This site is currently read-only as we are migrating to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 31st, when you will be able to use this site as normal.

    Forum Stats

  • 3,890,805 Users
  • 2,269,649 Discussions
  • 7,916,821 Comments

Discussions

Row level Authorization Issue

Dev
Dev Member Posts: 223 Bronze Badge
Hi All

I am with a problem whereby a particular user when logging in with his ldap credentials and necessary authorization cannot see a particular data fron ESSBASE where the calculations have been done at teh TOP level only with teh lower generation members being 0 or balnk.

But when he logs in with the administrator account he can see the data.

Pls. could anyone guide on this.


below are the two queries one with admin and other with the user credential

--------------------------------------

+++Administrator:2c0000:2c0007:----2009/11/19 19:39:01

-------------------- Sending query to database named 01hw156633 (id: <<21514>>):
With
set [Capex Type2] as '[Capex Type].Generations(2).members'
set [Entry Version2] as '[Entry Version].Generations(2).members'
set [Market2] as '[Market].Generations(2).members'
set [Source2] as '{[Source].[System Generated]}'
set [Year2] as '[Year].Generations(2).members'
set [Years2] as '[Years].Generations(2).members'
select
{ [Accounts].[Cumulative Anual Budget Target %]
} on columns,
NON EMPTY {crossjoin ({[Capex Type2]},crossjoin ({[Entry Version2]},crossjoin ({[Market2]},crossjoin ({[Source2]},crossjoin ({[Year2]},{[Years2]})))))} properties ANCESTOR_NAMES, GEN_NUMBER on rows
from [Dev.Capex]



------------------------------------------------------------------

+++diptiman:2a0000:2a000c:----2009/11/25 12:59:01

-------------------- Sending query to database named 01hw156633 (id: <<23552>>):
With
set [Capex Type2] as '[Capex Type].Generations(2).members'
set [Entry Version2] as '{[Entry Version].[200910]}'
set [Market2] as '[Market].Generations(2).members'
set [Source2] as '{[Source].[System Generated]}'
set [Year2] as '[Year].Generations(2).members'
set [Years2] as '{[Years].[2009]}'
member [Accounts].[MS1] as 'AGGREGATE(filter(Descendants([Market].currentmember,[Market].Generations(5)),([Market].CurrentMember IS [Market].[BOLI] OR [Market].CurrentMember IS [Market].[CAMB] OR [Market].CurrentMember IS [Market].[CHAD] OR [Market].CurrentMember IS [Market].[COLO] OR [Market].CurrentMember IS [Market].[DRC] OR [Market].CurrentMember IS [Market].[ELSA] OR [Market].CurrentMember IS [Market].[GHANA] OR [Market].CurrentMember IS [Market].[GUAT] OR [Market].CurrentMember IS [Market].[HOND] OR [Market].CurrentMember IS [Market].[LAOS] OR [Market].CurrentMember IS [Market].[MAUR] OR [Market].CurrentMember IS [Market].[PARA] OR [Market].CurrentMember IS [Market].[SENE] OR [Market].CurrentMember IS [Market].[SIER] OR [Market].CurrentMember IS [Market].[SRIL] OR [Market].CurrentMember IS [Market].[TANZ])),Accounts.[Cumulative Anual Budget Target %])', SOLVE_ORDER = 100
select
{ [Accounts].[MS1]
} on columns,
NON EMPTY {crossjoin ({[Capex Type2]},crossjoin ({[Entry Version2]},crossjoin ({[Market2]},crossjoin ({[Source2]},crossjoin ({[Year2]},{[Years2]})))))} properties ANCESTOR_NAMES, GEN_NUMBER on rows
from [Dev.Capex]
Tagged:

Answers

  • Prash11
    Prash11 Member Posts: 386
    Since you are using LDAP, I assume you would have mapped LDAP variables to OBIEE Variables. Now when you log in with an user, are you defining any group level security at the rpd or in the Presentation layer? Do you have any filters enabled for you to distinguish between the groups?

    Clearly the MDX generated is different for an user and Administrator. So where did you specify that filter to add in the query.


    Thanks
    Prash
  • Dev
    Dev Member Posts: 223 Bronze Badge
    Thanks Prash

    Yes I have used LDAP authetication and external table authorization (only on country basis).

    For authorization I have created user gropps in RPD and applied country level filters in each group ( say there are 17 countries -- so 17 groups)

    And created an external table to link the userid (coming from LDAP) to the respective group and yeah created GROPU variables and init. block.

    But the report which I am taliking about if I reome the region part then also the vaues are not visible to the user which admin login can see.
This discussion has been closed.