Securing Folders in BI role.

Similar Messages

• How to secure folders in a BI Role.

  In BI, when you use profile generator, on the menu tab you can create folders.  Then, put specific reports into each folder. 
  Does anyone know how to secure the folder itself?
  We want one role for Payroll reporting.  But, would like the separate folders inside the role to holdl payroll reports for different countries.
  Any ideas are greately appreciated.
  Thanks,
  Penny

  Thank you. for your response Joseph. 
  So, when the user logs in, they will see only their role and reports.  Is this correct?
  Then, what about an Admin, are we going to see 20 or 30 roles across the top of the portal?   We were trying to 'group' the roles some how.
  Right now we have some different payroll containers.  UK, Australia, US, etc.  Each one has their own container.  When I log in, I have to scroll through so many of the different containers or roles.  Is there no way to group them?  Like have one for Payroll and then list the UK, AU, US??  Or does this list of roles in the portal keep getting longer and longer?
  Hope this makes sense.  Maybe they are called tabs.  Like System Admin, User Admin, then we have UK PAyroll, US Payroll, etc.  How can I group those tabs?
  Thanks so much for the help and insight.
  Penny

• Row level Security for BI Author Role

  Hi All,
  We are using OBIEE 11.1.1.5 in our project. We have a requirement where we need to configure row level security on certain column.
  We are currently using external table and session variable approach to configure this. This security works fine for the users with BI Consumer
  roles. But we are facing issue with configuring row level security for BI Author role.
  BI Author can create any analysis in BI Answers and suppose he/she creates a report which does not contain the column on which row level
  security is applied than he can see all the data. For eg.
  We have one dimension Products having two levels Product Division and Brand. I want to configure security based on Product Division column.
  But if BI Author create a report with only Brand and Measures than row level security is not working.
  Does anyone has face this issue before.
  Please let me know if you want any other information from my side.
  Regards,
  Vikas

  If you are using a multidimensional cube you can use the "permit" command to control access to dimension members or provide cell level security within the cube. The OLAP database documentation provides on how to use the PERMIT command.
  If you are using relational tables and/or views with additional CWM metadata mapped using OEM then you need to refer to the database documentation relating to Virtual Private Databases and Label Security
  Business Intelligence Beans Product Management Team
  Oracle Corporation

• How do you created object level security in BI for roles.

  How do you created object level security in BI for roles.  For example if I want users to only execute reports in BI for a particular "object" report how would I do that.
  Thanks.

  Hi Maritza,
  Can you be more specific.
  If you are looking for BI Security concept, check this presentation:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
  Regards,
  Zaheer

• How do I add a securable to a database role?

  I have a database where the stored procedures used by SSRS reports have to be added as securables to the db_execproc database role.
  Easy enough to do with SSMS but despite much searching, I can't see how to script that. With the Database Role Properties open, the securables page selected and one of the securable stored procedures select including the Explicit Execute Grant, I tried clicking
  the Script button at the top of that dialogue. It tells me no action to script. What's the point of that button then, if it won't script that for me?
  Yeah, bad practice to do it that way but I don't have the authority to change things so best thing in the circumstances is to code it.
  Nick Ryan SQL Server Developer OnePath (NZ) Ltd

  The script button will produce a script only if you made any changes - i.e., if you were to click the OK button on the Properties dialog that would have applied some changes to the existing properties. 
  In any case, if you want to grant execute privilege to a stored proc, the script would be
  use [YourDBName]
  GO
  GRANT EXECUTE ON [dbo].[YourStoredProc] TO [YourRollName]
  GO

• Folders under a role displayed for all users

  Hi
  I had created a role called Role A and this had two folders unders that named Folder A, Folder B. I assigned this role to User A only.
  I logged into the portal as User A, and saw that these two folders were visible, and as I had wanted it.
  But when I logged in with the administrator's account too, I noticed that along with Content Administration, User Administration, System Administration, I also had Folder A and Folder B.
  I checked the roles for Administrator and Role A has not been assigned.
  I dont want this Folder A and Folder B to appear in the admin's account.
  Please help.
  Thanks
  Manoj

  Hi
  Thanks for your help. Its not a permission issue for that folder, and no other groups are added in Role A.
  I guess, like Venkatesh says, it could be the content admin role or super admin role. But surprises me as to what would happen if there were more than 100 folders.
  There must be something else to it. I suspect this to be a cache problem, as I had added Role A to Administrator's group and then removed it from there. I will check this and confirm.
  Thanks for all help
  Regards,
  Manoj

• Security report with native roles and the roles they have access to.

  We need a security report that shows the Native/Custom Roles and the roles that they have access to.
  So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?

  Export the Provision report from Shared Services.
  Upload report to Excel or Access.
  Build Tables to show what tasks each Role has access to.
  Build a report that links the provision report and the xref tables.
  You should also do this with Security Classes.

• BW Security - transport hierarchy in role. What if....

  Hi All
  This Query is related to BW Security .
  The Process we flow is that we create a Hierarchy and we transport it to the production system
  We then create a role and we link the Hierarchy to the object within the role.
  What suppose if there is no Hierarchy structure for the particular customer maintained in dev and it is maintained in Production .
  Is it possible to transport the hierarchy from Dev without its hierarchy structure maintained in Dev?
  Is it possible that since data is existing in Production , so as an when this data sits in the UM of the production server , this automatically picks data from the UM?
  Please Advice
  Edited by: Julius Bussche on Feb 16, 2010 9:44 AM
  Subject title improved slightly

  These 3 threads of yours are starting to look like a series of interview questions.
  Please follow up and provide feedback / results of your search, otherwise I will lock them.
  Cheers,
  Julius

• Is there a way of making secure folders for apps?

  HI, I have the iPad 1,  can anyone tell me if there is a way to make certain apps secure, lock them, so that other people that may use the iPad do not have access to them.

  Seems like an interesting idea. Leave feedback for Apple here:
  http://www.apple.com/feedback/ipad.html

• Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing

  In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
  Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?

  It is not missing.
  If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
  Steven Davelaar,
  JHeadstart Team.

• Find the iViews, Pages and Folders assigned to Role

  Hi,
  Does any one has the idea about how to retrieve the worksets, pages and iviews assigned to a role.
  I found a piece of code that will retrieve the roles, worksets, pages and iviews from PCD.
  Here is the code, that is to retrieve the roles, worksets, pages and iviews from PCD
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY);
  env.put(Context.SECURITY_PRINCIPAL, WDClientUser.getCurrentUser().getSAPUser());
  env.put(com.sap.portal.directory.Constants.REQUESTED_ASPECT, PcmConstants.ASPECT_ADMINISTRATION);
  InitialContext initialContext = null;
  DirContext dirCtx;
  initialContext = new InitialContext(env);
  dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/");
  PcdSearchControls pcdSearchControls = new PcdSearchControls();
  pcdSearchControls.setReturningObjFlag(false);
  pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
  dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
  // Gets the full path of the iViews from the PCD
  NamingEnumeration ne =      dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview)",     pcdSearchControls);
  while (ne.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) ne.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("View ="+location);
  // Gets the full path of the pages from the PCD
  NamingEnumeration nePage = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page)",pcdSearchControls);
  while (nePage.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) nePage.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("Page ="+location);
  // Gets the full path of the worksets from the PCD
  NamingEnumeration neWorkSet = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset)",pcdSearchControls);
  while (neWorkSet.hasMoreElements())
       IPcdSearchResult searchResult = (IPcdSearchResult) neWorkSet.nextElement();
       String location = "pcd:portal_content/" + searchResult.getName();
       wdComponentAPI.getMessageManager().reportSuccess("WorkSet ="+location);
  But my requirements is, if I have the role as "Sales Role", I want to find the iViews, Pages and worksets assinged to this role.
  Your help is really appreciated.
  Thanks in Advance,
  Chinna.

  Hi,
  All you need to do is to change the search root object:
  DirContext dirCtx;
  initialContext = new InitialContext(env);
  dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/mypath/myrole");
  PcdSearchControls pcdSearchControls = new PcdSearchControls();
  pcdSearchControls.setReturningObjFlag(false);
  pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
  dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
  all the rest stays the same.
  BTW - you can also retrieve all the objects using one search by putting
  (|(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset))
  In the search query. Then you can get the type using PCM (portal content model) APIs.
  Hope this helps, Elisha

• Secured folders

  I want to make a folder that cannot be accessed only by typing in a password. How can I do that?

  This explains how to create an encrypted disk image.
  -mj

• Assigning role to role doesn't work when applying Database security model

  I applied Oracle Database security model for BI Publisher.
  then I create some roles and users and assigned roles to users in Oracle Database.
  i also assigned appropriate folders to each role in BI Publisher.
  the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
  the super user could only access guest folder.
  Please help me.
  thanks.
  Daniel
  Edited by: user13344498 on Jul 5, 2010 11:13 PM

  Add a Role to a Role:
  1. From the Security Center, select Roles and Permissions; this will invoke the
  Security Center page. Here you can see the list of existing roles and permissions.
  2. Select the Add Roles icon for the Role.
  3. Select the desired role from the Available Roles list and use the Move shuttle
  button to move it to the Included Roles.
  this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security.

• How to list principals in the security role?

  Does anybody know how to list principals assigned to a security role programmatically?
  The role assigment is specified in weblogic.xml files for web applications and
  weblogic-ejb-jar.xml files for EJBs.
  Any help would be much appreciated,
  Margaret

  I think it's not possible. However, what you can do is to assign a role to a
  group (this relationship being statically defined in weblogic.xml) and then
  manipulate the group membership in order to assign users to the role on the
  fly.
  "Margaret Oberc" <[email protected]> wrote in message
  news:3b127763$[email protected]..
  >
  Does anybody know how to list principals assigned to a security roleprogrammatically?
  The role assigment is specified in weblogic.xml files for webapplications and
  weblogic-ejb-jar.xml files for EJBs.
  Any help would be much appreciated,
  Margaret

• Bi Roles (Developer & Security Admin) in Development System

  My requirment is to create 2 Roles in BI Development System...
  1) Developer Role
  Tasks that a new developer can perform (Create,delete,change Info Objects,Info Areas,Data providers,Info sources,Source systems,info sets,process chain.....queries) also
  ABAP...TRANSPORTS..
  2) Security Administrator
  Can Create Roles (PFCG),Authorisation objects,Assign the roles to users...etc transport newly created roles..etc
  Please update me with the list of Authorisation objects i can use
  Thanks

  Hi,
  Here are the steps ...
  A role is a collection of entities (such as the User Menu and a Profile) that gets allocated to a user to provide them with the necessary authorisation to do their job. Formerly referred to as an Activity Group .
  Using transaction PFCG
  1. Give the Role name or Activity Group name (both Role or Activity Group same in below 4.6B version it is called as Activity Group now it is called as Role).
  2. Then click on Create button
  Give description and Click on Save
  3. Then click on Menu tab
  There you will fine button like Transaction, Reports and Web address ……
  a. Click on Transaction Button.
  After clicking on transaction button you will find screen
  Put all transactions you want to assign then click on button Assign Transaction
  say for example transactions SU01 and PFCG to the Administrator.
  b.Then click on the Authorisation tab
  Give profile name related to your role name and description
  c.Click on the Change authorization data button
  Here you need to maintain authorizations.
  Open each Object Class (means at the end you can find names like BC_A, BC_Z these are Object class)
  For example when you open Object Class BC_A
  you will find Authorisation Object (i.e. S_USER_AGR, ……)
  When you open each Authorisation Object you will find Field Names and Activities
  Each object have their own fields here two field names are there (Activity & Activity Group Name)
  Click on the Pencil button and Maintain Activities
  After maintaining all activities
  There is Generate button on Application tool bar click to generate profiles
  Then Press back button
  There is another tab USER click on that and enter user id’s
  then click on User Compare button
  Until the User compare button comes green user never get access for those transactions assigned.
  Hope it helps.
  Assign points if helpful.
  Thanks & Regards
  Hemant Khemani