nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Having issues in giving Security/ Permission in OBIEE 11.1.1.9

Sandesh AG

I have scenario, One user should have access to one department with all regions information and another department with only one region information.

For Example: User name called 'X'

1. He has to be given access to IT department with all regions (South, north etc..)

Then again

2. He has to be given access to Sales department with only one region (for example north regions out of all regions.)

So for point 1, under identity manager of that user, I have given permission to IT department with all regions access.

Now I don't know how to achieve 2nd point for the same user.

Please help me out to resolve the issue.

Note: Region and Department information are in different tables.

Find more posts tagged with

Accepted answers

All comments

Gianni Ceresa

Hi,

Clearly depend on your current security setup but with row-level security you must be able to manage that.

As region and department are different dimensions (I guess as you say "different tables") you must define rules taking both into consideration.

Sandesh AG

Hi Ceresa,

Thanks for your reply.

Can you please tell me the exact steps required to achieve this.

[Deleted User]

Have you already grep'ed your webcat to see whether there are any string references to that precise path? inside the XML? At some point you just have to chase the actual stuff that's saved in those files.

Sandesh AG

Hi Christian,

Thanks for your help.

Please help me out with steps to achieve that. Am not aware of how to do implement with the method you mentioned here.

[Deleted User]

Sorry that reply was meant for another thread

Thomas Dodds

Are specific fact tables for each department at play here?

Sandesh AG

Hi Thomas,

No. I am using only one fact as of now for the requirement in the report.

If you know how to implement the security on the above scenario please help me out with the steps.

Suppose if I use more than one fact how will it impact the design?

FTisiot

I would:

1) Create a table with all Department-Region combination for each user

2) Create a session variable that contains the list of Department-Region combinations for a user

3) filter the fact table using the session variable

Thomas Dodds

if you have one fact table and you have a rule that says person A sees all regions because of being in IT department, then they will see only one region if they are put in the sales department in addition to the IT department.

what is happening is:

SELECT ...

FROM fact

WHERE

(regionkey = 'NORTH') <-- sales department; IT has no filter

question is: why would someone be put into BOTH groups/roles

If you are mixing data filter AND other OBIEE permissions across these groups/roles then you are headed for trouble.

Specific groups/roles for data filtering
Specific groups/roles for content access (folders/dashboards/reports)
Specific groups/roles for permission (what they can do with the system)
- usually the builtin BIAdmin, BIAuthor, BIConsumer -- occasionally I've had to put one in between Admin and Author, and Author and Consumer

Sandesh AG

Hi Thomas,

I got your point and even I have implemented till date like that only using permissions.

But here the requirement/situation is different, like One particular user should have access to two departments with different regions(one department with all regions and one department with only one region).

The user is responsible to monitor two different departments with respected regions. Just for your understanding I have given Sales and IT department.

Once if he selects Department1 then he should be able to see all the regions and if he selects Department2 then he should see only one region and as I mentioned earlier this department and region information are in different dimension tables.

I was wondering that is there any way to implement this?