Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE ROW LEVEL SECURITY NEXT STEP
Hello guys, I know the discussion I'm posting is old and made and made and made again; but I'm trying to do one step more.
I would like to understand how to technically address a requirement like this:
Scenario::
- One USER: USER_1
- two ROLES: ROLE_1 , ROLE_2
- Two SJA: SJA_1 / SJA_2
- Four COUNTRIES: USA,ITA,FRA,UK
- USER_1 belongs both ROLE_1 and ROLE_2.
- ROLE_1 can access both SJA_1 and SJA_2; but with different row level security.
It means that:
ROLE_1 for the SJA_1 can see only the records where COUNTRY in (USA,ITA)
ROLE_1 for the SJA_2 can see only the records where COUNTRY in (UK,FRA)
- ROLE_2 can access both SJA_1 and SJA_2; but with different row level security.
It means that:
ROLE_2 for the SJA_1 can see only the records where COUNTRY in (FRA)
ROLE_2 for the SJA_2 can see only the records where COUNTRY in (USA)
do you have any idea on how to address this kind of requirement?
thank you
Regards,
antonio
Answers
-
Hi Antonio,
Put it all in a DB table with roles, SJA (whatever that is) and the resulting rights. Basically build up the matrix in a DB table.
Then use session variables to read that data based on the logged in user and filter your data based on those variables rather than trying to invent a weird way of writing hugely complex CASE WHEN statement in the business model / subject area filters.
0 -
Hii..
I guess we can achieve this by specifying Data filters in RPD Level. Can you try once?
Regards,
C.
0 -
That's why I proposed to store the actual matrix in a table. Just "data filters" isn't enough because without an intermediary step you'd have to write filters which are a) complex and b) pretty static compared to a dynamic read from a DB table.
0 -
@user13795100 Have you given up in your thread?
0 -
Hello Christian,
thank you for the suggestions but I'm in doubt about the feasibility.
Should I create 1 variable for each SJA-ROLES? so If I have 10 roles and 20 SJA I should create 200 Variable to be used as filter at the presentation level for each role.
Is this the only way? I'm trying to find a way to avoid 200 variables.
Thank
Antonio
0 -
1.) Do you use "SJA" to mean Subject Area?!
2.) That's precisely why I said put it in a table and read from it dynamically
0 -
Hi cristian,
yes I mean subject Area.
what do you mean with read it dinamically? To manage that requirement I have to use ROLE-SJA variables to filter data correctly. it means I've to create one role for each couple of SJA - ROLE? I was lokking to avoid all this variables.
Thank you for your help and I'm sorry for the delay in my answer.
Regards
0 -
Antonio,
No. Already in my very first response I said to create a "matrix":
Christian Berg wrote:Basically build up the matrix in a DB table.
Precisely to NOT have the situation where you have one application role for each combination.
0 -
Ok Christian, sorry but I don't understand how it should works.
Maybe because I never created a matrix before and I don't know how to query a matrix through init block; to take a value( or a list of value to be used as filter) depending on the SJA and ROLE all in one time.
Thank you for your help anyway.
Regards,
Antonio
0