8 Replies Latest reply on Nov 2, 2017 8:16 AM by Christian Berg

    Object Level Security on SA

    user12116294

      Hello Expert,

       

      We have a strange issue that we have implemented Object Level Security on Complete SA based on EM Roles.

       

      Sample Subject Area

      Authenticated User - No Access

      Test BIAuthor - Read/Write

      Test BIConsumer - Read

      Rest All Roles - Default

       

      In nqsconfig file:- PROJECT_INACCESSIBLE_COLUMN_AS_NULL = YES

       

      Now the have created a report from Sample Subject Area and placed in default location in shared folder.

      User having Test BIAuthor role & Test BI Consumer role can see the report, where as other user are getting blank screen with title name of report.

      This is desired behavior which is expected.

       

      Point to catch is there is no inline filter placed in the report. But as soon we make a filter in the report and save it and run the report, the user's who does not have TestBIAuthor & Consumer role are getting below error:-

       

      State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

      Please have your System Administrator look at the log for more details on this error. (HY000)

      State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

      Please have your System Administrator look at the log for more details on this error. (HY000)

      State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

      Please have your System Administrator look at the log for more details on this error. (HY000)

       

      and we remove this report filter and run the report its working without error and user's who doesn't have access are getting only report name

      Please let me know is it a default behavior or am i missing something.

       

      Thanks & Regards,

      Abhi

        • 2. Re: Object Level Security on SA
          user12116294

          Hello Christian,

           

          We are using :- 12.2.1.1.0

          Package:- 160601.0400.00

          MUD Version - 6

           

          Please let me know if any other information is required.

           

          Thanks & Regards,

          Abhi

          • 3. Re: Object Level Security on SA
            asim cholas

            I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?

            • 4. Re: Object Level Security on SA
              Christian Berg

              asim cholas wrote:

               

              I think default will be the lowest level which means No Access though i dont remember it clearly. But why cant you set up object level security in catalog, so that it will not be visible at all rather than displaying just the report name?

              In the OBIS (RPDI the most permissive right wins. In the OBIPS (catalog) the most restrictive right wins.

              1 person found this helpful
              • 5. Re: Object Level Security on SA
                user12116294

                Hello Christian,

                 

                Problem is user can create report and save it at adhoc location.

                My main concern is that when we are creating the report without any report filter its working fine (user can see only report name without any error) and incase he want to edit it, an error message getting pop up (no access to subject area).

                However, if we create the report with any report filter it getting error message

                 

                Here Project Name is the column where we have put the filter as Project Name is in "simple".

                State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

                Please have your System Administrator look at the log for more details on this error. (HY000)

                State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

                Please have your System Administrator look at the log for more details on this error. (HY000)

                State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

                Please have your System Administrator look at the log for more details on this error. (HY000)

                • 6. Re: Object Level Security on SA
                  Christian Berg

                  First test: Can BIConsumer run the analysis correctly if it's an in-line filter rather than a saved one?

                   

                  Second test: Recreate the saved filter from scratch.

                   

                  General question: Why the read/write vs read distinction? Are you REALLY doing something with write-back???

                  1 person found this helpful
                  • 7. Re: Object Level Security on SA
                    user12116294

                    Thanks Christian for your response really Apprecieated.

                     

                    User with SalesBIAuthor  and SalesBIConsumer role are able to run the report without any error.  But the user who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen (which is also coming up when no filters are added in the report).

                     

                    who does not have SalesBIAuthor & SalesBIConsumer role when they are running the report they are getting error. Ideally they should get a blank screen like this mentioned below

                    User who does not have sales Author/consumer roles are getting error when filter is added:-

                    tate: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred.

                    Please have your System Administrator look at the log for more details on this error. (HY000)

                    State: HY000. Code: 43113. [nQSError: 43113] Message returned from OBIS.

                    Please have your System Administrator look at the log for more details on this error. (HY000)

                    State: HY000. Code: 27046. [nQSError: 27046] Inaccessible column: "Source Project"."Project Name".

                    Please have your System Administrator look at the log for more details on this error. (HY000)

                    • 8. Re: Object Level Security on SA
                      Christian Berg

                      Oh ok got you now. Then as I said try with an in-line one. You may be hitting a limitation there with inaccessible columns in saved filter objects since it is anyway weird that you have a use case where a user access an analysis he should be able to access but which contains a filter from a SA he shouldn't access...kind of contradictory don't you think?