Include some form of expression filters for row level security that can coexist with the new Custom Security Contexts.
The legacy SME data security steps allowed complex expressions for row level security. the new Custom Security Context framework only allows to include/exclude rows based on assigned values for a single column (e.g. Cost Center).
It is possible to enable legacy steps with an SR but we have been advised against having both frameworks active at the same time because of potential issues when migrating between environments.
There is a need to have expression filters available for some use cases that cannot be implemented with Custom Security Context because they cannot be expressed as single column values
For example:
- Conditional logic
- Ranges
- Using variables or ADW lookup tables
Concrete example:
"For users with this role, only show data where department id is not in EXCL_DEPT_LIST when the first 3 letters of the JOB_CODE are 'XYZ'."
EXCL_DEPT_LIST is a session variable populated by an init block and can have different values for each user.
This type of requirement can only be implemented in the legacy data step framework that is being phased out.
Reference:
