Using VPD and Portal

Similar Messages

• Error executing a query using VPD and BC4J

  Hi all,
  Our team is developing an application using an Oracle DB 9.2.0.4 and BC4J 10g (9.0.5.16.0) as persistence layer.
  We also are using the VPD (virtual private database) to have security in the database at row level.
  The problem we are facing is that every some time (days) we get a jdbc error when a query (see below) that uses VPD policies is executed. Once the error occurs I execute it from sqlplus without getting any error .. it only occurs from our java application.
  To temporary solve this problem, we delete and recreate the VPD policies, then the application continue working fine for some time ...
  I'll appreciate any comment / suggestions
  Thank in advance.
  Eduardo.
  ERROR LOG:
  oracle.jbo.SQLStmtException: JBO-27122: SQL error during statement preparation. Statement: SELECT * FROM (SELECT CalLocation.ID,
  CalLocation.CODE, eo
  CalLocation.NAME,
  CalLocation.ZIP,
  CalLocation.PHONE,
  CalLocation.FAX,
  CalLocation.ADDRESS1,
  CalLocation.ADDRESS2,
  CalLocation.URL,
  CalLocation.OWNER,
  CalLocation.CTY_ID,
  CalLocation.DESCRIPTION,
  ORefCity.CODE CTY_CODE,
  ORefCountry.ID CTR_ID,
  ORefCountry.CODE CTR_CODE,
  ORefRegion.ID REG_ID,
  ORefRegion.CODE REG_CODE
  FROM CAL_LOCATIONS CalLocation,
  OREF_CITIES ORefCity,
  OREF_COUNTRIES ORefCountry,
  OREF_REGIONS ORefRegion
  WHERE ORefCity.ID = CalLocation.CTY_ID
  and ORefCountry.ID = ORefCity.CTR_ID
  and ORefRegion.ID = ORefCountry.REG_ID) QRSLT WHERE ( ( (CTY_ID = 867) ) )
  ## Detail 0 ##
  java.sql.SQLException: Io exception: Broken pipe
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:189)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:231)
       at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:345)
       at oracle.jdbc.driver.OracleStatement.open(OracleStatement.java:717)
       at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2605)
       at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:457)
       at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:387)

  The symptoms we have been getting are quite similar to the bug 3662364 .
  I'm going to implement the patch for that bug and see what happend then.
  Thank you very much for your help.
  Regards,
  Eduardo.

• Organization announcements Using CRM and SAP portal

  Dear Gurus,
  I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
  1) Create a campaign using mail form (Announcement content) and target group
  2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
  3) Release the campaign and execute the campaign
  4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
  4) Create an iView in portal
  5) Pull the activities created on CRM and display on the portal iView
  My questions are:
  1) Is there any standard iView to do this
  2) Is there any other standard functionality available to do this announcement using CRM and Portal
  3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
  Thank you in advance and appreciate your help.
  Regards,
  Reddy

  Dear Gurus,
  I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
  1) Create a campaign using mail form (Announcement content) and target group
  2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
  3) Release the campaign and execute the campaign
  4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
  4) Create an iView in portal
  5) Pull the activities created on CRM and display on the portal iView
  My questions are:
  1) Is there any standard iView to do this
  2) Is there any other standard functionality available to do this announcement using CRM and Portal
  3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
  Thank you in advance and appreciate your help.
  Regards,
  Reddy

• How to use vpd to restrict rows by application and schema_name?

  We have a need to reuse a schema name many times in a test/dev. environment. Normally we just create a new instance so development can test their apps. using the same schema_name, let's call it test_user. This is very tedious and time consuming to create many db's and sometimes we don't have the hardware to support so many db's. So I was wondering if I could use vpd and an application_context to restrict the rows & columns that can be seen. But instead of restricting it by schema_name I want to restrict it by schema_name and another env. variable like app_name or something similar. So when the middle layer connects with test_user user name and the app is called accts_payable they see parts of the rows that pertain to them. But if the middle layer connects with the test_user user name and the app is called accts_payable2 they see completely different rows. Any help would be appreciated.
  Thanks,
  George

  I was hoping someone else had already been down this path so I don't have to re-invent the wheel. But it looks like I'm going to go down that path. I did find something in the manual that may help but again it's not exactly what I was hoping for so I will have to test it. It mentions using dbms_session to set the application name in the environment like this:
  Consider the application server, AppSvr, that has assigned the client identifier 12345 to client SCOTT. It then issues the following statement to indicate that, for this client identifier, there is an application context called RESPONSIBILITY with a value of 13 in the HR namespace.
  DBMS_SESSION.SET_CONTEXT( 'HR', 'RESPONSIBILITY' , '13', 'SCOTT', '12345' );
  Thanks for your help on this. If anyone else has been through a similar situation please reply.
  Thanks,
  George

• Synchronisation problem when using iFS as Portal document repository

  Is anyone using 9iFS as the repository for their Portal documents but getting DRG-11602: URL store: access to <file name> requires authentication when synchronising the PORTAL30.WWSBR_URL_CTX_INDX index. This is run under schema CTXSYS, using ctx_schedule.
  We use a URL on the Portal folder to access the iFS document and, if the ACE on the document ACL includes World Read, then the document is indexed correctly but if it has no World Read access then synchronisation fails with the above error. These secure documents are indexed correctly, however, when synchronising IFSSYS.IFS_TEXT.
  When you put the URL for the document in the browser then you are prompted for an iFS username/password and this is obviously the problem when synchronising. Oracle Support say that the Oracle 9i Oracle Text Reference, Chapter 2: Indexing, definition of URL_DATASTORE states :The login:password@ syntax within the URL is not supported. Oracle Support have also suggested that using iFS as the Portal repository is not standard practice and that we should simply add our documents as items on the folder. Doing this means not being able to take advantage of the added functionality of iFS such as versioning and, anyway, I thought that Oracle had plans to fully integrate the two products with iFS being the default repository in a future release of Portal.
  Until then has anyone got any ideas for a workaround because we are unable to index the contents of all secure documents on our Corporate intranet? We cant be the only site using iFS and Portal in this way!

  Hello Raymond,
  I must say that I downloaded the JBoss Portal Binary and not the bundle JBoss AS + JBoss Portal, because I already had a JBoss AS working, so it was the best way to do it (as it is said in the JBossPortalReferenceGuide). I have both things (server and portal) in the same directory, but I don't know if maybe one of them should contain the other (I have seen that in the bundle, the portal directory contains the JBoss application server) When I downloaded the JBoss Portal and tried to deploy it by directing my web browser to http://localhost:8080/portal it did not work, so I decided to copy the jboss-portal.sar directory from the JBoss Portal to the deploy of my server. Maybe this was a mistake.
  But anyway I have seen that JBoss Portal 2.6 comes with the myfaces jars, and as JBoss AS 4.2 uses Sun RI by default, it is going to collapse anyway. Should I just remove these jars from the portal? As I told you before, I tried doing it and I got two errors of not found classes.
  Please, any help would be really appreciated, I am losing a lot of time with this bug, because the server keeps getting out of memory due to it.
  Thanks in advance.

• Use HCM processes and Forms without using the Enterprise Portal

  is it possible to leverage existing HR Admin Services (HCM processes and Forms) functionality without using the Enterprise Portal?
  1) Create an Adobe form and Interface using SFP
  2) Set up ISR and Form Scenario
  3) Set up Forms configuration to use existing Backend and generic Services
  4) Set up workflow to updated Backend using Services
  is it possible to do the above steps and not use the Portal? If Yes, how do we present the forms to the Manager, and provide different buttons that appears on the Portal by default?
  Any ideas will be greatly appreciated.
  Thanks,
  Saurabh

  Hi Saurabh,
  your assumptions and findings (items can not be started from the backend workflow inbox etc.) are correct: These processes can not be started without the Portal and it is not intended to do this.
  The above mentioned backend report are only forseen for implementation and testing purposes and not for productive use.
  In addition to the fact, that you already can't execute the work items a lot of other features of the framework (Process Browser etc.) are only available through the Portal.
  Best Regards
  Michael Bonrat - Solution Manager HCM Processes and Forms
  Info about HCM Processes and Forms:
  www.service.sap.com/erp: 
  - SAP ERP Human Capital Management -> Workforce Process Management -> HCM Processes and Forms

• Converting a delete statement using VPD policies and context

  Hello,
  I'm trying to convert a delete statement in a update statement using VPD policies and context.
  +/* Supose the user 'user1' already exists. This is an application user */+
  conn user1/pwd
  create table user1.test_a (
  id                number(4),
  description       varchar2(100),
  deleted           number(1)
  +);+
  alter table user1.test_a add constraint test_a_pk primary key (id);
  insert into user1.test_a (1, 'abc', 0);
  insert into user1.test_a (2, 'def', 0);
  commit;
  I'd like to convert each physical deletion into a logical deletion: statements like "delete from user1.test_a where id = 1" must be converted into "update user1.test_a set deleted = 1 where id = 1".
  I've found the following way: I will create a policy to avoid physical deletion. Additionally, the policy function should update the deletion flag too.
  conn user1/pwd
  +/* Create context package */+
  create or replace package user1.pkg_security_context is
  procedure p_set_ctx(
  i_test_a_id      in   user1.test_a.id   %type
  +);+
  end;
  +/+
  create or replace package body user1.pkg_security_context is
  procedure p_set_ctx (
  i_test_a_id      in   user1.test_a.id   %type
  +) is+
  begin
  dbms_session.set_context( 'user1_ctx', 'test_a_id', i_test_a_id );
  end;
  end;
  +/+
  show errors
  +/* Create trigger to set the context before deletion */+
  create or replace trigger user1.test_a_bef_trg
  before delete on user1.test_a
  for each row
  declare
  pragma autonomous_transaction;
  begin
  -- only commits the preceding update, not the delete that fired the trigger.
  commit;
  user1.pkg_security_context.p_set_ctx( :old.id );
  end;
  +/+
  show errors
  create context user1_ctx using user1.pkg_security_context;
  +/* Policy function */+
  create or replace function user1.f_policy_chk_dels (
  object_schema in   varchar2,
  object_name   in   varchar2
  +) return varchar2+
  is
  out_string                 varchar2(400)   default '1=2 ';
  +/*+
  * out_string is the return value.
  *  - 'WHERE 1=2' means 'nothing to access'
  begin
  if ( loc_logged_usr_authorized > 0 ) then
  +/*+
  * Set the flag deleted to 1
  update user1.test_a set deleted = 1 where id = sys_context( 'user1_ctx', 'test_a_id' );
  out_string := out_string || 'or 1=1 ';
  end if;
  return out_string;
  end;
  +/+
  show errors
  +/*+
  * Create policy
  begin
  dbms_rls.add_policy(
  object_schema   => 'user1'                   ,
  object_name     => 'test_a'                  ,
  policy_name     => 'policy_chk_dels'         ,
  function_schema => 'user1'                   , -- function schema
  policy_function => 'f_policy_chk_dels'       , -- policy function
  statement_types => 'DELETE'
  +);+
  end;
  +/+
  When I try to delete a record of the table test_a:
  conn user1/pwd
  SQL> delete from ilogdia.oplsimulaciones sim       where sim.id = 9999;
  +0 rows deleted+
  No rows has been deleted, but the update stmt does not work. That means, the "deleted" flag has not been updated.
  Any ideas?
  Thank you in advance.
  Marco A. Serrano
  Edited by: albrotar on Oct 15, 2012 8:42 AM
  Edited by: albrotar on Oct 15, 2012 8:42 AM
  Edited by: albrotar on Oct 15, 2012 8:43 AM

  The policy function is applied once per statement execution. The policy function executes first and the UPDATE statement, presumably, updates no rows because the context is not yet populated. The row-level populates the context (I'm assuming that your session can even see context values populated by an autonomous transaction-- I would guess it could but I'd have to test that) after the UPDATE statement is already complete. The COMMIT in the row-level trigger is also pointless-- it only applies to changes made by the current autonomous transaction, of which there are none-- it cannot apply to changes made in other autonomous transactions. Declaring the row-level trigger to use autonomous transactions doesn't seem to accomplish anything other than to open the question of whether the values set in the context by the autonomous transaction are visible in the caller's transaction.
  Even if this, somehow, did work, using autonomous transactions would be a very bad idea since Oracle is free to roll-back a partially executed statement (and the work done by its triggers) and re-execute it. Oracle does that with some regularity to maintain write consistency.
  Justin

• Using ESS with Portal 7.0 and backend ECC 5.0.  Why not?

  Hi,
  I have this landscape:
  server A: Portal 7.0 in WAS 7.0 (2004s) with BP ESS and XSS components
  server B: backend ECC 5.0 with EA-HR SP38.
  But I am having problems to run some ESS webdynpro iViews (specially personnel info);
  According this note: 1007341; this landscape is not supported because is necessary use a separate instance of WAS 6.40 in order to run XSS components.
  Why???  Which is the technical reason that I cannot use the j2ee stack from EP 7.0? SAP information about this is so confusing.
  if this is impossible to realize, I can use this alternative?:
  server A: Portal 7.0 in WAS 7.0 (2004s) with BP ESS
  server B: backend ECC 5.0 with EA-HR SP38 and XSS componentes (dual mode stack abap and java both of them 6.40)
  As per note 1007341, I need use a third server or I am confusing?.  Already having a server which runs E¨P frontend, and other server where it runs the ECC, technically I am not understanding why I need a third server with a older java version than I have in frontend.
  This is not supported by a specifically problem? Or can I do if I have a problem and I can fix it with some patch?
  Anybody has experiencie using this scheme: Portal 7.0 agains ECC 5.0 for use BP ESS/MSS?
  any suggestion will be welcome,
  thanks in advance,
  regards,
  Leandro.

  Ok, its true.
  My intention is to confirm if is possible install a Java instance in the same server that ECC is running with Abap instance.
  My confusion is because note 1007341, in "deviations" part, says:
  ECC 5.0 (ERP 2004 back-end system),
  XSS 500 on a separate J2EE 6.40, EP NW04s
  with business packages ESS and MSS (SAP ERP 2004).
  The SAP system only supports this system landscape
  if you have installed XSS 500 on a separate J2EE 6.40.
  Then, would I install abap stack, and java stack as separate instances (not add-in!) ? and this landscape is supported acordding this note?
  (in the example, A and C are in the same server)
  thanks in advance!
  regards,
  Edited by: Leandro  Balboni on Aug 12, 2008 5:28 PM

• How to analyze the navigation flow in Oracle Portal, Number of unique users, downloads and other estastisticas of use of the Portal and Documents

  Dear
  Experts, I have a very exciting demand, the board of a customer.
  I need to create an analytical application on Oracle Portal, UCM, Spaces, WebCenter, to inform me which quantitatively pages, url and documents are accessed.
  How to analyze the navigation flow in Oracle Portal, Number of unique users, downloads and other estastisticas of use of the Portal and Documents?
  I thought I'd create a ods with the data of Content Tracker and Google Analytics, and model the analysis through the BIEE.
  I ask, what is the standard solution that is used in these cases?
  Thank you
  Miki

  Dear
  Experts, I have a very exciting demand, the board of a customer.
  I need to create an analytical application on Oracle Portal, UCM, Spaces, WebCenter, to inform me which quantitatively pages, url and documents are accessed.
  How to analyze the navigation flow in Oracle Portal, Number of unique users, downloads and other estastisticas of use of the Portal and Documents?
  I thought I'd create a ods with the data of Content Tracker and Google Analytics, and model the analysis through the BIEE.
  I ask, what is the standard solution that is used in these cases?
  Thank you
  Miki

• Enterprise portal access using reverse proxy using Apache and webdispatcher

  Hi Guys,
  As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
  What we have think of to use Apache and Web dispatcher.
  I tried to search documents and found some sdn links also but still i am not comfortable to go about.
  Need suggestion and document if anyone has used so far.reverse proxy.
  As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
  It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
  Thanks,
  Deepak

  We used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
  From BASIS stand point it would be primarily Web Dispatcher Configuration.
  Also refer the links I specified in another thread. There are several scenarios discussed there -
  Re: Post values for userid and passowrd fields in logon page
  http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
  ~ Dhanz

• How to use VPD in Java/Struts JSP portlet with SSO

  DB = 10.1.0 (Standard Edition)
  Portal = 9.0.4.1
  10gAS = 9.4.0.1 (EE)
  I am in the beginning stages of developing some portlets that will be Java/Struts JSP based. We use SSO and have implemented some VPD security in our DB by creating some views that use SYS_CONTEXT('USERENV','CURRENT_USERID').
  These Java portlets connect to the DB using a defined JDBC connection for the OC4J container they are deployed in. The problem I'm having is that the call to SYS_CONTEXT is returning the user of the JDBC connection and not the SSO user. So far I have been unable to find any documentation that will point me in the right direction to get this configured properly.
  Deployment and configuration are as follows. Deploy war file to custom container on app server. In the configuration of the OC4J contain the app used the containers default JDBC connection using the oracle.jdbc.pool.OracleDataSource class. Max and Min open connections are blank.
  In the portal configuration under Navigator - Providers tab we defined a new Registered Provider. In the Connections tab for the provider we Specify the URL Http://hpsrv02.simsol.com:7777/discovery-portlets/providers. Under "Specify how the user's identity will be set by the Portal..." the "The user has the same identity in the Web providers application as in the Single Sign-On identity" is selected. Under "User/Session Information" User is selected and Login Frequency is set to "Once per user session". Then we created a new portal page and created a new portlet with the new provider.
  Just an FYI I do have Discoverer working with VPD and any report portlet, dynamic page portlet and any other type of portlet I created all work correctly with VPD it is just the java/struts one that is not working.
  So does any one have any insight into what configuration steps I have missed?
  Any help is much appreciated,
  Ed Klinger

  Ed,
  Your java code must get the SSO username (it's just a HTTP header variable) :
  ie: code sample...
  Enumeration e = request.getHeaderNames();
  while (e.hasMoreElements()) {
  String name = (String)e.nextElement();
  String value = request.getHeader(name);
  out.println("<br> "+name + " = " + value);
  if (name.toUpperCase().trim().equals("OSSO-USER-DN")){
  dn_user=value;
  out.println("<br>******** USER DN = "+dn_user);
  Then, the SSO username can be used in the VPD policy.
  Note that there is a difference between the sso username and the database username . SSO username is not known by database (CURRENT_USERID will return a database username)
  Discoverer worked OK in your case with the SYS_CONTEXT (.. CURRENT_USERID) because authentication is made by database user, probably.

• SSO between Portal Application and Portal Admin Tool

  Hi All,
  We have a requirement for implementing SSO between a Portal application and
  Portal admin tool.
  We are using WL Portal 8.1 SP4.
  Here is the reason for this requirement -
  A user logged-into Portal Application needs to login to Portal Admin tool to
  do some admin activity. We want to provide a link in the portal application
  using which the user can directly login to the Portal Admin tool without
  having to enter the credentials again.
  If someone has any info on how to implement this, can you please point me in
  the right direction.
  Thanks,
  ~Deepak

  Hi,
  When creating PP you have 2 options
  PP used for compiling and PP used for Building
  You create PP with all the libraries into Developing/Compiling Other DCs
  And another PP with all the libraries into can be packaged into other build results (SDAs).
  Once you have these 2 PP in place you add the DC as used DC.
  And this should resolve the issue.
  Hope this helps.
  Cheers-
  Pramod

• How can I use OmniPortlet and Web Clipping Portlet?

  How can I use OmniPortlet and Web Clipping Portlet?

  You find information on OmniPortlet and Web Clipping in the Portal Developer's Guide.
  o Building Portlets with OmniPortlet
  o Building Content-Based Portlets with Web Clipping
  Peter

• Midtier removal of Forms and Reports and Portal failing

  Hi
  I am having an issue removing the midtier of a forms/Report/BI and portal midtier,
  The deconfigtool.pl hang and I am recieving the following message in a deconfigportal.log.
  Invoking OPCA in DEINSTALL mode with the following arguments :
  Install Mode : DEINSTALL
  Portal Schema : portal
  Connect String : cn=orcl,cn=oraclecontext
  OID Host : hresources
  OID Port : 389
  OID Admin DN : cn=orcladmin
  Use SSL to OID : N
  Drop mode : midtier
  STEP 1 : Deleting Portal Partner application
  Parameters passed to SSO registration tool :
  param0:-oracle_home_path param1:D:\Oracle\CoreMid param2:-config_sdk_papp param3:TRUE param4:-papp_schema param5:portal param6:-old_lsn_token param7:hresources.ncirl.ie param8:-update_mode param9:DELETE param10:-papp_password param11:**** param12:-pappDBConnect param13:cn=orcl,cn=oraclecontext param14:-ssoDBConnect param15:cn=orcl,cn=oraclecontext param16:-pass param17:**** param18:-schema param19:orasso_pa
  -DinstallType=
  -DoldOracleHome=
  -DoldOHSUser=SYSTEM
  Check D:\Oracle\CoreMid\sso\log\ssoreg.log for details of this registration
  SSO registration tool failed. Please check the log file D:\Oracle\CoreMid\sso\log\ssoreg.log, correct the problem and re-run the tool.
  STEP 2 : Deleting Portal DAD
  STEP 3 : UDDI deinstallation
  STEP 4 : Ultrasearch deinstallation
  Anyone know how to get around this.

  And what does D:\Oracle\CoreMid\sso\log\ssoreg.log say?
  Thanks
  Shail

• About using categories and perspectives for new user

  We are just beginning a conversion and upgrade project to convert our Web site to Oracle Portal. I'm trying to get a good handle on some different things we need to resolve as part of the project. One of the first decisions is using Categories and Perspectives.
  I'd like to ask users about how they have used categories and perspectives and some real-world examples of how these work and improve the site and user experience.
  About us
  We're a big nonprofit river authority and wholesale electric provider in Austin, Texas. Currently, we offer very limited online transaction capabilities. However, we are diverse organization and users come to us looking for every specific information, so these elements may be very helpful. I'm evaluating how we can use these and other elements to make recommendations. Some real-world examples and best practices would help a lot.
  Thank you, Charles Boisseau
  Web editor
  Lower Colorado River Authority
  [email protected]

  Continuing the thread...
  Perspectives and categories may be leveraged in custom search portlets, so that you can enter the content one time, in one place, and have selected content display in multiple places.
  Re: our "news" concept: our central communications group posts news stories tagged with one or more perspectives, such as which school is related to the story. This allows us to keep all of our news stories in one page group, but reuse the content elsewhere. For example, for the School of Nursing intranet, we can use a custom search portlet that automatically displays only that school's stories.
  You'll want to do some up-front planning regarding your classification scheme. One significant limitation of both categories and perspectives is the inability to change the hierarchy. Oracle Portal product team, if you're reading this, this is a serious pain! I might also recommend leaving your classification scheme relatively flat. Tagging content with perspectives becomes more difficult if the content contributor has to visually traverse a deep hierarchy of perspectives.
  Categories work similarly, but we mainly use them to visually sort items on a page using the "Group By" feature of a region.
  Hope this gets some gears turning.
  -John