This discussion is archived
5 Replies Latest reply: Jan 25, 2013 4:06 AM by 986695 RSS

Datalevel security In Obiee11g

962252 Newbie
Currently Being Moderated
Hi,

How we will do data level security?if we have 4 (A,B,C,D)groups?in each group we have 10 users?if A group user entered if he run a report he can see 5000 records in report,if b group user entered he can see 8000,C group user entered he can see 10000 records,if D group member entered he can see 12000 records?How we will do?

if Possible give me bit Detail Answer.
  • 1. Re: Datalevel security In Obiee11g
    986695 Newbie
    Currently Being Moderated
    Please follow the below steps to configure Data Level Security in OBIEE11g.

    1. Login to Console and try to use the existing groups BIConsurems, BIAUthors and BIAdministartors if suited for your requirements. If not create the new groups based on your requirement
    2. Add the users to the group
    3. Log in to EM, Use the existing roles if applicable, if not create new roles and assign proper roles like BIAuthor, BIConsumer and add the correposnding groups created at step 1
    4. Now open RPD in online mode and goto Manage -> Identity and then Action -> Synchronize Application Roles, Now in the Applciation Roles tab in Identity manager windows you will see the new Application Roles created at EM are present
    5. Now open properties of Application Roles and click Permissions and then Data Filters and specify the Data Filters for the corresponding cols in the corresponding Subject Areas
    6. In the Data Filters you can have hard coded value in the right side, if not you can have a Session initialization block and can have a SQL query which gets the corresponding site/region information from a database table and store the value into non system session variable as a single value of row wise initialization variable

    Once you are done with this save ur changes in RPD and then reload metadata services in Administration tab in analytics and re-login. Now you'll see Role Based Dashboards. You can verify the roles and groups that you are part of in the My Account -> Catalog groups and Catalog Roles...

    Thanks
    Sampat
  • 2. Re: Datalevel security In Obiee11g
    962252 Newbie
    Currently Being Moderated
    Thanks For Sampat,But I want Filter the records means Group A users login I want display Only 5000 records. GroupB User Login I want Showing 8000records.

    Please Let me Know How To write SQL Query or Session Variable for that
  • 3. Re: Datalevel security In Obiee11g
    Srini VEERAVALLI Guru
    Currently Being Moderated
    Using 'Query Limits' you can restrict for detail check this
    Check this link
    http://www.rittmanmead.com/2012/03/obiee-11g-security-week-row-level-security/

    If helps pls mark
  • 4. Re: Datalevel security In Obiee11g
    KBabu Explorer
    Currently Being Moderated
    Hi

    Generally If User 'A' want to display 5000 records...and User 'B' want to display 8000 records.... you will have a constraint

    Say, Group 'A' users should see only Region 'America' records....(ie general sql, u will write select * from table where group='A' and region ='America')
    Say, Group 'A' users should see both Region 'America' & Austalia records....(ie general sql, u will write select * from table where group='B' and region ='America' &'Australia')


    you can do this at RPD level filters..for thsi u can create a new Group 'A' & 'B'...... in manage-->security--> new group...
    then......click on 'permissions'.............navigate to 'filters' tab........... add the FACT table SQL condition as per your required explained above...

    for this...yes...you need to create a Session varaible....called 'Region'..

    Please mark if it Helpfull

    Edited by: KBabu on Jan 24, 2013 8:03 PM
  • 5. Re: Datalevel security In Obiee11g
    986695 Newbie
    Currently Being Moderated
    See, on what basis you want to restrict is the key here. You have use that value in the Data filter at Application Roles -> Permissions in the RPD.

    You are telling that A has to see 5000 recs and B has to see 8000 rec, how are segregating that data? let me know that information then I can help u with the sql query.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points