Tab level security and customization privileges

Similar Messages

• Tab Level Security

  Hi
  I have a question around Tab level security.
  We are deploying a Portal to 4 different parts of the organisation. Depending on which group the user is assigned will determine which Tab they are able to view. At present I am able to use the group to which the user is set up to allow them to view the correct tab. However I now need to only provide access to these tabs for certain users with a particular role/responsibility. So first the tab will only be available to users in Group A but I also now need to prevent some users in Group A without a particular role.
  Do I need to create a new group for all persons in Group A with the correct Responsibility or is there another way of doing this. For example on assigning them to Group A and then interrogate this Responsibility when they click on the Tab.
  I hope this makes sense ?
  Regards
  Kevin

  Just off the top of my head, can you create another discrete group of the Group A users who need access to the other tab, and then give that group view rights? Haven't played with it myself, but we use a similar strategy for other items.

• Message Level Security and Performance

  Hi All,
  Does the implementation of Message Level security features Like SSL and Encryption degrade the performance of the server in Processing the messages ?
  regards,
  Rahul

  Encryption related performance issue is purely related to size of messages.
  In my opinion, SSL wouldnt affect the performance for large messages. SSL will take its usual time for checking for security.
  And the volume and size could anytime affect the performance
  Regards,
  Prateek

• How to achieve Tab level security in a WEBI report?

  hi,
  I have 2 tabs in a single Webi XI R3 report. This report should be viewed by 2 users with the following conditions.
  1st Tab should be seen by only User #1. (Tab 2 should be disabled)
  2nd Tab should be seen by only User #2. (Tab 1 should be disabled)
  How can we achieve this?
  Regards,
  Vamsee

  It is not possible to provide security on a report tab, only the document itself. Making it a requirement doesn't change the features of the product.
  If the two tabs are showing data in different formats, then using two different reports is the way to go. If the report tabs are showing the same format but different data (content) then you can apply filters or security rules in the universe itself to restrict data to what User 1 and User 2 are allowed to see.

• Row-level security and Oracle9iAS

  Hi!
  Does anybody know how to use RLS in J2EE application with Oracle9iAS? Can you please help me with patterns, documentation and examples? Can not find anything on it.
  I am using Oracle9iAS 9.0.3 and Oracle8i
  Thanks a lot in advance!

  Is this a requirement or an issue?
  There are several options available you can use the inbuilt OBIEE security to append filters onto the tables.
  I think the more elegant solution would be to attempt to use the database to apply the security (if you're using Oracle) - views and application contexts would be my preferred method.

• Item Level Security and url not working

  Hi,
  I have a SharePoint 2010 web application for internal users with windows authentication that contains a infopath forms library with content approval enabled. This web application is extended as extranet for external sites and it's using forms authentication
  and all the users are in a group that has read permissions. What we are doing is to create infopath files in the internal site and give permissions to certain groups so external users can access these infopath files from the external site. 
  Everything works fine we create a infopath form and its status is draft so users in the external site cannot see the files at that moment until the file is approved. If we remove the permissions from a group the user has not access to the item (file) in
  the external site which is ok, the user can't see the file BUT if the user tries to access the file through the URL directly the user has access. 
  In conclusion the user has access to the item when its group is assigned to the permissions in the item and the user can see the file in the library. 
  If the group is removed from the item the user can't see the file in the library but the user can still access the file using the URL pointing to the infopath xml file directly.
  It is worth to mention that we tested the same in a none content approval form library and users have not access using the URL.
  I hope i explained myself correctly, any help would be much appreciated.

  Does the library have versions enabled? Also are these logins occuring within word/excel etc?
  If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
  There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
  want to.

• Item Level Security and opening documents Login Prompts

  Hi all,
  Someone has created a document within a specific document library. On this Document Library we've set the Item Security per Item. We assigned Read Permissions to a couple of users to this document.
  When users try to open the document it comes with a couple of Login Prompts each time the user opens the documents. When other document libraries with normal permissions it doesn't show the Login Prompts.
  Why does these Login Prompts come up?
  Thanks

  Does the library have versions enabled? Also are these logins occuring within word/excel etc?
  If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
  There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
  want to.

• Tab level and column level security

  Hi
  Can anyone suggest a high level view of implementing a tab level security based on the user logged on? I have a form that has multiple tabs and within each of these tabs there are multiple fields displayed (in a multi record block). Based on the user, the relevant canvas tabs should be enabled and only those fields within each of these tabs to which the user is authorized to view should be displayed. I am looking for an approach methodology that can be implemented dynamically. There could be another form to maintain the user, roles and accessibility options.
  Any suggestions are welcome.
  Thanks

  When the form loads, capture the username (network login ID).
  Based on this username, in you when-new-form-instance trigger or when timer expired trigger(you have to create a timer for this), set the property that certain tabs/fields must be enabled/disabled depending on the user.
  Say, you have two groups of users, admins and non-admins..
  when the form loads, capture the username
  compare this username with the tabular data to determine if that user is an admin or non-admin (you can do this using a select query)..
  and using when-no-data-found exception you may set the appropriate previleges using set_tab_property('tab_name',ENABLED,property_true) and hence forth
  hope this helps

• Attribute Level Security on Portal Tabs

  We are using a set of tabs on a single portal page. We need the ability to
  display each tab based upon either an attribute or a PL/SQL result set.
  Currently the only options for tab level security are person and Group. This
  does not meet our needs.
  For Example, we have two tabs on the page (employee and manager). Everyone is
  an employee and only some are managers. We want only the managers to view the
  content on the manager tab. The only option we have is to create a manager
  group which will not work due to performance reasons (over 20,000 managers
  identified). We cannot manage this in groups.
  We need to know how to display the tabs by either a person level attribute or
  SQL query.
  Thanks,
  Rich

  Hi,
  ADF Security and ADF Business Component security both provide this functionality.Both use JAAS permissions for authorization that can be assigned to user roles. You find information in the developer guide
  http://download-uk.oracle.com/docs/html/B25947_01/toc.htm
  Frank

• Domain and User Level Security

  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

  Hi Shamu,
  I answered similar questions in a posting with title "Service
  Authentication How to". The questions were posted after your post.
  Check out the questions and my reply see whether they are useful to you.
  Regards,
  Honghsi
  shamu wrote:
  >
  Dear Friends
  Tuxedo Version : 8.0
  Weblogic Server: 7.0
  Operating System : Win 2000
  I have successfully run the simpapp example with WTC as the connector between
  the remote domain (tuxedo) and local domain (WLS).
  Now, i want to perform authentication, the documents are not being of much help
  so can anybody give me any suggestion to create domain level security and ACL.
  Please note, i'm just using the services (import).
  As per the documents and newsgroup,
  i made changes to the TUXEDO ENVIRNMENT, ubbdomain, adding SECURITY , AUTHSERV
  parameters in it.
  Also made respective changes in WTC, but when i run the example,
  it throws an exception as TPENOENT.
  Thank you in anticipation.
  Please help me !

• Obi 11g row level security not working

  All,
  I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
  Very frustrated... ;(

  Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
  1) I created a test user
  2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
  3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
  4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
  5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool.

• How to provide Responsiblity level security in OBIEE 11g

  Hi all,
  Can any one tell me how to provide the responsibility level security in OBIEE 11G.

  Hi,
  You need to create group of users and then apply filters over that groups.
  you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
  - Manage -> Security...
  - Groups -> click right group1 and select propierties.
  - Select button 'Permissions...'
  - Select tab 'Filters' -> add new filter.
  - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
  you should add the Customer table to your Sales-fact LTS add apply the filter to this combined LTS as well
  For more:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  also try http://www.biblogs.com/1969/12/31/obiee-11gr1-security-explained-an-11g-security-overview/
  http://forums.oracle.com/forums/thread.jspa?threadID=1120336
  Thanks
  Deva
  Edited by: Devarasu on Oct 11, 2011 6:08 PM

• How To Setup User Row Level Security In Answers From Values In Table

  I am trying to setup row level security when a user logs into BI Answers. Basically I want the user to create any report that they would like but only see the data that they are associated to being retrieved in the Answer Report results. I have users stored in an Oracle authentication table where they have multiple values for schools that they can view. I have data in my RPD file that contain tables with multiple rows for schools. What I would like is to capture the associated school values for the user logged into BI Answers and place a filter on the data being retrieved in the RPD file to only show rows for the user's associated schools. Can I add a WHERE clause on the Business Model and Mapping layer of the RPD that would retrieve the multiple associated schools in my authentication table and filter/match them (IN clause maybe) to the school values in the RPD data being retrieved?
  Thank you in advance for any information you my have to help me along,
  Kyle

  Turribeach,
  I appologize, I did not use those exact words to search on in the forum. I should have and what I did use didn't turn anything up for my situation.
  Thank you for the link. It helped me find the below link which describes the setup in detail and resolved my issue:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  What I needed was a row-wise variable/initialization block that stored the multiple school values for my logged in user. I then edited the "Content" tab of the Logical Table Source with a WHERE/IN clause that filtered down the result set based on my variable/initialization block SQL query.
  This solution works great!
  Thanks again!

• Row level security problem.

  Hy all, I'm new to Oracle and though i've google it a lot I didn't manage to find a solution to this problem:
  I'm using sql developer and Oracle 10g.
  I have this two tables :
  CREATE TABLE HR_employees
  (codHR NUMBER(3) CONSTRAINT pk_hr PRIMARY KEY,
  coddep NUMBER(4) not null,
  DB_user VARCHAR2(10),
  and
  CREATE TABLE Candid
  (codcan NUMBER(2) CONSTRAINT PK_candidat PRIMARY KEY,
  codHr NUMBER(3) NOT NULL,
  CONSTRAINT FK_CODHR FOREIGN KEY (codHR) REFERENCES HR_employees (codHR) );
  I tried to implement row level security on them by using two views:
  CREATE OR REPLACE VIEW employees_v AS
  SELECT * FROM hr_employees
  WHERE DB_user = user
  UNION
  SELECT * FROM hr_employees
  WHERE codhr=(SELECT codhr FROM hr_employees WHERE db_user=user );
  AND coddep IN (4000,5000);
  CREATE OR REPLACE VIEW candid_v AS
  SELECT cand.*
  FROM candid cand , hr_employees hr
  WHERE cand.codhr= hr.codhr
  AND hr.db_user=user
  UNION
  SELECT cand.* FROM candid cand, hr_employees hr
  WHERE hr.coddep=(SELECT H.coddep FROM hr_employees H
  WHERE H.db_user=user
  AND H.coddep IN (4000,5000) );
  What I want to do is to disconnect and connect with another user from SQL Developer and see different fields based on the user and the department, Sql developer doesn't seem to recognize the user connected to the database..everytime I receive a no row selected statement, only when I connect with SYS and put the actual username WHERE H.db_user='SYS' they seem to work. I have created the tables with SYS and granted Select on the views to the users, the users don't have privilegies on the actual tables.
  Sorry for the bad english,it's a foreign language to me ,
  I hope you can help me

  Hi,
  Damorgan is right: "Row level security has nothing to do with views" in the sense that the two are independent. You can have row-level security with or without views, and you can have views with or without row-level security. dbms_rls is a very useful and powerful way to implement row-level security, and you should check it out, but it's not necessarily the answer to all row-level security problems.
  I'm not sure I understand your problem beyond the need to restrict user A's access to two tables.
  If which rows user A is allowed to see depends on the results of queries from those same tables, including rows that user A is not allowed to see (that is, you need to do sub-queries with some other user's (let's call this user B's) privileges), then you can do those sub-queries in stored procedures.
  Stored procuderes can run with the privileges of the procedure owner, regardless of who is calling them. Using a function called user_codhr owned by user B, you could define a view like this:
  CREATE OR REPLACE VIEW employees_v AS
  SELECT * FROM hr_employees
  WHERE DB_user = user
  OR    (   codhr = user_codhr
        AND coddep IN (4000,5000)
        );If the results of the function will be the same throughout the session, you can call it once, at the beginning of your session, and save the results in a SYS_CONTEXT varaible or a global temporary table.
  If you need more help, post a more detailed example of the problem, such as "With this data in the table, B should see all rows but A should see only ...".

• Regarding Data Level Security in OBIEE

  Hi,
  We are currently implementing Data level security in our project. We have created multiple groups in the repository and put business filters in the permissions tab for each of the groups. When a user belongs to more than one group then the backend SQL fired by the BI server has an OR condition between the business filters from different groups. Is there a way to force an AND condition between the filters passed from different groups?
  Thanks,
  Kartik

  Try this link
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  If the business unit is a column then try this
  Repository --> presentation Layer --> column --> properties --> permissions --> Give access to the user/group,for others disable the permission.
  Thanks
  Don