Universe row level security workiing in main report but not subreports
I have a report with a couple of sub reports that are running against a universe with row level security. The security works in the main report but when the sub reports run, the security is missing. The report is running through BOE, CR XI R2. Is there something Im missing...? Being new to BOE...
Hi Michael,
I am sure the Sub-report is also based on Universe.
Try to create query with atleast one object/column coming from table on which row level security is applied in universe.
Hope this will solve the problem.
Thanks,
Sushil
Similar Messages
-
Applying row-level security to crystal report instance
Hi
we have created crystal reports based on sap r/3 data using open sql driver and imposed row level security and published to BOE.The user when opens report with view on demand can see the data which he is supposed to see.
Is it possible to schedule a single instance of the crystal report and then all the users access the instance and see the data that they are supposed to see.If not what is the other way out.
Thanks in advance.
KamalHi,
I didn't try it so far
but I found this Link:
http://neverknewthat.wordpress.com/2007/11/06/row-level-security-trick-with-crystal-reports/
-> create Instance with full authorization
-> Join CR-Result with Customer-Table: User Authorization
Max -
Row Level Security in EPM Workspace 11.1.2.2
Hi All,
I'm facing an issue while implementing Row Level Security in Workspace.
The error goes like this: "Error Accessing Row level security information Server Error: 1012 Unable to acquire row level security information from repository ..........".
I have configured ODBC,DAS as per the documentation and enabled the RLS using Navigate option.Given below are windows and db info
OS:Windows Server 2008- 64 bit
DB:MS Sql Server 2008
DBUser: with full admin permission on database.
Thanks in AdvanceHi All,
Given below is the DAS log..
[2013-06-25T10:16:21.761-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host:] [nwaddr: 10.24.206.86] [tid: 20] [userId: epmt] [ecid: 0000JxqQx2C4ulmLwqH7iW1Hm49K00000D,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: xxxxxxxx] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] SQL API: [SQLExecDirectW], SQL RETURN: [-1], SQL STATE: [42S02], SQL NATIVE ERROR: [208], SQL MESSAGE: [[Microsoft][ODBC SQL Server Driver][SQL Server]Invalid object name 'RLSUser1.BRIOSECG'.][[
[2013-06-25T10:16:21.761-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host: xxxxx] [nwaddr: 10.24.206.86] [tid: 22] [userId: epmt] [ecid: 0000JxqQx2F4ulmLwqH7iW1Hm49K00000E,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: gmarichetty] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] Unknown exception handled in RequestProcessor::GetRowLevelSecurityInfo()@D:\talleyrand\views\buster_talleyrand_bi_code\v1_bi_code\services\com\brio\one\services\das\proc\reqproc.cpp:1284[[
[2013-06-25T10:16:21.762-04:00] [IR] [ERROR] [] [oracle.IR.com.brio.one.services.das] [host: xxxxxx] [nwaddr: 10.24.206.86] [tid: 20] [userId: epmt] [ecid: 0000JxqQx2C4ulmLwqH7iW1Hm49K00000D,0] [resource_id: Fetching Row Level Security Info] [session_id: OG77kW6K-0000013f7ba3e00d-0000-cd7b-0a18ce56] [subject: xxxxxxx] [resource: IDataAccessServiceImpl::getRowLevelSecurityInfo] [originator_name: InteractiveReportingDataAccessService] DAS Exception handled in IDataAccessServiceImpl::getRowLevelSecurityInfo()@D:\talleyrand\views\buster_talleyrand_bi_code\v1_bi_code\services\com\brio\one\services\das\idl\impl\idasimpl.cpp:1560[[
Exception Message: Unable to acquire row level security information from repository.
Please note that ODBC/DAS are configured as per the documentation.I am able to see BRIOSECG table in SQL Server,IR Studio and Web Client "Invalid object name 'RLSUser1.BRIOSECG'.][[" ,but when i select some fields from this tables in web client and process,then getting stated above error..
Any Suggestions are appreciated... -
Row level security at universe design level
Hi,
I am creating a Universe layer on top of non SAP OLAP cube ( from MS Analysis Services 2005 ) .
My concern is that can we maintain the row level or data level security at universe design level or if i am using that universe in creation of WEBI report so is there any possiblity to maintain this security at WEBI level.
Regards,
Mishra Vibhav.Thanks for the reply.
Much Appriciated.
My only concern is that i read in the Universe Designer developer guide that it does the row level security so can eloborate a bit about how we maintain at Universe level.
Warm Regrads,
Mishra Vibhav -
Row Level Security from Universe to BOBJ Explorer Information Space
Hi Experts,
We have got a Universe using Sql Server Database and had designed Row Level Security to restrict managers data only to manager who ever log on (@BOUSER), Directors data based on who ever log on(@BOUSER).......
The above logic is working fine when designing Webi / Deski reports but when I create a BOBJ Explorer Infospace , I log on with my profile as Manager which brings me data relevant to me only, but when other Manager log on to Polestar and use same Infospace the @BOUSER security is not working to bring his own data and it is showin my manager id data to other manager.
Requirement: 1 Infospace for Managers and 1 Infosapce for Director's.
who ever logon's and uses same infospace from manager's group or Director's group they should see only
their data and not aother manager / director data.
Thanks,
RajuTHis is a known issue. Should be solved in BO Explorer XI 3.1 SP2.
Check SAP note 1365329 (http://service.sap.com/notes)
Regards,
Stratos -
Crystal reports LOV cascading prompts row level security not working
Crystal report LOV cascading prompts with row level security is not woking when the crytal report cache server/page server cache (Oldest On-Demand Data Given To a Client (in minutes)) is turned on. But its working fine when the cache is turned off.
Using XIR2 environment.
Appreciate the response.
Thanks
ChenthilHi Chen,
In terms of what could be done on the Crystal Reports end, there is no such controls available. However, your question may be better answered if it was posted to our Business Objects Enterprise forum.
It is at "BusinessObjects Enterprise Administration" section of the forums.
FYI. -
Row Level security in OLAP universe
Hi,
We have a OLAP universe based on a BeX query and we are planning to implement the row level security on it.
As it is not possible to use the normal @BOUSER in the OLAP universe, what is the way to implement the same?
Is it possible to have it in the BeX query itself? Any thoughts on this please.
indusHi,
right now you can not implement row level security in an OLAP Universe, you need to setup BI Authorizations and use Authorization variables in the query.
Ingo -
Row level security in Xcelsius through scheduled reports?
Hi Experts,
Our requirement is to implement row level security in Xcelsius dashboards from SAP BW source through Bex queries which would have authorization variables. We have seen that these Bex authorization variables work in Webi reports and security is applied appropriately. But do they work in upto Xcelsius as well, if we use Live Office Parameter binding option? If it does, then do we need to create prompts agian in Webi?
We have also seen that security is applied if we use the BICS (SAP Netweaver native connectivity) option. However our objective is to schedule as many reports as possible in the dashboard to save on report refresh time at run-time, which is not possible is BICS or QAAWS. Therefore the best option for us would have been if we could apply row level security on scheduled reports.
Can you please advise on the best approach? Your help is greatly appreciated.
Thanks,
SougataSince you are using BEx queries as data sources authorization variables is the only way to apply row level security. This will work fine also for XCelsius dashboards that run in the InfoView (in an SAP logon context eg. when the user uses it's SAP credentials to login into the InfoView) and fetch data on-demand over LO from your WebI reports. Just make sure that the underlying webi reports are set to use SSO.
If you are using scheduled report instances no row level security is applied depending on the context of the user that started the dashboard. XCelsius will get the data that have been saved in the instances. In this case the row level security has been already applied at the moment the report instance was created BUT for the user who scheduled the reports to run.
Regards,
Stratos -
Help with implementing Row Level Security in Interactive Reporting
We're deploying Hyperion BI+ 9.3.1, using Workspace and Interactive Reporting. I'm researching how we can use the Workspace row level security option. I've read what's available for documentation in the Workspace Administrator Guide and the Interactive Reporting Users Guide. I understand the concept of setting up rules with row_level_security.bqy, but I'm confused about where these tables should go and what actually happens when I go to Workspace > Administrator > Row Level Security and turn it on.
The Administrator's Guide tells me the "properties" are stored in the repository, but the "rules" are in the "data source". Does that mean my BRIOSEC* tables go in the database I'm running my reports from? If so, then what's the data source I'm filling in on Workspace > Administrator > Row Level Security?
I have many different database connections going to different Oracle and SQL*Plus instances, and I don't want to apply row level security to all of them. How does Workspace tell the difference between them? If I enable rules but create a report from a database that doesn't have rules defined for it, what happens?The 3 tables used with the RLS are stored in the same schema as your repository by default.
The RLS store all the Rules for any database that you are using.
You define the rules based on the tablename (owner.tablename) and the column name. -
Crystal Reports - ECC Tables - Row level security on Multiple tables
Hi Experts,
We are implementing Crystal Reports directly reporting on ECC Tables. Lot of information on row-level security has been provided by experts Ingo Hilgefort, Don Williamsand Mike Seblani, but not related to multiple tables or Wild cards
Requirement:
Crystal Users should have access to ALL the tables in ECC, but restricted by Company code, plant, Sales Organization, Purchasing Organization fields to what ever table it applies to. Example: MARC table should be restricted by Plant, BSEG table should be restricted by Plant and company code, GLT0 table should be restricted by Company code..etc
Users should ONLY see their Organization related data.
Solution Developed:
1. We created custom authorization object with BUKRS and WERKS
2. In /CRYSTAL/RLS we used Wild Cards *, + rather than specific table and referenced the custom authorization object with =BUKRS and =WERKS in the Field Value
3. Enabled global lock
4. Custom Authorization object was added to user-profiles with corresponding restrictions
*Observation:*
1. This security works when a crystal report was developed on a ECC table which has both BUKRS and WERKS
2. This setup DOES NOT work when a crystal report developed on a table with either one of BUKRS or WERKS
Example: Does not work on MARC table - error message "Database connection error: /CRYSTAL/OSQL_EXECUTE_QUERY Message: field T0~BUKRS" unknown"
Does not work on GLT0 table - error message "Database connection error: /CRYSTAL/OSQL_EXECUTE_QUERY Message: field T0~WERKS unknown"
Trouble Shooting:
In the "where clause" of the internal ABAP code generated for MARC, system is checking for BUKRS - which should not be the expected result
ANYTHING WRONG IN THE SECURITY SETUP ? PLEASE ADVICE
Note: Document "BusinessObjects XI Release 2, Integration Kit for SAP, Installation Guide" does not talk much about this multiple table restriction. Any other document to be referred to ?I'm not sure how that would help; by using the Faculty_ID Session Variable I can identify the CRN and Term of all courses a faculty member is teaching. But I don't think that has to do with the problem I am having?
-
Reports XI: Infoview behavior with Row Level Security
Post Author: pwilliamsbssp
CA Forum: General
I have a report that is based off a business view that has project information with an additional table used to assign report users to certain clients (each project has a client). A filter is used to assign the report user to the current ce username.The report is scheduled by the administrator login. Each user goes to view their report on Infoview and is able to view data for only those clients specifically assigned. This functionality seems to work fine - everyone views one instance of the report and InfoView assigns the row level security.However, I'm running into a problem viewing report histories when adding or changing client assignments. The historical reports come up either blank or with erroneous information (such as the current week's information instead of the previous week's data saved with the instance of the report). I have not found a logical link between the behavior of the historical reports and the specific users. Some can see one week and not another while others have the reverse, regardless of their security assignments.Does anyone understand the behavior of view historical reports with row-level security? I have no idea what data/metadata is saved with each report instance and when the row-level security is being read. Is it read when viewing the report? or, is it specific to the structure of the data when the report was run?With other reports using the same row-level security model I'm able to view the historical reports although it has the client assignments at the time the report was created. But, at least I'm able to view the reports.Any insight welcome.Patrick WilliamsPost Author: pwilliamsbssp
CA Forum: General
Bump. Anyone is welcome to tackle this question. Please. -
Report based row level security
I have a requirement to have row level security on only one particular report - so a user in the "Accounting" group - when running this report can only see the "Accounting" business unit but not any of the other business units such as "food service" or "training" - however when running any of the other reports - they are able to see all business units. Is there a way to deploy row level security so when a particular report is run that the security filter is applied - and not in all cases?
thanks very much for your help!Kapsnerc,
One way to solve your problem is to duplicate the column in your rpd and then define security accordingly.
For this report use the duplicated column and for the rest use the original column to build the report.
Regards,
Venkata.
Edited by: user8000915 on Jun 28, 2010 2:07 PM -
How to make Management of row level restrictions easy for webi reports?
Hi all
Our BO Product version is 12.3.0.601 (BO 3.1)
We are applying row level security for webi reports at universe level...
Since Universes are more in Number we have to create same restrictions and apply it to the users lets take a restrictions on region....which is common across all universes.
So the problem lies with the management of restrictions created at universe level.
Can we have a setup in where we can centralized the restirctions at a place so that management would be easy ......???
Shall we have to import the roles(restrictions) from R/3 or BW or Database level...?
Then how we will restrict our report (webi) to a region?????
So basically webi reports should run with the restrictions lets say region....How we will achieve this?/
Thanks and Regards
Ritu RajHi,
what is your Datasource?
If its SAP BW i would highly recommend you use the SAP Authentication in your BOE XI 3.1 So the users log into BOE with their SAP Username and Password and than the Data restriction of your BW takes place when the users run their Reports.
Informations on how to confiure the SAP Authentication you will find in the installation Guide of the SAP ITK.
Regards
-Seb. -
Implement row-level security using Oracleu2019s Virtual Private Databases (VPD)
Environment: Business Objects XI R2; Oracle 10g
Functional Requirement:
Implement row-level security using Oracleu2019s Virtual Private Databases (VPD) technology. The restriction is that the Business Objects Universe connection should use a generic/u201Capplicationu201D database user account. This will allow the organization to avoid the situation where the Business Objects password and the Oracle password need to be kept in synch.
What do we need from the Business Objects support team?
1. Review the 2 attempted solutions that we have tried to implement
2. Propose solutions/answers to open questions for each of the attempted solutions
3. Propose any alternate solution that will help us implement the Function Requirement stated above
Attempted Solution 1: Connection String uses Oracle Proxy User
The connection string that is specified in the Universe is the following:
app_user[end_user]/app_user_pwdarrobaDatabase.WORLD
app_user = generic application user
end_user = the oracle account of the end user which is set using arrobaVariable('BOUSER') app_user_pwd = password of the generic application user
We have tried and implemented this in our test environment. However, we have some questions and concerns around how the connections are reused in a connection pool environment.
Open Question for Solution 1:
i. What happens when multiple proxy users try to connect on at the same time? Business Objects shares the generic app_user connect string. However, every user that logs on will have their own unique proxy user credentials. Will there be any contention involved? If so, what kind of errors can we expect?
ii. If a user logs on using his credentials (proxy user), and business objects opens up a connection to the database using that user's credentials (as the proxy user but logging in through the generic app user). Then the user exits out --> based on our test today, it seems like the database connection remains open. In that case, if another user logs on similarly with their credentials, will business objects simply assign the first users connection to that second user? If so, then our security will not work. Is there a way that Business Objects can somehow ensure that everytime we close a report, the connection is also terminated both at the BO and DB levels?
iii. Our 3rd question is general high level -> How connection pooling works in general and how it is implemented in BO, i.e. how are new connections assigned, how are they recycled, how are they closed, etc.
Attempted Solution 2: Using the ConnectInit parameter
Reading through a couple of the Business Objects documents, it states that u201CUsing the ConnectInit parameter it is possible to send commands to the database when opening the session which can be used to set database specific parameters used for optimization.u201D
Therefore, we tried to set the parameter in the Universe using several different options:
ConnectInit = BEGIN SYSTEM.prc_logon('arrobaVARIABLE('BOUSER')'); COMMIT; END; ConnectInit = BEGIN DBMS_SESSION.SET_IDENTIFIER('arrobaVariable('BOUSER')'); COMMIT; END;
Neither of the above iterations or any variation of that seemed to work. It seems that the variable is not being set or being u201Cexecutedu201D on the database.
One of the Business Objects documents had stated that Patch ID 38, 977, 350 must be installed in our BO environments. We have verified that this patch has been applied on our system.
Open Questions for Solution 2:
How do we get the parameter ConnectInit to work? i.e. what is the proper syntax to enter and what other things do we need to check to get this to work.
Note: Arroba word is being used instead of the symbol in order to avoid following error message:
We are sorry but your message can not be posted since you have included an email address. Please remove the email address and re-post.the connectinit setting should look something like this:
declare a date; begin vpd_setup('@VARIABLE('BOUSER')'); Commit; end;
The vpd_setup procedure (in Oracle) should look like this:
CREATE OR REPLACE procedure vpd_setup (p_user varchar)IS
BEGIN
DBMS_SESSION.set_vpd( 'SESSION_VALUES', 'USERID', p_user );
END vpd_setup;
Then you can retrieve the value of the context variable in your vpd functions
and set the vpd. -
Object Level Security,Data Level Security&Row level Security
can anyone explain main difference between "Object Level Security,Data Level Security & Row Level Security " and how to implement.
Thanks in advance,
KumarHi Kumar
Dashboards, Reports, Guided Navigation Links, Texts, briefing books are all Dashboard OBJECTS which are available at UI level of OBIEE..if you restrict them Say User 'A' wants to see 2 Dashboards and USer 'B' Wants to see 1 Dashboard....these settings & permission u r restricting in Object level called Object Level Security
lly datalevel security is restriction of Data.. consider the same above example and User 'B" wants to see 2-3 regions data where as User A will see only Single Region Data..which you will do/restrict at logical tables, using variables..
Row level security: http://groups.google.com/group/obiee-enterprise-methodology/browse_thread/thread/131ee938a5aefde0 refer this link, clearly explains you
Please mark Correct or helpful if this clears
Maybe you are looking for
-
Exchange 2007, Contacts and Calendar OK , Email only folder structure
Hi, as i was reading many different topics I found that many of them had mixed answers between Exchange 2003, Exchange 2003 and 2007. Because of this mess, i wanted to focus ONLY on *EXCHANGE 2007*. That´s been said... I have configured my iPhone wit
-
After I exported a PDF to a Word doc and downloaded it, I can't get the pointer tool to work.
After I exported a PDF to a Word doc and downloaded it, I can't get the pointer tool to work. When I click on the document text, the only tool is the "move" tool. I can't edit or select text. Please advise.
-
More/Less link to show & hide more text in a report
Hi Everyone, Lot of my reports having description field running around close to 100 to 200 characters. So instead of showing all the description to the users why not show only partial data like first 100 characters and then followed with a "More..."
-
How do i double stroke using adobe photoshop elements 10
how do i double stroke using adobe photoshop elements 10?
-
Must be able to search FOLDERS
I did my ranting elsewhere but I organize jobs by FOLDERS. A new job comes in I give it a job number/name (1476 Gourmet Express). Consequently, at some point in time I may want to search all Gourmet Express folders to consolidate elements for viewing