Hello All,
I'm in the process of setting access to data and filters in Framework Manager. I have a problem...I know that if I create groups, then set filters to the groups (i.e., People Group - Branch=9), only those individuals in 'People Group' can see the data for 'Branch 9' when they log on.
However, if I have a group say for Principals, and each principal should only see data pertaining to their school, creating a group for Principals will not suffice for setting filters, because each school has a different location.
How can I set up a filter which allows principals to see ONLY their schools data based on location code when they sign on using their log-on via Active Directory? Is this possible? Would I need to set a filter for each location code?
Thanks in advance and have a wonderful day!
Quote from: teelee on 02 Mar 2010 08:24:16 AM
Hello All,
I'm in the process of setting access to data and filters in Framework Manager. I have a problem...I know that if I create groups, then set filters to the groups (i.e., People Group - Branch=9), only those individuals in 'People Group' can see the data for 'Branch 9' when they log on.
However, if I have a group say for Principals, and each principal should only see data pertaining to their school, creating a group for Principals will not suffice for setting filters, because each school has a different location.
How can I set up a filter which allows principals to see ONLY their schools data based on location code when they sign on using their log-on via Active Directory? Is this possible? Would I need to set a filter for each location code?
Thanks in advance and have a wonderful day!
Under the security filter for the table "add group" and select principles. Then edit the filter to the location code. so.
location_code = principle.location_code
You could also use a security table. For example, your table would include UserID and location code. This table would be populated with users and each location that they can see, you would also pull a session parameter in your filter to grab their active directory id.
I initially used cognos groups to do data level security, but depending how you have it setup, it might be easier to use a table for security.
Thanks twlarsen, I will try your suggestion in my testing as well.
Thanks and have a wonderful day! :)
Thanks platipuss, I will try your suggestion in my testing. I seems like a very simply way to setup the filters. The security table that 'twlarsen' suggested is a wonderful suggestion as well.
Thanks to both of you, I will try them both in my testing.
Thanks and have a wonderful day! :)
There are other methods, too. I've described some of them here:
http://businessintelligence.ittoolbox.com/groups/technical-functional/cognos8-l/displaying-data-based-on-user-2174532
and
http://businessintelligence.ittoolbox.com/groups/technical-functional/cognos8-l/tracking-user-sessions-in-data-source-through-cogos-2629560
Thanks Angela,
The information is very useful.
Thanks again and have a wonderful day! :)