2 Replies Latest reply: Sep 30, 2010 12:34 AM by Srikanth Mandadi RSS

    Data Level Security in OBIEE.

    771925
      Hi

      We do have requirement as follows :

      We do have two groups say 1) Officers 2) Consultants .

      The relation between Officers and Consultants is as follows : A officer can have many consultants under him , but a consultant can only work for one officer at a time ie., the realtion between officer and consultant is "one is to many(1:M)" whereas the relation between the consultant and officer is "one is to one(1:1)" .

      Now the requirement is that , we need to implement data level security such that when an officer login to the application(webcat) he must be able to see all the data related to consultants associated with him or under him , but when a consultant login to the application (webcat) he must be able to see only his data.

      Thanks.
        • 1. Re: Data Level Security in OBIEE.
          Kishore Guggilla
          Basic idea is:

          You'll have to create group filters using session variables on those facts ... . Of course, you need to be ready with your variables (row-wise) of session initialization block to get restrict values..

          see these to get an idea on this:
          http://mithil-tech.blogspot.com/2010/07/obiee-session-variables-and-row-level.html
          http://obieegeek.wordpress.com/2009/04/05/row-level-security-using-initialization-blocks-and-session-variables/
          http://www.rittmanmead.com/2007/05/13/obiee-and-row-level-security/

          i'm not specific to your requirement.. but this is the way to implement data level security in obiee
          • 2. Re: Data Level Security in OBIEE.
            Srikanth Mandadi
            Hi,
            Its better to apply security user level and group level.

            For example this is your case....
            officer1-consultant1,consultant2,consultant3,consultant4
            officer2-consultant5,consultant6,consultant7,consultant8

            Shouldnt place officers in a single group-
            If you place all officers in single group say officersgroup,you cannot apply data level security to consultant individualy because if an officer in officersgroup logs in he can view data of consultants who is not under him because officers group contains all officers who will have acces to that consultant.
            So should spilt officers.
            Here we can apply datalevel security to consultant1 data assignign officer1,in the same way consultant2 data assigning officer 1.

            Shouldnt place all consultants in a single group,should make multiple consultantgroups based on officers.
            For example officer1-consultant1,consultant2,consultant3,consultant4,so here we make a group for consultants who are under a single officer say consultantgroupoff1
            officer2-consultant5,consultant6,consultant7,consultant8,so here make another group for consultant who are under a single officer say consultantgroupoff2
            So here we can apply datalevel security to officer1 data by assigning whole group ie,consultantgroupoff1 to his data and in the same way assign consultantgroupoff2 to officer2 data.


            Check this for datalvel security... http://varanasisaichand.blogspot.com/2010/08/dataobjectcolumn-level-security-in.html

            Thanks,
            Srikanth