If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Row level Security Issue ,need help urgently

Started by venkat48, 12 Mar 2011 08:04:14 AM

Previous topic - Next topic

venkat48

Hi everyone ,


I am working on implementing the row level security in FM .Since our IT Standards  doesn't allow us to create a parameter map,so I have hardcoded the th secutity for each user class in the following way.


Table
Adminv_Entity_code
Adminv_Entity_Name
First Name
LastName
...
.
.
.
.


Group                                                                              Based on                  Filter
allegheny [Directory>Root user class>Regional-users]                             [siiss].[Adminv_Entity_Name]='allegheny'
Beaver [Directory>Root user class>Regional-users]                                 [siiss].[Adminv_Entity_Name]='Beaver' 




Its not throwing any error,but the security is not implemented.Please kindly suggest me Where I am wrong.

thanks in advance

Venkat





                                               

Yunus

That should be all that's required.  You can verify the security being applied by viewing the SQL generated in Report Studio.  It simply applies the filter onto the query.

Also keep in mind if you don't disable custom SQL that any user with Report Studio would be able to bypass the row level security.

Lynn

Quote from: venkat48 on 12 Mar 2011 08:04:14 AM
Since our IT Standards  doesn't allow us to create a parameter map,so I have hardcoded the th secutity for each user class in the following way.

I am trying very hard to understand what possible reason there is for establishing a standard that prohibits use of a parameter map but would allow hardcoded rules. Particularly hardcoded rules pertaining to data security!   :o

It seems to me you still need to employ a macro function such as CSVIdentityName in your SQL so the results can be filtered appropriately based on the authenticated user.