Site Hierarchi level security

Similar Messages

• How to create a site and add security groups through code: scripts, csom, ... ?

  Hi,
  I'm new to CSOM and are looking for a way to create sites in SharePoint Office365 and especially add user to it with a specific role eg. 'visitor' or 'owner'.
  I use this code to add sites from a csv file, so far so good.
  But now I want to add security groups based on the csv file and assign a role. The security groups allready exists.
  and also how to add a user with a 'owner' role for some sites.
  That would make my life easier :-)
  so thank you in advance!
  # load assemblies
  #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
  #[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
  Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
  Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
  # site collection
  $siteUrl = “https://mysharepoint.com”
  # admin
  $username = "[email protected]"
  $password = Read-Host -Prompt "Enter password" -AsSecureString
  # get clientcontext as object
  $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
  # assign credentials to clientcontext object
  $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
  $ctx.Credentials = $credentials
  # create site from template 'teamsite' => STS#0
  $data = Import-Csv "c:\tools\CSOM\vakwerking_test.csv"
  foreach ($row in $data) {
  $webCreationInformation = New-Object Microsoft.SharePoint.Client.WebCreationInformation
  $webCreationInformation.Url = $row.vakwerkingurl
  $webCreationInformation.Title = $row.vakwerkingnaam
  $webCreationInformation.WebTemplate = "STS#0"
  $webCreationInformation.UseSamePermissionsAsParentSite = $false
  $newWeb = $ctx.Web.Webs.Add($webCreationInformation)
  Write-Host "Title" $newWeb.Title
  #send to sharepoint
  $ctx.Load($newWeb)
  $ctx.ExecuteQuery()

  Hi,
  The command above about creating a group only works for the root site of the site collection, because the scope of the user group is site collection level, these groups
  can be used in all the sites in this site collection.
  With the existing groups in the root site, we can add users into them and grant specific permissions of a specific sub site to these groups.
  Here is a demo about how to assign permission to a group using Client Object Model(though in C#) for your reference:
  http://www.c-sharpcorner.com/UploadFile/54db21/set-permission-to-group-in-sharepoint-2010-programmatically/
  Best regards,
  Patrick
  Patrick Liang
  TechNet Community Support

• Item level security...

  We have an out of the box solution where users can log there meeting minutes in a custom list. The security of the site consists of about a 100 SharePoint groups which are being used throughout the site collection with different permissions.
  For the purpose of this solution we have each group belonging to one of four logical roles (Directors, Power Users, Employees (Internal) and Employees (External). There are about 50 groups that fit the role of Employees. We want to make sure that users can
  access only the items if they belong to this logical role. That means that an item created by employee has to be accessible by 50 groups.
  What would be the best practice to apply security in this situation since for item level security it would require that inheritance be broken at item level and 50 groups added to the permissions of that item.
  Regards

  We are often discouraged from using folders, but security is one place they are quite useful. Create one folder for each of your top level groups (Directors, etc), break inheritance on the folder and assign your 50 groups. Upload a file to the folder and
  all of the security you need has been applied. You general users don't need to know about the folders. Create view that "Show all items without folders". Keep one view with folders displayed for uploading files.
  Mike Smith TechTrainingNotes.blogspot.com
  Books:
  SharePoint 2007 2010 Customization for the Site Owner,
  SharePoint 2010 Security for the Site Owner

• Row level security in OBIEE 11g

  Hi guys,
  We have a business intelligence project in OBIEE, and I have a question regarding row level security (RLS).
  Specifically, I have an hierarchical organization with users belonging to different structures. If one user belongs
  to a structure that is above another structure in hierarchy, then he should see both data from his structure and
  the of the users in structures bellow it. In the reports, we must have filters implemented respecting this requirement,
  i.e. if one logs in OBI and accesses the report, he should see in the filter "Users" only subordinate users and respectively
  data displayed in the report should be filtered accordingly. How would you suggest to implements this type of security
  in the data model? And how could I create the type of filter mentioned above?  

  This needs to be implemented in 3 different levels. 1. in database  2. in RPD  3 in reports
  1. You need to have facts or dimensions which have columns through which you can filter based on their hierarchy. e.g position in an organisation or department in the hierarchy table which can be joined to fact.
  2. In rpd you need to create a session variable and initialize it using init block based on the user who is logging in. This variable will be you position or department through which you want to filter based on hierarchy. e.g select position from hierarchy_table where user= 'NQSession(user)' . The resulting position value will be used as a filter.
  3. Add this position variable as a content filter in your LTS in you BMM layer.
  4. You can also use this session variable  as a filter in you reports too.
  hope this helps.
  Senthil

• Data Level Security in OBIEE  Enterprise Edition

  HI,
  would like to know how to implement row-level security in OBIEE Enterprise Edition
  Setting up the context right here, considering a hierarchy of an organization that goes up to 4 levels as below:
  VP >Senior manager>Manager>clerk
  Now, the situation is such that a manager should be able to view its subordinates data but not the data of any other team to which he does not have access. And also the manager should view only his regions data.Same goes for other hierarchies in the organization.
  Any pointers in this regards i.e OBIEE ADMIN TOOL: SECURITY AUTHENTICATION THROUGH EXTERNAL DATABASE would be of great help.
  Source system is SIEBEL CRM 7.8
  THanks
  Gutha

  Hi,
  I can help you for Authentication using BI Server.
  For teh same you can use admin tool then manage>security> users and Groups.
  You can create different groups as well as users accrording to you hierarchy and then provide privilages users or groups according to your need like particular user can view the data of particular level.
  When you create users then in the user page you can provide the filter conditions in filter tab and same as in groups.
  Regards
  Tarang Jain

• Row level Security in obiee11g

  Hello
  I am trying to implement Row Level security for some 10,000 users based on the Cost Centers which are about 30,000. I know how to implement the data level security using groups an dapplication roles and creating security filters on those groups.
  But There are two issues I am facing :
  1. The no. of cost centers are huge i.e 30,000 . So creating these many groups doesn't seem feasible. Any other approach.
  2. Cost center has got level based hierarchies having 20 levels and is a ragged hierarchy. There are some users who have access to Parent level node and there are some having access to child level cost centers. What I believed that for users having access to Parent level , I can assign all the child level cost centers and teh security will rollup to provide access to the Parent node (like you have access to California and Florida so automatically you get access to US (Cal + Flo).
  But the issue is there could be one user who will have access to the TOp level so I will have to assign all teh cost center (30,000) so that he can get access to the Total Cost Centers. There could be other Managers who will have respective Parent Cost center access leading to assigning them to say 5000 - 10000 cost centers. My fact conatins the leaf level cost centers.
  Is there a better approach to handle this.

  Hi,
  You can try to model your security requirement similar to Position-Based Security in OBIA .
  Check *7.5.1 Primary Position based Security*
  http://docs.oracle.com/cd/E10783_01/doc/bi.79/e10742/security.htm
  Thanks

• Domain level security issue with InfoPath Form

  I have followed the article “Submitting Data from InfoPath 2007 to a SharePoint List” which can be found at
  http://msdn.microsoft.com/en-us/library/cc162745.aspx.
  But instead I am using SharePoint and InfoPath 2010.
  I get the following error after deploying and running the form with its security level set to domain.
  “A query to retrieve form data cannot be completed because this action would violate cross-domain restrictions. If this form template is published to a SharePoint
  document library, cross-domain access for user form templates must be enabled under InfoPath Forms Services in SharePoint Central Administration, and the data connection settings must be stored in a UDC file in a data connection library in the same site collection.
  If this is an administrator-approved form template, the security level of the form must be set to full trust, or the data connection settings must be stored in a UDC file by using the Manage data connection files option under InfoPath Forms Services in SharePoint
  Central Administration.”
  How do I get this form working on the server and client using domain level security?
  Extra Note: On an additional not the form works fine in SharePoint and InfoPath designer when the security level is set to Full Trust.

  Hi, Is this possible over a SharePoint "LIST"? I'm hitting brick walls and can't set the Security level on my form at all. Everything that I'm reading refers to Document Libraries but nothing about SharePoint List. It seems that this should work over a list,
  but I'm hitting brick walls all the way around. Here is a copy of the question that I posed below under Todd.Wilder's post:
  Hi,
  Following this forum question/comment I am attempting to set the security on my Infopath form to Full Trust. But, I don't have the Security and Trust option. I can set the Trusted Location through the Trust Center but I can't find anywhere to set security.
  I am using InfoPath 2010. What am I missing? Everything that I'm reading says that this is the problem and my error message is exactly like SomeGuy's message. One more piece to this is...this is a form over an Existing SharePoint List. I've found that I can
  see the Security if I start InfoPath and start a New Blank Form, but by editing the form from a SharePont list, the option to edit Security is not there. HELP!!
  I am following the instructions below that come from:
  http://msdn.microsoft.com/en-us/library/ee526352.aspx
  The InfoPath form designer automatically selects the appropriate security level (either Restricted or Domain) based on the features that you are using in the form. The security setting is always as restrictive as possible, starting at Restricted, to help
  ensure a greater level of protection for you and your data. Users can manually override this automated setting to select a level of security that is more appropriate for the form by following these steps:
  Click the File tab, and then click Form Options on theInfo tab.
  In the Categories list, click Security and Trust.
  Uncheck the Automatically determine security level (recommended) check box.
  Select the desired security level.
  Thank you,
  ~Tina~
  ~Tina~

• How to set users level security profiles and auditing?

  hi,
  We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit.
  Please also explain the empact of audit on running system?
  Thx

  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Try this in a TEST instance before you promote it to Production.
  You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
  Thanks,
  Hussein

• Message Level Security

  Hi All,
    In the PI to PI scenario i used certificates for sigining and encryption. For this i followed message level security document.
  In PI1 message is signed and encrypted, but the sign is not validated and message is not decrypted in PI2 server. Output from PI2 server is coming in  encrypted form. How to solve this issue.
  PI1 SP is 11 and PI2 SP is 06.
  Kindly suggest some solution.
  Regards
  Prakash

  Hi,
  Message-Level Security
  Message-level security allows you to digitally sign or encrypt documents exchanged between systems or business partners. It improves communication-level security by adding security features that are particularly important for inter-enterprise communication. Message-level security is recommended and sometimes a prerequisite for inter-enterprise communication.
  ●      A digital signature authenticates the business partner signing the message and ensures data integrity of the business document carried by a message.
  Signatures are used in two scenarios:
  ○       Non-repudiation of origin
  The sender signs a message so that the receiver can prove that the sender actually sent the message.
  ○       Non-repudiation of receipt
  The receiver signs a receipt message back to the sender so that the original sender can prove that the receiver actually received the original message.
  ●      Message-level encryption is required if message content needs to be confidential not only on the communication lines but also in intermediate message stores.
  SAP NetWeaver usage type Process Integration (PI) offers message-level security for the XI protocol itself, for the RosettaNet protocol, for the CIDX protocol, and for the SOAP and Mail adapters. The table below summarizes the message-level security features of these protocols and adapters.
  Message-Level Security Features
  XI Protocol (XI 3.0)
  Messaging components
  Integration Server and PCK
  SOAP
  Adapter Engine and PCK
  Mail
  Adapter Engine
  RNIF 2.0
  Adapter Engine
  RNIF1.1/CIDX
  Adapter Engine
  IIly
  Signature
  X
  X
  X
  X
  X
  Non-repudiation of origin
  X
  X
  (Web service security)
  X
  X
  Non-repudiation of receipt
  X
  X
  X
  Encryption
  X
  X
  X
  X
  Technology
  Web service security (XML signature)
  Signed parts are the SAP main header, the SAP manifest, and the payloads (SOAP attachments).
  Encrypted parts are the payloads (SOAP attachments).
  S/MIME or
  Web service security (XML signature)
  The SOAP body is signed.
  S/MIME
  S/MIME
  PKCS#7
  XI 3.0 is the XI protocol valid for both SAP NetWeaver ´04 and SAP NetWeaver 7.0.
  Message-level security is not guaranteed across the entire communication path of a message, but only for the intended B2B connections, which can be the following communication paths, as described under Service Users for Message Exchange.
  ●      XI protocol
  ○       (s4) Integration Server to Integration Server, PCK to Integration Server
  ○       (r4) Integration Server to Integration Server, Integration Server to PCK
  ●      SOAP protocol
  ○       (s3) SOAP sender to Adapter Engine or PCK
  ○       (r3) Adapter Engine or PCK to SOAP receiver
  ●      Mail protocols
  ○       (s3) Mail server to Adapter Engine or PCK (IMAP4/POP3)
  ○       (r3) Adapter Engine or PCK to mail server (IMAP4/SMTP)
  ●      RNIF and CIDX protocol
  ○       (s3) RNIF or CIDX sender to Adapter Engine
  ○       (r3) Adapter Engine to RNIF or CIDX receiver
  You define whether and how message-level security is to be applied to messages in the Integration Directory by using sender agreements on the inbound (sender) side in scenarios (s3) and (s4) and by using receiver agreements on the outbound (receiver) side in scenarios (r3) and (r4). For more information about configuring message-level security, see Security Configuration at Message Level.
  Message-level security relies on public and private x.509 certificates maintained in the J2EE keystore, where each certificate is identified by its alias name and the keystore view where it is stored. Certificates are used in the following situations:
  ●      When signing a message, the sender signs it with its private key and attaches its certificate containing the public key to the message.
  The receiver then verifies the digital signature of the message with the senderu2019s certificate attached to the message. There are two alternative trust models to verify the authenticity of the senderu2019s public certificate:
  ○       In the direct trust model, the signeru2019s public key certificate is compared with the locally maintained, expected public key certificate of the partner. Therefore, the direct trust model requires offline exchange of public key certificates, which can be self-signed or issued by a CA.
  ○       In the hierarchical trust model, the signeru2019s public key certificate is validated by a locally maintained public certificate of the CA that issued the signeru2019s public certificate. In addition, the subject name and the issuer of the signeru2019s certificate is compared with the expected partneru2019s identity configured in a receiver agreement on the receiver side.
  Generally, the hierarchical trust model enables chains of certificates attached to the message. The XI 3.0 message format, however, does not support such chains; the certificate used for signing has to be signed by a root CA.
  In the hierarchical trust model, the sender and the receiver only need to agree upon the CA and the subject name that the sender has used in its certificate.
  The following trust models are supported:
  ○       The RNIF and CIDX adapters support both a direct and a single-level hierarchical trust models.
  ○       The XI protocol and the SOAP adapter (with Web service security) only support a single-level hierarchical trust model.
  ○       The Mail adapter and the SOAP adapter (with S/MIME) support a multi-level hierarchical trust model.
  ●      When encrypting a message, the sender encrypts with the public key of the receiver (also verifying the correctness of the receiveru2019s certificate by using the public key of the certificateu2019s root CA).
  The receiver decrypts with its private key certificate.
  For more information about the certificate store, see Certificate Store.
  Whenever a message is signed, the receiver archives the signed messages for non-repudiation purposes. See Archiving Secured Messages.
  reg,
  suresh

• Row Level Security not working for SAP R/3

  Hi Guys
  We have an environment where the details are as mentioned below:
  1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
  2. The SAP roles are imported in Business Objects CMC.
  3. Crystal Reports are published on the Enterprise as well.
  3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
  Any help in this issue is greatly appreciated.
  Thanks and Regards
  Kamal

  Hi,
  In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server.  This is a server side tool which the Integration solution for SAP offers as a transport.
  This tool defined which tables are to be restricted based on authorizations.
  However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview.  If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
  You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
  thanks
  Mike

• How to set Document Library Item Limit at Site Collection level?

  Hi,
  I have SharePoint which contains one Site collection with many Sites. Each sites has many document library.
  Actually my requirement is, End Users  wants to see only 10 items per page in document library. We can manually set by using "Item Limit" option but i could not set that for around 150 document libraries.
  Is there any possible to set that in Site Collection level?
  Thanks & Regards
  Poomani Sankaran

  You can run for each loop and use below code
  http://get-spscripts.com/
  #Get the site and list
  $web = Get-SPWeb "http://portal/sites/testsite"
  $list = $web.GetList(($web.ServerRelativeUrl.TrimEnd("/") + "/Shared Documents"))
  #Get the list view to be changed
  $newview = $list.Views["Sort by modified date"]
  #Set the mobile and default mobile view properties
  $newview.MobileView = $true
  $newview.MobileDefaultView = $true
  #Update the view configuration
  $newview.Update()
  $web.Dispose()
  $web.Lists[0].Views[0].RowLimit=30
  $web.Lists[0].Views[0].Update()
  How you can get all list using powershell
  http://sharepointrelated.com/2011/11/28/get-all-sharepoint-lists-by-using-powershell/
  If this helped you resolve your issue, please mark it Answered

• Row level security at universe design level

  Hi,
  I am creating a Universe layer on top of non SAP OLAP cube ( from MS Analysis Services 2005 ) .
  My concern is that can we maintain the row level or data level security at universe design level or if i am using that universe in creation of WEBI report so is there any possiblity to maintain this security at WEBI level.
  Regards,
  Mishra Vibhav.

  Thanks for the reply.
  Much Appriciated.
  My only concern is that i read in the Universe Designer developer guide that it does the row level security so can eloborate a bit about how we maintain at Universe level.
  Warm Regrads,
  Mishra Vibhav

• Object Level Security in OBIEE 11.1.1.5

  Hi All,
  I am trying to implement object level security for certail groups. We have BI Apps 7.9.6.3 implemented in whch obiee 11.1.1.5 is integrated with EBS R12. Users are able to login through diffrent responsiblities to OBIEe. I need insight into how to implement object level security. Below are the steps whihc i have followed but still i am facing strange issues i.e. some users are able to see dashboards which they have no access with view display error. I checked in dashboard permission. They do not have access
  1) Created application roles in OBIEE with the same resposiblity names
  2) Grouped the application roles in diffrent groups. I.e. if application roles a,b,c should have access to dashboard x then i made b and c member of a.
  3) Configured security in manage previleges and catalog for these application roles i.e. i used application role a mentioned in step 2 in manage previleges etc.
  4) Restarted the BI server and presentation servers.
  Are there any other steps which should be followed apart from above mentioned steps. Do i have to make use of groups.
  Regards,
  Sandeep

  Sandeep Saini wrote:
  I checked the inheritance. I did a lot of investigation but it is weird. My purpose of asking the question was to find out if there are any bugs in version 11.1.1.5 otherwise i didn't see any issues.
  There are a couple of bugs related to the issue but I have checked that on 11.1.1.5.5 and its works as expected.
  Bug 13982971 : PERMISSIONS ON WEB CATALOG OBJECTS NOT APPLIED IMMEDIATELY
  In case you see anything like this -> QA:USER WITH NO ACCESS OVER A FOLDER IS ABLE TO RUN ANALYSIS REPORT CONTAINED then [Patch ID 15626966]
  1) I want to check if there are any components i.e. BI server, presentation server or any other service that should be started after creation of application roles. I started only BI server after creating application rolesAny changes made to the Application policies should need a restart of admin and managed server however if you are not creating policies just Roles with similar names OPMN restart should be good to see the changes made.
  2) I made use of application roles throughout in object level security . Is it the correct approach ?Yes that is the right approach to use application roles for defining object level permission settings throught, do not go for catalog groups its makes it nasty to manage. Here is the quote from Sec Guide : " Using catalog groups is not considered a best practice and is available for backward compatibility in upgraded systems."
  3) To check if there are any object level security related bugsThere might be more than once mentioned above since 11.1.1.5 .. I do not trust that version it bites a lot ;)
  And to explain step 2 lets say there are n number of application roles which should have same object level security but diffrent data level security. In that case i made all such application roles member of another application role and configured object level security for that group only. For ex in manage previlege i configured "Access to Answer" for one application group and made other application group member of this group. I hope its clear now .Grouping of Roles with other similar roles is what needs to done to get functionality like catalog groups.However a reference of the 5 basic rules is always a lifesaver : [Rules for Inheritance for Permissions and Privileges|http://docs.oracle.com/cd/E29505_01/bi.1111/e10543/mgrgrpsusers.htm#autoId16]
  Hope this helps.!
  SVS

• Dimension Level Security on a Data Form

  Hi,
  Is there any other way in Hyperion Planning to know where the dimensional level security is missing when you get the following error - (other than manually going to the dimensions and checking it)
  "Security and/or filtering has resulted in a required dimension not being represented on the data form"
  Please let me know !
  ~ Adella

  Alp, I did try to work with your idea and it did help. Thank you so much for your input.
  Anyways, for now I think I got an answer to my question..but please do let me know of other ideas if you come across any :)
  ~ Adella

• Data level Security issue in obiee 11g

  Hi,
  We are trying to implement data level security, let me explain the issue
  The requirement is, we have 7 schools and each school has one principle , there will be a Superdintent who has 3 schools under him. so now when each principle logs in to dashboard we have a prompt for school i.e Name of school in that prompt he should see only his school and even the data of that school only which are assigned to him, now when Superdintent logs in he should see all 3 schools in the prompt and data. I have gone through this link (http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/) but could not achieve.
  We are able to achieve by writing SQL in BMM layer ( LTS Table) so where ever the table is used in dashboards the security is being applied and we are able to see what we want. We want to achieve this by application role, But when we are creating session variables and applying on Application Role its not working. We want to achieve this by using Application role because suppose in other dashboards when the table is not used or pulled in, it will not work.But if we do it using application role its applies to all dashboards and data is resticted. so that when principle or Superdintent logs in automatically its restricts the data.
  Below is the SQL which we used in BMM LTS, its working fine. But when the same SQL is applied in Application Role it's not working.
  SQL used in session variable -
  select  'SCHOOL_CD1', school_cd1 from w_staff_d where empl_id ='VALUEOF(NQ_SESSION.USER)'
  and job_desc1 = 'Principal High School - KPI'
  Any suggestions please ??
  Thanks,
  VRP

  Hi,
  I pasted the log view below by applying SET VARIABLE LOGLEVEL=2, DISABLE_CACHE_HIT=1;, ran this report by applying SQL in Session variable. Let me know if you want anything -
  Thanks
  [OracleBIServerComponent] [TRACE:2] [USER-0] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] ############################################## [[
  -------------------- SQL Request:
  SET VARIABLE QUERY_SRC_CD='Report',SAW_SRC_PATH='/shared/Key Performance Analytics/Analysis/Climate and Culture/Analysis for total school suspensions',LOGLEVEL=2, DISABLE_CACHE_HIT=1; SELECT s_0, s_1, s_2, s_3, s_4, s_5, s_6, s_7, s_8, s_9, s_10, s_11 FROM (
  SELECT
  0 s_0,
  "High School KPI"."- Date"."School Year" s_1,
  "High School KPI"."- Grade"."Grade Level" s_2,
  "High School KPI"."- School"."School Name" s_3,
  "High School KPI"."- School Suspensions"."% of Students Suspended" s_4,
  "High School KPI"."- School Suspensions"."Count of Students Enrolled" s_5,
  "High School KPI"."- School Suspensions"."Count of Students with Incidents" s_6,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END +(CASE WHEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END /10))<0 THEN 1 ELSE 2 END s_7,
  CASE WHEN (CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END)=0 THEN CASE WHEN CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END <0 THEN (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END *-1) ELSE CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END END ELSE (CASE WHEN MAX("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END - CASE WHEN MIN("- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY )END) END s_8,
  CASE WHEN MAX("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 10 ELSE MAX("- School Suspensions"."% of Students Suspended" BY ) END s_9,
  CASE WHEN MIN("High School KPI"."- School Suspensions"."% of Students Suspended" BY ) IS NULL THEN 0 ELSE MIN("- School Suspensions"."% of Students Suspended" BY ) END s_10,
  REPORT_AGGREGATE("High School KPI"."- School Suspensions"."% of Students Suspended" BY "High School KPI"."- Date"."School Year") s_11
  FROM "High School KPI"
  WHERE
  (("- Discipline Action"."Discipline Action Code" = 'Suspension') AND ("- Date"."School Year Desc" = VALUEOF("school_year_desc")))
  ) djm ORDER BY 1, 2 ASC NULLS LAST
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-23] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- General Query Info: [[
  Repository: Star, Subject Area: High School KPI, Presentation: High School KPI
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62064>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1)
  select distinct case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c1,
  case when D1.c4 is not null then D1.c4 when D2.c4 is not null then D2.c4 end as c2,
  case when D1.c5 is not null then D1.c5 when D2.c5 is not null then D2.c5 end as c3,
  case when D1.c3 = 0 then NULL else D2.c2 * 100.0 / nullif( D1.c3, 0) end as c4,
  D1.c3 as c5,
  D2.c2 as c6
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  order by c1, c2, c3
  [2012-10-17T18:36:55.000+00:00] [OracleBIServerComponent] [TRACE:2] [USER-18] [] [ecid: c9928ce086f2ff4f:4405c138:13a559973e0:-8000-000000000000f7e9] [tid: 128c] [requestid: 5e40000b] [sessionid: 5e400000] [username: weblogic] -------------------- Sending query to database named SPA (id: <<62434>>), connection pool named Initialization Block Connection Pool: [[
  WITH
  SAWITH0 AS (select T30351.SCHOOL_YEAR_DESC as c2,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T29835.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30351.SCHOOL_YEAR_DESC, T29835.STDNT_WID ORDER BY T30351.SCHOOL_YEAR_DESC DESC, T29835.STDNT_WID DESC) as c7
  from
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_SCHOOL_YEAR_D T30351 /* KPI_W_SCHOOL_YEAR_D */ ,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_ENROLL_SCHOOL_F T29835 /* KPI_W_STDNT_ENROLL_SCHOOL_F */
  where ( T26564.GRADE_LEVEL_WID = T29835.GRADE_LEVEL_WID and T26686.ORGANIZATION_WID = T29835.ORGANIZATION_WID and T29835.SCHOOL_YEAR_WID = T30351.SCHOOL_YEAR_WID and T30351.SCHOOL_YEAR_DESC = '2011-2012' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH1 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  D1.c2 as c2,
  count(distinct D1.c6) as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH0 D1
  group by D1.c2, D1.c4, D1.c5),
  SAWITH2 AS (select sum(D1.c1) over (partition by D1.c2) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH1 D1),
  SAWITH3 AS (select T30647.SCHOOL_YEAR as c3,
  T26564.GRADE_LONG_DESC as c4,
  T26686.SCHOOL_NM as c5,
  T26023.STDNT_WID as c6,
  ROW_NUMBER() OVER (PARTITION BY T30647.SCHOOL_YEAR, T26023.STDNT_WID ORDER BY T30647.SCHOOL_YEAR DESC, T26023.STDNT_WID DESC) as c7
  from
  W_DISCIPLINE_ACTION_D T29975 /* KPI_W_DISCIPLINE_ACTION_D */ ,
  W_GRADE_LEVEL_D T26564 /* KPI_W_GRADE_LEVEL_D */ ,
  W_KPI_QTR_DAY_D T30647,
  W_ORGANIZATION_D T26686 /* KPI_W_ORGANIZATION_D */ ,
  W_STDNT_DISCIPLINE_F T26023 /* KPI_W_STDNT_DISCIPLINE_F */
  where ( T26023.DISCIPLINE_ACTION_WID = T29975.DISCIPLINE_ACTION_WID and T26023.ORGANIZATION_WID = T26686.ORGANIZATION_WID and T26023.DATE_WID = T30647.DATE_WID and T26023.GRADE_LEVEL_WID = T26564.GRADE_LEVEL_WID and T29975.DISCIPLINE_ACTION_CD = 'Suspension' and (T26564.GRADE_LONG_DESC in ('Grade 10', 'Grade 11', 'Grade 12', 'Grade 9')) and (T26686.SCHOOL_NM in ('Central Sr', 'Como Park Sr', 'Harding Sr', 'Highland Park Sr', 'Humboldt Secondary School', 'Johnson Sr', 'Washington Technology Secondary')) ) ),
  SAWITH4 AS (select count(distinct case D1.c7 when 1 then D1.c6 else NULL end ) as c1,
  count(distinct D1.c6) as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH3 D1
  group by D1.c3, D1.c4, D1.c5),
  SAWITH5 AS (select sum(D1.c1) over (partition by D1.c3) as c1,
  D1.c2 as c2,
  D1.c3 as c3,
  D1.c4 as c4,
  D1.c5 as c5
  from
  SAWITH4 D1),
  SAWITH6 AS (select case when max(D1.c1) = 0 then NULL else max(D2.c1) * 100.0 / nullif( max(D1.c1), 0) end as c11,
  case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end as c12
  from
  SAWITH2 D1,
  SAWITH5 D2
  where ( nvl(D1.c2 , '1') = nvl(D2.c3 , '1') and nvl(D1.c2 , '2') = nvl(D2.c3 , '2') and nvl(D1.c4 , '1') = nvl(D2.c4 , '1') and nvl(D1.c4 , '2') = nvl(D2.c4 , '2') and nvl(D1.c5 , '1') = nvl(D2.c5 , '1') and nvl(D1.c5 , '2') = nvl(D2.c5 , '2') )
  group by case when D1.c2 is not null then D1.c2 when D2.c3 is not null then D2.c3 end )
  select D2.c11 as c1,
  D2.c12 as c2
  from
  SAWITH6 D2
  order by c2
  Edited by: 965968 on Oct 17, 2012 11:49 AM