Tab Level Security

Hi
I have a question around Tab level security.
We are deploying a Portal to 4 different parts of the organisation. Depending on which group the user is assigned will determine which Tab they are able to view. At present I am able to use the group to which the user is set up to allow them to view the correct tab. However I now need to only provide access to these tabs for certain users with a particular role/responsibility. So first the tab will only be available to users in Group A but I also now need to prevent some users in Group A without a particular role.
Do I need to create a new group for all persons in Group A with the correct Responsibility or is there another way of doing this. For example on assigning them to Group A and then interrogate this Responsibility when they click on the Tab.
I hope this makes sense ?
Regards
Kevin

Just off the top of my head, can you create another discrete group of the Group A users who need access to the other tab, and then give that group view rights? Haven't played with it myself, but we use a similar strategy for other items.

Similar Messages

  • Tab level security and customization privileges

    Hi,
    I've created a page that includes a tabbed region. I have given access to different tabs to different groups - when I do my demo, I'd like to show that we can secure data via tabs. This all works beautifully when my groups only have 'View Only' privileges. If I give the group 'Customization (Add Only)' privileges, when users of that group log into the page, they see ALL of the tabs, not just the ones their group has access to.
    I am not sure this is the intended behavior, but please let me know if it is.
    Thanks.

    Nevermind...the trick is not the give the privilege at the Group level, but at the Page level. Works as expected. Thanks and sorry.
    -melissa
    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Melissa Blakeney ([email protected]):
    Hi,
    I've created a page that includes a tabbed region. I have given access to different tabs to different groups - when I do my demo, I'd like to show that we can secure data via tabs. This all works beautifully when my groups only have 'View Only' privileges. If I give the group 'Customization (Add Only)' privileges, when users of that group log into the page, they see ALL of the tabs, not just the ones their group has access to.
    I am not sure this is the intended behavior, but please let me know if it is.
    Thanks.<HR></BLOCKQUOTE>
    null

  • How to achieve Tab level security in a WEBI report?

    hi,
    I have 2 tabs in a single Webi XI R3 report. This report should be viewed by 2 users with the following conditions.
    1st Tab should be seen by only User #1. (Tab 2 should be disabled)
    2nd Tab should be seen by only User #2. (Tab 1 should be disabled)
    How can we achieve this?
    Regards,
    Vamsee

    It is not possible to provide security on a report tab, only the document itself. Making it a requirement doesn't change the features of the product.
    If the two tabs are showing data in different formats, then using two different reports is the way to go. If the report tabs are showing the same format but different data (content) then you can apply filters or security rules in the universe itself to restrict data to what User 1 and User 2 are allowed to see.

  • Tab level and column level security

    Hi
    Can anyone suggest a high level view of implementing a tab level security based on the user logged on? I have a form that has multiple tabs and within each of these tabs there are multiple fields displayed (in a multi record block). Based on the user, the relevant canvas tabs should be enabled and only those fields within each of these tabs to which the user is authorized to view should be displayed. I am looking for an approach methodology that can be implemented dynamically. There could be another form to maintain the user, roles and accessibility options.
    Any suggestions are welcome.
    Thanks

    When the form loads, capture the username (network login ID).
    Based on this username, in you when-new-form-instance trigger or when timer expired trigger(you have to create a timer for this), set the property that certain tabs/fields must be enabled/disabled depending on the user.
    Say, you have two groups of users, admins and non-admins..
    when the form loads, capture the username
    compare this username with the tabular data to determine if that user is an admin or non-admin (you can do this using a select query)..
    and using when-no-data-found exception you may set the appropriate previleges using set_tab_property('tab_name',ENABLED,property_true) and hence forth
    hope this helps

  • Attribute Level Security on Portal Tabs

    We are using a set of tabs on a single portal page. We need the ability to
    display each tab based upon either an attribute or a PL/SQL result set.
    Currently the only options for tab level security are person and Group. This
    does not meet our needs.
    For Example, we have two tabs on the page (employee and manager). Everyone is
    an employee and only some are managers. We want only the managers to view the
    content on the manager tab. The only option we have is to create a manager
    group which will not work due to performance reasons (over 20,000 managers
    identified). We cannot manage this in groups.
    We need to know how to display the tabs by either a person level attribute or
    SQL query.
    Thanks,
    Rich

    Hi,
    ADF Security and ADF Business Component security both provide this functionality.Both use JAAS permissions for authorization that can be assigned to user roles. You find information in the developer guide
    http://download-uk.oracle.com/docs/html/B25947_01/toc.htm
    Frank

  • Item Level Security not working with Tabs

    I've Portal 9.0.2.2.22
    This issue is with Item Level Security with Tabs. Here is what I've have:
    Page Group: MyPagegroup (Privs: portal => Manage All)
    Page: MyTestPage (Privs: portal => Manage All,
    testUser => View)
    There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
    Now here are the two scenarios that I'm having problem with:
    1) MyTab (portal => Manage All, testUser => view)
    image1 (ILS enabled: portal => Manage All)
    image2 (ILS enabled: portal => Manage All,
    testUser => View)
    When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
    2) MyTab (portal => Manage All)
    image1 (ILS enabled: portal => Manage All,
    testUser => View)
    image2 (ILS enabled: portal => Manage All)
    When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
    Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
    If I don't put the items under a tab, then things work as expected.
    thanks
    Lalit Agarwal
    Vienna, VA
    703-521-5200 x3610

    This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
    Regards,
    Jerry
    PortalPM

  • Item level security, workflow and tab problems

    was wondering if someone could help us out with some problems we are having. We need to up and running over the next two days so anyone who could get back to us pretty quickly would be greatly appreciated.
    We are actually having a couple of issues which all revolve around three
    groups we have created (for simplicity we have only attached one user to each group). Here are the steps we took:
    Problems adding content:
    a) Added the three groups to the page group and gave them view access.
    b) Turned on approvals and set group3 as the approver.
    c) Added the three groups to the page and gave them view access.
    d) In the page properties, I enabled item level security.
    e) Added an item content area to the page.
    f) Added three pieces of simple content
    g) For content item1 I granted granted full access to group1(Own, manage, view), for content item 2 I granted full access to group2, etc.
    h) WHen I log on as a user in group1 I only see content item1. HOwever, when I edit the page I find I cannot add any items as user1.
    i) I went back to the page properties and changed the access of all three groups to "manage items with approval" but let the item level security as it was.
    j) When I logged on as user1 I found I could see all items now when I should only have seen content item1. What the hell? Can anyone tell me what I did wrong?
    Problems with item level security on tabs:
    a) Repeat steps a) through d) above.
    b) Create a content region and add three tabs: Home, Work, Life.
    c) On the Work tab changed portlet region to item region.
    d) Added three items with security exactly as I did above.
    e) When I signed on as user1 I saw all three items when I only should have seen item1. What the hell?
    f) I monkeyed around with the secutiry at the tab level but it didn't seem to make much difference. ANyone have any ideas what is going on here?
    Thanks in advance.

    Does the library have versions enabled? Also are these logins occuring within word/excel etc?
    If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
    There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
    want to.

  • Access Tab not showing for item level security

    I have enabled item level security for the portal page I am working on, but the access tab for the items is not showing.
    I have come accross exactly the same problem on this forum and the advice was:
    Hi try the following :
    go to page properties
    set the item level security
    clear the cache
    clear your browser cache
    it should work "
    I have tried all that, closed and opened a browser but the access tab is still not showing. This is a 10.1.4 portal on LINUX. Starnge enough I have a testing environment installed on my Windows XP (AS 10.2.0.2 not upgarded to 10.1.4) and I don't have any issues with item security access tab at all.
    I would appreciate any clues.
    Regards,
    Anna

    There should be two icons shown for each item when you put the page in Edit mode - Edit and Actions. Click on the Actions icon and "Access" should be one of the links in the list of actions (like hide, expire, delete, move, etc.)

  • Group Level Data Level Security not working

    I'm trying to test the data level security at the group level.
    Here's what I did
    1. Went to the security -> Groups -> Permissions -> Filters
    2. In Name added the Fact table on which I want to filter.
    3. Selected "Enable"
    4. In Filter Column I added a filter on a column in the dimension. (I didn't use any session variables in the filter)
    When I create an answers query with the column from the dimension (Which I used in filter) and fact from the fact table where I defined the filter, the filter is not applied..
    Am I missing something in the creation of filters?
    Thanks in Advance.
    Rama.

    Hi,
    If the user is member of both user defined and Administrator group no filter will be applied to them because Administrator group will take precedence and no filter can be applied to Administrator.Even if you ooen Administrator group, you will see that permission tab is disabled for Administrator group.
    Hope this helps.
    Regards,
    Sandeep

  • Obi 11g row level security not working

    All,
    I am very familiar and have worked with obi 10g row level security and it works pretty easily. Now in 11g not so easy. I am basically setting permissions on data filters on app roles as per the new 11g instructions and meta data guide, however, I never see the filters being applied in the report and also in the nqquery.log. I have tried in vain, and nothing. The filters are never being applied for the test user. I even verified the user is in the specified app role via their my account->app roles tab. Now has anyone had this experience or now is there something that must be done additionally now.
    Very frustrated... ;(

    Ok, so I have found the solution and ultimately the answer to why the object level and row level security was not being applied. It so happens that the app policy: 'resourceType=oracle.bi.server.permission, resourceName=oracle.bi.server.manageRepositories all' not only allows the management and access to online RPDs; but, IT ALSO DOES NOT APPLY SECURITY/PERMISSIONS IN THE RPD TO THAT USER thus you are super user. So the OOTB BIAdministrator app role which my AD user was being assigned never had any security applied due to this. How I tested:
    1) I created a test user
    2) Assigned that user to the BIAuthor app role and saw that they had the security applied that I was testing, which was simple object denial and row-level security to just one year on the date dim.
    3) Since it was working, I then assigned that user to the BIAdministrator role. This produced that the test user now does not have any restrictions that I set and that were working before. Thus, security/perms in the RPD are not applied.
    4). I removed the user from the BIAdministrator app role, kept in the BIAuthor app role and then created new test app role. I mapped that user to this new role along with the BIAuthor role. I then proceeded in creating new app policy with just that policy and assigning the new app role to it.
    5) I logged into the presentation services again with this test user after assigning to new app role and policy. My test user again does not have the security being applied and does not get any perms/security that I set and applied in the RPD. On top of that my test user is now able to login in online mode to the rpd via the bi admin tool.

  • Dashboard prompts are getting cached and not working as per data level security

    Hi,
    Version: OBIEE 11.1.1.5 BP2
       We have dashboard prompts that have data level security defined in RPD - Content tab of an LTS.
    After clearing cache, the dashboard prompt applies the security properly. When another user who has a different security defined, is seeing the same prompt values on clicking the drop down of a prompt and also when they click search prompt popup.
    Issue is, for second user, I do not even see cached query in the session logs. Tried applying the DISABLE_CACHE_HIT=1 in the prompt sql results, no luck.
    But reports are applying the security correctly, issue is with prompts alone.
    Any thoughts on this?
    Thanks,
    Rajesh

    Just for others reference: We disabled caching on the table to avoid this issue.

  • Data Level Security implementation question

    I had a quick data-level security scenario and wanted to solicit any input from the experts.
    In our current Subject Area we have one Presentation Layer using one Business Model. In this Subject Area have a Task and Employee Dimension. There is row-level Security on the Task Dimension that is done in the Business Model on the LTS Content tab. There are a batch of reports built off this Subject Area.
    There is now a request to build a new batch of reports, however, they want to now filter on the Employee Table and NOT filter on the Tasks. So the opposite of what has been applied above.
    From my perspective there are only a few ways this Security can be applied
    Business Layer: Basically either create an Alias of Employee and Task or build a second LTS for both. Then create new columns and map to these accordingly. Basically have 2 of each column in the Business Layer. One with Security applied and one without.
    Presentation Layer: Created a second Presentation Subject Area and apply the security at the Presentation Layer and remove it from the Business Layer.
    I know a third option could be put security on the Role/Group but for this case these reports are open to everyone.
    I'd just like to verify from the experts that I may have covered all solutions for this scenario or if there are any other suggestions?
    Thanks!

    Alright...
    If you have two LTS say A & B (basically duplicate) then add a column say LTS Indicator and assign 'A' for LTS A and 'B' for LTS B. Add the fragmentation content and apply the security filter and you can also create two different Presentation folders under same Subject Area if users have Answers Access so that the users know if they are querying for LTS A or LTS B.
    Similarly, build your reports making use of LTS indicators which will BI server to pick correct LTS. Say, where you want LTS A to be picked...use filter of LTS Indicator = 'A' and thats it.

  • Data level security in OBIEE

    We have implemented data level security by applying filters on groups in Obiee Administration tool. Here we have set filter on division(which is a column in Customer table). This is done so that user can see data for division for which he has access.
    When user creates report which consists of division column filter is working fine. E.g. if user1 has access to division1
    and when user1 cretes a report for (customerName,division,sales columns) he can see sales of customers belong to division1. But if user1 cretes report which does not contain division column e.g.(customerName,sales columns report) he can see all the customers sales data. How can we aoide that. We want User1 to see division1's data only irrespective whether division column is there in report or not.
    Can any one suggest what should be done to achive this.
    Thanks,
    Avdhut

    Hi friend,
    You need to create group of users and then apply filters over that groups.
    you should establish an additional filter for group1 (user1 belongs to group1 in your example). Follow next steps:
    - Manage -> Security...
    - Groups -> click right group1 and select propierties.
    - Select button 'Permissions...'
    - Select tab 'Filters' -> add new filter.
    - On the column name select the metric you need filter, in your example, customer sales. On the column 'Business model filter' put table.division=division1
    I hope this can help you.
    Good luck.

  • How to get object level security in Universe?

    Hi,
    I need to get the object level security for an Universe. I'm able to get the list of objects and its security access level (Public / Controlled / Restricted / Confidential / Private / )  from the (.Unv) file using the Designer SDK.
    But I need to get the list of users who has the object level security in the universe. In the CMC, by clicking the Universe and click on the Object Level Security tab, we can see the list of users there.
    I need to get the same using BOE SDK.
    I have used the following query to get the universe from the repository,
    "select * from ci_appobjects where si_kind='universe' "
    But I'm not able to get the list of users having obj. level security for that universe.
    Kindly help me to proceed.
    Thanks.

    The access security level is encapsulated in the SI_KIND='Overload' object. 
    Look for those types of objects, and the doc for the Overload class.
    An Overload references the Universe to which it's associated, and User/UserGroup objects are associated with the Overload via SecurityInfo.
    Sincerely,
    Ted Ueda

  • Data Level Security in OBIEE  Enterprise Edition

    HI,
    would like to know how to implement row-level security in OBIEE Enterprise Edition
    Setting up the context right here, considering a hierarchy of an organization that goes up to 4 levels as below:
    VP >Senior manager>Manager>clerk
    Now, the situation is such that a manager should be able to view its subordinates data but not the data of any other team to which he does not have access. And also the manager should view only his regions data.Same goes for other hierarchies in the organization.
    Any pointers in this regards i.e OBIEE ADMIN TOOL: SECURITY AUTHENTICATION THROUGH EXTERNAL DATABASE would be of great help.
    Source system is SIEBEL CRM 7.8
    THanks
    Gutha

    Hi,
    I can help you for Authentication using BI Server.
    For teh same you can use admin tool then manage>security> users and Groups.
    You can create different groups as well as users accrording to you hierarchy and then provide privilages users or groups according to your need like particular user can view the data of particular level.
    When you create users then in the user page you can provide the filter conditions in filter tab and same as in groups.
    Regards
    Tarang Jain

Maybe you are looking for

  • E Mailed Zip Files showing up as Password Protected

    I export photos to a folder, create zip file, and then e mail them as a regular part of my business. Sometimes these show up to the recipient as a "Password Protected" file. Any idea why???

  • Navigational Attribute in Reporting

    Hi experts, Suppose I have created one attribute as navigational attribute in my infoobject characteristic.This Characteristic is in Infocube. Now after executing query on this infocube,Can I drilldown from thic characteristic to Navigational attribu

  • Target blank not activ

    Hi there Work with dreamweaver8 for quite some time. Suddenly the target blank window in the property inspector is no longer activ (no highlight). For new pages as for the existing ones. Where is the problem? PK

  • Noise correction dissapearence

    Noise correction tab dissapeared in the develop module

  • IPhone not syncing, says dupicate file name was specified

    Seems to sync some stuff, but then the sync fails and I get this error message near the end of the sync. I think it may be when it is syncing photos from iTunes, but am not sure what is going on. This is really frustrating. I am now on my last straw