If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Optional Framework security

Started by MM4I, 31 Aug 2010 03:45:09 AM

Previous topic - Next topic

MM4I

Hi all,

we are using data security on conformed dimensions in framework manager.
However, for a specific set of reports, this data security should NOT be applied (as the reports contain calculations based on the entire set of data in dimensions and fact table).

Is there any way to achieve that the security is applied optionally?
I was thinking of using some kind of macro, which uses the Package name (as the specific reports are based on a seperate package). But I can't find any examples of macro's using the package name.
Does anyone have any experience with this kind of issue?

Thanx for your help.

Kind regards
MM4I

CognosPaul

Create a filter in the framework. Call it, for example, securityFilter.

Create a parameter map called securityMap. Set the default value to [ns].[securityFilter]. In Key put the unsecured package name, in value put in 1=1.

Now in the filter on the business layer put in #$securityMap('test')#

Since test doesn't match any of the keys, it should be filtered by the securityFilter.

Next, it seems to be harder than it should be to get the package name inside a macro. This is what I've come up with:
#sq( substitute(''']','',substitute('package\[\@name=''','',join('',grep ( 'package' , split('/',$modelPath)) ) )))#

replace the test with that macro

#$securityMap(sq( substitute(''']','',substitute('package\[\@name=''','',join('',grep ( 'package' , split('/',$modelPath)) ) ))))#

Now public the secured package and test this. It should be using the normal filter.
Now publish the unsecured package and test. It should filtering on 1=1.

Note that this will not work in FM, since it looks at the modelPath.

CognosPaul

I realize that my previous reply was somewhat cryptic. I was pressed for time before, but I'll try to explain things now.

To begin with, I believe your requirements are possible, in a fashion. If I understand correctly, you want to have two packages set up, the first with security, and the second without. These packages should be based on the same model.

To begin with you'll need to create your filter (or filters). It might be something like
[ns].[country] = #sq($account.parameters.country)#
It will need to be created as a Filter outside the Query Subject. This is what will be called if the package is not the one specified by the parameter map.

Second, the parameter map needs to be created. The output of the map will be used as the filter. Since the filter can't be null, 1=1 will suffice for the unsecured package. The default value can be the name of the filter you created previously.

Finally you need to find a way of identifying the package name. Fortunately there is a session parameter called $modelPath. This will return the full path of the package. So #sq($modelPath)# will return something like: /content/package[@name='Example']/model[@name='model']

From that string you can use the split function to create an array from it. Use grep to look for the package, and substitute to get rid of the extra text around the name.

#sq( substitute(''']','',substitute('package\[\@name=''','',join('',grep ( 'package\[\@name=' , split('/',$modelPath)) ) )))#


Next you just need to wrap that with the mapLookup, and it will either return 1=1 or the filter that you created previously.

You can put this expression into the Specify Data Security, or directly into the business layer query filter.

MM4I

Hi Paul,

thanx a lot for your solution!
We'll go ahead and try this here!

Many thanks!