.
    Does anyone has used Siebel or EBS with BI Publisher and have row level security ? I am also not sure How to see the reports by loging into BI Publisher .If I am using Siebel or EBS, what is going to be my Data Model or Data Set.
    Can anyone help me on this?
    Thanks!!

    Oracle HRMS has its own security built-in to the schemas. Other modules you will need to customize for your own use.

  • How to check the row level security in TOAD for oracle

    Hi ,
    for ex, i have 2 types of users
    normal user and super user
    super user can see the group set (some column name) created by normal user
    but normal user can not see the set created by super user
    this set crestion aslso has 3 types "U','P',S'
    P & S can be viewed by even normal user
    but U should not
    so here we are having some row level security for the normal user .....
    So, in TOAD for oracle how to check that......
    Let me know if i'm not clear

    Like
    I'm the super user....
    And some records are inserted to a table by different users ('a' , 'b', etc....)
    So,if user 'a' logins then he can be able to see only the records inserted by 'a' only...
    how to see in TOAD where such type of scripts (filter conditions) are written.....

  • Row level security in Hyperion System 9 - 9.3.1

    Hi Gurus,
    I have a requirement where the users get to see records in a table based on their localization code. This is currently implemented using views.
    The view has a set of conditions which checks the localization table with te employee table. For example, if any of the first manager, second manager etc.. localization code
    matches then they get to see records for that location.
    The RLS in Hyperion uses Groups to assign security rules. But in my case, the determination is dynamic based on the localization code. And these things change depending on employee movement, transfer, promotion etc..
    In such a scenario, can I use RLS only if I know a set Groups of users and where they belong to? Can RLS accomodate my above said requirement?
    z

    Follow the steps in the following link to set up OID and Row level security:
    http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/
    Instructions for the link above:
    1.In place of Edit Data Source as database you have to select LDAP,define the groups and default initializer as filter expression.
    2.A more simpler approach ,is to create the groups explicitely using the Security Manager in BI Administrator, add filters to those groups, and assign users to those groups.
    Otherwise follow Matt's view
    Thanks,
    Amrita

  • Crystal reports LOV cascading prompts row level security not working

    Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
    Using XIR2 environment.
    Appreciate the response.
    Thanks
    Chenthil

    Hi Chen,
    In terms of what could be done on the Crystal Reports end, there is no such controls available.  However, your question may be better answered if it was posted to our Business Objects Enterprise forum. 
    It is at "BusinessObjects Enterprise Administration" section of the forums.
    FYI.

  • Obi 11g row level security not working

    All,
    I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
    Very frustrated... ;(

    Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
    1) I created a test user
    2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
    3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
    4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
    5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool.

  • Row level security not working if I hit the aggregate

    I have applied row level security on presentation layer , however it does not work if the report hit the aggregate any idea on this...

    Hi Ingo,
    Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
    This custom auth object is maintained for the PA0001 table.
    This object is added at the role level with the restricted access to the Company Code..

  • Row Level Security Not working for the ECC table.

    Hi All,
    We have created a crystal report using SQL Driver.
    We have set the row level security on PA0001 table so that we can restrict the query based on Company Code.
    But when I run the report, it bypasses the row level security and gives access.
    Am I missing some configuration?

    Hi Ingo,
    Security is set up using /crystal/rls transaction. A custom auth object is used for checking the company code with a single field "BUKRS".
    This custom auth object is maintained for the PA0001 table.
    This object is added at the role level with the restricted access to the Company Code..

  • Row level security in OBIEE 11g: Which is better: VPD or RPD

    We can apply row level security in OBIEE by 2 ways.
    1. by Creating Initialize Block in RPD
    2. or Applying VPD in Database, which restricts source tables
    Which one is more efficient and why?
    Thanks,
    Sunil Jena

    you will have some degree of performance degradation with either approach since you are adding additional filters so I would not use that as the main factor to decide. You need to assess your actual requirements. What is the basis by which you are planning on doing the security. Is LDAP the main basis for the security? Do you plan to use certain roles? if your security is more based on roles at the application level, then it may be easier to define at the Application level (OBIEE)...if its just based on a certain user ID for a set of tables, then perhaps VPD can work. If helpful, pls mark.

  • Row level security with session variables, not a best practice?

    Hello,
    We are about to implement row level security in our BI project using OBIEE, and the solution we found most convenient for our requirement was to use session variables with initalization blocks.
    The problem is that this method is listed as a "non best practice" in the Oracle documentation.
    Alternative Security Administration Options - 11g Release 1 (11.1.1)
    (This appendix describes alternative security administration options included for backward compatibility with upgraded systems and are not considered a best practice.)
    Managing Session Variables
    System session variables obtain their values from initialization blocks and are used to authenticate Oracle Business Intelligence users against external sources such as LDAP servers or database tables. Every active BI Server session generates session variables and initializes them. Each session variable instance can be initialized to a different value. For more information about how session variable and initialization blocks are used by Oracle Business Intelligence, see "Using Variables in the Oracle BI Repository" in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
    How confusing... what is the best practice then?
    Thank you for your help.
    Joao Moreira

    authenticating / authorizing part is take care by weblogic and then USER variable initialized and you may use it for any initblocks for security.
    Init block for authenticating / authorizing and session variables are different, i guess you are mixing both.

Maybe you are looking for

  • Help needed to add an image to a datagrid cell in actionscript

    Morning all, I am still quite new to flex development and I have an application which uses xml to populate a datagrid. One of the row columns should display a small image but I don't know how to do that. Can anyone show me how to add an image to a da

  • When I print, resolution changes, can I reset Acrobat to default settings?

    I can't see any issue with any of my settings though shortly after reinstalling CS a month ago, Acrobat started printing to a much lower resolution than the PSD (or any application) is set to print to, though Photoshop may be the only one where I am

  • Oracle Receivables Customer Profile deletion

    This customers custom program ( Apps 11.5.5) tries to update the Terms in a custom table by looking up Standard Terms ( joining AR_CUSTOMER_PROFILES and RA_CUSTOMERS; the custom table holds Customer Number). This update fails with an ORA-01427 becaus

  • Internet is Slowing Down

    Ok, look I know that there are some very informed computer techs here. That is why I came here to the Apple forums,,And what I want is the truth. Yes I want you to cough up the truth one of you tecchies out there who are familiar with what exactly in

  • Potential virus, MBR, system recovery

    Dear ThinkPad experts, I might have a virus on my ThinkPad T60, and as the Windows XP on it is already messed up, I would like to recover the ThinkPad to original status using the built-in recovery functions. I now have two questions concerning that: