If you are unable to create a new account, please email support@bspsoftware.com

 

Manipulation of session parameters to assist with data level security

Started by cognosjon, 27 Nov 2009 04:39:26 AM

Previous topic - Next topic

cognosjon

Morning all,
I'm stuck, well completely stuck if I'm honest and could do with some help on this. I'm using 8.3 sp4 and Access manager is my authentication provider.

I'm currently engaged on a project that requires data level security to be applied at the fact table.
Within the fact table I have a column that contains a specific userid for example USER1234.

I have applied a filter to the query subject that compares this field with the ossignon parameter and when they match the user will see the expected data.
However.......
The ossignon being pulled through seems to also contain the domain name and the case of the userid maybe different.
So for example I'm getting results such as test\user1234 from the ossignon parameter.

Obviously when I compare these two within the filter they don't match. Does anyone have any suggestions as to the best way forward with this.
I've attempted to use the upper function to change the case of the ossignon parameter but this does not appear to work, has anyone had any success manipulating the session parameters.

I've looked into exporting the users from access manager using the  Access Manager Namespace Report Utility  provided by Cognos but the customer will not permit me to use this on site and as the rate at which new users are added and users removed it is not practical.

Thanks for thinking about it.



Filip.Cuppens

Hi,

if I read your post correct, you're using Access Manager ? If so, are the users within Access Manager created in a similar way as your users in the fact-table ? If so, I think you can achive the secury by applying a filter on your query subject like this ...

[DBView].[factTable].[UserId] like #sq($account.parameters.basicSignon)# + '%'

At least that's how we implemented security based on database fields, but in our case we made sure (or at least we encouraged people to do so) both the users in the fact table and access manager are 8 chars: first letter of first name followed by 7 chars frm the user's name.

Regards