Securing Folders in BI role.
In BI, when you use profile generator, on the menu tab you can create folders. Then, put specific reports into each folder.
Does anyone know how to secure the folder itself?
We want one role for Payroll reporting. But, would like the separate folders inside the role to holdl payroll reports for different countries.
Any ideas are greately appreciated.
Thanks,
Penny
The response from Gaurav Kothan seems to work pretty well. However, now I'm being asked to let the user ONLY see a specific folder. Is this possible?
In other words, I would have a new role with 2 folders. One for US Payroll and one for Canada Payroll.
I could give the user this new role and the data roles for either US or Canada. And, they will only have authorization to their folder. But, can I hide the folder they do not have access to?
Thanks in advance for your help.
Penny
Similar Messages
-
How to secure folders in a BI Role.
In BI, when you use profile generator, on the menu tab you can create folders. Then, put specific reports into each folder.
Does anyone know how to secure the folder itself?
We want one role for Payroll reporting. But, would like the separate folders inside the role to holdl payroll reports for different countries.
Any ideas are greately appreciated.
Thanks,
PennyThank you. for your response Joseph.
So, when the user logs in, they will see only their role and reports. Is this correct?
Then, what about an Admin, are we going to see 20 or 30 roles across the top of the portal? We were trying to 'group' the roles some how.
Right now we have some different payroll containers. UK, Australia, US, etc. Each one has their own container. When I log in, I have to scroll through so many of the different containers or roles. Is there no way to group them? Like have one for Payroll and then list the UK, AU, US?? Or does this list of roles in the portal keep getting longer and longer?
Hope this makes sense. Maybe they are called tabs. Like System Admin, User Admin, then we have UK PAyroll, US Payroll, etc. How can I group those tabs?
Thanks so much for the help and insight.
Penny -
Row level Security for BI Author Role
Hi All,
We are using OBIEE 11.1.1.5 in our project. We have a requirement where we need to configure row level security on certain column.
We are currently using external table and session variable approach to configure this. This security works fine for the users with BI Consumer
roles. But we are facing issue with configuring row level security for BI Author role.
BI Author can create any analysis in BI Answers and suppose he/she creates a report which does not contain the column on which row level
security is applied than he can see all the data. For eg.
We have one dimension Products having two levels Product Division and Brand. I want to configure security based on Product Division column.
But if BI Author create a report with only Brand and Measures than row level security is not working.
Does anyone has face this issue before.
Please let me know if you want any other information from my side.
Regards,
VikasIf you are using a multidimensional cube you can use the "permit" command to control access to dimension members or provide cell level security within the cube. The OLAP database documentation provides on how to use the PERMIT command.
If you are using relational tables and/or views with additional CWM metadata mapped using OEM then you need to refer to the database documentation relating to Virtual Private Databases and Label Security
Business Intelligence Beans Product Management Team
Oracle Corporation -
How do you created object level security in BI for roles.
How do you created object level security in BI for roles. For example if I want users to only execute reports in BI for a particular "object" report how would I do that.
Thanks.Hi Maritza,
Can you be more specific.
If you are looking for BI Security concept, check this presentation:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
Regards,
Zaheer -
How do I add a securable to a database role?
I have a database where the stored procedures used by SSRS reports have to be added as securables to the db_execproc database role.
Easy enough to do with SSMS but despite much searching, I can't see how to script that. With the Database Role Properties open, the securables page selected and one of the securable stored procedures select including the Explicit Execute Grant, I tried clicking
the Script button at the top of that dialogue. It tells me no action to script. What's the point of that button then, if it won't script that for me?
Yeah, bad practice to do it that way but I don't have the authority to change things so best thing in the circumstances is to code it.
Nick Ryan SQL Server Developer OnePath (NZ) LtdThe script button will produce a script only if you made any changes - i.e., if you were to click the OK button on the Properties dialog that would have applied some changes to the existing properties.
In any case, if you want to grant execute privilege to a stored proc, the script would be
use [YourDBName]
GO
GRANT EXECUTE ON [dbo].[YourStoredProc] TO [YourRollName]
GO -
Folders under a role displayed for all users
Hi
I had created a role called Role A and this had two folders unders that named Folder A, Folder B. I assigned this role to User A only.
I logged into the portal as User A, and saw that these two folders were visible, and as I had wanted it.
But when I logged in with the administrator's account too, I noticed that along with Content Administration, User Administration, System Administration, I also had Folder A and Folder B.
I checked the roles for Administrator and Role A has not been assigned.
I dont want this Folder A and Folder B to appear in the admin's account.
Please help.
Thanks
ManojHi
Thanks for your help. Its not a permission issue for that folder, and no other groups are added in Role A.
I guess, like Venkatesh says, it could be the content admin role or super admin role. But surprises me as to what would happen if there were more than 100 folders.
There must be something else to it. I suspect this to be a cache problem, as I had added Role A to Administrator's group and then removed it from there. I will check this and confirm.
Thanks for all help
Regards,
Manoj -
Security report with native roles and the roles they have access to.
We need a security report that shows the Native/Custom Roles and the roles that they have access to.
So, an example would be the role US_Acct, and the report would show what roles that has access to (Post Journals, Consolidate, etc).Can this be done?Export the Provision report from Shared Services.
Upload report to Excel or Access.
Build Tables to show what tasks each Role has access to.
Build a report that links the provision report and the xref tables.
You should also do this with Security Classes. -
BW Security - transport hierarchy in role. What if....
Hi All
This Query is related to BW Security .
The Process we flow is that we create a Hierarchy and we transport it to the production system
We then create a role and we link the Hierarchy to the object within the role.
What suppose if there is no Hierarchy structure for the particular customer maintained in dev and it is maintained in Production .
Is it possible to transport the hierarchy from Dev without its hierarchy structure maintained in Dev?
Is it possible that since data is existing in Production , so as an when this data sits in the UM of the production server , this automatically picks data from the UM?
Please Advice
Edited by: Julius Bussche on Feb 16, 2010 9:44 AM
Subject title improved slightlyThese 3 threads of yours are starting to look like a series of interview questions.
Please follow up and provide feedback / results of your search, otherwise I will lock them.
Cheers,
Julius -
Is there a way of making secure folders for apps?
HI, I have the iPad 1, can anyone tell me if there is a way to make certain apps secure, lock them, so that other people that may use the iPad do not have access to them.
Seems like an interesting idea. Leave feedback for Apple here:
http://www.apple.com/feedback/ipad.html -
Custom security JHeadstart 11gTP1 -Use Role-based Authorization is missing
In JHeadstart 11g TP1 the option Use Role-based Authorization is missing.
Will this option only be available in de production release of JHeadstart 11g? What is the reason why this is missing? Is it still possible to use CUSTOM authorization in JHeadstart 11g TP1?It is not missing.
If you turn on custom authorization, you can specify your own roles against groups to access them, and use role names in the insert allowed/update allowed and delete allowed expressions.
Steven Davelaar,
JHeadstart Team. -
Find the iViews, Pages and Folders assigned to Role
Hi,
Does any one has the idea about how to retrieve the worksets, pages and iviews assigned to a role.
I found a piece of code that will retrieve the roles, worksets, pages and iviews from PCD.
Here is the code, that is to retrieve the roles, worksets, pages and iviews from PCD
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY);
env.put(Context.SECURITY_PRINCIPAL, WDClientUser.getCurrentUser().getSAPUser());
env.put(com.sap.portal.directory.Constants.REQUESTED_ASPECT, PcmConstants.ASPECT_ADMINISTRATION);
InitialContext initialContext = null;
DirContext dirCtx;
initialContext = new InitialContext(env);
dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/");
PcdSearchControls pcdSearchControls = new PcdSearchControls();
pcdSearchControls.setReturningObjFlag(false);
pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
// Gets the full path of the iViews from the PCD
NamingEnumeration ne = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview)", pcdSearchControls);
while (ne.hasMoreElements())
IPcdSearchResult searchResult = (IPcdSearchResult) ne.nextElement();
String location = "pcd:portal_content/" + searchResult.getName();
wdComponentAPI.getMessageManager().reportSuccess("View ="+location);
// Gets the full path of the pages from the PCD
NamingEnumeration nePage = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page)",pcdSearchControls);
while (nePage.hasMoreElements())
IPcdSearchResult searchResult = (IPcdSearchResult) nePage.nextElement();
String location = "pcd:portal_content/" + searchResult.getName();
wdComponentAPI.getMessageManager().reportSuccess("Page ="+location);
// Gets the full path of the worksets from the PCD
NamingEnumeration neWorkSet = dirCtx.search("","(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset)",pcdSearchControls);
while (neWorkSet.hasMoreElements())
IPcdSearchResult searchResult = (IPcdSearchResult) neWorkSet.nextElement();
String location = "pcd:portal_content/" + searchResult.getName();
wdComponentAPI.getMessageManager().reportSuccess("WorkSet ="+location);
But my requirements is, if I have the role as "Sales Role", I want to find the iViews, Pages and worksets assinged to this role.
Your help is really appreciated.
Thanks in Advance,
Chinna.Hi,
All you need to do is to change the search root object:
DirContext dirCtx;
initialContext = new InitialContext(env);
dirCtx = (DirContext) initialContext.lookup("pcd:portal_content/mypath/myrole");
PcdSearchControls pcdSearchControls = new PcdSearchControls();
pcdSearchControls.setReturningObjFlag(false);
pcdSearchControls.setSearchScope(PcdSearchControls.SUBTREE_WITH_UNIT_ROOTS_SCOPE);
dirCtx.addToEnvironment(Constants.APPLY_ASPECT_TO_CONTEXTS,Constants.APPLY_ASPECT_TO_CONTEXTS);
all the rest stays the same.
BTW - you can also retrieve all the objects using one search by putting
(|(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.iview),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.page),(com.sap.portal.pcd.gl.ObjectClass=com.sapportals.portal.workset))
In the search query. Then you can get the type using PCM (portal content model) APIs.
Hope this helps, Elisha -
I want to make a folder that cannot be accessed only by typing in a password. How can I do that?
This explains how to create an encrypted disk image.
-mj -
Assigning role to role doesn't work when applying Database security model
I applied Oracle Database security model for BI Publisher.
then I create some roles and users and assigned roles to users in Oracle Database.
i also assigned appropriate folders to each role in BI Publisher.
the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
the super user could only access guest folder.
Please help me.
thanks.
Daniel
Edited by: user13344498 on Jul 5, 2010 11:13 PMAdd a Role to a Role:
1. From the Security Center, select Roles and Permissions; this will invoke the
Security Center page. Here you can see the list of existing roles and permissions.
2. Select the Add Roles icon for the Role.
3. Select the desired role from the Available Roles list and use the Move shuttle
button to move it to the Included Roles.
this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security. -
How to list principals in the security role?
Does anybody know how to list principals assigned to a security role programmatically?
The role assigment is specified in weblogic.xml files for web applications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
MargaretI think it's not possible. However, what you can do is to assign a role to a
group (this relationship being statically defined in weblogic.xml) and then
manipulate the group membership in order to assign users to the role on the
fly.
"Margaret Oberc" <[email protected]> wrote in message
news:3b127763$[email protected]..
>
Does anybody know how to list principals assigned to a security roleprogrammatically?
The role assigment is specified in weblogic.xml files for webapplications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret -
Bi Roles (Developer & Security Admin) in Development System
My requirment is to create 2 Roles in BI Development System...
1) Developer Role
Tasks that a new developer can perform (Create,delete,change Info Objects,Info Areas,Data providers,Info sources,Source systems,info sets,process chain.....queries) also
ABAP...TRANSPORTS..
2) Security Administrator
Can Create Roles (PFCG),Authorisation objects,Assign the roles to users...etc transport newly created roles..etc
Please update me with the list of Authorisation objects i can use
ThanksHi,
Here are the steps ...
A role is a collection of entities (such as the User Menu and a Profile) that gets allocated to a user to provide them with the necessary authorisation to do their job. Formerly referred to as an Activity Group .
Using transaction PFCG
1. Give the Role name or Activity Group name (both Role or Activity Group same in below 4.6B version it is called as Activity Group now it is called as Role).
2. Then click on Create button
Give description and Click on Save
3. Then click on Menu tab
There you will fine button like Transaction, Reports and Web address
a. Click on Transaction Button.
After clicking on transaction button you will find screen
Put all transactions you want to assign then click on button Assign Transaction
say for example transactions SU01 and PFCG to the Administrator.
b.Then click on the Authorisation tab
Give profile name related to your role name and description
c.Click on the Change authorization data button
Here you need to maintain authorizations.
Open each Object Class (means at the end you can find names like BC_A, BC_Z these are Object class)
For example when you open Object Class BC_A
you will find Authorisation Object (i.e. S_USER_AGR, )
When you open each Authorisation Object you will find Field Names and Activities
Each object have their own fields here two field names are there (Activity & Activity Group Name)
Click on the Pencil button and Maintain Activities
After maintaining all activities
There is Generate button on Application tool bar click to generate profiles
Then Press back button
There is another tab USER click on that and enter user ids
then click on User Compare button
Until the User compare button comes green user never get access for those transactions assigned.
Hope it helps.
Assign points if helpful.
Thanks & Regards
Hemant Khemani
Maybe you are looking for
-
Using Mac OS X 10.4.11, Acrobat 8. I want to print one page of a document including the markups. In the Print window I select "Current Page" or "Current View" and "Document and Markups" from the "Comments and Forms" popup menu.... only the markups ap
-
Activity Reporting X Activity Data Collector
Hi, there are two types of activity reporting in SAP Enterprise Portal, Activity Data Collector and Activity Reporting. The SAP documentation for the Activity Data Collector (http://help.sap.com/saphelp_nw70/helpdata/EN/47/8ac2e51b141e1ee10000000a421
-
Cs4 win7 64 bit strange images behaviour
Just transferred all my sites to new computer. I cant swap images on a web page in the usual way: I click on an image, then on the folder icon for "source", I select the thumbnail of the replacement image and nothing happens - the image preview does
-
Recommeded size of iphoto library
which is the recommeded size of iphoto library? is any maximum size not recommeded to achieve?
-
I am searching for an app which would clones new materials onto a photographed kitchen. do you have one?