Secure Variables
Hi All,
I noticed an issue with 'Secure variables' in our queries. We have a char. called 'Seller' in our queries.
A secure variable 'ZSLLR' was created on this char. in one of the queries created against a cube.
Then a query was created on an Info object 'Customer' of which 'Seller' was an attribute. When i tried to secure 'Seller', i couldn't find 'ZSLLR' in the list of variables. I had to create a new secure variable 'ZSLLR1' for the 'Seller' characteristic.
We then created a query on an Infoset which had 'Customer' info object as one of its components. When i tried to secure 'Seller', i coudln't see 'ZSLLR' and 'ZSLLR1'. So, i had to create another secure variable 'ZSLLR2' on the same 'Seller' char.
The issue is we have been securing 'Distribution Channel' in each of these queries. I can see the same secure variable on Distr. Channel on each of these queries. But for some reason, i don't see all of the secure variables created on the 'Seller'.
George.
Message was edited by: George Smith
Hi Bhanu,
Yes, the Technical name of 'Seller' is the same. The descriptions of the info object is same for the queries created on Info object and Infoset. If thats an issue (Which i don't think it is), even then i should still see 'ZSLLR1' and ZSLLR2' in both these queries.
George.
Similar Messages
-
OBIEE 11g, BI Apps EBS: What are default security variables and Init Block
Hi,
We are implementing BI Apps 7.9.6.3 [OBIEE 11.1.1.1.5 with EBS modules]. Out of the box RPD and mappings.
There are many VARIABLES and INIT BLOCKS in the RPD. Some of them are mainly for Siebel, Jd Edwards etc.
I need to know what are the default variables and Init Block configures in RPD. Also it will be highly appreciated if anyone can point out what segments we should configure if we need to implement security with simple database table authentication with SSO?
Thanks in advance.You should review this doc for the options for EBS/OBIA security:
http://docs.oracle.com/cd/E20490_01/bia.7963/e19042.pdf
If helpful, pls mark as correct or helpful. -
Is there a way to secure Variable Manager in the RPD?
We would like to grant ability to access Variable Manager to selected developers. Is it possible?
Thank youHi
Clarify your objective of giving access of Variable Manager. So, in a controlled dev environment, you may either allow developers to add variables or reset default values.
You can achieve both by adding variables using udml 'Declare RP Variable.....Declare Session Variable...' and loading through nqudmlexec in /bin folder
This should help for the above purpose
Rgds -
Extracting username and password from security header
Hey all,
I'm writing a BPEL process that invokes two secured web services. One of them authenticates using Username Token and the other has a authenticate method in which the username and password are supplied as Strings. I have successfully propagated the credentials from the BPEL process to the web service using Username Token by doing the following:
1) I secured my BPEL process
2) I imported oasis-200401-wss-wssecurity-secext-1.0.xsd and from it created a variable of type Security
3) I added the security variable to the Header Variables for the BPEL process input
4) I added the security variable to the Input Header Variables for the web service's invoke operation
This worked fine. However, I need to be able to extract out the username and password and supply them as Strings to the authenticate method of the other web service. How can this be done? If it can't, what are some alternatives?
Environment:
JDeveloper 11.1.1.6.0
Thanks,
BillHi Sri,
If I understand your steps correctly, I think the problem I'm having rests with the second step. I don't know how to get a hold of the username and password to assign to the local variables you mention. The BPEL process itself uses Username Token for authentication. These credentials need to be passed to the web services invoked within the BPEL process. If I assign the security header variable directly to the string output for the BPEL process, the string returned will be the complete XML security header, which includes the username and password. However, the security header variable itself doesn't expose the username and password directly. In other words, I can't expand the security header variable node in the dialog for editing the Assign operation and get to the username and password. I think one solution is to parse out the username and password from the complete XML security header using string operations (substring, index-within-string, etc). Also, regarding step 4, I'm not sure if passing the credentials in the header will work for this web service. I think the web service is expecting the credentials as parameters to its authenticate method.
Thanks,
Bill -
Setting security credentials dynamically in Oracle BPEL
Hi,
I am tring to pass security credentials dynamically to partner link in oracle BEPL using following code(.bpel). But when i try to complie i am getting below error
Error:
[Error ORABPEL-10902]: compilation failed
[Description]: in "bpel.xml", XML parsing failed because "undefined part element.
In WSDL at "file:/D:/BEPL/OWSM/CustomHeader/bpel/CustomHeader.wsdl", message part element "{http://xmlns.oracle.com/CustomHeader}CustomHeaderProcessResponse" is not defined in any of the schemas.
Please make sure the spelling of the element QName is correct and the WSDL import is complete.
[Potential fix]: n/a.
please help me to sort out above problem. I want to pass the credentials dynamically to partner link in oracle BEPL is it the raight way to do. Kndly respond if any other way.
<?xml version = "1.0" encoding = "UTF-8" ?>
<!--
Oracle JDeveloper BPEL Designer
Created: Tue Apr 14 15:51:03 IST 2009
Author: sivaramakrishnaa
Purpose: Synchronous BPEL Process
-->
<process name="BPELSycProcess"
targetNamespace="http://xmlns.oracle.com/BPELSycProcess"
xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:xp20="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20"
xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns1="http://datespackage/"
xmlns:ldap="http://schemas.oracle.com/xpath/extension/ldap"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:client="http://xmlns.oracle.com/BPELSycProcess"
xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
xmlns:ora="http://schemas.oracle.com/xpath/extension"
xmlns:orcl="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc">
<!--
PARTNERLINKS
List of services participating in this BPEL process
-->
<partnerLinks>
<!--
The 'client' role represents the requester of this service. It is
used for callback. The location and correlation information associated
with the client role are automatically set using WS-Addressing.
-->
<partnerLink name="client" partnerLinkType="client:BPELSycProcess"
myRole="BPELSycProcessProvider"/>
<partnerLink myRole="GetDatesWS_Role" name="GetDatesWS"
partnerRole="GetDatesWS_Role"
partnerLinkType="ns1:GetDatesWS_PL"/>
</partnerLinks>
<!--
VARIABLES
List of messages and XML documents used within this BPEL process
-->
<variables>
<!-- Reference to the message passed as input during initiation -->
<variable name="inputVariable"
messageType="client:BPELSycProcessRequestMessage"/>
<!-- Reference to the message that will be returned to the requester-->
<variable name="outputVariable"
messageType="client:BPELSycProcessResponseMessage"/>
<variable name="Invoke_GetDate_getDate_InputVariable"
messageType="ns1:GetDatesWS_getDate"/>
<variable name="Invoke_GetDate_getDate_OutputVariable"
messageType="ns1:GetDatesWS_getDateResponse"/>
<variable name="wscheaders" element="ns4:Security"/>
</variables>
<!--
ORCHESTRATION LOGIC
Set of activities coordinating the flow of messages across the
services integrated within this business process
-->
<sequence name="main">
<!-- Receive input from requestor. (Note: This maps to operation defined in BPELSycProcess.wsdl) -->
<receive name="receiveInput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="inputVariable" createInstance="yes"/>
<!-- Generate reply to synchronous request -->
<assign name="Assign_1">
<copy>
<from>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>siva </wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">kris</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</from>
<to variable="wscheaders"/>
</copy>
</assign>
<assign name="Assign_Before">
<copy>
<from expression="'Before Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<invoke name="Invoke_GetDate" partnerLink="GetDatesWS"
portType="ns1:GetDatesWS" operation="getDate"
inputVariable="Invoke_GetDate_getDate_InputVariable"
outputVariable="Invoke_GetDate_getDate_OutputVariable"
bpelx:inputHeaderVariable="wscheaders"/>
<assign name="Assign_After">
<copy>
<from expression="'After Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<reply name="replyOutput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="outputVariable"/>
</sequence>
</process>
Thanks & Regards,
SivaThere are so many limitations on what can and cannot be done in Apps related forms so you should ask this question in the relevant Apps forum: OA Framework (I would think)
-
Influencing query security - burning problem
Hi all,
I've a burning problem that I was not able to find a solution for within 1 week so far.
I want to simplyfy a selection of variables needed to run a query. So in fact you need three different values to identify a specific set of data. In order to not have the user to enter those 3 independent values, with all the risk of selecting invalid combinations, I created a new InfoObject that holds the three infoobjects (and some more) as attributes. So the user selects only one and I'm doing the work behind the scenes using user exit variables. I've created a multiprovider to combine the two cubes and the infoobject. The value that the user is selecting fron the "dummy" object needs to be excluded from the selection otherwise he'll see no data. This works very well so far, but as soon as security comes into play I run into problems. With security activated on the dummy infobject, the F4 help screen that allows the user to select what he wants to se is restricted, so it only shows the values that he's cleared for. Which is fine. When he selects one of the values it will be excluded as I#m using a selection option variable (no authorization variable) as the default of the variable needs to
be exclusion and not include. When the query then is executed I'm getting a message that the user is not authorized to read the security object (BRAIN804). So I probably will need a security variable, but this is not working to do what I need as a authorization variable gets populated with all the values that the user is cleared for. I only want one value and that should be picked fro the list.
Also this value need to be excluded otherwise I'll see no data as the dummy infobj. is not contained in the other two cubes. Have restricted the query to only use the two cubes and not the infobj. but as long I don't exlude the value it will retrieve no data.
Now my question - how can I influence the behavior of the security variable ? Remove some values via user exit, switch from inclusion to exclusion
or just use the security entries to read them and build the contents of the F4 help.
So any idea - answer is highly appreciated.
Bernd Dümmel
Eastman KODAKArun,
I was able to resolve the problem by adding # to the restrictions. That allowed me to be able to switch from exclude to include on the variable the user does the input. This also allowed me to switch the variable from selection option to single value. In doing this I then could add the authorization variable to the restrictions as well. Now the F4 list is restricted (based on the authorizations of the user) and all the security is working. So without the trick with the # value I would have needed to implement security within some user exits.
Thanks
Bernd -
Hi,
I did security setup but it is not working, can you please help
Step 1: Created security object (rsecadmin) in that for profit ctr i selected hier node, for infoprovider i selected cube (transactional cube)
Step 2: Created role (pfcg)
Step 3: In su01 i assigned the role
When i run the report it is not restricting the profit ctr hierarchy node (in the query i have security variable).
Can help is appreciated.
Thanks
RameshWhen you are creating Auth Object for Hierarchy...are you assigning values manually or you have any customer exit code to restrict the values? If you are assigning the correct value in RSECADMIN it will restrict your query for sure.
In PFCG I hope you are adding your auth object in S_RS_AUTH Authorization? You can also simply assign auth object to user directly in RSECADMIN.
You can also check if your query is using created authorization object or not by going to tcode RSECPROT.
Kamaljeet -
Using Run As Account credentials
I want to use Run As Account (SCOM) credentials (created by me using simple authentication) in a PowerShell script (on RMS machine).
Can I be able to get the username and password and pass these into my script?
Regards,
RaviHi!
Long time ago...
I assume you need to handover Username and Password as parameter to your PoSh workflow. For that you should add the following to your probe action where you trigger the powershell module:
<Parameter>
<Name>RunAsUsername</Name>
<Value>$RunAs[Name="your.mp.namespace.here.RunAsProfile"]/UserName$</Value>
</Parameter>
<Parameter>
<Name>RunAsPassword</Name>
<Value>$RunAs[Name="your.mp.namespace.here.RunAsProfile"]/Password$</Value>
</Parameter>
Within your script you can create a PSCredential object if needed:
$RunAsCredential = New-Object System.Management.Automation.PSCredential -Argumentlist @($RunAsUsername,(ConvertTo-SecureString -String $RunAsPassword -AsPlainText -Force))
Now you can access that secure variable in a given CMDLET (mostly by -credential $RunAsCredential)
HTH (still),
Patrick
http://www.syliance.com | http://www.systemcenterrocks.com -
Signing message with certificate: JCE, IAIK or similar in IBM SDK 5.0
So, I'm in a very difficult problem.
Using Java:
I've an enterprise certificate (in .p12 format) altogether with its public key ("password" string). Also I've a text message which I've to sign in PKCS7 format. I've been reading a lot and I've realized that there's no STANDARD implementation to do what I want to do. There is the JCE/JCA API and the Certification API, but they are just API's, no implementation. Here are the facts:
-I've to run the application in the IBM JDK 5.0 (AS400 system).
-My application actually works in the SUN JDK 6.0 using the IAIK security provider, but not using JCE, its a very ugly code which I dont know really what it does, but it works. When I put it on the IBM JDK 5.0 it fails (java nullpointer blah blah).
-IAIK Documentation says that it works on JDK 5.0. Yeah, it works, but in SUN implementation, not in IBM's.
Today I don't know what the heck to do, really. What do you think it's the best solution?
-Trying to make the IAIK code work in IBM SDK 5.0 by test-and-error method.
-Trying to sign the message using JCE and the IBM JCE provider (this is what I'm actually trying to do). It would be very nice if somebody provides something to read about (I've read lot of IBM/SUN documentation and I couldnt find anything useful for now.
-Trying to put the SUN JDK 6.0 in the AS400. This would be the easy solution but my bosses said that this is impossible and very dangerous, and additionally this wouldn't work.
-Also I've another code which uses the BouncyCastle provider but this doesn't work. Would this be better to learn how to use? I prefer using standards, though.
In conclusion:
I've 4 security providers: IBM, SUN, IAIK and BouncyCastle (just IAIK works, and I need IBM), and
I've 4 SDK's: IBM 5.0, IBM 6.0, SUN 5.0 and SUN 6.0 (just SUN/IBM 6.0 works, and I need IBM 5.0).
I would like any documentation useful to read. I would provide any information which could be important to answer my question.But I hope this could fix it :(
My last code:
public static String firmar(String contenido, String certificado, String password)
throws Exception {
System.out.println(new Date() + ":: Signing using IAIK provider.");
boolean dettached = true;
boolean attributes = true;
boolean CRLF = true;
IAIK iaik = new IAIK();
Security.addProvider(iaik);
byte aByteInfoToSign[] = contenido.getBytes("UTF8");
if(aByteInfoToSign == null)
throw new IOException("Empty message.");
byte digest[] = SHA1(aByteInfoToSign);
String digestHEX = toHexString(digest);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fileinputstream = new FileInputStream(certificado);
keystore.load(fileinputstream, password.toCharArray());
String alias = null;
Enumeration enumeration = keystore.aliases();
if(enumeration.hasMoreElements())
alias = enumeration.nextElement().toString();
else
throw new KeyStoreException("Firmador IAIK: Empty Keystore.");
Certificate certificate = keystore.getCertificate(alias);
PrivateKey privatekey = (PrivateKey)keystore.getKey(alias, password.toCharArray());
* Declared absolutely to avoid incompatibilities betwenn IAIK and Sun classes.
iaik.x509.X509Certificate ax509certificate[] = new iaik.x509.X509Certificate[1];
ax509certificate[0] = new iaik.x509.X509Certificate(certificate.getEncoded());
IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(ax509certificate[0]);
SignerInfo asignerinfo[] = new SignerInfo[1];
asignerinfo[0] = new SignerInfo(issuerandserialnumber, AlgorithmID.sha1, AlgorithmID.rsaEncryption, privatekey);
Attribute aattribute[] = new Attribute[4];
aattribute[0] = new Attribute(ObjectID.contentType, new ASN1Object[] {
ObjectID.pkcs7_data
aattribute[1] = new Attribute(ObjectID.signingTime, new ASN1Object[] {
(new ChoiceOfTime()).toASN1Object()
ObjectID oid = new ObjectID("1.2.840.113549.3.2");
SEQUENCE seqRC2 = new SEQUENCE();
seqRC2.addComponent(oid,0);
seqRC2.addComponent(new INTEGER(40));
SEQUENCE seqEncrypAlgoritmos = new SEQUENCE();
seqEncrypAlgoritmos.addComponent(seqRC2);
Attribute atributo = new Attribute(ObjectID.symmetricCapabilities,
new ASN1Object[] {seqEncrypAlgoritmos});
aattribute[2] = atributo;
aattribute[3] = new Attribute(ObjectID.messageDigest, new ASN1Object[]{ new OCTET_STRING(digest) });
if(attributes)
asignerinfo[0].setAuthenticatedAttributes(aattribute);
byte byte0;
if(dettached)
byte0 = 2;
else
byte0 = 1;
SignedData signeddata = new SignedData(digestHEX.getBytes(), byte0);
signeddata.setCertificates(ax509certificate);
signeddata.addSignerInfo(asignerinfo[0]);
ContentInfo contentinfo = new ContentInfo(signeddata);
if(!contentinfo.hasContent())
throw new Exception("Couldn't create the sign");
ByteArrayOutputStream result = new ByteArrayOutputStream();
ByteArrayOutputStream source = new ByteArrayOutputStream();
contentinfo.writeTo(source); // <-- here is the error (line 136)
Base64OutputStream base64outputstream = new Base64OutputStream(result);
base64outputstream.write(source.toByteArray());
base64outputstream.flush();
base64outputstream.close();
String resFinal;
if(CRLF)
resFinal = result.toString();
else
resFinal = result.toString().replaceAll("[\r\n]+","");
// resFinal = sinCRLF(result.toString());
if(resFinal.equals(""))
throw new Exception("Couldn't create the sign");
* Restore the Security variable.
Security.removeProvider(iaik.getName());
return resFinal;
private static byte[] SHA1(byte abyte0[])
try
MessageDigest messagedigest = MessageDigest.getInstance("SHA-1");
byte abyte1[] = messagedigest.digest(abyte0);
messagedigest.reset();
return abyte1;
catch(NoSuchAlgorithmException nosuchalgorithmexception)
throw new Error("Configuration error", nosuchalgorithmexception);
private static String toHexString(byte abyte0[])
StringBuffer stringbuffer = new StringBuffer();
int i = abyte0.length;
for(int j = 0; j < i; j++)
byte2hex(abyte0[j], stringbuffer);
return stringbuffer.toString().toUpperCase();
private static void byte2hex(byte byte0, StringBuffer stringbuffer)
char ac[] = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f'
int i = (byte0 & 0xf0) >> 4;
int j = byte0 & 0xf;
stringbuffer.append(ac);
stringbuffer.append(ac[j]);
}Using the IBM SDK 5.0, the error:iaik.pkcs.PKCSException: iaik.asn1.CodingException: iaik.asn1.CodingException: Unable to encrypt digest: No installed provider supports this key: (null)
at iaik.pkcs.pkcs7.SignedData.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.SignedDataStream.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.writeTo(Unknown Source)
at aeat.FirmadorIAIK.firmar(FirmadorIAIK.java:136)
... more irrelevant data... -
Data and Dashboard Security using ROLES Variable in OBIEE 11g
Hi all,
I'm currently using OBIEE 11g. I'm wondering how to implement the security for data and dashboard in the 11g.
Below is the sample of how the security matrix requirement when I use the 10g version. In 10g, we usually use GROUP (for the data filter in RPD) and WEBGROUPS (for dashboard objects) variables in my initialization block to read from database. As we have 2 different variables, it is possible to control security separately for data and dashboard.
GROUP | Country
G1 | US
G2 | FR
G3 | UK
WEBGROUPS | Dashboard
WG1 | D1
WG2 | D1
WG3 | D1
WG1 | D2
WG2 | D2
WG1 | D3
WG3 | D3
WG3 | D4
Now, in 11g, the recommendation is to use ROLES variable (for application role). So, how would I apply the required security matrix above in 11g using just ROLES variable? Do I still create G1, G2, G3, WG1, WG2, and WG3 as application roles then only use G1-3 in the RPD to filter the data and only use WG1-3 in the analytics to serve as webgroups?
Any advice on this? Thank you very much."...Could you elaborate more?"
I mean that role creation and user->role assignment will be managed outside of to the obiee interface - whether that's via the database, LDAP, fmw etc.
Webgroup creation and assignment is managed within the obiee interface and I think that has a lot of benefits - generally you have people responsible for shared folders and dashboard creation, so having them responsible for webgroups and presentation permissions is preferable for me.
"are you saying that I use the role G1-3 only in the RPD, while using the role WG1-3"
Yes .. I'm assuming you have something like
G1 | US
G2 | FR
G3 | UK
WG1 | Finance
WG2 | Marketing
WG3 | Sales
Which becomes
R1 | US
R2 | FR
R3 | UK
R4 | Finance
R5 | Marketing
R6 | Sales
And John belongs to R1 and R4, Fred belongs to R2 and R4 etc. So you would set your data filters against R1-R3 and use R4-R6 like webgroups in the presentation services.
Regards,
Robert -
Security Violation during PATH Variable Substitution
Hi -
I' m trying to write a file with the receiver file adapter by the variable substitution feature from SP12 on.
Whereas the %filename% variable works fine, I get for the %path% variable an exception in the adapter engine, whenever I'm trying either
- to use an absolute path like "/tmp" or
- composed pathnames like "tmp/test" (that are based on $XIHOME/j2ee/cluster/server0)
Non-composed pathnames like $XIHOME/j2ee/cluster/server0/tmp by setting %path% to "tmp" work also.
Any clue?
I'm on AIX on SP12.
Here is the exception:
java.text.ParseException: Security violation encountered during variable substitution: Content of variable path is not safe
Thanks.
StefanHi Stefan,
did you check the flag 'Disable Security Checks' in the communication channel?
Regards
Stefan -
Row level security with session variables, not a best practice?
Hello,
We are about to implement row level security in our BI project using OBIEE, and the solution we found most convenient for our requirement was to use session variables with initalization blocks.
The problem is that this method is listed as a "non best practice" in the Oracle documentation.
Alternative Security Administration Options - 11g Release 1 (11.1.1)
(This appendix describes alternative security administration options included for backward compatibility with upgraded systems and are not considered a best practice.)
Managing Session Variables
System session variables obtain their values from initialization blocks and are used to authenticate Oracle Business Intelligence users against external sources such as LDAP servers or database tables. Every active BI Server session generates session variables and initializes them. Each session variable instance can be initialized to a different value. For more information about how session variable and initialization blocks are used by Oracle Business Intelligence, see "Using Variables in the Oracle BI Repository" in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
How confusing... what is the best practice then?
Thank you for your help.
Joao Moreiraauthenticating / authorizing part is take care by weblogic and then USER variable initialized and you may use it for any initblocks for security.
Init block for authenticating / authorizing and session variables are different, i guess you are mixing both. -
Substitution Variable in Security Filter
Hi,
my filter looks like below.
Write : @idesc("Accounts"),Oct,"07 10 + 2",@idesc("SiteName")
here 07 10 + 2 is the version name which am using. the same version is used in so many security filters.
i want to replace this by the substitution variable name CURR_VER.
is it possible to use the substitution variable name in a security filter (s)??What version of Essbase are you using? In System 9 (9.2 and higher I think) variables are allowable in filters and formulas. In version 7 and below, they are not
-
Security filter with variable does not work correctly
Helo,
I have one table with this columns (called BI_USERS):
USERBI | REGIONS
XXXX 10,5 -> In this case the user XXX can access the region 10 and 5
AAA 9,7
I use this table to apply the security filters. Fisrt I did a initialization block with the select: SELECT USERBI, REGIONS FROM BI_USERS WHERE USER = :USER
This select populate two variables: variable USER (system variable) and UserRegion (Non-system variable)
After I use the UserRegion variable in the securty filter of the one group of users. For exemple:
Name | Status | Business Model Filter
"Claro"."Historico Saldo Pre-Pago" Enabled "Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" In(VALUEOF(NQ_SESSION.*UserRegional)* )
But the issue is that the query is not working, because the query created for BIServer no use the IN operator. Seems the IN operator is changed for equal (=).
And the query returs error because the value 10,5 (for example) is not a numeric value.
Anybody could help me, please? I am using the version 10.1.3
Mauricio|||\/||| wrote:
Helo,
I have one table with this columns (called BI_USERS):
USERBI | REGIONS
XXXX 10,5 -> In this case the user XXX can access the region 10 and 5
AAA 9,7
I use this table to apply the security filters. Fisrt I did a initialization block with the select: SELECT USERBI, REGIONS FROM BI_USERS WHERE USER = :USER
This select populate two variables: variable USER (system variable) and UserRegion (Non-system variable)
After I use the UserRegion variable in the securty filter of the one group of users. For exemple:
Name | Status | Business Model Filter
"Claro"."Historico Saldo Pre-Pago" Enabled "Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" In(VALUEOF(NQ_SESSION.*UserRegional)* )
But the issue is that the query is not working, because the query created for BIServer no use the IN operator. Seems the IN operator is changed for equal (=).
And the query returs error because the value 10,5 (for example) is not a numeric value.
Anybody could help me, please? I am using the version 10.1.3
MauricioHi Mauricio,
First of all you have some syntax errors with your init block:
select USERBI, REGIONS from BI_USERS WHERE upper(USER)=upper(':USER');
Couple things to consider here:
1) Why are you selecting Userbi column from the table? Is USER system session variable not getting populated through other souces like LDAP or default security?
Ans: If your user session variable is getting populated from a different init block, then you dont need to select that column. Then your init block would look something like this:
select 'USERREGIONAL', REGIONS from BI_USERS WHERE upper(USER)=upper(':USER'); - Data Source
Row Wise Initialization - Data Target
Initblock that is populating the user session variable as the order of precedence.
2) If you dont have USER session variable populating from any other source, then your init block would look something like below:
select 'USER', USERBI, "USERREGIONAL', REGIONS from BI_USERS; - Data source
Row Wise Initialization - Data target
After following one of the above two steps, you need to apply the filters on the table.
"Claro"."Historico Saldo Pre-Pago"."DW_UN_NEG" IN(VALUEOF(NQ_SESSION.USERREGIONAL))
Note: Make sure you understand that variables are case sensitive.
Please award points as this is correct answer.
Thanks,
-Amith.
Edited by: Amith on May 10, 2011 3:18 PM -
Variable SERVERNAME is undefined in CFIDE after applying security patch for APSB09-12
We attempted to apply the hotfixes available for ColdFusion and JRun released August 17, 2009 on our ColdFusion v8.0.1 and now are not able to connect to the ColdFusion administrator page.
This is the link to the securty update:
http://www.adobe.com/support/security/bulletins/apsb09-12.html
We receive the login screen, enter our user/pass and are then presented with the following error message:
The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.
The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Variable SERVERNAME is undefined.
The error occurred in index.cfm: line 22
-1 : Unable to display error's location in a CFML template.
Resources: Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Remote Address
127.0.0.1
Referrer
http://127.0.0.1/CFIDE/administrator/index.cfm
Date/Time
01-Sep-09 04:59 PM
Stack Trace
at cfindex2ecfm274406133.runPage(E:\cf8_final\cfusion\wwwroot\CFIDE\administrator\index.cfm: 22)
coldfusion.runtime.UndefinedVariableException: Variable SERVERNAME is undefined.
at coldfusion.runtime.CfJspPage._get(CfJspPage.java:325)
at coldfusion.runtime.CfJspPage._get(CfJspPage.java:287)
at coldfusion.runtime.CfJspPage._autoscalarize(CfJspPage.java:1405)
at cfindex2ecfm274406133.runPage(E:\cf8_final\cfusion\wwwroot\CFIDE\administrator\index.cfm:22)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:175)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)This was caused by the Adobe patch, we removed the patch and applied the newly provided hot fix 3 and that resolved the issue.
Maybe you are looking for
-
I'm having some problem with Text imported from Motion into FCPro
Hey Everyone. I've got an animation that I created in Motion. The format for the timeline in Motion is NTSC DV 4:3 Final Cut has the same attributes to the sequence. I have text on my graphic.... Some of it looks great. Some of it does not. You can s
-
I'm trying to configure the router's QoS but I'm not succeeding . I put the game League of Legends as a high priority , but as soon as I turn on the TV with Net Flix the game connection is bad . My questions are as follows - DHCP is not done by the
-
I have a 2.0 ghz iMac with 3gb of RAM. How well would Lion run on my machine?
I am debating whether to upgrade to Lion, but I've read stories of it crippling older iMacs. Would my 2007 iMac (2.0ghz, 3gb RAM) be affected? I also currently use Photoshop CS3. Would this still work after the upgrade?
-
I just upgraded to firefox 4. I'm using session manager extension. I have multiple tabs open in my firefox window and I want to move some tabs to a new window. I followed the support guide which tells how to do this, however, when I drag the tab off
-
Salary of employees of respective manager
i have manager_id,last_name,salary from employees table i need to print the managers name and the lowest salry of the respective employee working under the manager