Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 215 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Having issues in giving Security/ Permission in OBIEE 11.1.1.9
Hi
I have scenario, One user should have access to one department with all regions information and another department with only one region information.
For Example: User name called 'X'
1. He has to be given access to IT department with all regions (South, north etc..)
Then again
2. He has to be given access to Sales department with only one region (for example north regions out of all regions.)
So for point 1, under identity manager of that user, I have given permission to IT department with all regions access.
Now I don't know how to achieve 2nd point for the same user.
Please help me out to resolve the issue.
Note: Region and Department information are in different tables.
Answers
-
Hi,
Clearly depend on your current security setup but with row-level security you must be able to manage that.
As region and department are different dimensions (I guess as you say "different tables") you must define rules taking both into consideration.
0 -
Hi Ceresa,
Thanks for your reply.
Can you please tell me the exact steps required to achieve this.
0 -
Have you already grep'ed your webcat to see whether there are any string references to that precise path? inside the XML? At some point you just have to chase the actual stuff that's saved in those files.
0 -
Hi Christian,
Thanks for your help.
Please help me out with steps to achieve that. Am not aware of how to do implement with the method you mentioned here.
0 -
Sorry that reply was meant for another thread
0 -
Are specific fact tables for each department at play here?
0 -
Hi Thomas,
No. I am using only one fact as of now for the requirement in the report.
If you know how to implement the security on the above scenario please help me out with the steps.
Suppose if I use more than one fact how will it impact the design?
0 -
I would:
1) Create a table with all Department-Region combination for each user
2) Create a session variable that contains the list of Department-Region combinations for a user
3) filter the fact table using the session variable
0 -
if you have one fact table and you have a rule that says person A sees all regions because of being in IT department, then they will see only one region if they are put in the sales department in addition to the IT department.
what is happening is:
SELECT ...
FROM fact
WHERE
(regionkey = 'NORTH') <-- sales department; IT has no filter
question is: why would someone be put into BOTH groups/roles
If you are mixing data filter AND other OBIEE permissions across these groups/roles then you are headed for trouble.
- Specific groups/roles for data filtering
- Specific groups/roles for content access (folders/dashboards/reports)
- Specific groups/roles for permission (what they can do with the system)
- usually the builtin BIAdmin, BIAuthor, BIConsumer -- occasionally I've had to put one in between Admin and Author, and Author and Consumer
0 -
Hi Thomas,
I got your point and even I have implemented till date like that only using permissions.
But here the requirement/situation is different, like One particular user should have access to two departments with different regions(one department with all regions and one department with only one region).
The user is responsible to monitor two different departments with respected regions. Just for your understanding I have given Sales and IT department.
Once if he selects Department1 then he should be able to see all the regions and if he selects Department2 then he should see only one region and as I mentioned earlier this department and region information are in different dimension tables.
I was wondering that is there any way to implement this?
0
